background image

xxiv

Introduction

z

Chapter 4, “Vulnerability Scanning,” walks you through identifying vul-
nerabilities and leveraging vulnerability scanning technology.

z

Chapter 5, “The Joy of Exploitation,” throws you into exploitation.

z

Chapter 6, “Meterpreter,” walks you through the Swiss Army knife of 
post exploitation: Meterpreter.

z

Chapter 7, “Avoiding Detection,” focuses on the underlying concepts of 
antivirus evasion techniques.

z

Chapter 8, “Exploitation Using Client-Side Attacks,” covers client-side 
exploitation and browser bugs. 

z

Chapter 9, “Metasploit Auxiliary Modules,” walks you through auxiliary 
modules. 

z

Chapter 10, “The Social-Engineer Toolkit,” is your guide to leveraging 
the Social-Engineer Toolkit in social-engineering attacks. 

z

Chapter 11, “Fast-Track,” offers a complete run down on Fast-Track, an 
automated penetration testing framework. 

z

Chapter 12, “Karmetasploit,” shows you how to leverage Karmetasploit 
for wireless attacks. 

z

Chapter 13, “Building Your Own Modules,” teaches you how to build 
your own exploitation module. 

z

Chapter 14, “Creating Your Own Exploits,” covers fuzzing and creating 
exploit modules out of buffer overflows. 

z

Chapter 15, “Porting Exploits to the Metasploit Framework,” is an in-
depth look at how to port existing exploits into a Metasploit-based module.

z

Chapter 16, “Meterpreter Scripting,” shows you how to create your own 
Meterpreter scripts. 

z

Chapter 17, “Simulated Penetration Test,” pulls everything together as it 
walks you through a simulated penetration test.

A Note on Ethics 

Our goal in writing this book is to help you to improve your skills as a pene-
tration tester. As a penetration tester, you will be bypassing security measures; 
that’s simply part of the job. When you do, keep the following in mind:

z

Don’t be malicious.

z

Don’t be stupid.

z

Don’t attack targets without written permission.

z

Consider the consequences of your actions.

z

If you do things illegally, you can be caught and put in jail!

Neither the authors of this book nor No Starch Press, its publisher, 

condones or encourages the misuse of the penetration testing techniques 
discussed herein. Our goal is to make you smarter, not to help you to get 
into trouble, because we won’t be there to get you out.