T H E J O Y O F E X P L O I T A T I O N
Exploitation is the pinnacle of many security profes-
sionals’ careers. The ability to gain full control over a
targeted machine is a great feeling, if perhaps a little
scary. But even though exploitation techniques have
advanced quite a bit over the years, the adoption of
various system and network protections has made it
increasingly more difficult to succeed with basic exploits. In this chapter,
we move into more difficult attack methods, beginning with command-line
interfaces to the Metasploit Framework. Most of the attacks and customizations
discussed in this chapter will occur in
msfconsole
,
msfencode
, and
msfpayload
.
Before you begin to exploit systems, you need to understand a few
things about penetration testing and exploitation. In Chapter 1 you were
introduced to basic penetration testing methods. In Chapter 2 you learned
the basics of the Framework and what to expect from each tool. In Chapter 3
we explored the intelligence gathering phase, and in Chapter 4 you learned
about vulnerability scanning.
In this chapter, we focus on the basics of exploitation. Our goal is to
familiarize you with the different commands available through the Frame-
work, which we’ll build upon in later chapters. Most of the attacks from this