background image

T H E   J O Y   O F   E X P L O I T A T I O N

Exploitation is the pinnacle of many security profes-
sionals’ careers. The ability to gain full control over a 
targeted machine is a great feeling, if perhaps a little 
scary. But even though exploitation techniques have 
advanced quite a bit over the years, the adoption of 
various system and network protections has made it

increasingly more difficult to succeed with basic exploits. In this chapter, 
we move into more difficult attack methods, beginning with command-line 
interfaces to the Metasploit Framework. Most of the attacks and customizations 
discussed in this chapter will occur in 

msfconsole

msfencode

, and 

msfpayload

.

Before you begin to exploit systems, you need to understand a few 

things about penetration testing and exploitation. In Chapter 1 you were 
introduced to basic penetration testing methods. In Chapter 2 you learned 
the basics of the Framework and what to expect from each tool. In Chapter 3 
we explored the intelligence gathering phase, and in Chapter 4 you learned 
about vulnerability scanning.

In this chapter, we focus on the basics of exploitation. Our goal is to 

familiarize you with the different commands available through the Frame-
work, which we’ll build upon in later chapters. Most of the attacks from this