background image

C O N T E N T S   I N   D E T A I L

FOREWORD  by HD Moore

xiii

PREFACE

xvii

ACKNOWLEDGMENTS

xix

Special Thanks ........................................................................................................ xx

INTRODUCTION xxi

Why Do A Penetration Test? ................................................................................... xxii
Why Metasploit?  .................................................................................................. xxii
A Brief History of Metasploit ................................................................................... xxii
About this Book .....................................................................................................xxiii
What’s in the Book? ..............................................................................................xxiii
A Note on Ethics  ..................................................................................................xxiv

1
THE ABSOLUTE BASICS OF PENETRATION TESTING

1

The Phases of the PTES .............................................................................................. 2

Pre-engagement Interactions ......................................................................... 2
Intelligence Gathering .................................................................................. 2
Threat Modeling ......................................................................................... 2
Vulnerability Analysis .................................................................................. 3
Exploitation ................................................................................................ 3
Post Exploitation .......................................................................................... 3
Reporting ................................................................................................... 4

Types of Penetration Tests .......................................................................................... 4

Overt Penetration Testing ............................................................................. 5
Covert Penetration Testing ............................................................................ 5

Vulnerability Scanners .............................................................................................. 5
Pulling It All Together ................................................................................................ 6

2
METASPLOIT BASICS

7

Terminology ............................................................................................................ 7

Exploit ....................................................................................................... 8
Payload ..................................................................................................... 8
Shellcode ................................................................................................... 8
Module ...................................................................................................... 8
Listener ...................................................................................................... 8

Metasploit Interfaces ................................................................................................. 8

MSFconsole ................................................................................................ 9
MSFcli ....................................................................................................... 9
Armitage .................................................................................................. 11