Metasploit Resources
Metasploit Blog
This is a primary source of mine, for the most direct and pure source of Metasploit information. The blog posts, as well as the comments are extremely helpful in understanding the structure and uses of The Metasploit Framework.
Offensive Security’s Metasploit Unleashed
This is the ultimate free guide to The Metasploit Framework. Although slightly outdated, this is still the number 1 referenced Metasploit tutorial. This comprehensive startup guide is just what anyone trying to learn Metasploit needs. It gives detailed pages on everything from vulnerability identification, to exploit development, and even post exploit. It discusses topics such as client side attacks, pdf exploits, web fuzzing, and even other tools such as Armitage and The Social Engineers Toolkit. Although it only skims all topics, it does introduce you, and work you through some short scripts.
BackTrack Linux Forums
When using Metasploit, one of the easiest ways to get set up is using a virtual machine running BackTrack4R2. Being slightly new to Linux, and this distribution in particular, it is always great to have a resource where one can ask questions, or find helpful individuals. This website is exceptionally helpful for anyone learning or involved in the community, and being a forum it is always active it is updated daily.
SynJunkie Blog
Although this blog has not been updated in a while, this post demonstrates an end to end exploit for setting up a reverse shell on the target machine. This is my favorite payload to execute, as we can then easily get meterpreter set up which gives tons of options on the target machine. This is the simplest end-to-end demonstration of setting up a reverse shell I found; it is elegant and easy to understand.
DarkOperator’s Meterpreter Weapon Cache
An amazing cache of meterpreter scripts, mostly written in Ruby, designed to be executed on the target machine. A virtual weapon house of small programs, specializing in everything from dumping browser information, dumping local memory, retrieving IDPS and VMware information, all the way to setting up network enumeration, key loggers, sound recorders, and scheduled tasks. It even has a Rick Roll script.
Vitalisec review of ScreenSpy
Screen Spy is a brand new (2011) meterpreter script that allows attackers to receive periodic, timed or triggered, screenshots of the victim’s machine. Originally, written by Roni Bachar, his website seems to be mostly in Hindi, so I decided to use the English review of the program. It includes the full script and original demo video of this new meterpreter script. This seems extremely useful for recon, and it is also nice to see new packages still being added to The Metasploit Framework.
Armitage Manual
Armiage is a new and amazing, GUI for the Meterpreter extension. It shows a really nice nMap incorporated layout of the target network, as well as fingerprinting machines and visualizing compromised machines. It is one of the newest additions to the Metasploit Framework, and looks extremely useful for easy, graphic pivoting throughout a network. This website gives full walkthroughs of the new functionality, aswell as detailed descriptions and helpful pictures. I have also seen great tuturiols, with the creator of the application, Raphael Mudge, and he seems to be very involved in his project. He even answer’s most e-mails about his project directly, and is a truly devoted developer, resulting in one fantastic addition to The Metasploit Framework.
Target Virtual Machines
Thankfully, the Metasploit community provides vulnerable virtual machine images to practice all of your exploits on. This is really important for getting the experience one needs, without harming others in the process. These VMware images also create the capability for simulating network attacks from a single machine, although personally, I like to set them up on separate machines.