Book Review: "Metasploit - The Penetration Tester's Guide"
What a fun book! Metasploit - The Penetration Tester's Guide is a jam packed text on the ins and outs of one of the best tools for penetration testing. It goes over tons of amazing, lesser known, and quintessential features of using Metasploit. However, it should be said right from the get-go, that if you are not a professional penetration tester, developing exploits, or working with the framework, then there are probably better resources for you to learn from. This book is explicitly about using the framework toolset and if you aren't using the toolset on the daily there is not too much you will take away from this book. Overall I give this book 7/10 stars.
The book starts out a little slow with the introduction and first chapter being a more of an intro to professional pen-testing and the need for an all-in-one framework. Chapter two still is at a crawl as they introduce the basic terminology and commands used in MSF as well as introducing the many interfaces MSF has. The second chapter also touches on some of the additional features that Metasploit has to enable your rampage, such as payloads, encoders, and exploit development tools.
The third chapter is where the book really starts to take off. Under active scanning it goes into using the database with nmap. Using the database built into MSF can really leverage it's functionality to the fullest and this should be the first power trick you pick up. If you use Metasploit everyday and you aren't using the database, you are doing it wrong!! Chapter three also goes into using auxiliary modules for service scanning, which can be used in conjunction with the classic nmap scripting engine to create a powerful vulnerability scanner. Chapter eight also dives into using the auxiliary scanners to help you find services and vulnerabilities. I would have put these chapters near one another. Chapter eight will also help you build your own auxiliary modules and scanners.
Chapter four talks about using real vulnerability scanners such as Nexpose and Nessus, and importing their results to your Metasploit database results. Again, building this database is huge, as it will help you organize your hosts and services, as well as pointing out vulnerabilities you may have missed. This chapter also touches on the infamous db_autopwn at the end. Again, the database is the true unsung weapon of the Metasploit expert.
Chapter five goes right into poping boxes. Everyone loves exploitation, so it's no surprise this is every one's favorite chapter :] Here the user learns how to exploit a machine from beginning to end, first identifying the vulnerability, then selecting the exploit, payload, and gaining the first shell. This chapter ends with a small bit on resource files, which you can get a good look at in my last post.
Chapter six is all about Meterpreter, and am I glad this tool get's own chapter. Meterpreter makes post-exploitation amazing. This chapter on Meterpreter is probably the best resource on the tool I've found to date. It covers everything from using gather techniques to get information on the system, setting up keyloggers, setting up persistence, tokens, pivoting to other processes, and even pivoting to other systems. This chapter is fantastic and could make the book on it's own. My favorite part is when they introduce the 'Railgun' which allows you to directly call Windows APIs through an interactive Ruby shell! Go Ruby!!
Chapter seven is all about being an exploit ninja, using msfpayload and msfencode to make it much harder for AV to detect your malicious payloads. This a great chapter to learn the finer details of exploit obfuscation and packing, but you can also save yourself a bit of time and just learn about msfvenom.
Chapter ten is all about the Social Engineer's toolkit. In all honesty, this tool should be in a class of it's own. SET is extremely easy to use and highly effective. The only catch is that most of these exploits require a small degree of 'Social Engineering' or tricking your victim into executing your attack. It's a paint-by-numbers type of exploitation tool, with easy numeric selections for attack, and you really shouldn't need a book to help you with this one. Regardless of your skill level, SET is something everyone can use and gain a lot from. Go check it out now!
Chapter eleven deals with FastTrack, which is just like SET in that it's a paint-by-numbers type of exploitation tool. Unlike SET, Fast-Track aims to cover a lot of the typical audit tests you would find in Metasploit, and doesn't require tricking your user into launching the payload. Again, I would recommend most people start with this type of guided exploitation tool, just because it's super easy!
Chapter twelve dives into Karmetasploit, wich is Metasploit's version of KARMA, a wireless exploitation tool. Karmetasploit can easily MITM traffic such it treats the attacking computer as the router, then serve malicious pages (auto-pwn stylee) to the victims. This is a nasty way to get quick shells on other users of an insecure network.
From here the book goes into developing for the framework. Chapter thirteen discusses adding your own modules to MSF. It starts by exploring the ruby code of another module. If you have never done this, I highly recommend it. MSF has some of the best Ruby code I've ever seen. Every line has a comment, and short to say it's beautiful. Chapter fourteen then dives into writing your own exploits. MSF has great tools to help with exploit development, pattern_create.rb and pattern_offset.rb are really just the beginning. This chapter dives deep into voiding SEH restrictions and sing Metasploit to find exploitation gadgets. Chapter fifteen also helps with taking existing exploits and porting them over to the framework. These are key chapters which I will definitely be coming back to time and time again as I develop exploits for Metasploit.
Chapter sixteen deals with scripting for Meterpreter, which goes far beyond simply using resource files to drive scripts. In this chapter they go into detail on the API calls and Meterpreter mixins that can help you write your own custom post-exploitation commands. These libraries make a powerhouse for developing client side privilege escalation attacks.
Chapter seventeen and eighteen deal with setting up your own vulnerable network and using MSF on some real targets. This is a really important step in mastering any new tool. First you need theory (learn to pen-test), then you need instruction (learn your tools aka THIS BOOK), then you need to practice! So get out there and start practicing!!
Again, I want to reiterate that this book is for the average user of MSF who wants to become a power user. This ubertool can do it all, scanning, information management, vulnerability analysis exploitation, post exploitation. The only part it doesn't help with is all the report writing you will be doing after you come back with a slew of exploited machines. This book will also help you greatly in developing auxiliaries, modules, and exploits. It will also help you use the framework in a far more powerful manner, allowing you to use this one tool for many pen-testing purposes. My favorite part about this book? The cheat-sheet at the end ;) Enjoy all!
The book starts out a little slow with the introduction and first chapter being a more of an intro to professional pen-testing and the need for an all-in-one framework. Chapter two still is at a crawl as they introduce the basic terminology and commands used in MSF as well as introducing the many interfaces MSF has. The second chapter also touches on some of the additional features that Metasploit has to enable your rampage, such as payloads, encoders, and exploit development tools.
The third chapter is where the book really starts to take off. Under active scanning it goes into using the database with nmap. Using the database built into MSF can really leverage it's functionality to the fullest and this should be the first power trick you pick up. If you use Metasploit everyday and you aren't using the database, you are doing it wrong!! Chapter three also goes into using auxiliary modules for service scanning, which can be used in conjunction with the classic nmap scripting engine to create a powerful vulnerability scanner. Chapter eight also dives into using the auxiliary scanners to help you find services and vulnerabilities. I would have put these chapters near one another. Chapter eight will also help you build your own auxiliary modules and scanners.
Chapter four talks about using real vulnerability scanners such as Nexpose and Nessus, and importing their results to your Metasploit database results. Again, building this database is huge, as it will help you organize your hosts and services, as well as pointing out vulnerabilities you may have missed. This chapter also touches on the infamous db_autopwn at the end. Again, the database is the true unsung weapon of the Metasploit expert.
Chapter five goes right into poping boxes. Everyone loves exploitation, so it's no surprise this is every one's favorite chapter :] Here the user learns how to exploit a machine from beginning to end, first identifying the vulnerability, then selecting the exploit, payload, and gaining the first shell. This chapter ends with a small bit on resource files, which you can get a good look at in my last post.
Chapter six is all about Meterpreter, and am I glad this tool get's own chapter. Meterpreter makes post-exploitation amazing. This chapter on Meterpreter is probably the best resource on the tool I've found to date. It covers everything from using gather techniques to get information on the system, setting up keyloggers, setting up persistence, tokens, pivoting to other processes, and even pivoting to other systems. This chapter is fantastic and could make the book on it's own. My favorite part is when they introduce the 'Railgun' which allows you to directly call Windows APIs through an interactive Ruby shell! Go Ruby!!
Chapter seven is all about being an exploit ninja, using msfpayload and msfencode to make it much harder for AV to detect your malicious payloads. This a great chapter to learn the finer details of exploit obfuscation and packing, but you can also save yourself a bit of time and just learn about msfvenom.
Chapter ten is all about the Social Engineer's toolkit. In all honesty, this tool should be in a class of it's own. SET is extremely easy to use and highly effective. The only catch is that most of these exploits require a small degree of 'Social Engineering' or tricking your victim into executing your attack. It's a paint-by-numbers type of exploitation tool, with easy numeric selections for attack, and you really shouldn't need a book to help you with this one. Regardless of your skill level, SET is something everyone can use and gain a lot from. Go check it out now!
Chapter eleven deals with FastTrack, which is just like SET in that it's a paint-by-numbers type of exploitation tool. Unlike SET, Fast-Track aims to cover a lot of the typical audit tests you would find in Metasploit, and doesn't require tricking your user into launching the payload. Again, I would recommend most people start with this type of guided exploitation tool, just because it's super easy!
Chapter twelve dives into Karmetasploit, wich is Metasploit's version of KARMA, a wireless exploitation tool. Karmetasploit can easily MITM traffic such it treats the attacking computer as the router, then serve malicious pages (auto-pwn stylee) to the victims. This is a nasty way to get quick shells on other users of an insecure network.
From here the book goes into developing for the framework. Chapter thirteen discusses adding your own modules to MSF. It starts by exploring the ruby code of another module. If you have never done this, I highly recommend it. MSF has some of the best Ruby code I've ever seen. Every line has a comment, and short to say it's beautiful. Chapter fourteen then dives into writing your own exploits. MSF has great tools to help with exploit development, pattern_create.rb and pattern_offset.rb are really just the beginning. This chapter dives deep into voiding SEH restrictions and sing Metasploit to find exploitation gadgets. Chapter fifteen also helps with taking existing exploits and porting them over to the framework. These are key chapters which I will definitely be coming back to time and time again as I develop exploits for Metasploit.
Chapter sixteen deals with scripting for Meterpreter, which goes far beyond simply using resource files to drive scripts. In this chapter they go into detail on the API calls and Meterpreter mixins that can help you write your own custom post-exploitation commands. These libraries make a powerhouse for developing client side privilege escalation attacks.
Chapter seventeen and eighteen deal with setting up your own vulnerable network and using MSF on some real targets. This is a really important step in mastering any new tool. First you need theory (learn to pen-test), then you need instruction (learn your tools aka THIS BOOK), then you need to practice! So get out there and start practicing!!
Again, I want to reiterate that this book is for the average user of MSF who wants to become a power user. This ubertool can do it all, scanning, information management, vulnerability analysis exploitation, post exploitation. The only part it doesn't help with is all the report writing you will be doing after you come back with a slew of exploited machines. This book will also help you greatly in developing auxiliaries, modules, and exploits. It will also help you use the framework in a far more powerful manner, allowing you to use this one tool for many pen-testing purposes. My favorite part about this book? The cheat-sheet at the end ;) Enjoy all!