Metasploit Penetration Testing Cookbook Over 70 recipes to master the most widely used penetration testing framework Abhinav Singh BIRMINGHAM - MUMBAI Metasploit Penetration Testing Cookbook Copyright © 2012 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2012 Production Reference: 1150612 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-84951-742-3 www.packtpub.com Cover Image by Asher Wishkerman ( a.wishkerman@mpic.de ) Credits Author Abhinav Singh Reviewers Kubilay Onur Gungor Kanishka Khaitan Sachin Raste Acquisition Editor Usha Iyer Lead Technical Editor Azharuddin Sheikh Technical Editor Vrinda Amberkar Project Coordinator Leena Purkait Proofreader Linda Morris Indexer Rekha Nair Graphics Manu Joseph Production Coordinator Melwyn D'sa Cover Work Melwyn D'sa About the Author Abhinav Singh is a young Information Security Specialist from India. He has a keen interest in the eld of Hacking and Network Security. He actively works as a freelancer with several security companies, and provides them with consultancy. Currently, he is employed as a Systems Engineer at Tata Consultancy Services, India. He is an active contributor of the SecurityXploded community. He is well recognized for his blog ( http://hackingalert. blogspot.com ), where he shares about his encounters with hacking and network security. Abhinav's work has been quoted in several technology magazines and portals. I would like to thank my parents for always being supportive and letting me do what I want; my sister, for being my doctor and taking care of my fatigue level; Sachin Raste sir, for taking the pain to review my work; Kanishka Khaitan, for being my perfect role model; to my blog followers for their comments and suggestions, and, last but not the least, to Packt Publishing for making this a memorable project for me. About the Reviewers Kubilay Onur Gungor currently works at Sony Europe as a Web Application Security Expert, and is also one of the Incident Managers for the Europe and Asia regions. He has been working in the IT Security eld for more than 5 years. After individual, security work experience, he started his security career with the cryptanalysis of images, which are encrypted by using chaotic logistic maps. He gained experience in the Network Security eld by working in the Data Processing Center of Isik University. After working as a QA Tester in Netsparker, he continued his work in the Penetration Testing eld, for one of the leading security companies in Turkey. He performed many penetration tests for the IT infrastructures of many big clients, such as banks, government institutions, and telecommunication companies. He has also provided security consulting to several software manufacturers to help secure their compiled software. Kubilay has also been developing multidisciplinary, cyber security approaches, including criminology, conict management, perception management, terrorism, international relations, and sociology. He is the Founder of the Arquanum Multidisciplinary Cyber Security Studies Society. Kubilay has participated in many security conferences as a frequent speaker. Kanishka Khaitan , a postgraduate in Master of Computer Application from the University of Pune, with Honors in Mathematics from Banaras Hindu University, has been working in the web domain with Amazon for the past two years. Prior to that, she worked for Inbeam, an India-based, online retail startup, in an internship program lasting for six months. Sachin Raste is a leading security expert, with over 17 years of experience in the elds of Network Management and Information Security. With his team, he has designed, streamlined, and integrated the networks, applications, and IT processes for some of the big business houses in India, and helped them achieve business continuity. He is currently working with MicroWorld, the developers of the eScan range of Information Security Solution, as a Senior Security Researcher. He has designed and developed some path-breaking algorithms to detect and prevent Malware and Digital Fraud, to safeguard networks from Hackers and Malware. In his professional capacity, Sachin Raste has presented many whitepapers, and has also participated in many TV shows spreading awareness on Digital Frauds. Working with MicroWorld has helped him in developing his technical skills to keep up with the current trends in the Information Security industry. First and foremost, I'd like to thank my wife, my son, and my close group of friends for their support, without whom everything in this world would have seemed impossible. To my colleagues from MicroWorld and from past organizations, for being patient listeners and assisting me in successfully completing complex projects; it has been a pleasure working with all of you. And to my boss, MD of MicroWorld, for allowing me the freedom and space to explore beyond my limits. I thank you all. www.PacktPub.com Support les, eBooks, discount offers and more You might want to visit www.PacktPub.com for support les and downloads related to your book. Did you know that Packt offers eBook versions of every book published, with PDF and ePub les available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. http://PacktLib.PacktPub.com Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books. Why Subscribe? f Fully searchable across every book published by Packt f Copy and paste, print and bookmark content f On demand and accessible via web browser Free Access for Packt account holders If you have an account with Packt at www.PacktPub.com , you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access. Dedicated to my grandparents for their blessings. To my parents and sister for their support and encouragement, and to my dear friend Neetika for being a motivator. -Abhinav Singh . Metasploit Penetration Testing Cookbook Over 70 recipes to master the most widely used penetration testing framework Abhinav. working remotely. Metasploit Penetration Testing Cookbook aims at helping the readers in mastering one of the most widely used penetration testing frameworks