Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
by James Foster
List Price:
Our Price: $37.44
You Save: $22.51 (38%)
Availability: Usually ships in 1-2 business days
Buy Used: from $24.98 (click here)
Category: Book
See more book details and other editions
Book Summary Information
Author: James FosterEdition: Paperback
Audio: English (Original Language); English (Unknown); English (Published)
Published: 2007-09-01
ISBN: 1597490741
Number of pages: 352
Publisher: Syngress
Book Reviews of Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
Book Review: Potential for something great was there but wasn't delivered
Summary: 2 Stars
I'm going to take a harsh stance on this book, mostly because this book had potential to really build upon all the information publicly available for Metasploit and really make a great book on Metasploit internals and advanced usage. Instead it seems like current public/free information was just rehashed and new information not updated for the 3.x branch of MSF.
What I consider the "meat" of this book, and what should have made this a 4 or 5 star book, covers the Metasploit Framework 2.x branch and NOT the current 3.x branch. By "meat" I mean the case studies covering exploitation using MSF. The major difference between the two is that 2.x was written in Perl and 3.x in Ruby. To be fair the first 5 chapters cover using MSF 3.x, but I really didn't feel they covered much, if anything, that's not out on the net with the exception of Chapter 5 (Adding new Payloads). "Using" Metasploit has been covered a million times in a million other books. A book specifically on Metasploit should have covered things not covered in every other hacking book.
Chapter 1 is an "Introduction to Metasploit." If you haven't ever used the tool and didn't want to RTFM, then "maybe" it would be useful for you. Most of the material I felt could be found on the Metasploit main support page, the wiki, or via google, but mostly the first two. I'm also not sure why there are pages and pages of current payloads and exploits with no explanations as to why I would use one type of payload versus another especially for the obscure ones like find tag or ordinal payloads. Doing a "show exploits" or "show payloads" without dialogue on the differences adds little value. The Leveraging Metasploit on Penetration Tests section is one paragraph :-(
Chapter 2 is "Architecture, Environment, and Installation." There are 2-3 pages on locking down a system. Why is that included? Very random. Let me cover the installation covered in the book for you. Windows, double click the executable. *nix, download via svn. That's about the level of detail we get...sigh :-(
Chapter 3 is a whopping 7 pages including the FAQ section on "Metasploit Framework and Advanced Environment Configurations." That chapter covers what is in the directories of your msf installation and using the setg command.
Chapter 4 is "Advanced Payload and Add-on Modules." Covers some old information on meterpreter and some meterpreter basics, the stuff on the net covers it in far more detail. Decent coverage of the VNC Inject payload, crappy coverage of the PassiveX payload, ok coverage of auxiliary modules and a mention of db autopwn.
Chapter 5 is "Adding New Payloads." Chapter 5 is the best chapter in the book because it discusses something...here it goes...NEW! and related to MSF 3.x. Chapter 5 is an excellent chapter walking us thru building a SIP Invite spoofer auxiliary module. Had the whole book been of this caliber it would have been a 5 star book.
The case studies should have been rewritten to work with MSF 3.x, they are all for 2.x. They are good and contain the required detail (but I didn't not work through all the examples yet) Things are similar between the branches and you can probably muddle through the conversions but it makes no sense for the first half of the book to be about 3.x and the meat to be about 2.x. At a minimum a chapter or section on converting exploits from 2.x to 3.x was in order, but was not included.
I didn't find Appendix B, "Building a Test Lab for Penetration Testing" to be all that helpful either. I think it's a reprint from Penetration Tester's Open Source Toolkit v2, but can't confirm because I don't have that book.
Summary of Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform.The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits. By working through a real-world vulnerabilities against a popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
Privacy Books
Book Subjects
- Arts & Photography
- Audiobooks on Cassette
- Audiobooks on CD
- Biographies & Memoirs
- Business & Investing
- Children's Books
- Comics & Graphic Novels
- Computers & Internet
- Cooking, Food & Wine
- e-Books
- Engineering
- Entertainment
- Gay & Lesbian
- Health, Mind & Body
- History
- Home & Garden
- Horror
- Law
- Literature & Fiction
- Medicine
- Mystery & Thrillers
- Nonfiction
- Outdoors & Nature
- Parenting & Families
- Professional & Technical
- Reference
- Religion & Spirituality
- Romance
- Science
- Science Fiction & Fantasy
- Sports
- Teens
- Travel
Most talked about in Vulnerabilities and Exploits
Exploiting Software: How to Break Code (Addison-Wesley Software Security Series)by Greg Hoglund, Gary McGraw
Addison-Wesley Professional; Published: 2004-02-27; Paperback; Book
Best price: $23.99
Price in other shops:
Hacker Disassembling Uncovered (Uncovered series)by Kris Kaspersky
A-List Publishing; Published: 2007-02-01; Paperback; Book
Price in other shops:
Buffer Overflow Attacksby James C. Foster, Vitaly Osipov, Nish Bhalla
Syngress; Published: 2005-02-01; Paperback; Book
Best price: $22.25
Price in other shops:
Sockets, Shellcode, Porting, & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionalsby James C. Foster, Stuart McClure
Syngress; Published: 2005-04-12; Paperback; Book
Best price: $32.59
Price in other shops:
Reversing: Secrets of Reverse Engineeringby Eldad Eilam
Wiley; Published: 2005-04-15; Paperback; Book
Best price: $21.36
Price in other shops:
The Shellcoder's Handbook: Discovering and Exploiting Security Holesby Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel Mehta, Riley Hassell
Wiley; Published: 2004-04-02; Paperback; Book
Best price: $10.75
Price in other shops:
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Researchby James Foster
Syngress; Published: 2007-09-01; Paperback; Book
Best price: $37.58
Price in other shops:
Similar Books and other products
Security Power Toolsby Bryan Burns, Jennifer Granick, Steve Manzuik, Paul Guersch , Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
O'Reilly Media, Inc.; Published: 2007-08-27; Paperback; Book
Best price: $32.83
Price in other shops:
Security Metrics: Replacing Fear, Uncertainty, and Doubtby Andrew Jaquith
Addison-Wesley Professional; Published: 2007-04-05; Paperback; Book
Best price: $29.25
Price in other shops:
The Shellcoder's Handbook: Discovering and Exploiting Security Holesby Chris Anley, John Heasman, Felix? Lindner, Gerardo Richarte
Wiley; Published: 2007-08-20; Paperback; Book
Best price: $14.39
Price in other shops:
Fuzzing: Brute Force Vulnerability Discoveryby Michael Sutton, Adam Greene, Pedram Amini
Addison-Wesley Professional; Published: 2007-07-09; Paperback; Book
Best price: $33.93
Price in other shops:
Penetration Tester's Open Source Toolkitby Charl Van Der Walt, HD Moore, Roelof Temmingh, Haroon Meer, Johnny Long, Chris Hurley, James Foster
Syngress; Published: 2005-12-23; Paperback; Book
Best price: $37.65
Price in other shops:
Virtual Honeypots: From Botnet Tracking to Intrusion Detectionby Niels Provos, Thorsten Holz
Addison-Wesley Professional; Published: 2007-07-26; Paperback; Book
Best price: $29.44
Price in other shops:
Google Hacking for Penetration Testers, Volume 2by Johnny Long
Syngress; Published: 2007-11-02; Paperback; Book
Best price: $28.95
Price in other shops:
Hacking: The Art of Exploitation, 2nd Editionby Jon Erickson
No Starch Press; Published: 2008-02-04; Paperback; Book
Best price: $28.98
Price in other shops:
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flawsby Dafydd Stuttard, Marcus Pinto
Wiley; Published: 2007-10-22; Paperback; Book
Best price: $27.09
Price in other shops:
Penetration Tester's Open Source Toolkit, Volume 2by Chris Hurley
Syngress; Published: 2007-10-12; Paperback; Book
Best price: $37.39
Price in other shops: