© Jean-Marie Guyon, 123RF.com

Penetration testing and shell tossing with Metasploit

Pen Test Tips

The Metasploit Framework [1] is a penetration testing toolkit, exploit-development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. By mixing and matching payloads, encoders, and NOP slide generators [2] with exploit modules, you can solve almost any exploit-related task.

In previous articles, I introduced you to the metasploit environment, the tools that professional attackers use [3], and how intruders hide malicious files from virus scanners [4]. In this article, I will walk you through using the latest version of the Nessus pre-built plugin filter Metasploit Framework in your penetration testing. You will get a glimpse at how pen testers use Metasploit to probe and penetrate a real-world system. I will also cover some useful Metasploit tips for achieving privilege escalation. For instance, wouldn't it be great to have a shell on another computer just in case you lose your meterpreter shell?

Integrating Nessus 5 with Metasploit

With the release of Nessus 5 configuration vulnerability scanning tool by Tenable Network Security, users now have better filtering, analysis, and reporting, as well as faster scanning time. The Metasploit Nessus plugin allows you to select only those checks that cover vulnerabilities whose exploits are in the Metasploit Exploit framework.

To start, go to the Tenable site [5], download Nessus 5, and install it. The new installation will reside in /opt/nessus and will install over the top of any previous Nessus versions. Start the nessus daemon and open your web browser to

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia