Hacks

Writing A Simple Fuzzer:- Fuzzers are tools used by security professionals to provide invalid and unexpected data to the inputs of a program. Typical fuzzers test an application for buffer overflows, format string, directory traversal attacks, command execution vulnerabilities, SQL Injection, XSS and more. Because Metasploit provides a very complete set of libraries to security professionals for many network protocols and data manipulations, the framework is a good candidate for quick development of simple fuzzers. Rex::Text module provides lots of handy methods for dealing with text like: Buffer conversion Encoding (html, url, etc) Checksumming Random string generation The last point is obviously extremely helpful in writing simple fuzzers. For more information, refer to the API documentation at http://metasploit.com/documents/api/rex/classes/Rex/Text.html . Here are some of the functions that you can find in Rex::Text : 

Vulnerability Scanning Vulnerability scanning will allow you to quickly scan a target IP range looking for known vulnerabilities, giving a penetration tester a quick idea of what attacks might be worth conducting. When used properly, this is a great asset to a pen tester, yet it is not without it's draw backs. Vulnerability scanning is well known for a high false positive and false negative rate. This has to be kept in mind when working with any vulnerability scanning software. Lets look through some of the vulnerability scanning capabilities that the Metasploit Framework can provide.

Just today PortSwigger announced the Burp Suite Professional v1.5.12 release with various enhancements and bug fixes. Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. From new version, pentester is able to define Proxy interception rules based on the listener port number and also to define processing rules to systematically derive one payload from another. New release is available from:-Click Here

Information Gathering The foundation for any successful penetration test is solid information gathering. Failure to perform proper information gathering will have you flailing around at random, attacking machines that are not vulnerable and missing others that are.  We will next cover various features within the Metasploit framework that can assist with the information gathering effort.

Metasploit Fundamentals:- There are many different interfaces to the Metasploit framework, each with their own strengths and weaknesses. As such, there is no one perfect interface to use with MSF, although the msfconsole is the only supported way to access most features of the Framework. It is still beneficial, however, to be comfortable with all the interfaces that MSF offers. The next module will provide an overview of the various interfaces, along with some discussion where each is best utilized. 

                                               Requirements:- Before we dive into the wonderful world of the Metasploit Framework we need to ensure our setup will meet or exceed some requirements before we proceed. This will help eliminate many problems before they arise later in this document.  Hardware All values listed are estimated or recommended. You can get away with less although performance will suffer.  Some of the hardware requirements that should be considered are: 1).Hard Drive Space 2).Available Memory 3).Processors Capabilities 4).Inter/Intra-net Access Hard Drive Space:- This will be the most taxing hurdle to overcome. Be creative if you might have some storage space constraints. This process can consume almost 20 gigabytes of Storage space, so be forewarned. This means we can not use a FAT32 partition since it do...

                        Introduction:- "If i'd 10 hours to chop down down a tree,i'd spent  the first six hours sharping my axe."                 - Abraham Lincoln What makes an Man perfect?? The answer is practice , their is a popular quote :-"Practice makes man perfect" All What We have to Do is practice and their will be Good result . . I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This...