A while ago we tried to identify a core toolset that every pentester should start with or couldn’t live without. The first article focused on Nmap, The second on our list is none other than the exploit framework Metasploit. Instead of reinventing the wheel with Metasploit guides we decided to take all the disparate info on using Metasploit and put it into one place, starting from the basics all the way to advanced testing.

Here’s what I reference all the time, is new, I think is cool, or have yet to forget regarding Metasploit… and I’m still probably missing a ton of cool stuff.

If you like this content a lot of it comes from authors of the book (see below) or people promoting Hackers for Charity… so go donate a few bucks and help Johnny Long enrich some kids lives and also buy the book and help Dave Kennedy put his kids through college (I actually don’t know if he has kids =P)

First off, read this:

It’s really good… No, seriously, go get it now…

Then:

Metasploit Unleashed:

 
The Metasploit book is very close to MSU because some of the authors are the same. Metasploit Unleashed is maintained by Offensive Security and promoted (although not the official training, SANS 580 is) by HDM and Rapid7.

Sections contained are:

• Metasploit Fundamentals
• Information Gathering
• Vulnerability Scanning
• Writing a Simple Fuzzer
• Exploit Development
• Client Side Exploits
• MSF Post Exploitation
• Meterpreter Scripting
• Maintaining Access
• MSF Extended Usage
• Beyond Metasploit

Although Offsec originally said they were going to do videos for the content at the low, low cost of a donation to Hackers for Charity… people got busy. That’s okay though! A very talented NoVA pentester, Georgia Weidman , did a whole class and recorded it all the way through, with great industry guest speakers, for the hackerspace Reverse Space:

Metasploit Unleashed Week 1 Screencast from Georgia Weidman on Vimeo.

she also did a more recent modified class “Metasploit for Penetration Testing”:
 

Metasploit for Penetration Testing at The Brain Tank Week 1 from Georgia Weidman on Vimeo.

The Louisville Metasploit Class (on Irongeek.com):

The Louisville Metasploit class was held, “On May 8th 2010 (for) the Kentuckiana ISSA … A 7 hour Metasploit class at the Brown hotel in Louisville Ky.  Proceeds from the class went to the Hackers For Charity Food for Work program. The instructors were David “ReL1K” Kennedy, Martin “PureHate” Bos, Elliott “Nullthreat” Cutright, Pwrcycle and Adrian “Irongeek” Crenshaw…” Again, taught by Dave and other contributors to Metasploit/Offsec/Backtrack.

This class was very good, including sections on the following:

• Metasploit Intro – Irongeek
• Metasploit Scanning and Pivoting – Pwrcycle
• Metasploit Fuzzing and Exploit Development – Nullthreat
• Meterpreter and Post Exploitation (and a demo of Metasploit Express) – Purehate
• Social Engineering Toolkit – ReL1K
• More Encoding Fun, Fasttrack and Closing – ReL1K

The Metasploit Megaprimer (on SecurityTube.net):

Vivek Ramachandran has created a 16 part video series on Metasploit based off of MSU and other interesting sources.

Below are the video links and a short description:

1. Exploitation Basics and need for Metasploit http://bit.ly/b2Y2pE
2. Getting Started with Metasploit  http://bit.ly/bLgTOm
3. Meterpreter Basics and using Stdapi http://bit.ly/9sjqqH
4. Meterpreter Extensions Stdapi and Priv http://bit.ly/97f1U3
5. Understanding Windows Tokens and Meterpreter Incognito http://bit.ly/anbODH
6. Espia and Sniffer Extensions with Meterpreter Scripts http://bit.ly/c4A4Eg
7. Metasploit Database Integration and Automating Exploitation http://bit.ly/bT1uD5
8. Post Exploitation Kung Fu http://bit.ly/dicJzI
9. Post Exploitation Privilege Escalation http://bit.ly/asr1ML
10. Post Exploitation Log Deletion and AV Killing http://bit.ly/bvCudb
11. Post Exploitation and Stealing Data http://bit.ly/auwtBm
12. Post Exploitation Backdoors and Rootkits http://bit.ly/a7n8nw
13. Post Exploitation Pivoting and Port Forwarding http://bit.ly/9mOztm
14. Backdooring Executables http://bit.ly/bZxwgK
15. Auxiliary Modules http://bit.ly/du779R
16. Pass the Hash Attack http://bit.ly/d7bdZi

The Offensive Security Ohio Chapter Metaploit/Pentesting Class (recorded by Security Justice podcast):

 
This was  short 3 part class taught by Dave Kennedy (aka ReL1K if you haven’t figured that out yet) for the Ohio Offensive Security Chapter. Very much akin to MSU but worth watching for a different view on the same concepts.
 

Chris Gates on Auxillary Scanners and Rob Fuller on Metasploit Magic:

These two presentations are both from Reverse Space and go over using auxiliary modules and inspecting lesser known parts of the framework.

Chris Gates Metasploit at Reverse Space from Georgia Weidman on Vimeo.

Chris Gates Metasploit at Reverse Space Part 2 from Georgia Weidman on Vimeo.

Rob Fuller (mubix) Metasploit at Reverse Space from Georgia Weidman on Vimeo.

Ryan Lynn on Metasploit Tips and Tricks:

 
Ryan goes over some awesome tips and tricks in metasploit relating to imports, extensibility, etc.
 

SecTor 2010 – Ryan Linn – Metasploit Tips and Tricks from Vivek Ramachandran on Vimeo.

Metasploitable and Walkthroughs by G0tMi1k

 
Mid this year Rapid7 and the Metasploit team released a challenge VM called Metasploitable. I use this in my intro to hacking classes all the time. For my virtual students who miss labs, I direct them to g0tmi1k’s Metasploitable walkthroughs :

Download the Metasploitable Torrent Here

Neurosurgery with Meterpreter (by Colin Ames of Attack Research):

 
A wonderful primer to meterpreter and it’s implications to how you can really manipulate memory.
 
 

Beyond Exploits: Real World Penetration Testing:

 
HD goes over all the ways you can win without exploits, this is really how most pentesters leverage the framework today!
 

Beyond Exploits: Real World Penetration Testing from Securityaegis on Vimeo.

Defeating Exploit Defenses and Porting Exploits to Metasploit by Dino Dai Zovi:

 
This is just plain good to watch in general… Part of Dan Guido’s free NY Poly Pentest and Vuln analysis course.
 

Exploitation 102 – Fall 2010 from Dan Guido on Vimeo.

MiTM Attacks with Metasploit:

• Evilgrade (Hijacking Software Updates) and Karmetasploit (FakeAP Pwnage) Added/Updated for Metasploit
• DHCP Exhaustion and MiTM using Metasploit
• Airpwn and DNSpwn in Metasploit – 1 , 2
• NBNS Spoofing in Metasploit

Metasploit for Web Attacks:

• Metasploit vs WebDAV
• Attacking Oracle Web applications with Metasploit

Attacking Oracle Web Applications with Metasploit (and wXf) SOURCE Boston 2011 from carnal0wnage on Vimeo.

• Attacking Glassfish and other SOAP/Web Services with Metasploit
• Metasploit  RFIs to command shell
• Metasploit vs Typo3 CMS
• Scanning for and downloading web server pages , 2
• BeEF in Metasploit (integration)
• XSS to Shell using Jboss Auth Bypass and BeEF

Jboss 6.0.0M1 JMX Deploy Exploit: the BeEF way… from Michele "antisnatchor" Orru' on Vimeo.

Extending and Automating in Metasploit:

• Writing Meterpreter Extensions
• Metasploit Payloads, msfvenom, and more. 1 , 2, 3
• Using auxillary modules against multiple hosts, 2
• Meterpreter Railgun Extensibility
• Running Post Exploitation Modules across multiple Meterprer sessions
• Using Resource Files for Win and Profit
• Post Exploitation Forensic Tools

Other Metasploit Goodies:

• John The Ripper integrated Metasploit module
• Attacking SAP Interfaces with Metasploit
• Hash Scanning and Mass Pass the Hash
• Broken NAT and Better Portscanning in Metasploit
• Metasploit workshop (porting exploits)
• Another Porting Exploits to Metasploit Primer
• The Armitage-GUI for Metasploit Training Series

Armitage and Metasploit Training – Introduction from Raphael Mudge on Vimeo.

• Meterpreter Cheatsheet