Metasploit mailing list archives
Metasploit Penetration Testing Examples
From: fchang at digiware.com.co (Felipe Chang - Digiware)
Date: Sun, 24 Jun 2007 09:56:39 -0500
FYI Best Regards -----Mensaje original----- De: jag [mailto:gmljag at gmail.com] Enviado el: domingo, 24 de junio de 2007 9:40 Para: framework at metasploit.com Asunto: Re: [framework] Metasploit Penetration Testing Examples On 6/24/07, Patrick Webster <patrick at aushack.com> wrote:
Once you've gathered enough information, you can then start targeted
attacks
(this is where metasploit comes in handy) etc to reach your goal... You'd then typically write a pretty report with an executive summary and technical findings/recommendations for management. As you can see, pen-testing is too broad a subject to be handled
completely
by MSF. Take a look at the Hacking Exposed book Table of Contents (I couldn't find anything else) for some ideas:
I'm not security expert, sorry for this... But with metasploit i'm able to execute all steps for one little pentest, using the tools from metasploit: i'm able to do "network discovery" with db_nmap (says information gathering ok it's too large) select and use exploits with payload for Attack and Penetration Phase with db_autopwn is Metasploit able to execute and manage a proxy chain? i think yes and, with Metasploit, am i able to execute any local exploit for privilege escalation? i have used framework called Core Impact in the past, ok, in that framework all is automatic but i don't think Metasploit can't able to execute a similar pen test with similar results... I'm right now using the same "voice" from CI to execute the penetration Testing and explain it, but i need documentation about, sharing and using information gathered in database from db_nmap to other modules and exploits and some informations to generate a report about the semiautomatic penetration Testing, if no module is available now, is there a template to create a beauty report for my penetration testing? thank you for your answer! and, other help is welcome! p.s. sorry for my english :( jag -------------- next part -------------- A non-text attachment was scrubbed... Name: RadarHack - Metasploit for Dummies.pdf Type: application/pdf Size: 22206 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070624/cafca114/attachment.pdf> -------------- next part -------------- A non-text attachment was scrubbed... Name: NWCET - Using the Metasploit Framework.pdf Type: application/pdf Size: 564798 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070624/cafca114/attachment-0001.pdf>
Current thread:
- Metasploit Penetration Testing Examples jag (Jun 24)
- Metasploit Penetration Testing Examples Patrick Webster (Jun 24)
- Metasploit Penetration Testing Examples jag (Jun 24)
- Metasploit Penetration Testing Examples Felipe Chang - Digiware (Jun 24)
- Metasploit Penetration Testing Examples jag (Jun 24)
- Metasploit Penetration Testing Examples Jerome Athias (Jun 24)
- Metasploit Penetration Testing Examples jag (Jun 25)
- Metasploit Penetration Testing Examples Jerome Athias (Jun 25)
- Metasploit Penetration Testing Examples jag (Jun 24)
- Metasploit Penetration Testing Examples Patrick Webster (Jun 24)