[framework] Metasploit Penetration Testing Examples

[jag]

On 6/24/07, Patrick Webster <patrick at aushack.com> wrote:
> Once you've gathered enough information, you can then start targeted attacks
> (this is where metasploit comes in handy) etc to reach your goal...
>
> You'd then typically write a pretty report with an executive summary and
> technical findings/recommendations for management.
>
> As you can see, pen-testing is too broad a subject to be handled completely
> by MSF. Take a look at the Hacking Exposed book Table of Contents (I
> couldn't find anything else) for some ideas:

I'm not security expert, sorry for this...

But with metasploit i'm able to execute all steps for one little
pentest, using the tools from metasploit:

i'm able to do "network discovery" with db_nmap (says information
gathering ok it's too large)
select and use exploits with payload for Attack and Penetration Phase
with db_autopwn
is Metasploit able to execute and manage a proxy chain? i think yes
and, with Metasploit, am i able to execute any local exploit for
privilege escalation?

i have used framework called Core Impact in the past, ok, in that
framework all is automatic but i don't think Metasploit can't able to
execute a similar pen test with similar results... I'm right now using
the same "voice" from CI to execute the penetration Testing and
explain it, but i need documentation about, sharing and using
information gathered in database from db_nmap to other modules and
exploits and some informations to generate a report about the
semiautomatic penetration Testing, if no module is available now, is
there a template to create a beauty report for my penetration testing?

thank you for your answer! and, other help is welcome!

p.s. sorry for my english :(

jag