[framework] Metasploit Penetration Testing Examples

Felipe Chang - Digiware fchang at digiware.com.co
Sun Jun 24 09:56:39 CDT 2007 

FYI

Best Regards 

-----Mensaje original-----
De: jag [mailto:gmljag at gmail.com] 
Enviado el: domingo, 24 de junio de 2007 9:40
Para: framework at metasploit.com
Asunto: Re: [framework] Metasploit Penetration Testing Examples

On 6/24/07, Patrick Webster <patrick at aushack.com> wrote:
> Once you've gathered enough information, you can then start targeted
attacks
> (this is where metasploit comes in handy) etc to reach your goal...
>
> You'd then typically write a pretty report with an executive summary and
> technical findings/recommendations for management.
>
> As you can see, pen-testing is too broad a subject to be handled
completely
> by MSF. Take a look at the Hacking Exposed book Table of Contents (I
> couldn't find anything else) for some ideas:

I'm not security expert, sorry for this...

But with metasploit i'm able to execute all steps for one little
pentest, using the tools from metasploit:

i'm able to do "network discovery" with db_nmap (says information
gathering ok it's too large)
select and use exploits with payload for Attack and Penetration Phase
with db_autopwn
is Metasploit able to execute and manage a proxy chain? i think yes
and, with Metasploit, am i able to execute any local exploit for
privilege escalation?

i have used framework called Core Impact in the past, ok, in that
framework all is automatic but i don't think Metasploit can't able to
execute a similar pen test with similar results... I'm right now using
the same "voice" from CI to execute the penetration Testing and
explain it, but i need documentation about, sharing and using
information gathered in database from db_nmap to other modules and
exploits and some informations to generate a report about the
semiautomatic penetration Testing, if no module is available now, is
there a template to create a beauty report for my penetration testing?

thank you for your answer! and, other help is welcome!

p.s. sorry for my english :(

jag
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RadarHack - Metasploit for Dummies.pdf
Type: application/pdf
Size: 22206 bytes
Desc: not available
Url : http://spool.metasploit.com/pipermail/framework/attachments/20070624/cafca114/attachment.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NWCET - Using the Metasploit Framework.pdf
Type: application/pdf
Size: 564798 bytes
Desc: not available
Url : http://spool.metasploit.com/pipermail/framework/attachments/20070624/cafca114/attachment-0001.pdf

More information about the framework mailing list