Hakin9 is a magazine about the best technical solutions and latest trends in IT security and insecurity. We wish to make this knowledge accessible to everyone, whether they are professionals or hobbyists. The articles we publish are written by specialists who put theory into practice and show how to gain hakin9 skills. - This affiliate has offered step by step Metasploit free tutorials for me.
Would you like to be featured in one of these Hakin9 releases and be seen by over 100,000 readers? Become a Mafia Security Author to find out more OR follow our Step by step Penetration Test to the max!
DEFENSE PATTERN
How to Use Metasploit for Security DefenseBy Justin C. Klein Keane, an Information Security Specialist working at the University of PensylvaniaIf you’ve ever taken any training about penetration testing, or read almost any book or online article about the trade, you’ve heard of Metasploit. Years ago, before penetration testing was a recognized professional field, exploiting a vulnerability was often an extremely onerous task. Identifying a vulnerability might be as easy as fingerprinting a system then searching public mailing lists, but finding exploit code was often difficult.
How to Use Metasploit for Security DefenseBy Justin C. Klein Keane, an Information Security Specialist working at the University of PensylvaniaIf you’ve ever taken any training about penetration testing, or read almost any book or online article about the trade, you’ve heard of Metasploit. Years ago, before penetration testing was a recognized professional field, exploiting a vulnerability was often an extremely onerous task. Identifying a vulnerability might be as easy as fingerprinting a system then searching public mailing lists, but finding exploit code was often difficult.
How to Work with Metasploit Auxiliary ModulesBy Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded communityThe Metasploit framework is based on a modular architecture. This means that all the exploits, payloads, encoders etc are present in the form of modules. The biggest advantage of a modular architecture is that it is easier to extend the functionality of the framework based on requirement. Any programmer can develop his own module and port it easily into the framework.
How to Explore the IPv6 Attack Surface with MetasploitBy Mike Sheward, a security specialist for a software-as-a-service provider based in SeattleIPv6 is often described as a parallel universe, co-existing alongside existing IPv4 infrastructure in a bid to ease the transition process. Often left unmanaged and unmonitored in networks, those IPv6 packets could provide a great opportunity for the savvy attacker. Thanks to the Metasploit framework, exploring the IPv6 attack surface has become a lot easier.
HAKIN9 EXTRA
How to Use The Mac OS X Hackers Toolbox
By Phillip Wylie, CISSP, IAM
When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux. While this a great option, sometimes it is nice to have your tools running on the native operating system of you computer.
How to Use The Mac OS X Hackers Toolbox
By Phillip Wylie, CISSP, IAM
When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux. While this a great option, sometimes it is nice to have your tools running on the native operating system of you computer.
NETWORK SCANNING
How to Scan with Nessus from within MetasploitBy Michael Boman, a penetration tester, delivering courses in security testing and secure developmentWhen you perform a penetration test with Metasploit you sometimes import vulnerability scanning results for example Nessus Vulnerability Scanner. Usually you start the scan externally from Metasploit framework and then import the results into Metasploit. What you can do is to manage the Nessus scan from within Metasploit and easily import the results into your process. But let’s start from the beginning.
How to Scan with Nessus from within MetasploitBy Michael Boman, a penetration tester, delivering courses in security testing and secure developmentWhen you perform a penetration test with Metasploit you sometimes import vulnerability scanning results for example Nessus Vulnerability Scanner. Usually you start the scan externally from Metasploit framework and then import the results into Metasploit. What you can do is to manage the Nessus scan from within Metasploit and easily import the results into your process. But let’s start from the beginning.
How to Use Multiplayer Metasploit with ArmitageBy Michael Boman, a penetration tester, delivering courses in security testing and secure developmentMetasploit is a very cool tool to use in your penetration testing: add Armitage for a really good time. Penetration test engagements are more and more often a collaborative effort with teams of talented security practitioners rather than a solo effort.
Armitage is a scriptable red team (that is what the offensive security teams are called) collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.
Armitage is a scriptable red team (that is what the offensive security teams are called) collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.
EXPLORING DATABASE
How to use Sqlploit
By George Karpouzas, co-founder of WEBNETSOFT, a software development and IT Services company, specialized in application security
Databases nowadays are everywhere, from the smallest desktop applications to the largest web sites such as Facebook. Critical business information are stored in database servers that are often poorly secured. Someone with access to this information could have control over a company’s or an organization’s infrastructure.
How to use Sqlploit
By George Karpouzas, co-founder of WEBNETSOFT, a software development and IT Services company, specialized in application security
Databases nowadays are everywhere, from the smallest desktop applications to the largest web sites such as Facebook. Critical business information are stored in database servers that are often poorly secured. Someone with access to this information could have control over a company’s or an organization’s infrastructure.