436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 378_Metas_FM.qxd 8/20/07 2:42 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations. Contact us at sales@syn- gress.com for more information. CUSTOM PUBLISHING Many organizations welcome the ability to combine parts of multiple Syngress books, as well as their own content, into a single volume for their own internal use. Contact us at [email protected] for more information. 378_Metas_FM.qxd 8/20/07 2:42 PM Page ii 378_Metas_FM.qxd 8/20/07 2:42 PM Page iii Metasploit Toolkit FOR PENETRATION TESTING, EXPLOIT DEVELOPMENT, AND VULNERABILITY RESEARCH David Maynor K. K. Mookhey 378_Metas_FM.qxd 8/20/07 2:42 PM Page iv Elsevier,Inc.,the author(s),and any person or firm involved in the writing,editing,or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind,expressed or implied,regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights,which vary from state to state. In no event will Makers be liable to you for damages,including any loss of profits,lost savings,or other incidental or consequential damages arising out from the Work or its contents.Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages,the above limitation may not apply to you. You should always use reasonable care,including backup and other appropriate precautions,when working with computers,networks,data,and files. Syngress Media®,Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,”are registered trademarks of Elsevier,Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,”and “The Only Way to Stop a Hacker is to Think Like One™”are trademarks of Elsevier,Inc.Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 BAL923457U 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing,Inc. Elsevier,Inc. 30 Corporate Drive Burlington,MA 01803 Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research Copyright © 2007 by Elsevier,Inc.All rights reserved.Printed in the United States of America.Except as permitted under the Copyright Act of 1976,no part of this publication may be reproduced or distributed in any form or by any means,or stored in a database or retrieval system,without the prior written permission of the publisher,with the exception that the program listings may be entered,stored,and executed in a computer system,but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13:978-1-59749-074-0 Publisher:Amorette Pedersen Managing Editor:Andrew Williams Project Manager:Gary Byrne Page Layout and Art:Patricia Lupien Technical Editor:Kevin Beaver Copy Editors:Adrienne Rebello,Judy Eby, Cover Designer:Michael Kavish Michael McGee Indexer:Julie Kawabata For information on rights,translations,and bulk sales,contact Matt Pedersen,Director of Sales and Rights;email [email protected]. 378_Metas_FM.qxd 8/20/07 2:42 PM Page v Technical Editor Kevin Beaver (CISSP) is an independent information security consultant, author,and expert witness with Atlanta-based Principle Logic,LLC.He has two decades of experience in the field and specializes in performing infor- mation security assessments focused on compliance.Before starting his information security consulting practice in 2001,Kevin served in various information technology and security roles for several health care,e-com- merce,financial,and educational institutions. Kevin has authored/coauthored six books on information security, including the highly successful Hacking for Dummies,Hacking Wireless Networks for Dummies,and Securing the Mobile Enterprise for Dummies (all pub- lished by Wiley),as well as The Definitive Guide to Email Management and Security (Realtimepublishers.com) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). In addition to writing his books,Kevin is the creator and producer of the audiobook series Security On Wheels,providing practical security advice for IT professionals on the go.He is also a regular columnist and information secu- rity adviser for various Web sites,including SearchWindowsSecurity.com, SearchSQLServer.com,and SearchStorage.com.In addition,Kevin’s work has been published in Information Security Magazine and CSI’s Computer Security ALERT newsletter.Kevin is consistently a top-rated speaker on information security at various conferences for RSA,CSI,IIA,and SecureWorld Expo. Kevin earned his bachelor’s degree in computer engineering technology from Southern Polytechnic State University and his master’s degree in man- agement of technology from Georgia Tech.He also holds MCSE,Master CNE,and IT Project+ certifications. Kevin was the technical editor for chapters 1 through 4. v 378_Metas_FM.qxd 8/20/07 2:42 PM Page vi 378_Metas_FM.qxd 8/20/07 2:42 PM Page vii Contributing Authors David Maynor is a founder of Errata Security and serves as the chief tech- nical officer.Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engi- neering and exploit development to produce Hacker Eye View reports. Maynor has previously been the senior researcher for Secureworks and a research engineer with the ISS Xforce R&D team,where his primary responsibilities included reverse engineering high-risk applications, researching new evasion techniques for security tools,and researching new threats before they become widespread.Before joining ISS,Maynor spent three years at Georgia Institute of Technology (GaTech),with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. K. K. Mookhey is the principal consultant and founder at NII Consulting. He has seven years of experience in the field of information security and has worked with prestigious clients such as the United Nations WFP,Dubai Stock Exchange,Saudi Telecom,Capgemini,and Royal Sun & Alliance. His skills and know-how encompass risk management,compliance, business continuity,application security,computer forensics,and penetration testing.He is well versed with international standards such as ISO 27001, BS 25999,and ISO 20000. He is the author of Linux Security,Audit and Controls,by ISACA,and of numerous articles on information security.He has also presented at confer- ences such as Blackhat,Interop,and IT Underground. vii 378_Metas_FM.qxd 8/20/07 2:42 PM Page viii Jacopo Cervini,aka [email protected] (CCNA,CCSA,Netasq admin, Netasq Expert),works for a company in Italy that is a leading provider of business security,business continuity services,and solutions for customers operating in various markets and fields (mainly ffinance and insurance). He is a designer for technical support engineers,and his specialties include Cisco routers;Check Point,Cisco,and Netasq firewalls;and net- work and security troubleshooting and optimization. He was technical support manager for the same company.Jacopo has worked previously in customer support at one of the first Italian ISPs. He is the author of some modules for Metasploit (Minishare,Mercur Imap,Badblue ecc.) and sometimes publishes “stand-alone”exploits for exploit archives sites like milw0rm.Some exploits are POC (Proof of Concept) on www.securityfocus.com. Fairuzan Roslan is an independent security researcher and one of the founders of Malaysian Security Research Team (MYSEC),a nonprofit secu- rity research organization.Currently,he is working as an IT security officer at MIMOS Berhad,the leading applied research center in Malaysia.He is also one of the contributors of the Metasploit Framework Project.In his free time,he likes to search for new security vulnerability,code auditing, and exploit development. Efrain Torres is a Colombian security researcher with over eight years of information security experience within a broad range of technical disci- plines,including extensive experience in application/network penetration testing,vulnerability research,security architectures,policies and procedures development,risk assessments,and execution of security initiatives for large financial,energy,government,and health care organizations in the U.S., Colombia,Ecuador,and Venezuela.In addition,he has developed numerous penetration-testing tools,exploits,and techniques that are published on var- ious reputable information security Web sites and mailing lists.He currently works for one of the big four firms as a senior associate in the risk advisory services practice in Houston,Texas.Efrain holds a bachelor’s degree in sys- tems engineering from the Pontificia Universidad Javeriana in Bogotá, Colombia. viii
Description: