- Inguma
- Fast-Track
- Metasploit Framework 3
Fast-Track has a lot of potential but the documentation is very slim. There are many references to a wiki and other things at thepentest.com but the site seems to be dying or dead. Fast-Track used to be backed by SecureState.com but I'm not even sure that Dave Kennedy (the author) even works there anymore. There is no information on Fast-Track to be found at the SecureState site anymore. I will still continue to investigate this tool, just because it seems like it could be very useful.
This leaves us with the tool of choice: Metasploit Framework 3. Metasploit is very broad in scope, and covers just about any area a pen-tester could need. Its abilities range from the 'autopwn' tool to creating custom exploit modules.
I was able to successfully attack a test vm running Windows XP SP3. The exploit I used was exploit/windows/browser/ie_createobject. It was a good example for this lab, because it basically creates a malicious webserver that listens for connections. I connected to it from the vm using IE 6, and got exploited with no real visible clue. The page contained some random text but I'm sure this could be adjusted. I just chose a simple reverse tcp shell for the payload, and it connected back just fine. I was able to execute commands on the victim.
Since it is obvious that Metasploit is going to be the most useful, I intend on doing much more practice with it. I need to concentrate on figuring a way to get a toolkit uploaded to the exploited computer. This way I can work on scanning the network from the inside and increasing my foothold with tools like Ettercap.
One small note, Matriux doesn't come with a pdf viewer as far as I could tell. Both the Metasploit user manual and developer manual are pdf files. You can install a pdf viewer by typing sudo apt-get update, and then sudo apt-get install epdfview.
No comments:
Post a Comment