Metasploit The Penetration Tester's Guide
by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni
No Starch Press 2011.
ISBN 978-1-59327-288-3. Amazon.com USD 27.24; Table of Contents
Reviewed by Richard Austin Sep. 24, 2011
Metasploit has been called a lot of things depending on which side of the IT security equation you call home but the reality is that it is a powerful tool for use by both security professionals and their adversaries. It both automates and provides building blocks for attacks against the assets we are charged to protect.
Previously, documentation on Metasploit was fragmented and rather obscure as it tended to be scattered across a wide universe of project wikis, articles and folklore. This book provides a solid starting point for becoming familiar with the capabilities and use of this tool whether one is a penetration tester or charged with defending information assets.
It is a technical book and requires s good understanding of systems and software to derive maximum benefit. Its presentation is heavily based on examples that illustrate the tools in operation. An appendix (which paradoxically should be the first thing you read) explains how to build exploitable Windows and Linux env ironments to support working through the examples.
The worked-out examples are based, I believe, on Back|Track 4 so if the reader is using Back|Track 5, as I was, there will be some required minor translations of directory locations, etc, to reflect the new release.
As with any book by multiple authors, there is some unevenness in presentation. Some examples are written from a tutorial perspective while others just paint the major signposts along the way. There are also some production issues such as a missing figure on page 83 and a duplication of figure 14-1 as 14-4. There is also rather of a howler on page 216 where the ESP register is described as the extended "starter pointer" instead of "stack pointer". However, these are definitely minor blemishes.
The book provides an excellent overview of the state of the art in exploitation of both technical and human vulnerabilities. The presentation in chapter 10 on "The Social Engineer's Toolkit" (SET) is a sobering walk through of how human behavior can be exploited to achieve an adversary's result. The discussion of how SET can be used in combination with a hardware device such as the Teensy USB microcontroller illustrates just how inventive our adversaries have become.
The final chapter of the book presents a detailed walkthrough of Metasploit's use in a simulated penetration test.
The book leaves the reader with a shocking appreciation of just how easy it is to perform these attacks with the proper tools. While Metasploit makes some attacks so simple that a "script kiddie" could mount them, its truly frightening capabilities lie in the framework's building blocks for constructing powerful, blended attacks worthy of the true professional. Whether you are a penetration tester or a technical security professional, quality time spent working through this book will add valuable tools and insight to your professional repertoire.