TABLE OF CONTENTS For those of us who were fortunate enough to attend Blackhat Las Vegas 2004, the scene in hall {##} was unforgettable. The title of the talk was "Hacking Like in the Movies." HD Moore and spoonm were on stage presenting the arrival of their tool Metasploit Framework (MSF) version 2.2. The hall was packed to the gills. People stood in the aisles, and the crowd was spilling over to the main corridor. Two screens glowed to life the black one on the left showing the MSF commands in action, and the blue one on the right showing a Windows system being compromised. Applause flowed freely throughout the session, and the consensus was clear, "Metasploit had come of age." But we should have known better. That was only a taste of things to come. With the arrival of MSF version 3.0, the entire approach to information security testing is likely to be revolutionalized. MSF 3.0 is not only an exploit platform, but it is in fact a security tool development platform. The application program interfaces (APIs), architecture, and indeed the philosophy behind the tool promise to make its launch one of the most exciting events in recent times.
So what is Metasploit, and why is there such a buzz around the tool? This book introduces the reader to the main features of the tool, its installation, using it to run exploits, and advanced usage to automate exploits and run custom payloads and commands on exploited systems.
