Results 1 to 5 of 5

Thread: testing a wide range of Metasploit attacks

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default testing a wide range of Metasploit attacks

    Hi, I'm wondering how practical it would be to set up a test environment that would utilize a wide range of metasploit attacks, as much as possible really. Is there any easy way to export most of the available exploits and send them over a network to test IDS signatures for example? Would this even work properly and how much would it differentiate from a manual attack?

    I've set up BT5 and Windows virtually and done a few tutorials but over all I'm inexperienced and testing everything extensively this way would be too time consuming.

    Any help would be appreciated.

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: testing a wide range of Metasploit attacks

    Sounds like what you really need is a professional penetration test, but that is cost-prohibitive. So, you need to do a pen-test yourself. Here are my suggestions for a quick & dirty pen-test. Do a good recon of your network with nmap, and see what's there. Then, use msfcli to script out some auxiliary modules. Run this script, and see what comes up. Then, as time & resources permit, script out some exploits with msfcli, and run that. You may find armitage helpful. Depending on your budget, nessus may be a good alternative, too.

    Of course, there's always the Pentesting With BackTrack course at Offensive Security After taking the course, you can truly pen-test your network.
    Last edited by scottm99; 11-28-2011 at 03:10 PM.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: testing a wide range of Metasploit attacks

    Quote Originally Posted by SaltWaterHippo View Post
    Hi, I'm wondering how practical it would be to set up a test environment that would utilize a wide range of metasploit attacks, as much as possible really. Is there any easy way to export most of the available exploits and send them over a network to test IDS signatures for example? Would this even work properly and how much would it differentiate from a manual attack?

    I've set up BT5 and Windows virtually and done a few tutorials but over all I'm inexperienced and testing everything extensively this way would be too time consuming.

    Any help would be appreciated.
    This is very practical and a smart thing to do. It would suck to set up something like snort and find out the signatures were not loaded properly or outdated.
    I am afraid that you will need to understand the tools you are using better to do this. So set up your lab and get crackin'. There are many ways to do what you suggest.

    Trial and error or take a class. I have heard some good things about Offensive security courses and metasploit has megaprimers everywhere.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  4. #4
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default Re: testing a wide range of Metasploit attacks

    Thanks for the feedback and sorry for the late reply. I've been using Armitage for the past few weeks and found it very useful, I'm sure it's made the learning curve much easier and saved me a lot of time. It's for a Uni project and the main focus isn't metasploit but the more extensively it's used the better my results.

    I've been wanting to do the metasploit course and a few others for a while now but just not had the time, after I graduate next year I'll probably get it done

  5. #5
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: testing a wide range of Metasploit attacks

    Armitage is a more friendly front-end to MSF, so it's a good way to get familiar with the framework. Definitely check out the metasploit unleashed course over at www.offensive-security.com; it's really good!
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. BT5 n00b and testing system with Metasploit
    By chris_heyward in forum BackTrack 5 General Topics
    Replies: 5
    Last Post: 11-16-2011, 04:21 AM
  2. BT5 n00b and testing system with Metasploit
    By chris_heyward in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 11-13-2011, 11:33 PM
  3. Can this setting in Win 7 thwart most Metasploit attacks?
    By exus69 in forum BackTrack 5 General Topics
    Replies: 6
    Last Post: 07-24-2011, 04:10 PM
  4. Metasploit V4.00-Testing - svn r13289
    By Si2006 in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 07-22-2011, 05:24 PM
  5. testing browser attacks
    By m-1-k-3 in forum Tutorials und Howtos
    Replies: 0
    Last Post: 02-01-2010, 11:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •