Metasploit Unleashed - Starting April 11th

General technological topics without their own forum go here

Metasploit Unleashed - Starting April 11th

Post by limdis on Thu Mar 26, 2015 6:19 pm
([msg=87409]see Metasploit Unleashed - Starting April 11th[/msg])

Image


What's up guys. I'm ready to fire this course up again. This time with a bit more involvement and additional projects for you to practice and hone your skills on. If you have never heard about Metasploit before I highly encourage you to check it out. This course is more than simply reading about exploits. You will actually be performing them! The goal is to provide you with the opportunity to really dive into penetration testing, and learn together with others. If you have ever wished that someone took you under their wing and teach you, this is as close as you will get.


Course Link:
-- Metasploit Unleashed!!!

Requirements:
-- Metasploit Framework
-- Metasploitable
-- Virtual Machine Software (VMware, VirtualBox, etc)

Recommended:
-- Metasploit, The Penetration Tester’s Guide *highly recommended*
-- Kali Linux (Already has Metasploit installed. Use persistance if using USB live.)
-- Metasploit Installation Guide (if needed)



I want to officially kick this off Saturday, the 11th of April. If you wish to participate in a group setting join us via IRC in #metasploit. Alternatively, you may ask questions and post comments here in this thread. All content is public and is available at anytime so you are free to learn at your own pace. Go as slow as fast as you need/want to. Periodically, I will be pushing additional content in this thread to get you thinking and trying new things. For example, coding a fuzzer and a key logger. :geek:


"The Metasploit Unleashed free online course was created to fill a gap in quality documentation on the practical usage of the popular and versatile Metasploit Framework. In keeping with the open-source nature of Metasploit, we provide this resource free of charge to the information security community. Assuming very little prior knowledge, Metasploit Unleashed leads the reader through the basics of penetration testing using the Metasploit Framework exclusively, beginning with an introduction to its various interfaces and commands and quickly diving in to more advanced usage, in typical Offensive Security fashion. Since it was launched, Metasploit Unleashed has proven to be extremely popular with newcomers to Metasploit and penetration testers in general. Although challenging, our team still maintains the site and ensures that the course content is current and keeps pace with the rapid development of Metasploit."
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by sinistershade on Fri Mar 27, 2015 7:40 am
([msg=87437]see Re: Metasploit Unleashed - Starting April 11th[/msg])

I wouldn't mind giving this a shot actually, seems like a good excuse to get some Ruby down although it is essentially just Python. Just a quick question as to the power of Metasploit: What advantage would I have using such over just executing an exploit classically?
User avatar
sinistershade
New User
New User
 
Posts: 13
Joined: Fri Mar 27, 2015 6:39 am
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by cyberdrain on Fri Mar 27, 2015 10:01 am
([msg=87446]see Re: Metasploit Unleashed - Starting April 11th[/msg])

sinistershade wrote:I wouldn't mind giving this a shot actually, seems like a good excuse to get some Ruby down although it is essentially just Python. Just a quick question as to the power of Metasploit: What advantage would I have using such over just executing an exploit classically?

The advantages are you can save all data and use it. As an example, you test with nmap in Metasploit, the hosts are internally added, you can then run an exploit against those same hosts by adding them with one command. You can run any exploit with any stager and any payload. And lastly: it has a very large database with a lot of exploits included with extra information, tests and scanners.

The disadvantages of this: you're learning to use only this tool, so exploiting another way requires some more thinking. Metasploit is partially commercial even though the free edition is not. Exploit modules are required to use exploits.

That's about all I can think of at the top of my head :)

@limdis: this is great, though there is no time to prepare :o
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by sinistershade on Fri Mar 27, 2015 10:32 am
([msg=87447]see Re: Metasploit Unleashed - Starting April 11th[/msg])

Can I ask about the operating system used as a vulnerable system? My hardware is too weak to Virtualize so I need to free a hard-drive.
User avatar
sinistershade
New User
New User
 
Posts: 13
Joined: Fri Mar 27, 2015 6:39 am
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by cyberdrain on Fri Mar 27, 2015 10:37 am
([msg=87449]see Re: Metasploit Unleashed - Starting April 11th[/msg])

Mostly Metasploitable, but don't run that on an insecure network. You need at least 2 systems, Kali and Metasploitable will do for most examples given.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by sinistershade on Fri Mar 27, 2015 11:54 am
([msg=87452]see Re: Metasploit Unleashed - Starting April 11th[/msg])

cyberdrain wrote:Mostly Metasploitable, but don't run that on an insecure network. You need at least 2 systems, Kali and Metasploitable will do for most examples given.


I have a Lan switch which I'll be using anyway. Is there an IRC or some other form of communication that I can jump on? I Could do with a place to share and acquire knowledge. PM me if you're interested.
User avatar
sinistershade
New User
New User
 
Posts: 13
Joined: Fri Mar 27, 2015 6:39 am
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by cyberdrain on Fri Mar 27, 2015 9:19 pm
([msg=87463]see Re: Metasploit Unleashed - Starting April 11th[/msg])

sinistershade wrote:I have a Lan switch which I'll be using anyway. Is there an IRC or some other form of communication that I can jump on? I Could do with a place to share and acquire knowledge. PM me if you're interested.

Yes, of course. It just so happens that we have our very own IRC server ([url]irc.hackthissite.org[/url]) here at HackThisSite. Please use port +7000 for encrypted communication and 6667 for non-encrypted communication (if so inclined) and join us in #metasploit or #coffeesh0p. :D

@limdis, thanks man, I appreciate it! :geek:
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by limdis on Fri Mar 27, 2015 11:07 pm
([msg=87467]see Re: Metasploit Unleashed - Starting April 11th[/msg])

sinistershade wrote:What advantage would I have using such over just executing an exploit classically?

Good question. Metasploit isn't just a tool. It's an entire framework that provides the infrastructure needed to automate mundane, routine, and complex tasks. This allows you to concentrate on the unique and specialized aspects of penetration testing and on identifying flaws within your information security program. Metasploit allows you to easily build attack vectors to augment its exploits, payloads, encoders, etc. in order to create and execute more advanced and surgical attacks. Many third party tools have been implemented into the framework and you can easily fuse in your own custom tools/scripts. If you are just looking for a tool to do all the scans and auto attack for you, Metasploit can, but it can do so much more. If you are actually wanting to learn how professionals go through a step by step methodological process and get your feet wet in actually performing these tasks, this is definitely for you.


sinistershade wrote:Can I ask about the operating system used as a vulnerable system? My hardware is too weak to Virtualize so I need to free a hard-drive.

Metasploitable is not extremely resource intensive. If you are already running linux you should be alright. If you absolutely have to have another computer get with me later and we'll discuss network settings so as you are not hindered during the course.


sinistershade wrote:Is there an IRC or some other form of communication that I can jump on? I Could do with a place to share and acquire knowledge. PM me if you're interested.

Yes, jump in our IRC and join #metasploit. Or you can PM me here or on the main site.


IRC log wrote:<Randoph> Hey guys, I have a question. How easy will it be to follow along with Metasploit Unleashed without experience?

That depends. If you know your way around a computer and have had some interest in and at least read about security/hacking/pentesting in the past you should do fine. Having some linux background is recommended but not necessarily a requirement. The learning curve at the very beginning can seem a little daunting to those without ANY experience. But push through it if you can. A week or two into the course everything 'clicks' and you start having some serious fun. If you have made it through some challenges here at HTS you should do fine. Don't be afraid to ask questions. This is why I want people to start going through the material about the same time so you can assist and build off of each other.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by kirkkommander on Mon Mar 30, 2015 11:47 am
([msg=87495]see Re: Metasploit Unleashed - Starting April 11th[/msg])

Randomly stumbled across this forum while googling tor exploits, this happened to be the first thread I saw and I'd definitely be interested!

After looking around a bit, it seems a little slow in a lot of the boards. But I'll def. hang around for a bit and see how it goes, lots of information to suck up for sure.

Didn't see an introductions thread but since its my first post:

I'm a guy in my 20s and taking a break from uni while I sort some shit out and decide what I want to do with my life. Quit my job too and as such have plenty of time on my hands. Currently I find too much of my time is wasted on various internet communities with nothing to show after logging off, and would love to get back to learning new skills.

While I've hardly written anything more than 100 lines of code in months, I have a few years experience with C# and Java and more recently javascript and python. Also have dablled with html, css, and database management. As it stands the skills most relevant to these forums are those I have the least experience with, but I have messed around with virtual machines, configuring servers, etc. Have always enjoyed keeping up with security news and research, so have some idea what lies ahead. If I can get off my ass and stop watching the action from the sidelines.

Anyway this course seems like the perfect place to start! I see that there's a teezer for each section, I'll glance through and see what I might need to learn concurrently.

Glad I found my way here, if it doesn't belong lemme know and I'll move or delete my personal intro.

-- Mon Mar 30, 2015 7:50 am --

Oh ya, one thing I never ended up using is linux. I suppose that should change, right?
kirkkommander
New User
New User
 
Posts: 1
Joined: Mon Mar 30, 2015 10:27 am
Blog: View Blog (0)


Re: Metasploit Unleashed - Starting April 11th

Post by limdis on Mon Mar 30, 2015 2:38 pm
([msg=87496]see Re: Metasploit Unleashed - Starting April 11th[/msg])

Welcome to HTS kirkkommander. We have a intro thread but it's over in NZone, you're post here is fine though.

kirkkommander wrote:Oh ya, one thing I never ended up using is linux. I suppose that should change, right?

Oh yes lol
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests