Sorry for taking so long to get this posted on here.
As I’ve promised since the last meeting, I’m going to give a demo/talk about Metasploit. I’m not a pro, but I feel comfortable enough to work in the shell.
A lot of people keep asking me “why an exploit platform? Why not just exploit things?” One thing I learned from the forensics work I did for the sheriff’s office is that you need to have something that you can legitimately show your work. If you want to be a legitimate penetration tester and get clients and do work, you’ll need to be able to go back and say “Ok, this is what I did, and this is how it happened” in order to provide the customer with real value and understanding. Metasploit isn’t commercial software, but it will get you used to a certain work flow. So this is why I Metasploit.
What is Metasploit? Metasploit is a exploitation framework. It comes with pre-canned exploits, and an awesome environment in which you can write your own exploits and modules. While I’m not to the point where I’m discovering my own 0days and knowing how to exploit them, it’s there and something to look at. You can download Metasploit for free from: http://metasploit.com If you want to read up on how things work in MSF, a good course from the AMAZING folks over at Offensive Security (the guys that made Backtrack) is: http://www.offensive-security.com/metasploit-unleashed/ I highly recommend it.
As for the demo, if you would like to participate, I am bringing a VMWare server with a bunch of Windows XP installs so that the group can mess with MSF and vulnerable boxes. What I recommend you bring is a laptop with Backtrack 4 installed and updated. If you don’t have a full install of BT4, you can do a persistent install on a USB key. The USB key will get you more mileage than a livecd in my opinion. You can find Backtrack 4 at: http://backtrack-linux.org That’s it so far. If you have any questions, you can email me at firstname.lastname@example.org, or you can reply here. I’ll be posting my slides (if any) after the demo.