If you’re seriously looking into doing some penetration testing, this is the book for you.
The authors quickly take you through a crash course in metasploit basics and from there start building your foundation for discovery and exploitation. You’ll start with basic navigation and OS fingerprinting and eventually get to opening up (root) sessions on the target machine through various vulnerabilities—through the notorious MS08-067, client-side exploitation, web exploits, and even SQLServer exploits. You’ll also cover some of the key auxiliary tools used—sniffers, scanners, and crawlers.
The book also covers SET (the Social Engineering Toolkit) which could probably have a book of it’s own since it’s pretty vast and there’s plenty of uses for it. Not to mention it’s wildly entertaining.
Also you’ll cover Fast-Track, Karmetasploit, as well as creating your own exploit module and meterpreter script.
Honestly, this book took me longer than expected to finish. Why? Because the content made me even more curious and I found myself taking the information learned from the book and building upon it even more in my lab environment.
I had no issues whatsoever doing the examples under the new version of metasploit (4.x) under BackTrack 5R1. There have been some minor changes to syntax, but noting you shouldn’t be able to figure out. (show options is your friend)
Not only is this a great book for people looking into pentesting, it’s also a great book to raise security awareness and how (easy) of a target you can be if you’re not careful. Highly recommend.
You can pick up your copy from O’Reilly here.