Book description
Discover the next level of network defense with the Metasploit framework
About This Book- Gain the skills to carry out penetration testing in complex and highly-secured environments
- Become a master using the Metasploit framework, develop exploits, and generate modules for a variety of real-world scenarios
- Get this completely updated edition with new useful methods and techniques to make your network robust and resilient
This book is a hands-on guide to penetration testing using Metasploit and covers its complete development. It shows a number of techniques and methodologies that will help you master the Metasploit framework and explore approaches to carrying out advanced penetration testing in highly secured environments.
What You Will Learn- Develop advanced and sophisticated auxiliary modules
- Port exploits from PERL, Python, and many more programming languages
- Test services such as databases, SCADA, and many more
- Attack the client side with highly advanced techniques
- Test mobile and tablet devices with Metasploit
- Bypass modern protections such as an AntiVirus and IDS with Metasploit
- Simulate attacks on web servers and systems with Armitage GUI
- Script attacks in Armitage using CORTANA scripting
We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You'll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit.
In the next section, you'll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.
By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Style and approachThis is a step-by-step guide that provides great Metasploit framework methodologies. All the key concepts are explained details with the help of examples and demonstrations that will help you understand everything you need to know about Metasploit.
Table of contents
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
-
Approaching a Penetration Test Using Metasploit
- Organizing a penetration test
- Mounting the environment
- The fundamentals of Metasploit
- Conducting a penetration test with Metasploit
- Benefits of penetration testing using Metasploit
-
Case study - diving deep into an unknown network
- Gathering intelligence
- Modeling threats
- Vulnerability analysis - arbitrary file upload (unauthenticated)
- Exploitation and gaining access
- Maintaining access with Metasploit
- Post-exploitation and pivoting
- Vulnerability analysis - SEH based buffer overflow
- Exploiting human errors by compromising Password Managers
- Revisiting the case study
- Summary and exercises
-
Reinventing Metasploit
- Ruby - the heart of Metasploit
-
Developing custom modules
- Building a module in a nutshell
- Understanding the existing modules
- Disassembling the existing HTTP server scanner module
- Writing out a custom FTP scanner module
- Writing out a custom SSH-authentication with a brute force attack
- Writing a drive-disabler post-exploitation module
- Writing a credential harvester post-exploitation module
- Breakthrough Meterpreter scripting
- Working with RailGun
- Summary and exercises
-
The Exploit Formulation Process
- The absolute basics of exploitation
- Exploiting stack-based buffer overflows with Metasploit
- Exploiting SEH-based buffer overflows with Metasploit
- Bypassing DEP in Metasploit modules
- Other protection mechanisms
- Summary
- Porting Exploits
- Testing Services with Metasploit
-
Virtual Test Grounds and Staging
-
Performing a penetration test with integrated Metasploit services
- Interaction with the employees and end users
- Gathering intelligence
- Vulnerability scanning with OpenVAS using Metasploit
- Modeling the threat areas
- Gaining access to the target
-
Exploiting the Active Directory (AD) with Metasploit
- Finding the domain controller
- Enumerating shares in the Active Directory network
- Enumerating the AD computers
- Enumerating signed-in users in the Active Directory
- Enumerating domain tokens
- Using extapi in Meterpreter
- Enumerating open Windows using Metasploit
- Manipulating the clipboard
- Using ADSI management commands in Metasploit
- Using PsExec exploit in the network
- Using Kiwi in Metasploit
- Using cachedump in Metasploit
- Maintaining access to AD
- Generating manual reports
- Summary
-
Performing a penetration test with integrated Metasploit services
- Client-Side Exploitation
-
Metasploit Extended
- Basics of post-exploitation with Metasploit
- Basic post-exploitation commands
- Advanced post-exploitation with Metasploit
- Additional post-exploitation modules
-
Advanced extended features of Metasploit
- Using pushm and popm commands
- Speeding up development using the reload, edit, and reload_all commands
- Making use of resource scripts
- Using AutoRunScript in Metasploit
- Using the multiscript module in AutoRunScript option
- Privilege escalation using Metasploit
- Finding passwords in clear text using mimikatz
- Sniffing traffic with Metasploit
- Host file injection with Metasploit
- Phishing Windows login passwords
- Summary and exercises
- Evasion with Metasploit
- Metasploit for Secret Agents
- Visualizing with Armitage
-
Tips and Tricks
- Automation using Minion script
- Using connect as Netcat
- Shell upgrades and background sessions
- Naming conventions
- Saving configurations in Metasploit
- Using inline handler and renaming jobs
- Running commands on multiple Meterpreters
- Automating the Social Engineering Toolkit
- Cheat sheets on Metasploit and penetration testing
- Further reading
- Other Books You May Enjoy
Product information
- Title: Mastering Metasploit - Third Edition
- Author(s):
- Release date: May 2018
- Publisher(s): Packt Publishing
- ISBN: 9781788990615
You might also like
book
Mastering Metasploit - Fourth Edition
Discover the next level of network defense and penetration testing with the Metasploit 5.0 framework Key …
book
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
A practical guide to testing your infrastructure security with Kali Linux, the preferred choice of pentesters …
book
Mastering Linux Security and Hardening - Second Edition
A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a …
book
Mastering Kali Linux for Advanced Penetration Testing - Second Edition
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration …