Mastering Metasploit - Fourth Edition

Book description

Discover the next level of network defense and penetration testing with the Metasploit 5.0 framework

Key Features

  • Make your network robust and resilient with this updated edition covering the latest pentesting techniques
  • Explore a variety of entry points to compromise a system while remaining undetected
  • Enhance your ethical hacking skills by performing penetration tests in highly secure environments

Book Description

Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.

Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you'll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.

By the end of the book, you'll have developed the skills you need to work confidently with efficient exploitation techniques

What you will learn

  • Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
  • Learn to script automated attacks using CORTANA
  • Test services such as databases, SCADA, VoIP, and mobile devices
  • Attack the client side with highly advanced pentesting techniques
  • Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
  • Import public exploits to the Metasploit Framework
  • Leverage C and Python programming to effectively evade endpoint protection

Who this book is for

If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.

Table of contents

  1. Mastering Metasploit
  2. Fourth Edition
  3. Why subscribe?
  4. Contributors
  5. About the author
  6. About the reviewers
  7. Packt is searching for authors like you
  8. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  9. Section 1 – Preparation and Development
  10. Chapter 1: Approaching a Penetration Test Using Metasploit
    1. Technical requirements
    2. Organizing a penetration test
      1. Preinteractions
      2. Intelligence gathering/reconnaissance phase
      3. Threat modeling
      4. Vulnerability analysis
      5. Exploitation and post-exploitation
      6. Reporting
    3. Mounting the environment
      1. Setting up Metasploit in a virtual environment
    4. The fundamentals of Metasploit
    5. Conducting a penetration test with Metasploit
      1. Recalling the basics of Metasploit
    6. Benefits of penetration testing using Metasploit
      1. Open source
      2. Support for testing large networks and natural naming conventions
      3. Smart payload generation and switching mechanism
      4. Cleaner exits
    7. Case study – reaching the domain controller
      1. Gathering intelligence
      2. Using databases in Metasploit
      3. Conducting a port scan with Metasploit
      4. Modeling threats
      5. Vulnerability analysis
      6. Exploitation and gaining access
      7. Post-exploitation kung fu
    8. Revisiting the case study
    9. Summary
  11. Chapter 2: Reinventing Metasploit
    1. Technical requirements
    2. Ruby – the heart of Metasploit
      1. Creating your first Ruby program
      2. Variables and data types in Ruby
      3. Numbers and conversions in Ruby
      4. Conversions in Ruby
      5. Ranges in Ruby
      6. Arrays in Ruby
      7. Methods in Ruby
      8. Decision-making operators
      9. Loops in Ruby
      10. Regular expressions
      11. Object-oriented programming with Ruby
      12. Wrapping up with Ruby basics
    3. Understanding Metasploit modules
      1. Metasploit module building in a nutshell
      2. Understanding the file structure
      3. Working with existing Metasploit modules
      4. Disassembling the existing HTTP server scanner module
    4. Developing an auxiliary – the FTP scanner module
      1. Libraries and functions
      2. Using msftidy
    5. Developing an auxiliary—the SSH brute force module
      1. Rephrasing the equation
    6. Developing post-exploitation modules
      1. The Credential Harvester module
      2. The Windows Defender exception harvester
      3. The drive-disabler module
    7. Post-exploitation with RailGun
      1. Manipulating Meterpreter through Interactive Ruby Shell
      2. Understanding RailGun objects and finding functions
      3. Adding custom DLLs to RailGun
    8. Summary
  12. Chapter 3: The Exploit Formulation Process
    1. Technical requirements
    2. The absolute basics of exploitation
      1. The basics
      2. System architecture
    3. Exploiting a stack overflow vulnerability with Metasploit
      1. An application crash
      2. Calculating the crash offset
      3. Gaining EIP control
      4. Finding the JMP/CALL address
      5. Gaining access to a Windows 10 machine
    4. Exploiting SEH-based buffer overflows with Metasploit
      1. Using the Mona.py script for pattern generation
      2. Understanding SEH frames and their exploitation
      3. Building the exploit base
      4. The SEH chains
      5. Locating POP/POP/RET sequences
      6. Exploiting the vulnerability
    5. Bypassing DEP in Metasploit modules
      1. Using ROP to bypass DEP
      2. Using msfrop to find ROP gadgets
      3. Using Mona.py to create ROP chains
    6. Other protection mechanisms
    7. Summary
  13. Chapter 4: Porting Exploits
    1. Technical requirements
    2. Importing a stack-based buffer overflow exploit
      1. Gathering the essentials
      2. Generating a Metasploit module
      3. Exploiting the target application with Metasploit
      4. Implementing a check method for exploits in Metasploit
    3. Importing a web-based RCE exploit into Metasploit
      1. Gathering the essentials
      2. Grasping the important web functions
      3. The essentials of the GET/POST method
      4. Importing an HTTP exploit into Metasploit
    4. Importing TCP server/browser-based exploits into Metasploit
      1. Gathering the essentials
      2. Generating the Metasploit module
    5. Summary
  14. Section 2 – The Attack Phase
  15. Chapter 5: Testing Services with Metasploit
    1. Technical requirements
    2. The fundamentals of testing SCADA systems
      1. The fundamentals of industrial control systems and their components
      2. Exploiting HMI in SCADA servers
      3. SCADA-based exploits
      4. Attacking the Modbus protocol
      5. Securing SCADA
    3. Database exploitation
      1. SQL server
      2. Scanning MSSQL with Metasploit modules
      3. Brute forcing passwords
      4. Locating/capturing server passwords
      5. Browsing the SQL server
      6. Post-exploiting/executing system commands
    4. Testing VOIP services
      1. VOIP fundamentals
      2. Fingerprinting VOIP services
      3. Scanning VOIP services
      4. Spoofing a VOIP call
      5. Exploiting VOIP
    5. Summary
  16. Chapter 6: Virtual Test Grounds and Staging
    1. Technical requirements
    2. Performing a penetration test with integrated Metasploit services
      1. Interacting with the employees and end users
      2. Gathering intelligence
      3. Modeling the threat areas
      4. Gaining access to the target
      5. Maintaining access to AD
    3. Generating manual reports
      1. The format of the report
      2. The executive summary
      3. Methodology/network admin-level report
      4. Additional sections
    4. Summary
  17. Chapter 7: Client-Side Exploitation
    1. Technical requirements
    2. Exploiting browsers for fun and profit
      1. The browser Autopwn attack
      2. The technology behind the browser Autopwn attack
      3. Attacking browsers with Metasploit browser autopwn
    3. Compromising the clients of a website
      1. Injecting malicious web scripts
      2. Hacking the users of a website
      3. Using Kali NetHunter with browser exploits
    4. Metasploit and Arduino – the deadly combination
    5. File format-based exploitation
      1. PDF-based exploits
      2. Word-based exploits
    6. Attacking Android with Metasploit
    7. Summary
  18. Section 3 – Post-Exploitation and Evasion
  19. Chapter 8: Metasploit Extended
    1. Technical requirements
    2. Basic Windows post-exploitation commands
      1. The help menu
      2. The get_timeouts and set_timeouts commands
      3. The transport command
      4. File operation commands
      5. Peripheral manipulation commands
    3. Windows versus Linux basic post-exploitation commands
      1. The missing Linux screenshot module
      2. Muting Linux volume for screenshots
    4. Advanced Windows post-exploitation modules
      1. Gathering wireless SSIDs with Metasploit
      2. Gathering Wi-Fi passwords with Metasploit
      3. Gathering Skype passwords
      4. Gathering USB history
      5. Searching files with Metasploit
      6. Wiping logs from the target with the clearev command
    5. Advanced multi-OS extended features of Metasploit
      1. Using the pushm and popm commands
      2. Speeding up development using the reload, edit, and reload_all commands
      3. Making use of resource scripts
      4. Sniffing traffic with Metasploit
    6. Privilege escalation with Metasploit
      1. Escalation of privileges on Windows-based systems
      2. Escalation of privileges on Linux systems
    7. Summary
  20. Chapter 9: Evasion with Metasploit
    1. Technical requirements
    2. Evading Meterpreter detection using C wrappers and custom encoders
      1. Writing a custom Meterpreter encoder/decoder in C
    3. Evading Meterpreter with Python
    4. Evading intrusion detection systems with Metasploit
      1. Using random cases for fun and profit
      2. Using fake relatives to fool IDS systems
    5. Bypassing Windows firewall blocked ports
      1. Using the reverse Meterpreter on all ports
    6. Summary
  21. Chapter 10: Metasploit for Secret Agents
    1. Technical requirements
    2. Maintaining anonymity in Meterpreter sessions using proxy and HOP payloads
    3. Maintaining access using search order hijacking in standard software
      1. DLL search order hijacking
      2. Using code caves for hiding backdoors
    4. Harvesting files from target systems
    5. Using Venom for obfuscation
    6. Covering tracks with anti-forensics modules
    7. Summary
  22. Chapter 11: Visualizing Metasploit
    1. Technical requirements
    2. Kage for Meterpreter sessions
    3. Automated exploitation using Armitage
      1. Getting started
      2. Touring the user interface
      3. Managing the workspace
      4. Scanning networks and host management
      5. Modeling out vulnerabilities
      6. Exploitation with Armitage
      7. Post-exploitation with Armitage
    4. Red teaming with the Armitage team server
    5. Scripting Armitage
      1. The fundamentals of Cortana
      2. Controlling Metasploit
      3. Post-exploitation with Cortana
    6. Summary
  23. Chapter 12: Tips and Tricks
    1. Technical requirements
    2. Automation using the Minion script
    3. Using connect instead of Netcat
    4. Shell upgrades and background sessions
    5. Naming conventions
      1. Changing the prompt and making use of database variables
    6. Saving configurations in Metasploit
    7. Using inline handler and renaming jobs
    8. Running commands on multiple Meterpreters
    9. Automating the Social Engineering Toolkit
    10. Cheat sheets for Metasploit and penetration testing
    11. Summary
    12. Further reading
  24. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Mastering Metasploit - Fourth Edition
  • Author(s): Nipun Jaswal
  • Release date: June 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781838980078