Metasploit 5.0 for Beginners - Second Edition

Metasploit 5.0 for Beginners - Second Edition

by Sagar Rahalkar
Released April 2020
Publisher(s): Packt Publishing
ISBN: 9781838982669

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

A comprehensive guide to Metasploit for beginners that will help you get started with the latest Metasploit 5.0 Framework for exploiting real-world vulnerabilities

Key Features

  • Perform pentesting in highly secured environments with Metasploit 5.0
  • Become well-versed with the latest features and improvements in the Metasploit Framework 5.0
  • Analyze, find, exploit, and gain access to different systems by bypassing various defenses

Book Description

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing.

Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You'll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you'll get hands-on with the essential tools. As you progress, you'll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you've gained to ethically hack into target systems. You'll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit.

By the end of this book, you'll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.

What you will learn

  • Set up the environment for Metasploit
  • Understand how to gather sensitive information and exploit vulnerabilities
  • Get up to speed with client-side attacks and web application scanning using Metasploit
  • Leverage the latest features of Metasploit 5.0 to evade anti-virus
  • Delve into cyber attack management using Armitage
  • Understand exploit development and explore real-world case studies

Who this book is for

If you are a penetration tester, ethical hacker, or security consultant who wants to quickly get started with using the Metasploit Framework to carry out elementary penetration testing in highly secured environments, then this Metasploit book is for you. You will also find this book useful if you're interested in computer security, particularly in the areas of vulnerability assessment and pentesting, and want to develop practical skills when using the Metasploit Framework.

Table of contents

  1. Metasploit 5.0 for Beginners Second Edition
  2. Why subscribe?
  3. Contributors
  4. About the author
  5. About the reviewers
  6. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Reviews
  8. Section 1: Introduction and Environment Setup
  9. Chapter 1: Introduction to Metasploit and Supporting Tools
    1. Technical requirements
    2. The importance of penetration testing
    3. Understanding the difference between vulnerability assessments and penetration testing
    4. The need for a penetration testing framework
    5. Introduction to Metasploit
    6. Introduction to new features in Metasploit 5.0
    7. When to use Metasploit
    8. Making Metasploit effective and powerful using supplementary tools
      1. Nessus
      2. NMAP
      3. w3af
      4. Armitage
    9. Summary
    10. Exercise
    11. Further reading
  10. Chapter 2: Setting Up Your Environment
    1. Using Metasploit on a Kali Linux virtual machine
    2. Installing Metasploit on Windows
    3. Installing Metasploit on Linux
    4. Setting up Docker
    5. Setting up vulnerable targets in a VM
      1. Setting up the vulnerability emulator
    6. Summary
    7. Exercises
  11. Chapter 3: Metasploit Components and Environment Configuration
    1. Technical requirements
    2. Anatomy and structure of Metasploit
    3. Metasploit components and environment configuration
      1. Auxiliaries
      2. Payloads
      3. Exploits
      4. Encoders
      5. NOPs
      6. Post
      7. Evasion
    4. Getting started with msfconsole
    5. Variables in Metasploit
    6. Updating the Metasploit Framework
    7. Summary
    8. Exercise
    9. Further reading
  12. Section 2: Practical Metasploit
  13. Chapter 4: Information Gathering with Metasploit
    1. Technical requirements
    2. Information gathering and enumeration on various protocols
      1. Transmission Control Protocol
      2. User Datagram Protocol
      3. File Transfer Protocol
      4. Server Message Block
      5. Hypertext Transfer Protocol
      6. Simple Mail Transfer Protocol
      7. Secure Shell
      8. Domain Name System
      9. Remote Desktop Protocol
    3. Password sniffing with Metasploit
    4. Advanced search using Shodan
    5. Summary
    6. Exercises
    7. Further reading
  14. Chapter 5: Vulnerability Hunting with Metasploit
    1. Technical requirements
    2. Managing the database
      1. Managing workspaces
      2. Importing scans
      3. Backing up the database
      4. NMAP
      5. NMAP scanning approach
      6. Nessus
      7. Scanning using Nessus from within msfconsole
    3. Vulnerability detection with Metasploit auxiliaries
    4. Auto-exploitation with db_autopwn
    5. Exploring post exploitation
      1. What is Meterpreter?
    6. Introduction to msf utilities
      1. msf-exe2vbs
      2. msf-exe2vba
      3. msf-pdf2xdp
      4. msf-msf_irb
      5. msf-pattern_create
      6. msf-virustotal
      7. msf-makeiplist
    7. Summary
    8. Exercises
    9. Further reading
  15. Chapter 6: Client-Side Attacks with Metasploit
    1. Understanding the need for client-side attacks
      1. What are client-side attacks?
    2. Exploring the msfvenom utility
      1. Generating a payload with msfvenom
    3. Using MSFvenom Payload Creator (MSFPC)
    4. Social engineering with Metasploit
      1. Generating malicious PDFs
      2. Creating infectious media drives
    5. Using browser autopwn
    6. Summary
    7. Exercises
  16. Chapter 7: Web Application Scanning with Metasploit
    1. Technical requirements
    2. Setting up a vulnerable web application
      1. Setting up Hackazon on Docker
      2. Setting up OWASP Juice Shop
    3. Web application scanning using WMAP
    4. Metasploit auxiliaries for web application enumeration and scanning
    5. Summary
    6. Exercise
  17. Chapter 8: Antivirus Evasion and Anti-Forensics
    1. Technical requirements
    2. Using encoders to avoid antivirus detection
    3. Using the new evasion module
    4. Using packagers and encrypters
    5. Understanding what a sandbox is
    6. Using Metasploit for anti-forensics
      1. Timestomp
      2. Clearev
    7. Summary
    8. Exercises
    9. Further reading
  18. Chapter 9: Cyber Attack Management with Armitage
    1. Technical requirements
    2. What is Armitage?
    3. Starting the Armitage console
    4. Scanning and enumeration
    5. Finding and launching attacks
    6. Summary
    7. Exercise
    8. Further reading
  19. Chapter 10: Extending Metasploit and Exploit Development
    1. Technical requirements
    2. Understanding exploit development concepts
      1. Understanding buffer overflow
      2. Understanding fuzzers
    3. Understanding exploit templates and mixins
    4. Understanding Metasploit mixins
    5. Adding external exploits to Metasploit
    6. Summary
    7. Exercises
    8. Further reading
  20. Chapter 11: Case Studies
    1. Case study 1
    2. Case study 2
    3. Summary
    4. Exercises
    5. Further reading
  21. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Metasploit 5.0 for Beginners - Second Edition
  • Author(s): Sagar Rahalkar
  • Release date: April 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781838982669