Book Image

The Complete Metasploit Guide

By : Sagar Rahalkar, Nipun Jaswal

Book Image

The Complete Metasploit Guide

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure. This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework. By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing. This Learning Path includes content from the following Packt products: Metasploit for Beginners by Sagar Rahalkar Mastering Metasploit - Third Edition by Nipun Jaswal

Title Page

Copyright

The Complete Metasploit Guide

About Packt

Contributors

About the Authors

Packt Is Searching for Authors Like You

Preface

Who This Book Is For

What This Book Covers

To Get the Most out of This Book

Free Chapter

Introduction to Metasploit and Supporting Tools

Introduction to Metasploit and Supporting Tools

The importance of penetration testing

Vulnerability assessment versus penetration testing

The need for a penetration testing framework

Introduction to Metasploit

When to use Metasploit?

Making Metasploit effective and powerful using supplementary tools

Setting up Your Environment

Setting up Your Environment

Using the Kali Linux virtual machine - the easiest way

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up exploitable targets in a virtual environment

Metasploit Components and Environment Configuration

Metasploit Components and Environment Configuration

Anatomy and structure of Metasploit

Metasploit components

Playing around with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Information Gathering with Metasploit

Information Gathering with Metasploit

Information gathering and enumeration

Password sniffing

Advanced search with shodan

Vulnerability Hunting with Metasploit

Vulnerability Hunting with Metasploit

Managing the database

Vulnerability detection with Metasploit auxiliaries

Auto exploitation with db_autopwn

Post exploitation

Client-side Attacks with Metasploit

Client-side Attacks with Metasploit

Need of client-side attacks

The msfvenom utility

Social Engineering with Metasploit

Browser Autopwn

Web Application Scanning with Metasploit

Web Application Scanning with Metasploit

Setting up a vulnerable application

Web application scanning using WMAP

Metasploit Auxiliaries for Web Application enumeration and scanning

Antivirus Evasion and Anti-Forensics

Antivirus Evasion and Anti-Forensics

Using encoders to avoid AV detection

Cyber Attack Management with Armitage

Cyber Attack Management with Armitage

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Find and launch attacks

Extending Metasploit and Exploit Development

Extending Metasploit and Exploit Development

Exploit development concepts

Exploit templates and mixins

Adding external exploits to Metasploit

Approaching a Penetration Test Using Metasploit

Approaching a Penetration Test Using Metasploit

Organizing a penetration test

Mounting the environment

The fundamentals of Metasploit

Conducting a penetration test with Metasploit

Benefits of penetration testing using Metasploit

Case study - diving deep into an unknown network

Revisiting the case study

Summary and exercises

Reinventing Metasploit

Reinventing Metasploit

Ruby - the heart of Metasploit

Developing custom modules

Breakthrough Meterpreter scripting

Working with RailGun

Summary and exercises

The Exploit Formulation Process

The Exploit Formulation Process

The absolute basics of exploitation

Exploiting stack-based buffer overflows with Metasploit

Exploiting SEH-based buffer overflows with Metasploit

Bypassing DEP in Metasploit modules

Other protection mechanisms

Porting Exploits

Porting Exploits

Importing a stack-based buffer overflow exploit

Importing web-based RCE into Metasploit

Importing TCP server/browser-based exploits into Metasploit

Testing Services with Metasploit

Testing Services with Metasploit

Fundamentals of testing SCADA systems

Database exploitation

Testing VOIP services

Virtual Test Grounds and Staging

Virtual Test Grounds and Staging

Performing a penetration test with integrated Metasploit services

Generating manual reports

Client-Side Exploitation

Client-Side Exploitation

Exploiting browsers for fun and profit

Metasploit and Arduino - the deadly combination

File format-based exploitation

Attacking Android with Metasploit

Summary and exercises

Metasploit Extended

Metasploit Extended

Basics of post-exploitation with Metasploit

Basic post-exploitation commands

Advanced post-exploitation with Metasploit

Additional post-exploitation modules

Advanced extended features of Metasploit

Summary and exercises

Evasion with Metasploit

Evasion with Metasploit

Evading Meterpreter using C wrappers and custom encoders

Evading intrusion detection systems with Metasploit

Bypassing Windows firewall blocked ports

Summary and exercises

Metasploit for Secret Agents

Metasploit for Secret Agents

Maintaining anonymity in Meterpreter sessions

Maintaining access using vulnerabilities in common software

Harvesting files from target systems

Using venom for obfuscation

Covering tracks with anti-forensics modules

Visualizing with Armitage

Visualizing with Armitage

The fundamentals of Armitage

Scanning networks and host management

Exploitation with Armitage

Post-exploitation with Armitage

Red teaming with Armitage team server

Scripting Armitage

Tips and Tricks

Tips and Tricks

Automation using Minion script

Using connect as Netcat

Shell upgrades and background sessions

Naming conventions

Saving configurations in Metasploit

Using inline handler and renaming jobs

Running commands on multiple Meterpreters

Automating the Social Engineering Toolkit

Cheat sheets on Metasploit and penetration testing

Further reading

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Bypassing DEP in Metasploit modules

Data Execution Prevention (DEP) is a protection mechanism that marks specific areas of memory as non-executable, causing no execution of shellcode when it comes to exploitation. Therefore, even if we can overwrite the EIP register and point the ESP to the start of the shellcode, we will not be able to execute our payloads. This is because DEP prevents the execution of data in the writable areas of the memory, such as stack and heap. In this case, we will need to use existing instructions that are in the executable regions to achieve the desired functionality. We can do this by putting all the executable instructions in such an order that jumping to the shellcode becomes viable.

The technique for bypassing DEP is called Return Oriented Programming (ROP). ROP differs from an ordinary stack overflow, where overwriting the EIP and calling the jump...