Book Image

Metasploit Penetration Testing Cookbook

By : Abhinav Singh
Book Image

Metasploit Penetration Testing Cookbook

By: Abhinav Singh

Overview of this book

Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation. This book will help readers in thinking from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET. Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.
Table of Contents (17 chapters)
Metasploit Penetration Testing Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Setting up the penetration testing lab on a single machine


You can always have a penetration testing lab set up by using multiple machines and it is considered the ideal setup as well. But what if you have an emergency and you immediately need to set up a testing scenario and you only have a single machine? Well using a virtual machine is the obvious answer. You can work simultaneously on more than one operating system and perform the task of penetration testing. So let us have a quick look at how we can set up a penetration testing lab on a single system with the help of a virtual machine.

Getting ready

We will be using a virtual box to set up two virtual machines with BackTrack 5 and Windows XP SP2 operating systems. Our host system is a Windows 7 machine. We will need the virtual box installer and either an image file or an installation disk of the two operating systems we want to set up in the virtual machine. So our complete setup will consist of a host system running Windows 7 with two virtual systems running BackTrack 5 and Windows XP SP2 respectively.

How to do it...

The process of installing a virtual machine is simple and self-explanatory. Follow these steps:

  1. After installing the virtual box, create a new virtual machine. Select the appropriate options and click on Next. You will have to provide an installation medium to start the setup. The medium can either be an image file or installation disk. For a complete manual on a virtual machine and installation procedure,you can visit the following link:

    http://www.virtualbox.org/manual/UserManual.html

  2. For a better virtual machine performance, it is recommended to have at least 4 GB of available RAM for a 32-bit operating system and 8 GB RAM for 64-bit. In the next recipe, I will show you a cool way to bring down your memory usage while running multiple virtual machines.

  3. Once the virtual machine (VM) is created, you can use the "clone" option. This will create an exact copy of your VM so in case some failure occurs in your operating VM, then you can switch to the cloned VM without worrying about re-installing it. Also you can use the "snapshot" option to save the current state of your VM. Snapshot will save the current working settings of your virtual machine and you can revert back to your saved snapshot anytime in the future.

How it works...

Before you start your virtual machines, there is an important configuration that we will have to make in order to make the two virtual machines communicate with each other. Select one of the virtual machines and click on Settings. Then move to Network settings. In the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine. Under Adapter 2 select Host only Adapter:

Follow this process for both the virtual machines. The reason for setting up Host-only adapter is to make the two virtual machines communicate with each other. Now, in order to test whether everything is fine, check the IP address of the windows virtual machine by entering ipconfig in the command prompt. Now ping the Windows machine (using the local IP address obtained from the ipconfig command) from the BackTrack machine to see if it is receiving the packets or not. Follow the vice versa process to crosscheck both the machines.

There's more...

Now let's talk about some other options, or possibly some pieces of general information, that are relevant to this task.

Disabling the firewall and antivirus protection

There can be situations when we may find that while pinging the Windows machine from the BackTrack machine the packets are not received. That means the Windows machine is not alive. This can possibly be due to the default Windows firewall setting. So, disable the firewall protection and ping again to see if the packets are getting received or not. Also, disable any firewall that may be installed in the virtual machine.

Installing virtual box guest additions

A Virtual box provides an additional installation of add-ons that can improve your virtual usage experience. Some of its key benefits are:

  • Seamless mouse movement from host OS to virtual OS

  • Automatic keyboard integration to virtual OS

  • Better screen size

To install the guest additions, power on the virtual machine, go to the Device tab and click on Install guest additions.