Book Image

Mastering Metasploit

By : Nipun Jaswal
Book Image

Mastering Metasploit

By: Nipun Jaswal

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit
Nipun Jaswal
May, 2014 | 378 pages
No titles found
Table of Contents (17 chapters)
Mastering Metasploit
Mastering Metasploit
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
2
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
3
The Exploit Formulation Process
The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
4
Porting Exploits
Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
5
Offstage Access to Testing Services
Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
7
Sophisticated Client-side Attacks
Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
8
The Social Engineering Toolkit
The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
9
Speeding Up Penetration Testing
Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
10
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Index
Index

Chapter 5. Offstage Access to Testing Services

Let's now talk about testing various specialized services. These might be run as an additional task or be the only task that is run during penetration testing. It is likely that during our career as a penetration tester that we come across a company or a testable environment that only requires testing to be performed on a particular server, and this server may run services such as databases, VOIP, or SCADA control system. In this chapter, we will look at developing strategies to use while carrying out penetration tests on these services. In this chapter, we will cover the following points:

  • Understanding SCADA exploitation

  • Fundamentals of ICS and their critical nature

  • Carrying out database penetration tests

  • Testing VOIP services

  • Testing iDevices for exploitation and post-exploitation

Service-based penetration testing requires sharp skills and a good understanding of services that we can successfully exploit. Therefore, in this chapter, we will look...

Previous Section
End of Section 1
Next Section