Book Image

Mastering Metasploit

By : Nipun Jaswal
Book Image

Mastering Metasploit

By: Nipun Jaswal

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit
Nipun Jaswal
May, 2014 | 378 pages
No titles found
Table of Contents (17 chapters)
Mastering Metasploit
Mastering Metasploit
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
2
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
3
The Exploit Formulation Process
The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
4
Porting Exploits
Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
5
Offstage Access to Testing Services
Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
7
Sophisticated Client-side Attacks
Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
8
The Social Engineering Toolkit
The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
9
Speeding Up Penetration Testing
Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
10
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Index
Index

Exploiting browsers

Web browsers are used primarily for surfing the Web. However, an outdated web browser can compromise the entire system. Clients may never use the preinstalled web browser and choose one based on their preference. However, the default preinstalled web browser can still lead to various attacks on it. Exploiting a browser by finding vulnerabilities in the browser components is browser-based exploitation.

Note

For more information on various browser-based vulnerabilities, refer to Mozilla Firefox-based vulnerabilities at http://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452.

Also, refer to Internet Explorer-based vulnerabilities at http://www.cvedetails.com/product/9900/Microsoft-Internet-Explorer.html?vendor_id=26.

The workings of the browser autopwn attack

Metasploit offers browser autopwn, a special automatic attack vector that tests various browsers in order to find vulnerabilities in it and exploit the same. To understand the working of this method, let...

Previous Section
End of Section 2
Next Section