Learning Metasploit Exploitation and Development is a guide to real-world network hacking with the best tricks to master the art of exploitation.
This book has been designed in well-defined stages to facilitate effective learning. From the actual setup to vulnerability assessment, and finally exploitation, this book gives in-depth knowledge of penetration testing. The book deals with vulnerability assessment exercises with some of the industrially-used tools and report making tips. It covers the topics of client exploitation, backdoors, post-exploitation, and also exploit development with Metasploit.
This book has been developed keeping in mind a practical hands-on approach so that readers can effectively try and test what they actually read. We are confident this book will prove to be effective in helping you develop the skills of an offensive penetration tester.
Chapter 1, Lab Setup, covers the complete lab setup required during the course of the book.
Chapter 2, Metasploit Framework Organization, covers the organization of the Metasploit Framework, which includes the various interfaces and the architecture of the Metasploit Framework.
Chapter 3, Exploitation Basics, covers the concepts of vulnerability, payloads, and the basics of exploitation. We will also learn how to compromise vulnerable systems using various exploitation techniques through Metasploit.
Chapter 4, Meterpreter Basics, covers how a user compromises a system through the meterpreter and what types of information he may be able to extract using the meterpreter functionalities after exploitation.
Chapter 5, Vulnerability Scanning and Information Gathering, covers various techniques of information gathering about a victim using the modules of Metasploit.
Chapter 6, Client-side Exploitation, covers the various techniques of client-side exploitation through Metasploit.
Chapter 7, Post Exploitation, covers the first phase of post-exploitation and discusses various information-gathering techniques of the compromised system through the meterpreter.
Chapter 8, Post Exploitation – Privilege Escalation, covers the various techniques of elevating privileges after compromising a system. We will use various scripts and post-exploitation modules to achieve this task.
Chapter 9, Post Exploitation – Cleaning Up Traces, covers the various techniques of clearing our tracks after compromising a system and avoiding being caught by the system administrator.
Chapter 10, Post Exploitation – Backdoors, covers how to make a backdoor executable deploy at the compromised system for a persistent connection.
Chapter 11, Post Exploitation – Pivoting and Network Sniffing, covers the various techniques through which we can leverage our point of contact server/system on the external network and leverage it to exploit the other systems on a different network.
Chapter 12, Exploit Research with Metasploit, covers the basics of exploit development using Metasploit, crafting exploits with Metasploit and using various payloads for the exploits.
Chapter 13, Using Social Engineering Toolkit and Armitage, covers how to use the add-on tools to the Metasploit Framework and further enhance our skills of exploitation.
The software required to practice hands-on along with this book are BackTrack R2/R3, Windows XP SP2, and Virtual Box.
This book is for security professionals interested in network exploitation and hacking. This guide is featured with chapters to develop the skills of an industrial penetration tester for testing industrial networks.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The important directories get listed which are data, external, tools, plugins, and scripts."
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "If we want to configure our network settings manually, we can select Custom settings and then click on Next >".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.