Book Image

Metasploit Penetration Testing Cookbook, Second Edition

By : Monika Agarwal, Abhinav Singh
Book Image

Metasploit Penetration Testing Cookbook, Second Edition

By: Monika Agarwal, Abhinav Singh

Overview of this book

<p>Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.</p> <p>Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.</p> <p>Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.</p> <p>The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.</p> <p>This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.</p>

Related Content you might be interested in

Current Title:

Small book image
Metasploit Penetration Testing Cookbook, Second Edition
Monika Agarwal | Abhinav Singh
Oct, 2013 | 320 pages
No titles found
Table of Contents (18 chapters)
Metasploit Penetration Testing CookbookSecond Edition
Metasploit Penetration Testing CookbookSecond Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Metasploit Quick Tips for Security Professionals
Metasploit Quick Tips for Security Professionals
Introduction
Configuring Metasploit on Windows
Configuring Metasploit on Ubuntu
Installing Metasploit with BackTrack 5 R3
Setting up penetration testing using VMware
Setting up Metasploit on a virtual machine with SSH connectivity
Installing and configuring PostgreSQL in BackTrack 5 R3
Using the database to store the penetration testing results
Working with BBQSQL
2
Information Gathering and Scanning
Information Gathering and Scanning
Introduction
Passive information gathering
Port scanning – the Nmap way
Port scanning – the DNmap way
Using keimpx – an SMB credentials scanner
Detecting SSH versions with the SSH version scanner
FTP scanning
SNMP sweeping
Vulnerability scanning with Nessus
Scanning with NeXpose
Working with OpenVAS – a vulnerability scanner
3
Operating-System-based Vulnerability Assessment
Operating-System-based Vulnerability Assessment
Introduction
Penetration testing on a Windows XP SP2 machine
Binding a shell to the target for remote access
Penetration testing on Windows 8
Exploiting a Linux (Ubuntu) machine
Understanding the Windows DLL injection flaws
4
Client-side Exploitation and Antivirus Bypass
Client-side Exploitation and Antivirus Bypass
Introduction
Exploiting Internet Explorer execCommand Use-After-Free vulnerability
Understanding Adobe Flash Player "new function" invalid pointer use
Understanding Microsoft Word RTF stack buffer overflow
Working with Adobe Reader U3D Memory Corruption
Generating binary and shell code from msfpayload
Msfencoding schemes with the detection ratio
Using the killav.rb script to disable the antivirus programs
Killing the antiviruses' services from the command line
Working with the syringe utility
5
Working with Modules for Penetration Testing
Working with Modules for Penetration Testing
Introduction
Working with scanner auxiliary modules
Working with auxiliary admin modules
SQL injection and DoS attack module
Post-exploitation modules
Understanding the basics of module building
Analyzing an existing module
Building your own post-exploitation module
6
Exploring Exploits
Exploring Exploits
Introduction
Exploiting the module structure
Working with msfvenom
Converting an exploit to a Metasploit module
Porting and testing the new exploit module
Fuzzing with Metasploit
Writing a simple FileZilla FTP fuzzer
7
VoIP Penetration Testing
VoIP Penetration Testing
Introduction
Scanning and enumeration phase
Yielding passwords
VLAN hopping
VoIP MAC spoofing
Impersonation attack
DoS attack
8
Wireless Network Penetration Testing
Wireless Network Penetration Testing
Introduction
Setting up and running Fern WiFi Cracker
Sniffing interfaces with tcpdump
Cracking WEP and WPA with Fern WiFi Cracker
Session hijacking via a MAC address
Locating a target's geolocation
Understanding an evil twin attack
Configuring Karmetasploit
9
Social-Engineer Toolkit
Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit (SET)
Working with the SET config file
Working with the spear-phishing attack vector
Website attack vectors
Working with the multi-attack web method
Infectious media generator
10
Working with Meterpreter
Working with Meterpreter
Introduction
Understanding the Meterpreter system commands
Understanding the Meterpreter filesystem commands
Understanding the Meterpreter networking commands
Privilege escalation and process migration
Setting up multiple communication channels with the target
Meterpreter anti-forensics – timestomp
The getdesktop and keystroke sniffing
Using a scraper Meterpreter script
Passing the hash
Setting up a persistent connection with backdoors
Pivoting with Meterpreter
Port forwarding with Meterpreter
Meterpreter API and mixins
Railgun – converting Ruby into a weapon
Adding DLL and function definition to Railgun
Building a "Windows Firewall De-activator" Meterpreter script
Analyzing an existing Meterpreter script
Injecting the VNC server remotely
Exploiting a vulnerable PHP application
Incognito attack with Meterpreter
Pentesting in the Cloud
Pentesting in the Cloud
Introduction
Pentesting in the cloud
Pentesting in the cloud with hackaserver.com
Index
Index

Pentesting in the cloud

Pentesting in the cloud demands more coordination, and may account for new considerations and restrictions that common pentesters are unaccustomed to. Testers should work in a way to understand the best way to coordinate with the cloud service providers and what their pre-requisites and policies are. They should also seek to coordinate with the cloud architecture to ensure scans, enumerations, and tests are effective and produce the best desired results possible.

Industries are moving their resources into the cloud. It requires vulnerability assessments and penetration tests of crucial assets to determine the presence of vulnerabilities and what risks they are prone to. In many cases, compliance requirements may urge for pentests as well. Although, performing scans, enumeration tasks, and penetration tests in the cloud somewhat differs from those that run on a typical network or an application. So, some of the important factors must be kept in mind before moving on to plan a strategy for pentesting in the cloud environment.

The type of the cloud can overpower the decision of whether pentesting is possible or not. For the most part PaaS and IaaS clouds will permit pentesting. However, SaaS providers are not likely to allow customers to pentest their applications and infrastructure, with the exception of third parties performing the cloud providers' own pentests for security best practices.

The second important aspect to consider when performing cloud pentests is the type of tests we are allowed to perform according to CSP's policies. As the cloud resources are usually hosted on multitenant platforms, many attacks will lead to an increase in resource consumption, including bandwidth and system memory as well. With a multitenant environment, this could negatively affect other customers' resources, so most CSPs will forbid any DoS attacks, other exploits, or scans that are familiar to impact local resource availability.

When considering advanced pentests, testers will also exploit one system or application and then use that compromised system as a staging point for additional attacks against other systems or applications, this technique is commonly known as Pivoting.

Note

When resources are hosted within a CSP ambience, pivoting is generally allowed. However, pivoting back out of the cloud to attack resources in the other cloud as the new attack source is usually not permitted.

Previous Section
End of Section
Next Section