Book Image

Metasploit for Beginners

By : Sagar Rahalkar
Book Image

Metasploit for Beginners

By: Sagar Rahalkar

Overview of this book

This book will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further on in the book, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post compromise. This book will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this book, you'll get the hang of bypassing different defenses, after which you'll learn how hackers use the network to gain access into different systems.

Related Content you might be interested in

Current Title:

Small book image
Metasploit for Beginners
Sagar Rahalkar
Jul, 2017 | 190 pages
Small book image
Network Vulnerability Assessment
Sagar Rahalkar
Aug, 2018 | 254 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
Free Chapter
1
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
2
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
3
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
4
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
5
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
6
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
7
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
8
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
9
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
10
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises

Exploit development concepts

Exploits can be of many different types. They can be classified based on various parameters such as platforms, architecture, and purpose served. Whenever any given vulnerability is discovered, there are either of three following possibilities:

  • An exploit code already exists
  • Partial exploit code exists that needs some modification to execute malicious payload
  • No exploit code exists, and there's a need to develop new exploit code from scratch

The first two cases look quite easy as the exploit code exists and may need some minor tweaks to get it executed. However, the third case, wherein a vulnerability has just been discovered and no exploit code exists, is the real challenge. In such a case, you might need to perform some of the following tasks:

  • Gather basic information, such as the platform and architecture the vulnerability is supported on...
Previous Section
End of Section 2
Next Section