Book Image

Metasploit for Beginners

By : Sagar Rahalkar
Book Image

Metasploit for Beginners

By: Sagar Rahalkar

Overview of this book

This book will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further on in the book, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post compromise. This book will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this book, you'll get the hang of bypassing different defenses, after which you'll learn how hackers use the network to gain access into different systems.

Related Content you might be interested in

Current Title:

Small book image
Metasploit for Beginners
Sagar Rahalkar
Jul, 2017 | 190 pages
Small book image
Network Vulnerability Assessment
Sagar Rahalkar
Aug, 2018 | 254 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
Free Chapter
1
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
2
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
3
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
4
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
5
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
6
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
7
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
8
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
9
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
10
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises

Need of client-side attacks

In the previous chapter, we used the MS08_067net api vulnerability in our target system and got complete administrator-level access to the system. We configured the value of the RHOST variable as the IP address of our target system. Now, the exploit was successful only because the attacker's system and the target system both were on the same network. (The IP address of attacker's system was 192.168.44.134 and the IP address of target system was 192.168.44.129).

This scenario was pretty straightforward as shown in the following diagram:

Now, consider a scenario shown in the following diagram. The IP address of the attacker system is a public address and he is trying to exploit a vulnerability on a system, which is not in same network. Note, the target system, in this case, has a private IP address (10.11.1.56) and is NAT'ed behind an...

Previous Section
End of Section 2
Next Section