Book Image

Metasploit for Beginners

By : Sagar Rahalkar
Book Image

Metasploit for Beginners

By: Sagar Rahalkar

Overview of this book

This book will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further on in the book, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post compromise. This book will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this book, you'll get the hang of bypassing different defenses, after which you'll learn how hackers use the network to gain access into different systems.

Related Content you might be interested in

Current Title:

Small book image
Metasploit for Beginners
Sagar Rahalkar
Jul, 2017 | 190 pages
Small book image
Network Vulnerability Assessment
Sagar Rahalkar
Aug, 2018 | 254 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
Free Chapter
1
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
2
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
3
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
4
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
5
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
6
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
7
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
8
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
9
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
10
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises

Using encoders to avoid AV detection

In Chapter 6, Client-side Attacks with Metasploit, we have already seen how to use the msfvenom utility to generate various payloads. However, these payloads if used as-is are most likely to be detected by antivirus programs. In order to avoid antivirus detection of our payload, we need to use encoders offered by the msfvenom ;utility. ;

To get started, we'll generate a simple payload in the ;.exe ;format using the shikata_ga_nai ;encoder, as shown in the following screenshot:

Once the payload has been generated, we upload it to the site http://www.virustotal.com for analysis. As the analysis is completed, we can see that our file apache-update.exe ;(containing a payload) was detected by 46 out of the ;60 antivirus programs that were used. This is quite a high detection rate for our payload. Sending this payload as-is to our victim is...

Previous Section
End of Section 2
Next Section