Book Image

Mastering Metasploit - Third Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Third Edition

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit - Third Edition
Nipun Jaswal
May, 2018 | 492 pages
No titles found
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Mounting the environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Case study - diving deep into an unknown network
Revisiting the case study
Summary and exercises
2
Reinventing Metasploit
Reinventing Metasploit
Ruby - the heart of Metasploit
Developing custom modules
Breakthrough Meterpreter scripting
Working with RailGun
Summary and exercises
3
The Exploit Formulation Process
The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
4
Porting Exploits
Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Summary
5
Testing Services with Metasploit
Testing Services with Metasploit
Fundamentals of testing SCADA systems
Database exploitation
Testing VOIP services
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Generating manual reports
Summary
7
Client-Side Exploitation
Client-Side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Attacking Android with Metasploit
Summary and exercises
8
Metasploit Extended
Metasploit Extended
Basics of post-exploitation with Metasploit
Basic post-exploitation commands
Advanced post-exploitation with Metasploit
Additional post-exploitation modules
Advanced extended features of Metasploit
Summary and exercises
9
Evasion with Metasploit
Evasion with Metasploit
Evading Meterpreter using C wrappers and custom encoders
Evading intrusion detection systems with Metasploit
Bypassing Windows firewall blocked ports
Summary and exercises
10
Metasploit for Secret Agents
Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions
Maintaining access using vulnerabilities in common software
Harvesting files from target systems
Using venom for obfuscation
Covering tracks with anti-forensics modules
Summary
11
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Red teaming with Armitage team server
Scripting Armitage
Summary
12
Tips and Tricks
Tips and Tricks
Automation using Minion script
Using connect as Netcat
Shell upgrades and background sessions
Naming conventions
Saving configurations in Metasploit
Using inline handler and renaming jobs
Running commands on multiple Meterpreters
Automating the Social Engineering Toolkit
Cheat sheets on Metasploit and penetration testing
Further reading
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Bypassing DEP in Metasploit modules

Data Execution Prevention (DEP) is a protection mechanism that marks specific areas of memory as non-executable, causing no execution of shellcode when it comes to exploitation. Therefore, even if we can overwrite the EIP register and point the ESP to the start of the shellcode, we will not be able to execute our payloads. This is because DEP prevents the execution of data in the writable areas of the memory, such as stack and heap. In this case, we will need to use existing instructions that are in the executable regions to achieve the desired functionality. We can do this by putting all the executable instructions in such an order that jumping to the shellcode becomes viable.

The technique for bypassing DEP is called Return Oriented Programming (ROP). ROP differs from an ordinary stack overflow, where overwriting the EIP and calling the jump...

Previous Section
End of Section 5
Next Section