Book Image

Mastering Metasploit - Third Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Third Edition

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (14 chapters)

Evading Meterpreter using C wrappers and custom encoders

Meterpreter is one of the most popular payloads used by security researchers. However, being popular, it is detected by most of the AV solutions out there and tends to get flagged in a flash. Let's generate a simple Metasploit executable using msfvenom as follows:

We created a simple reverse TCP Meterpreter executable backdoor using the msfvenom command. Additionally, we have mentioned LHOST and LPORT followed by the format, which is EXE for the PE/COFF executable. We have also prevented null, line feed, and carriage return bad characters by mentioning them using the -b switch. We can see that the executable was generated successfully. Let's move this executable to the apache folder and try downloading and executing it on the Windows 10 operating system secured by Windows Defender and Qihoo 360 Antivirus. However...