Book Image

Metasploit Bootcamp

By : Nipun Jaswal
Book Image

Metasploit Bootcamp

By: Nipun Jaswal

Overview of this book

The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user’s preparation over the past six days and ends with a Metasploit challenge to solve.
Table of Contents (15 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Dedication
Preface

Scenario 1: Mirror environment


Consider yourself a penetration tester who is tasked to carry out a black box penetration test against a single IP in an on-site project. Your job is to make sure that no vulnerabilities are present in the server and on the application running on it.

Understanding the environment

Since we know we are going to perform on an on-site environment, we can summarize the test as shown in the following table:

Number of IPs under scope

1

Test policy

Web applications and server

IP address

192.168.10.110

Summary of tests to be performed

Port Scanning

Test for Web application vulnerabilities

Test for server vulnerabilities

Compromising any other network connected to the target host

Objectives

Gain user level access to the server

Escalate privileges to the highest possible level

Gain access to the credentials for web and server applications

Test type

Black box test

Additionally, let us also keep a diagrammatic view of the entire test to make things easier for us to remember and understand...