Book Image

Metasploit Revealed: Secrets of the Expert Pentester

By : Sagar Rahalkar, Nipun Jaswal
Book Image

Metasploit Revealed: Secrets of the Expert Pentester

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities. This learning path will begin by introducing you to Metasploit and its functionalities. You will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components and get hands-on experience with carrying out client-side attacks. In the next part of this learning path, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. The final instalment of your learning journey will be covered through a bootcamp approach. You will be able to bring together the learning together and speed up and integrate Metasploit with leading industry tools for penetration testing. You’ll finish by working on challenges based on user’s preparation and work towards solving the challenge. The course provides you with highly practical content explaining Metasploit from the following Packt books: 1. Metasploit for Beginners 2. Mastering Metasploit, Second Edition 3. Metasploit Bootcamp

Related Content you might be interested in

Current Title:

Small book image
Metasploit Revealed: Secrets of the Expert Pentester
Sagar Rahalkar | Nipun Jaswal
Dec, 2017 | 14 hours 20 minutes
No titles found
Table of Contents (35 chapters)
Title Page
Title Page
Credits
Credits
Preface
Preface
Free Chapter
1
Module 1
Module 1
Metasploit for Beginners
2
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
3
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
4
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
5
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
6
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
7
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
8
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
9
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
10
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
11
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises
12
Module 2
Module 2
Mastering Metasploit
13
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Penetration testing an unknown network
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Vulnerability analysis of HFS 2.3
Maintaining access
Clearing tracks
Revising the approach
Summary
14
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
15
The Exploit Formulation Process
The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
16
Porting Exploits
Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Summary
17
Testing Services with Metasploit
Testing Services with Metasploit
The fundamentals of SCADA
Database exploitation
Testing VOIP services
Summary
18
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Summary
19
Client-side Exploitation
Client-side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Compromising Linux clients with Metasploit
Attacking Android with Metasploit
Summary
20
Metasploit Extended
Metasploit Extended
The basics of post exploitation with Metasploit
Basic post exploitation commands
Additional post exploitation modules
Advanced extended features of Metasploit
Summary
21
Speeding up Penetration Testing
Speeding up Penetration Testing
The loadpath command
Pacing up development using reload, edit and reload_all commands
Automating Social-Engineering Toolkit
Summary
22
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
23
Module 3
Module 3
Metasploit Bootcamp
24
Getting Started with Metasploit
Getting Started with Metasploit
The fundamentals of Metasploit
Benefits of using Metasploit
Penetration testing with Metasploit
Phase-I: footprinting and scanning
Phase-II: gaining access to the target
Phase-III: maintaining access / post-exploitation / covering tracks
Summary and exercises
25
Identifying and Scanning Targets
Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning MSSQL servers with Metasploit
Scanning SNMP services with Metasploit
Scanning NetBIOS services with Metasploit
Scanning HTTP services with Metasploit
Scanning HTTPS/SSL with Metasploit
Summary and exercises
26
Exploitation and Gaining Access
Exploitation and Gaining Access
Setting up the practice environment
Exploiting applications with Metasploit
Converting exploits to Metasploit
Summary and exercises
27
Post-Exploitation with Metasploit
Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Metasploit and privilege escalation
Gaining persistent access with Metasploit
Summary
28
Testing Services with Metasploit
Testing Services with Metasploit
Testing MySQL with Metasploit
Summary and exercises
29
Fast-Paced Exploitation with Metasploit
Fast-Paced Exploitation with Metasploit
Using pushm and popm commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Global variables in Metasploit
Wrapping up and generating manual reports
Summary and preparation for real-world scenarios
30
Exploiting Real-World Challenges with Metasploit
Exploiting Real-World Challenges with Metasploit
Scenario 1: Mirror environment
Scenario 2: You can't see my meterpreter
Further roadmap and summary
31
Bibliography
Bibliography
32
Thanks page
Thanks page
About Packt Publishing
Writing for Packt

Vulnerability analysis of PHP-CGI query string parameter vulnerability

This vulnerability is associated with CVE id 2012-1823, which is the PHP-CGI query string parameter vulnerability. According to the PHP site, when PHP is used in a CGI-based setup (such as Apache's mod_cgid), php-cgi receives a processed query string parameter as command-line argument, which allows command-line switches, such as -s, -d or -c, to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution. Therefore, a remote unauthenticated attacker could obtain sensitive information, cause a DoS condition, or may be able to execute arbitrary code with the privileges of the web server.

A common example of this vulnerability will allow disclosure of source code when the following URL is visited: http://localhost/index.php?-s.

Note

For more information on the exploit, refer to https://www.rapid7.com/db/modules/exploit/multi/http/php_cgi_arg_injection/.

Exploitation and...

Previous Section
End of Section 14
Next Section