We can perform a penetration test using three different approaches. These approaches are white, black, and gray box testing techniques. White box testing is a testing procedure where the tester has complete knowledge of the system and the client is willing to provide credentials, source codes, and other necessary information about the environment. Black boxtesting is a procedure where a tester has almost zero knowledge of the target. Gray boxtesting technique is a combination of white and black box techniques, where the tester has only a little or partial information on the environment under test. We will perform a gray box test in the upcoming sections of this chapter as it combines the best from both the techniques. A gray box test may or may not includeoperating system (OS) details, web applications deployed, the type and version of servers running, and every other technological detail required to complete the penetration...
Metasploit Revealed: Secrets of the Expert Pentester
By :
Metasploit Revealed: Secrets of the Expert Pentester
By:
Overview of this book
Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities.
This learning path will begin by introducing you to Metasploit and its functionalities. You will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components and get hands-on experience with carrying out client-side attacks. In the next part of this learning path, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services.
After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.
The final instalment of your learning journey will be covered through a bootcamp approach. You will be able to bring together the learning together and speed up and integrate Metasploit with leading industry tools for penetration testing. You’ll finish by working on challenges based on user’s preparation and work towards solving the challenge.
The course provides you with highly practical content explaining Metasploit from the following Packt books:
1. Metasploit for Beginners
2. Mastering Metasploit, Second Edition
3. Metasploit Bootcamp
Table of Contents (35 chapters)
Title Page
Credits
Preface
Introduction to Metasploit and Supporting Tools
Setting up Your Environment
Metasploit Components and Environment Configuration
Information Gathering with Metasploit
Vulnerability Hunting with Metasploit
Client-side Attacks with Metasploit
Web Application Scanning with Metasploit
Antivirus Evasion and Anti-Forensics
Cyber Attack Management with Armitage
Extending Metasploit and Exploit Development
Module 2
Approaching a Penetration Test Using Metasploit
Reinventing Metasploit
The Exploit Formulation Process
Porting Exploits
Testing Services with Metasploit
Virtual Test Grounds and Staging
Client-side Exploitation
Metasploit Extended
Speeding up Penetration Testing
Visualizing with Armitage
Module 3
Getting Started with Metasploit
Identifying and Scanning Targets
Exploitation and Gaining Access
Post-Exploitation with Metasploit
Testing Services with Metasploit
Fast-Paced Exploitation with Metasploit
Exploiting Real-World Challenges with Metasploit
Bibliography
Thanks page
Customer Reviews