Book Image

Mastering Metasploit

By : Nipun Jaswal
Book Image

Mastering Metasploit

By: Nipun Jaswal

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit
Nipun Jaswal
May, 2014 | 378 pages
No titles found
Table of Contents (17 chapters)
Mastering Metasploit
Mastering Metasploit
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
2
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
3
The Exploit Formulation Process
The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
4
Porting Exploits
Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
5
Offstage Access to Testing Services
Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
7
Sophisticated Client-side Attacks
Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
8
The Social Engineering Toolkit
The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
9
Speeding Up Penetration Testing
Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
10
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Index
Index

Porting a Python-based exploit

We just saw that we can import a Perl-based exploit into the Metasploit framework. Let's now get our hands onto a Python-based exploit.

Dismantling the existing exploit

We are going to port an exploit for Xitami Web Server 2.5b4 in this section. A publically available Python-driven exploit for this application is available at http://www.exploit-db.com. This exploit is authored by Glafkos Charalambous. We can download the exploit and its corresponding vulnerable application from http://www.exploit-db.com/exploits/17361/. Now, when we run this exploit, it gives us back the successful completion of it and asks us to establish a connection to port 1337 to gain a command prompt at the target. Let's see the process:

Now, let's make a telnet connection to port 1337 and check if we are able to gain the command prompt at the target:

As we can see in the following screenshot, after sending the telnet command to the victim, we can easily gain the command prompt at the target...

Previous Section
End of Section 3
Next Section