Book Image

Mastering Metasploit

By : Nipun Jaswal
Book Image

Mastering Metasploit

By: Nipun Jaswal

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit
Nipun Jaswal
May, 2014 | 378 pages
No titles found
Table of Contents (17 chapters)
Mastering Metasploit
Mastering Metasploit
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
2
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
3
The Exploit Formulation Process
The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
4
Porting Exploits
Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
5
Offstage Access to Testing Services
Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
7
Sophisticated Client-side Attacks
Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
8
The Social Engineering Toolkit
The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
9
Speeding Up Penetration Testing
Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
10
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Index
Index

Summary

Throughout this chapter, we focused on speeding up penetration testing with automated approaches. We looked at various techniques to speed up the testing of databases, speeding up exploitation with db_autopwn. We also looked at quick and speedy client-side attacks too. However, we also re-enabled the lost features of Metasploit, conducting a sure shot client-side attack, decreasing the testing time using automated tools such as WebSploit, fixing up various broken functionalities in Websploit and Fast Track in the SET.

In the next chapter, we will develop approaches to penetration testing with the most popular GUI tool for Metasploit, that is, Armitage. We will also look at the basics of the Cortana scripting and various other interesting attack vectors that we can conduct with Armitage.

Previous Section
End of Chapter 9
Next Chapter