Book Image

Mastering Metasploit

By : Nipun Jaswal
Book Image

Mastering Metasploit

By: Nipun Jaswal

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit
Nipun Jaswal
May, 2014 | 378 pages
No titles found
Table of Contents (17 chapters)
Mastering Metasploit
Mastering Metasploit
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
2
Reinventing Metasploit
Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
3
The Exploit Formulation Process
The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
4
Porting Exploits
Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
5
Offstage Access to Testing Services
Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
7
Sophisticated Client-side Attacks
Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
8
The Social Engineering Toolkit
The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
9
Speeding Up Penetration Testing
Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
10
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Index
Index

About the Reviewers

Youssef Rebahi-Gilbert started hacking at the age of five on a Commodore 64 way back in 1984. He is a sought-after expert for code audits of web applications and has a lot of experience in many aspects of information security and extensive experience in Computer Science in general. Besides Ruby and Metasploit, he likes the nature of SQL injections, assembly, and hardware hacking too.

Whenever there's time, he creates evolutionary programs to find new ways to paint pictures of his beautiful girlfriend: his love and the mother of their little girl. To circumvent becoming a nerd, he took acting and comedy classes, which made him the professional actor and instructor that he is today. His technical knowledge, combined with his acting skills, makes him the perfect social engineer—his new field of research.

In May 2014, he'll start working as a penetration tester at a European CERT. He's very open to new contacts; feel free to mail him via or visit his site http://kintai.de for security-related material.

Kubilay Onur Gungor has been working in the IT security field for more than seven years. He started his professional security career with cryptanalysis of encrypted images using chaotic logistic maps. He gained experience in the network security field by working in the Data Processing Center of Isik University where he founded the Information Security and Research Society. After working as a QA tester in Netsparker Project, he continued his career in the penetration testing field with one of the leading security companies in Turkey. He performed many penetration tests and consultancies for the IT infrastructure of several large clients, such as banks, government institutions, and telecommunication companies.

Currently, he is working in the Incident Management Team with one of the leading multinational electronic companies to develop incident prevention, detection and response, and the overall cyber security strategy.

He has also been developing a multidisciplinary cyber security approach, including criminology, information security, perception management, social psychology, international relations, and terrorism.

He has participated in many conferences as a frequent speaker. Besides Computer Engineering, he is continuing his academic career in the field of Sociology (BA).

Besides security certificates, he holds the Foreign Policy, Marketing and Brand Management, and Surviving Extreme Conditions certificates. He also took certified training in the field of international relations and terrorism/counter-terrorism.

I would like to thank my family, which includes Nursen Gungor, Gizem Gungor, and Mehmet Ali Gungor, for their huge support during my walks through my dreams.

Sagar A Rahalkar is a seasoned information security professional with more than seven years of comprehensive experience in various verticals of IS. His domain of expertise is mainly in cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and so on. He holds a master's degree in Computer Science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker (C|EH), Certified Security Analyst (ECSA), ISO 27001 Lead Auditor, IBM-certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), PRINCE2, and so on. He has been closely associated with Indian law enforcement agencies for over three years, dealing with digital crime investigations and related training, and has received several awards and appreciations from senior officials from the police and defense organizations in India.

He has also been one of the reviewers for Metasploit Penetration Testing Cookbook, Second Edition, Packt Publishing. Apart from this, he is also associated with several other online information security publications, both as an author as well as a reviewer. He can be reached at .

Krishan P Singh is a Software Development Engineer in LSI India Research and Development. He did his master's in Computer Science and Engineering from the Indian Institute of Technology, Bombay. He is very hard working and enthusiastic.

Dr. Maninder Singh received his bachelor's degree from Pune University in 1994, holds a master's degree with honors in Software Engineering from Thapar Institute of Engineering and Technology, and has a doctoral degree with a specialization in Network Security from Thapar University. He is currently working as an associate professor at the Computer Science and Engineering Department in Thapar University.

He joined Thapar Institute of Engineering and Technology in January 1996 as a lecturer. His stronghold is the practical know-how of computer networks and security. He is on the Roll of Honor at EC-Council USA and is a certified Ethical Hacker (C|EH), Security Analyst (ECSA), and Licensed Penetration Tester (LPT). He has successfully completed many consultancy projects (network auditing and penetration testing) for renowned national banks and corporates. He has many research publications in reputed journals and conferences. His research interest includes network security and grid computing, and he is a strong torchbearer for the open source community.

He is currently supervising five PhD candidates in the areas of network security and grid computing. More than 40 master's theses have been completed under his supervision so far.

With practical orientation and an inclination toward research, he architected Thapar University's network presence, which was successfully implemented in a heterogeneous environment of wired as well as wireless connectivity.

Being a captive orator, he has delivered a long list of expert lectures at renowned institutes and corporates. In 2003, his vision of developing a network security toolkit based on open source was published by a leading national newspaper. The Linux For You magazine from India declared him a Tux Hero in 2004. He is an active member of IEEE and Senior Member of ACM and Computer Society of India. He has been volunteering his services for the network security community as a reviewer and project judge for IEEE design contests.

Previous Section
Next Chapter