Book Image

Learning Metasploit Exploitation and Development

By : Aditya Balapure
Book Image

Learning Metasploit Exploitation and Development

By: Aditya Balapure

Overview of this book

<p>Metasploit is an open source exploit framework that provides you with heaps of exploits, as well as tools to assist you in creating your own exploits. This includes the ability to generate a large range of shellcodes for different purposes and platforms that can be customized to attack your target. The recent improvements in network security mechanisms have given rise to new trends and techniques of compromising a network. This book deals with these recent trends and attack tips to compromise the weakest to the strongest of networks. Metasploit Exploitation and Development describes actual penetration testing skills and ways to penetrate and assess different types of networks.<br /><br />Metasploit Exploitation and Development is a perfect fit for hackers who want to develop some real exploitation skills. This book has been designed with a practical approach which emphasizes hands-on rather than theoretical reading. It covers all the new exploits for new operating systems and tips from the experience of real hackers. This is a best buy book for learning the art of exploitation and skills of a penetration tester.<br /><br />Metasploit Exploitation and Development is a guide to real network hacking with the best tricks to master the art of exploitation.</p> <p><br />This book has been designed in well-defined stages so the reader learns more effectively. From the actual setup to vulnerability assessment, this book provides an individual with in-depth knowledge of an expert penetration tester. The book deals with vulnerability assessment exercises with some of the industrially-used tools and report-making tips. It covers topics such as client exploitation, backdoors, post exploitation, and also exploitation development with Metasploit.<br />This book has been developed with a practical hands-on approach so that readers can effectively try and test what they actually read.</p> <p><br />Metasploit Exploitation and Development covers the experience of real network hacking with some of the latest operating systems. The readers will go through a journey in which they will learn from basic to advanced levels of the art of exploitation.</p> <p><br />This book covers real hacking and exploitation of the current vulnerabilities in some of the latest operating systems.</p>

Related Content you might be interested in

Current Title:

Small book image
Learning Metasploit Exploitation and Development
Aditya Balapure
Jul, 2013 | 294 pages
No titles found
Table of Contents (20 chapters)
Learning Metasploit Exploitation and Development
Learning Metasploit Exploitation and Development
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Lab Setup
Lab Setup
Installing Oracle VM VirtualBox
Installing WindowsXP on Oracle VM VirtualBox
Installing BackTrack5 R2 on Oracle VM Virtual Box
Summary
2
Metasploit Framework Organization
Metasploit Framework Organization
Metasploit interfaces and basics
Exploit modules
Payloads – in-depth
Summary
References
3
Exploitation Basics
Exploitation Basics
Basic terms of exploitation
Summary
References
4
Meterpreter Basics
Meterpreter Basics
Working of the Meterpreter
Meterpreter in action
Summary
References
5
Vulnerability Scanning and Information Gathering
Vulnerability Scanning and Information Gathering
Information Gathering through Metasploit
Active Information Gathering
Working with Nmap
Working with Nessus
Report importing in Metasploit
Summary
References
6
Client-side Exploitation
Client-side Exploitation
What are client-side attacks?
Summary
References
7
Post Exploitation
Post Exploitation
What is post exploitation?
Summary
References
8
Post Exploitation – Privilege Escalation
Post Exploitation – Privilege Escalation
Understanding Privilege Escalation
Summary
References
9
Post Exploitation – Cleaning Up Traces
Post Exploitation – Cleaning Up Traces
Disabling firewalls and other network defenses
Summary
References
10
Post Exploitation – Backdoors
Post Exploitation – Backdoors
What is a backdoor?
Creating an EXE backdoor
Summary
References
11
Post Exploitation – Pivoting and Network Sniffing
Post Exploitation – Pivoting and Network Sniffing
What is pivoting?
Pivoting in a network
Sniffing in a network
Summary
References
12
Exploit Research with Metasploit
Exploit Research with Metasploit
Exploit writing tips and tricks
Writing exploits
Scripting with Metasploit
Summary
References
13
Using Social Engineering Toolkit and Armitage
Using Social Engineering Toolkit and Armitage
Understanding the Social Engineering Toolkit
Armitage
Summary
References
Index
Index

Exploit modules

Before moving to the exploitation techniques, first we should understand the basic concepts of an exploit. An exploit is a computer program that takes advantage of a particular vulnerability.

Now look at the exploit modules in the modules directory of msf3. Open your terminal and type in cd /opt/metasploit/msf3/modules/exploits followed by the ls command to see the list of exploits.

Here we can see the list of exploit modules. Basically exploits are categorized on the basis of operating systems. So let us look at the windows directory of exploit modules by typing cd windows.

In the windows directory we can see a lot of exploit modules which are categorized according to the Windows services such as ftp, smb, telnet, browser, email, and more. Here we will show you one type of service exploit by exploring a directory. As an example we select smb.

We see the list of smb service exploits which are basically Ruby scripts. So to view the code of any exploit we type in cat <exploitname...

Previous Section
End of Section 3
Next Section