4. Porting Exploits | Mastering Metasploit

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

Mastering Metasploit - Second Edition

By : Nipun Jaswal

3.2 (5)

Mastering Metasploit

3.2 (5)

By: Nipun Jaswal

Overview of this book

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities. We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher, and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Approaching a Penetration Test Using Metasploit

1. Approaching a Penetration Test Using Metasploit

Organizing a penetration test

Preinteractions

Intelligence gathering/reconnaissance phase

Predicting the test grounds

Setting up Kali Linux in virtual environment

The fundamentals of Metasploit

Conducting a penetration test with Metasploit

Benefits of penetration testing using Metasploit

Penetration testing an unknown network

Using databases in Metasploit

Modeling threats

Vulnerability analysis of VSFTPD 2.3.4 backdoor

Vulnerability analysis of PHP-CGI query string parameter vulnerability

Vulnerability analysis of HFS 2.3

Maintaining access

Clearing tracks

Revising the approach

Summary

2. Reinventing Metasploit

2. Reinventing Metasploit

Ruby – the heart of Metasploit

Developing custom modules

Breakthrough meterpreter scripting

Working with RailGun

Summary

3. The Exploit Formulation Process

3. The Exploit Formulation Process

The absolute basics of exploitation

Exploiting stack-based buffer overflows with Metasploit

Exploiting SEH-based buffer overflows with Metasploit

Bypassing DEP in Metasploit modules

Other protection mechanisms

Summary

4. Porting Exploits

4. Porting Exploits

Importing a stack-based buffer overflow exploit

Importing web-based RCE into Metasploit

Importing TCP server/ browser-based exploits into Metasploit

Summary

5. Testing Services with Metasploit

5. Testing Services with Metasploit

The fundamentals of SCADA

Database exploitation

Testing VOIP services

Summary

6. Virtual Test Grounds and Staging

6. Virtual Test Grounds and Staging

Performing a penetration test with integrated Metasploit services

Summary

7. Client-side Exploitation

7. Client-side Exploitation

Exploiting browsers for fun and profit

Metasploit and Arduino - the deadly combination

File format-based exploitation

Compromising Linux clients with Metasploit

Attacking Android with Metasploit

Summary

8. Metasploit Extended

8. Metasploit Extended

The basics of post exploitation with Metasploit

Basic post exploitation commands

Advanced post exploitation with Metasploit

Additional post exploitation modules

Advanced extended features of Metasploit

Summary

9. Speeding up Penetration Testing

9. Speeding up Penetration Testing

Using pushm and popm commands

The loadpath command

Pacing up development using reload, edit and reload_all commands

Making use of resource scripts

Using AutoRunScript in Metasploit

Globalizing variables in Metasploit

Automating Social-Engineering Toolkit

Summary

10. Visualizing with Armitage

10. Visualizing with Armitage

The fundamentals of Armitage

Scanning networks and host management

Exploitation with Armitage

Post-exploitation with Armitage

Attacking on the client side with Armitage

Scripting Armitage

Summary

Further reading

Customer Reviews

3.2 (5)

5 star

40%

4 star

20%

3 star

0%

2 star

0%

1 star

40%

Importing web-based RCE into Metasploit

In this section, we will look at how we can import web application exploits into Metasploit. Our entire focus throughout this chapter will be to grasp important functions equivalent to those used in different programming languages. In this example, we will look at the PHP utility belt remote code execution vulnerability disclosed on 08/12/2015. The vulnerable application can be downloaded from: https://www.exploit-db.com/apps/222c6e2ed4c86f0646016e43d1947a1f-php-utility-belt-master.zip.

The remote code execution vulnerability lies in the code parameter of a POST request, which, when manipulated using specially crafted data, can lead to the execution of server-side code. Let us see how we can exploit this vulnerability manually as follows:

The command we used in the preceding screenshot is fwrite, which writes data to a file. We used fwrite to open a file called info.php in the writable mode. We wrote <?php $a = "net user"; echo shell_exec($a);?...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Mastering Metasploit

Search

Your notes and bookmarks