Book Image

Metasploit for Beginners

By : Sagar Rahalkar
Book Image

Metasploit for Beginners

By: Sagar Rahalkar

Overview of this book

This book will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further on in the book, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post compromise. This book will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this book, you'll get the hang of bypassing different defenses, after which you'll learn how hackers use the network to gain access into different systems.

Related Content you might be interested in

Current Title:

Small book image
Metasploit for Beginners
Sagar Rahalkar
Jul, 2017 | 190 pages
Small book image
Network Vulnerability Assessment
Sagar Rahalkar
Aug, 2018 | 254 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
Free Chapter
1
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
2
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
3
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
4
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
5
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
6
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
7
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
8
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
9
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
10
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises

Auto exploitation with db_autopwn

In the previous section, we have seen how the Metasploit Framework helps us import scans from various other tools such as NMAP and Nessus. Now, once we have imported the scan results into the database, the next logical step would be to find exploits matching the vulnerabilities/ports from the imported scan. We can certainly do this manually; for instance, if our target is Windows XP and it has TCP port 445 open, then we can try out the MS08_67 netapi vulnerability against it.

The Metasploit Framework offers a script called db_autopwn that automates the exploit matching process, executes the appropriate exploit if match found, and gives us remote shell. However, before you try this script, a few of the following things need to be considered:

  • The db_autopwn script is officially depreciated from the Metasploit Framework. You would need to explicitly...
Previous Section
End of Section 6
Next Section