Book Image

Metasploit Bootcamp

By : Nipun Jaswal
Book Image

Metasploit Bootcamp

By: Nipun Jaswal

Overview of this book

The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user’s preparation over the past six days and ends with a Metasploit challenge to solve.
Table of Contents (15 chapters)
Title Page
About the Author
About the Reviewer
Customer Feedback

Chapter 5. Testing Services with Metasploit

Let us now talk about testing the various specialized services. It is likely that during our career as a penetration tester we will come across a company or a testable environment that only requires testing to be performed on a particular server, and this server may run services such as databases, VoIP, or a SCADA control system. In this chapter, we will look at the various development strategies to use while carrying out penetration tests on these services. In this section, we will cover the following points:

  • Carrying out database penetration tests
  • The fundamentals of ICS and their critical nature
  • Understanding SCADA exploitation
  • Testing Voice over Internet Protocol services

Service-based penetration testing requires exceptional skills and a sound knowledge of the services that we can successfully exploit. Therefore, in this chapter, we will look at both the theoretical and the practical challenges of carrying out efficient service-based testing.