Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Metasploit Penetration Testing Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook - Third Edition

By : Teixeira, Nipun Jaswal, Abhinav Singh, Agarwal
3.8 (4)
Buy this Book
close
close
Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook

3.8 (4)
By: Teixeira, Nipun Jaswal, Abhinav Singh, Agarwal
Buy this Book

Overview of this book

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports. In this book, you will go through great recipes that will allow you to start using Metasploit effectively. With an ever increasing level of complexity, and covering everything from the fundamentals to more advanced features in Metasploit, this book is not just for beginners but also for professionals keen to master this awesome tool. You will begin by building your lab environment, setting up Metasploit, and learning how to perform intelligence gathering, threat modeling, vulnerability analysis, exploitation, and post exploitation—all inside Metasploit. You will learn how to create and customize payloads to evade anti-virus software and bypass an organization's defenses, exploit server vulnerabilities, attack client systems, compromise mobile phones, automate post exploitation, install backdoors, run keyloggers, highjack webcams, port public exploits to the framework, create your own modules, and much more.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Sections
Icon
Get in touch
Icon
Disclaimer
Lock Free Chapter
1
Metasploit Quick Tips for Security Professionals
chevron up
Icon
Metasploit Quick Tips for Security Professionals
Icon
Introduction
Icon
Installing Metasploit on Windows
Icon
Installing Linux and macOS
Icon
Installing Metasploit on macOS
Icon
Using Metasploit in Kali Linux
Icon
Setting up a penetration-testing lab
Icon
Setting up SSH connectivity
Icon
Connecting to Kali using SSH
Icon
Configuring PostgreSQL
Icon
Creating  workspaces
Icon
Using the database
Icon
Using the hosts command
Icon
Understanding the services command
2
Information Gathering and Scanning
Icon
Information Gathering and Scanning
Icon
Introduction
Icon
Passive information gathering with Metasploit
Icon
Active information gathering with Metasploit
Icon
Port scanning—the Nmap way
Icon
Port scanning—the db_nmap way
Icon
Host discovery with ARP Sweep
Icon
UDP Service Sweeper
Icon
SMB scanning and enumeration
Icon
Detecting SSH versions with the SSH Version Scanner
Icon
FTP scanning
Icon
SMTP enumeration
Icon
SNMP enumeration
Icon
HTTP scanning
Icon
WinRM scanning and brute forcing
Icon
Integrating with Nessus
Icon
Integrating with NeXpose
Icon
Integrating with OpenVAS
3
Server-Side Exploitation
Icon
Server-Side Exploitation
Icon
Introduction
Icon
Exploiting a Linux server
Icon
SQL injection
Icon
Types of shell
Icon
Exploiting a Windows Server machine
Icon
Exploiting common services
Icon
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Icon
MS17-010 EternalRomance/EternalSynergy/EternalChampion
Icon
Installing backdoors
Icon
Denial of Service
4
Meterpreter
Icon
Meterpreter
Icon
Introduction
Icon
Understanding the Meterpreter core commands
Icon
Understanding the Meterpreter filesystem commands
Icon
Understanding Meterpreter networking commands
Icon
Understanding the Meterpreter system commands
Icon
Setting up multiple communication channels with the target
Icon
Meterpreter anti-forensics
Icon
The getdesktop and keystroke sniffing
Icon
Using a scraper Meterpreter script
Icon
Scraping the system using winenum
Icon
Automation with AutoRunScript
Icon
Meterpreter resource scripts
Icon
Meterpreter timeout control
Icon
Meterpreter sleep control
Icon
Meterpreter transports
Icon
Interacting with the registry
Icon
Loading framework plugins
Icon
Meterpreter API and mixins
Icon
Railgun—converting Ruby into a weapon
Icon
Adding DLL and function definitions to Railgun
Icon
Injecting the VNC server remotely
Icon
Enabling Remote Desktop
5
Post-Exploitation
Icon
Post-Exploitation
Icon
Introduction
Icon
Post-exploitation modules
Icon
Bypassing UAC
Icon
Dumping the contents of the SAM database
Icon
Passing the hash
Icon
Incognito attacks with Meterpreter
Icon
Using Mimikatz
Icon
Setting up a persistence with backdoors
Icon
Becoming TrustedInstaller
Icon
Backdooring Windows binaries
Icon
Pivoting with Meterpreter
Icon
Port forwarding with Meterpreter
Icon
Credential harvesting
Icon
Enumeration modules
Icon
Autoroute and socks proxy server
Icon
Analyzing an existing post-exploitation module
Icon
Writing a post-exploitation module
6
Using MSFvenom
Icon
Using MSFvenom
Icon
Introduction
Icon
Payloads and payload options
Icon
Encoders
Icon
Output formats
Icon
Templates
Icon
Meterpreter payloads with trusted certificates
7
Client-Side Exploitation and Antivirus Bypass
Icon
Client-Side Exploitation and Antivirus Bypass
Icon
Introduction
Icon
Exploiting a Windows 10 machine
Icon
Bypassing antivirus and IDS/IPS
Icon
Metasploit macro exploits
Icon
Human Interface Device attacks
Icon
HTA attack
Icon
Backdooring executables using a MITM attack
Icon
Creating a Linux trojan
Icon
Creating an Android backdoor
8
Social-Engineer Toolkit
Icon
Social-Engineer Toolkit
Icon
Introduction
Icon
Getting started with the Social-Engineer Toolkit
Icon
Working with the spear-phishing attack vector
Icon
Website attack vectors
Icon
Working with the multi-attack web method
Icon
Infectious media generator
9
Working with Modules for Penetration Testing
Icon
Working with Modules for Penetration Testing
Icon
Introduction
Icon
Working with auxiliary modules
Icon
DoS attack modules
Icon
Post-exploitation modules
Icon
Understanding the basics of module building
Icon
Analyzing an existing module
Icon
Building your own post-exploitation module
Icon
Building your own auxiliary module
10
Exploring Exploits
Icon
Exploring Exploits
Icon
Introduction
Icon
Common exploit mixins
Icon
Exploiting the module structure
Icon
Using MSFvenom to generate shellcode
Icon
Converting an exploit to a Metasploit module
Icon
Porting and testing the new exploit module
Icon
Fuzzing with Metasploit
Icon
Writing a simple fuzzer
11
Wireless Network Penetration Testing
Icon
Wireless Network Penetration Testing
Icon
Introduction
Icon
Metasploit and wireless
Icon
Understanding an evil twin attack
Icon
Configuring Karmetasploit
Icon
Wireless MITM attacks
Icon
SMB relay attacks
12
Cloud Penetration Testing
Icon
Cloud Penetration Testing
Icon
Introduction
Icon
Metasploit in the cloud
Icon
Metasploit PHP Hop
Icon
Phishing from the cloud
Icon
Setting up a cloud penetration testing lab
13
Best Practices
Icon
Best Practices
Icon
Introduction
Icon
Best practices
Icon
Using Metasploit over the Tor network
Icon
Metasploit logging
Icon
Documentation
Icon
Cleaning up
14
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Metasploit Quick Tips for Security Professionals

In this chapter, we will cover the following recipes:

  • Installing Metasploit on Windows
  • Installing Linux and macOS
  • Installing Metasploit on macOS
  • Using Metasploit in Kali Linux
  • Setting up a penetration testing lab using VMware
  • Setting up SSH connectivity
  • Connecting to Kali using SSH
  • Configuring Metasploit to use PostgreSQL
  • Creating workspaces
  • Using the database
  • Using the hosts command
  • Understanding the services command
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Metasploit Penetration Testing Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon