Throughout this chapter, we introduced the phases involved in penetration testing. We also saw how we can set up Metasploit and conduct a penetration test on the network. We recalled the basic functionalities of Metasploit as well. We also looked at the benefits of using databases in Metasploit and pivoting to internal systems with Metasploit.
Having completed this chapter, we are equipped with the following:
- Knowledge of the phases of a penetration test
- The benefits of using databases in Metasploit
- The basics of the Metasploit framework
- Knowledge of the workings of exploits and auxiliary modules
- Knowledge of pivoting to internal networks and configuring routes to them
- Understanding of the approach to penetration testing with Metasploit
The primary goal of this chapter was to get you familiar with penetration test phases and the basics of Metasploit. This chapter focused entirely on preparing ourselves for the following chapters.
To make the most out of the knowledge gained from this chapter, you should perform the following exercises:
- Refer to PTES standards and give a deep dive to all the phases of a business-oriented penetration test
- Use the overlayfs privilege escalation module within the Metasploit framework
- Find at least three different exploits which are not a part of Metasploit framework, and load them into Metasploit
- Perform post-exploitation on the Windows 7 system and identify five best post-exploitation modules
- Achieve persistence on Windows 7 by finding the correct persistence mechanism and check if any AV raises any flags while you do that
- Identify at least three persistence methods for Windows, Linux, and Mac operating systems
In the next chapter, we will dive deep into the wild world of scripting and building Metasploit modules. We will learn how we can build cutting-edge modules with Metasploit and learn how some of the most popular scanning and authentication testing scripts work.