Book Image

Mastering Metasploit - Third Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Third Edition

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit - Third Edition
Nipun Jaswal
May, 2018 | 492 pages
No titles found
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Mounting the environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Case study - diving deep into an unknown network
Revisiting the case study
Summary and exercises
2
Reinventing Metasploit
Reinventing Metasploit
Ruby - the heart of Metasploit
Developing custom modules
Breakthrough Meterpreter scripting
Working with RailGun
Summary and exercises
3
The Exploit Formulation Process
The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
4
Porting Exploits
Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Summary
5
Testing Services with Metasploit
Testing Services with Metasploit
Fundamentals of testing SCADA systems
Database exploitation
Testing VOIP services
Summary
6
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Generating manual reports
Summary
7
Client-Side Exploitation
Client-Side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Attacking Android with Metasploit
Summary and exercises
8
Metasploit Extended
Metasploit Extended
Basics of post-exploitation with Metasploit
Basic post-exploitation commands
Advanced post-exploitation with Metasploit
Additional post-exploitation modules
Advanced extended features of Metasploit
Summary and exercises
9
Evasion with Metasploit
Evasion with Metasploit
Evading Meterpreter using C wrappers and custom encoders
Evading intrusion detection systems with Metasploit
Bypassing Windows firewall blocked ports
Summary and exercises
10
Metasploit for Secret Agents
Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions
Maintaining access using vulnerabilities in common software
Harvesting files from target systems
Using venom for obfuscation
Covering tracks with anti-forensics modules
Summary
11
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Red teaming with Armitage team server
Scripting Armitage
Summary
12
Tips and Tricks
Tips and Tricks
Automation using Minion script
Using connect as Netcat
Shell upgrades and background sessions
Naming conventions
Saving configurations in Metasploit
Using inline handler and renaming jobs
Running commands on multiple Meterpreters
Automating the Social Engineering Toolkit
Cheat sheets on Metasploit and penetration testing
Further reading
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Exploiting SEH-based buffer overflows with Metasploit

Exception handlers are code modules that catch exceptions and errors generated during the execution of the program. This allows the program to continue execution instead of crashing. Windows operating systems have default exception handlers, and we see them generally when an application crashes and throws a pop-up that says XYZ program has encountered an error and needed to close. When the program generates an exception, the equivalent address of the catch code is loaded and called from the stack. However, if we somehow manage to overwrite the address in the stack for the catch code of the handler, we will be able to control the application. Let's see how things are arranged in a stack when an application is implemented with exception handlers:

In the preceding diagram, we can see that we have the address of the catch...

Previous Section
End of Section 4
Next Section