Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Mastering Metasploit - Third Edition

By : Nipun Jaswal

3.3 (3)

Mastering Metasploit

3.3 (3)

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Disclaimer

Free Chapter

Approaching a Penetration Test Using Metasploit

Approaching a Penetration Test Using Metasploit

Organizing a penetration test

Mounting the environment

The fundamentals of Metasploit

Conducting a penetration test with Metasploit

Benefits of penetration testing using Metasploit

Case study - diving deep into an unknown network

Revisiting the case study

Summary and exercises

Reinventing Metasploit

Reinventing Metasploit

Ruby - the heart of Metasploit

Developing custom modules

Breakthrough Meterpreter scripting

Working with RailGun

Summary and exercises

The Exploit Formulation Process

The Exploit Formulation Process

The absolute basics of exploitation

Exploiting stack-based buffer overflows with Metasploit

Exploiting SEH-based buffer overflows with Metasploit

Bypassing DEP in Metasploit modules

Other protection mechanisms

Summary

Porting Exploits

Porting Exploits

Importing a stack-based buffer overflow exploit

Importing web-based RCE into Metasploit

Importing TCP server/browser-based exploits into Metasploit

Summary

Testing Services with Metasploit

Testing Services with Metasploit

Fundamentals of testing SCADA systems

Database exploitation

Testing VOIP services

Summary

Virtual Test Grounds and Staging

Virtual Test Grounds and Staging

Performing a penetration test with integrated Metasploit services

Generating manual reports

Summary

Client-Side Exploitation

Client-Side Exploitation

Exploiting browsers for fun and profit

Metasploit and Arduino - the deadly combination

File format-based exploitation

Attacking Android with Metasploit

Summary and exercises

Metasploit Extended

Metasploit Extended

Basics of post-exploitation with Metasploit

Basic post-exploitation commands

Advanced post-exploitation with Metasploit

Additional post-exploitation modules

Advanced extended features of Metasploit

Summary and exercises

Evasion with Metasploit

Evasion with Metasploit

Evading Meterpreter using C wrappers and custom encoders

Evading intrusion detection systems with Metasploit

Bypassing Windows firewall blocked ports

Summary and exercises

Metasploit for Secret Agents

Metasploit for Secret Agents

Maintaining anonymity in Meterpreter sessions

Maintaining access using vulnerabilities in common software

Harvesting files from target systems

Using venom for obfuscation

Covering tracks with anti-forensics modules

Summary

Visualizing with Armitage

Visualizing with Armitage

The fundamentals of Armitage

Scanning networks and host management

Exploitation with Armitage

Post-exploitation with Armitage

Red teaming with Armitage team server

Scripting Armitage

Summary

Tips and Tricks

Tips and Tricks

Automation using Minion script

Using connect as Netcat

Shell upgrades and background sessions

Naming conventions

Saving configurations in Metasploit

Using inline handler and renaming jobs

Running commands on multiple Meterpreters

Automating the Social Engineering Toolkit

Cheat sheets on Metasploit and penetration testing

Further reading

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Virtual Test Grounds and Staging

We have covered a lot in the past few chapters. It is now time to test all the methodologies that we have covered throughout this book, along with various other famous testing tools, and see how we can efficiently perform penetration testing and vulnerability assessments over the target network, website, or other services, using industry-leading tools within Metasploit.

During this chapter, we will look at various methods for testing, and will cover the following topics:

Using Metasploit along with the industry's multiple other penetration testing tools
Importing the reports generated from various tools, and different formats into the Metasploit framework
Creating penetration test reports

The primary focus of this chapter is to cover penetration testing with other industry-leading tools alongside Metasploit; however, the phases of a test...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Mastering Metasploit

Search

Your notes and bookmarks