Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Metasploit
  • Table Of Contents Toc
Mastering Metasploit

Mastering Metasploit - Third Edition

By : Nipun Jaswal
3.3 (3)
close
close
Mastering Metasploit

Mastering Metasploit

3.3 (3)
By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (14 chapters)
close
close

Preface

Penetration testing is required everywhere in business today. With the rise of cyber and computer-based crime over the past few years, penetration testing has become one of the core aspects of network security and helps keep a business secure from internal and external threats. The reason that penetration testing is a necessity is that it helps uncover potential flaws in a network, a system, or an application. Moreover, it helps identify weaknesses and threats from an attacker's perspective. Various inherent weaknesses in a system are exploited to find out the impact it can have on an organization and the risk to the assets that exist as well. However, the success rate of a penetration test depends mostly on knowledge of the target under test. Therefore, we generally approach a penetration test using two different methods: black box testing and white box testing. Black box testing refers to testing where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. However, in the case of a white box penetration test, a penetration tester has knowledge about the target under test and starts off by identifying weaknesses of the target. In general, a penetration test is divided into seven different phases, which are as follows:

  • Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions, basically, everything you need to discuss with the client before the testing starts.
  • Intelligence gathering: This phase is all about collecting information about the target under test, by connecting to the target directly and passively, and without connecting to the target at all.
  • Threat modeling: This phase involves matching the information detected to the assets to find the areas with the highest threat level.
  • Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
  • Exploitation: This phase works on taking advantage of the vulnerabilities found in the previous stage and typically means that we are trying to gain access to the target.
  • Post-exploitation: The actual actions to perform on the target, such as downloading a file, shutting a system down, creating a new user account on the target, are parts of this phase. In general, this phase describes what you need to do after exploitation.
  • Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.

These seven stages may look easy when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems is to be tested. Therefore, in a case like this, manual work is to be replaced with an automated approach. Consider a scenario where the number of systems under test is precisely 100, and they are running the same operating system and services. Testing every system manually will consume much time and energy. Situations such as these demand the use of a penetration testing framework. Using a penetration testing framework will not only save time but will also offer much more flexibility regarding changing the attack vectors and covering a much wider range of targets under test. A penetration testing framework will eliminate additional time consumption and also help to automate most of the attack vectors, scanning processes, identifying vulnerabilities, and most importantly, exploiting the vulnerabilities, thus saving time and pacing a penetration test, and this is where Metasploit kicks in.

Metasploit is considered one of the best and is the most widely used penetration testing framework. With a lot of reputation in the IT security community, Metasploit is not only an excellent penetration test framework, but also delivers innovative features that make the life of a penetration tester easy.

Mastering Metasploit, Third Edition aims to provide readers with insights into the legendary Metasploit framework. This book focuses explicitly on mastering Metasploit with respect to exploitation, writing custom exploits, porting exploits, testing services, and conducting sophisticated client-side testing. Moreover, this book helps to convert your customized attack vectors into Metasploit modules, covering Ruby and attack scripting, such as Cortana. This book will not only cater to your penetration testing knowledge but will also help you build programming skills as well.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Metasploit
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon