Book Image

Mastering Metasploit - Fourth Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Fourth Edition

By: Nipun Jaswal

Overview of this book

Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit. Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you’ll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework. By the end of the book, you’ll have developed the skills you need to work confidently with efficient exploitation techniques
Table of Contents (17 chapters)
Section 1 – Preparation and Development
Section 2 – The Attack Phase
Section 3 – Post-Exploitation and Evasion

Developing post-exploitation modules

The post-exploitation phase begins as soon as we acquire an initial foothold on the target machine. Metasploit contains many post-exploitation modules that can serve as an excellent reference guide while building our own. In the upcoming sections, we will build various types of post-exploitation modules covering a variety of different methods supported by Metasploit.

The Credential Harvester module

In this example module, we will attack Foxmail 6.5. We will try decrypting the credentials and storing them in the database. Let's see the code:

class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::File
include Msf::Auxiliary::Report
include Msf::Post::Windows::UserProfiles
def initialize(info={}) 
'Name'	=> 'FoxMail 6.5 Credential Harvester', 
'Description'	=> %q{
This Module Finds and Decrypts Stored Foxmail 6.5 Credentials