Book Image

Mastering Metasploit - Fourth Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Fourth Edition

By: Nipun Jaswal

Overview of this book

Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit. Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you’ll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework. By the end of the book, you’ll have developed the skills you need to work confidently with efficient exploitation techniques
Table of Contents (17 chapters)
1
Section 1 – Preparation and Development
6
Section 2 – The Attack Phase
10
Section 3 – Post-Exploitation and Evasion

File format-based exploitation

We will be covering various attacks on the victim using malicious files in this section. Whenever these malicious files run, Meterpreter or shell access is provided to the target system. In the next section, we will cover exploitation using malicious documents and PDF files.

PDF-based exploits

PDF file format-based exploits are those that trigger vulnerabilities in various PDF readers and parsers, which are made to execute the payload carrying PDF files, presenting the attacker with complete access to the target system in the form of a Meterpreter shell or a command shell. However, before getting into the technique, let's find out which vulnerability we are targeting and what the environment details are:

To exploit the vulnerability, we will create a PDF file and send it to the victim. When the victim tries to open our malicious PDF file, we will be able to get the Meterpreter shell or the command shell based on the...