Book Image

Mastering Metasploit - Fourth Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Fourth Edition

By: Nipun Jaswal

Overview of this book

Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit. Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you’ll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework. By the end of the book, you’ll have developed the skills you need to work confidently with efficient exploitation techniques

Related Content you might be interested in

Current Title:

Small book image
Mastering Metasploit - Fourth Edition
Nipun Jaswal
Jun, 2020 | 502 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Metasploit 5.0 for Beginners
Sagar Rahalkar
Apr, 2020 | 246 pages
Small book image
Metasploit for Beginners
Sagar Rahalkar
Jul, 2017 | 190 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1 – Preparation and Development
Section 1 – Preparation and Development
Free Chapter
2
Chapter 1: Approaching a Penetration Test Using Metasploit
Chapter 1: Approaching a Penetration Test Using Metasploit
Technical requirements
Organizing a penetration test
Mounting the environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Case study – reaching the domain controller
Revisiting the case study
Summary
3
Chapter 2: Reinventing Metasploit
Chapter 2: Reinventing Metasploit
Technical requirements
Ruby – the heart of Metasploit
Understanding Metasploit modules
Developing an auxiliary – the FTP scanner module
Developing an auxiliary—the SSH brute force module
Developing post-exploitation modules
Post-exploitation with RailGun
Summary
4
Chapter 3: The Exploit Formulation Process
Chapter 3: The Exploit Formulation Process
Technical requirements
The absolute basics of exploitation
Exploiting a stack overflow vulnerability with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
5
Chapter 4: Porting Exploits
Chapter 4: Porting Exploits
Technical requirements
Importing a stack-based buffer overflow exploit
Importing a web-based RCE exploit into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Summary
6
Section 2 – The Attack Phase
Section 2 – The Attack Phase
7
Chapter 5: Testing Services with Metasploit
Chapter 5: Testing Services with Metasploit
Technical requirements
The fundamentals of testing SCADA systems
Database exploitation
Testing VOIP services
Summary
8
Chapter 6: Virtual Test Grounds and Staging
Chapter 6: Virtual Test Grounds and Staging
Technical requirements
Performing a penetration test with integrated Metasploit services
Generating manual reports
Summary
9
Chapter 7: Client-Side Exploitation
Chapter 7: Client-Side Exploitation
Technical requirements
Exploiting browsers for fun and profit
Compromising the clients of a website
Metasploit and Arduino – the deadly combination
File format-based exploitation
Attacking Android with Metasploit
Summary
10
Section 3 – Post-Exploitation and Evasion
Section 3 – Post-Exploitation and Evasion
11
Chapter 8: Metasploit Extended
Chapter 8: Metasploit Extended
Technical requirements
Basic Windows post-exploitation commands
Windows versus Linux basic post-exploitation commands
Advanced Windows post-exploitation modules
Advanced multi-OS extended features of Metasploit
Privilege escalation with Metasploit
Summary
12
Chapter 9: Evasion with Metasploit
Chapter 9: Evasion with Metasploit
Technical requirements
Evading Meterpreter detection using C wrappers and custom encoders
Evading Meterpreter with Python
Evading intrusion detection systems with Metasploit
Bypassing Windows firewall blocked ports
Summary
13
Chapter 10: Metasploit for Secret Agents
Chapter 10: Metasploit for Secret Agents
Technical requirements
Maintaining anonymity in Meterpreter sessions using proxy and HOP payloads
Maintaining access using search order hijacking in standard software
Harvesting files from target systems
Using Venom for obfuscation
Covering tracks with anti-forensics modules
Summary
14
Chapter 11: Visualizing Metasploit
Chapter 11: Visualizing Metasploit
Technical requirements
Kage for Meterpreter sessions
Automated exploitation using Armitage
Red teaming with the Armitage team server
Scripting Armitage
Summary
15
Chapter 12: Tips and Tricks
Chapter 12: Tips and Tricks
Technical requirements
Automation using the Minion script
Using connect instead of Netcat
Shell upgrades and background sessions
Naming conventions
Saving configurations in Metasploit
Using inline handler and renaming jobs
Running commands on multiple Meterpreters
Automating the Social Engineering Toolkit
Cheat sheets for Metasploit and penetration testing
Summary
Further reading
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

A block of code is set as follows:

def exploit
    connect
    weapon = "HEAD "
    weapon << make_nops(target['Offset'])
    weapon << generate_seh_record(target.ret)
    weapon << make_nops(19)
    weapon << payload.encoded
    weapon << " HTTP/1.0\r\n\r\n"
    sock.put(weapon)
    handler
    disconnect
  end
end

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

weapon << make_nops(target['Offset'])
weapon << generate_seh_record(target.ret)
weapon << make_nops(19)
weapon << payload.encoded

Any command-line input or output is written as follows:

irb(main):003:1> res = a ^ b
irb(main):004:1> return res

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Tips or important notes

Appear like this.

Previous Section
Next Section