Book Image

Metasploit 5.0 for Beginners - Second Edition

By : Sagar Rahalkar
Book Image

Metasploit 5.0 for Beginners - Second Edition

By: Sagar Rahalkar

Overview of this book

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing. Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You’ll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you’ll get hands-on with the essential tools. As you progress, you’ll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you’ve gained to ethically hack into target systems. You’ll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit. By the end of this book, you’ll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.
Table of Contents (15 chapters)
1
Section 1: Introduction and Environment Setup
5
Section 2: Practical Metasploit

Understanding what a sandbox is

Whenever we execute an application, be it legitimate or malicious, some of the events that occur are as follows:

  • The application directly interacts with the host operating system.
  • System calls are made.
  • Network connections are established.
  • Registry entries are modified.
  • Event logs are written out.
  • Temporary files are created or deleted.
  • New processes are spawned.
  • Configuration files are updated.

All the preceding events are persistent in nature and change the state of the target system. Now, there might be a scenario wherein we have to test a malicious program in a controlled manner, such that the state of the test system remains unchanged. This is exactly where a sandbox can play an important role.

Imagine that a sandbox is an isolated container or compartment. Anything that is executed within a sandbox stays within it and does not impact the outside world. Running a payload sample within a sandbox will...