Metasploit 5.0 for Beginners - Second Edition

By : Sagar Rahalkar

Metasploit 5.0 for Beginners - Second Edition

By: Sagar Rahalkar

Overview of this book

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing. Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You’ll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you’ll get hands-on with the essential tools. As you progress, you’ll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you’ve gained to ethically hack into target systems. You’ll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit. By the end of this book, you’ll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Section 1: Introduction and Environment Setup

Free Chapter

Chapter 1: Introduction to Metasploit and Supporting Tools

Technical requirements

The importance of penetration testing

Understanding the difference between vulnerability assessments and penetration testing

The need for a penetration testing framework

Introduction to Metasploit

Introduction to new features in Metasploit 5.0

When to use Metasploit

Making Metasploit effective and powerful using supplementary tools

Summary

Exercise

Further reading

Chapter 2: Setting Up Your Environment

Using Metasploit on a Kali Linux virtual machine

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up Docker

Setting up vulnerable targets in a VM

Summary

Exercises

Chapter 3: Metasploit Components and Environment Configuration

Technical requirements

Anatomy and structure of Metasploit

Metasploit components and environment configuration

Getting started with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Summary

Exercise

Further reading

Section 2: Practical Metasploit

Chapter 4: Information Gathering with Metasploit

Technical requirements

Information gathering and enumeration on various protocols

Password sniffing with Metasploit

Advanced search using Shodan

Summary

Exercises

Further reading

Chapter 5: Vulnerability Hunting with Metasploit

Technical requirements

Managing the database

Vulnerability detection with Metasploit auxiliaries

Auto-exploitation with db_autopwn

Exploring post exploitation

Introduction to msf utilities

Summary

Exercises

Further reading

Chapter 6: Client-Side Attacks with Metasploit

Understanding the need for client-side attacks

Exploring the msfvenom utility

Using MSFvenom Payload Creator (MSFPC)

Social engineering with Metasploit

Using browser autopwn

Summary

Exercises

Chapter 7: Web Application Scanning with Metasploit

Technical requirements

Setting up a vulnerable web application

Web application scanning using WMAP

Metasploit auxiliaries for web application enumeration and scanning

Summary

Exercise

Chapter 8: Antivirus Evasion and Anti-Forensics

Technical requirements

Using encoders to avoid antivirus detection

Using the new evasion module

Using packagers and encrypters

Understanding what a sandbox is

Using Metasploit for anti-forensics

Summary

Exercises

Further reading

Chapter 9: Cyber Attack Management with Armitage

Technical requirements

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Finding and launching attacks

Summary

Exercise

Further reading

Chapter 10: Extending Metasploit and Exploit Development

Technical requirements

Understanding exploit development concepts

Understanding exploit templates and mixins

Understanding Metasploit mixins

Adding external exploits to Metasploit

Summary

Exercises

Further reading

Chapter 11: Case Studies

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Understanding exploit templates and mixins

Let's suppose that you have written an exploit code for a new zero-day vulnerability. Now, if you want to make it part of the Metasploit Framework, you need to ensure it is in a particular format. Fortunately, you just need to focus on the actual exploit code and then simply use a readily available template (provided by the Metasploit Framework) to insert it in the required format.

The exploit module skeleton is readily provided by the Metasploit Framework, as in the following code:

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
def initialize(info={})
super(update_info(info,
'Name' => '[Vendor] [Software] [Root Cause] [Vulnerability type]',
'Description' => %q{
Say something that the user might need to know...

Metasploit 5.0 for Beginners - Second Edition

By : Sagar Rahalkar

Metasploit 5.0 for Beginners - Second Edition

By: Sagar Rahalkar

Overview of this book

Related Content you might be interested in

Current Title:

Metasploit 5.0 for Beginners - Second Edition

Mastering Metasploit

Metasploit Bootcamp

Metasploit Penetration Testing Cookbook

Understanding exploit templates and mixins