Book Image

Metasploit 5.0 for Beginners - Second Edition

By : Sagar Rahalkar
Book Image

Metasploit 5.0 for Beginners - Second Edition

By: Sagar Rahalkar

Overview of this book

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing. Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You’ll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you’ll get hands-on with the essential tools. As you progress, you’ll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you’ve gained to ethically hack into target systems. You’ll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit. By the end of this book, you’ll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.

Related Content you might be interested in

Current Title:

Small book image
Metasploit 5.0 for Beginners - Second Edition
Sagar Rahalkar
Apr, 2020 | 246 pages
Small book image
Mastering Metasploit
Nipun Jaswal
Jun, 2020 | 502 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Introduction and Environment Setup
Section 1: Introduction and Environment Setup
Free Chapter
2
Chapter 1: Introduction to Metasploit and Supporting Tools
Chapter 1: Introduction to Metasploit and Supporting Tools
Technical requirements
The importance of penetration testing
Understanding the difference between vulnerability assessments and penetration testing
The need for a penetration testing framework
Introduction to Metasploit
Introduction to new features in Metasploit 5.0
When to use Metasploit
Making Metasploit effective and powerful using supplementary tools
Summary
Exercise
Further reading
3
Chapter 2: Setting Up Your Environment
Chapter 2: Setting Up Your Environment
Using Metasploit on a Kali Linux virtual machine
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up Docker
Setting up vulnerable targets in a VM
Summary
Exercises
4
Chapter 3: Metasploit Components and Environment Configuration
Chapter 3: Metasploit Components and Environment Configuration
Technical requirements
Anatomy and structure of Metasploit
Metasploit components and environment configuration
Getting started with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercise
Further reading
5
Section 2: Practical Metasploit
Section 2: Practical Metasploit
6
Chapter 4: Information Gathering with Metasploit
Chapter 4: Information Gathering with Metasploit
Technical requirements
Information gathering and enumeration on various protocols
Password sniffing with Metasploit
Advanced search using Shodan
Summary
Exercises
Further reading
7
Chapter 5: Vulnerability Hunting with Metasploit
Chapter 5: Vulnerability Hunting with Metasploit
Technical requirements
Managing the database
Vulnerability detection with Metasploit auxiliaries
Auto-exploitation with db_autopwn
Exploring post exploitation
Introduction to msf utilities
Summary
Exercises
Further reading
8
Chapter 6: Client-Side Attacks with Metasploit
Chapter 6: Client-Side Attacks with Metasploit
Understanding the need for client-side attacks
Exploring the msfvenom utility
Using MSFvenom Payload Creator (MSFPC)
Social engineering with Metasploit
Using browser autopwn
Summary
Exercises
9
Chapter 7: Web Application Scanning with Metasploit
Chapter 7: Web Application Scanning with Metasploit
Technical requirements
Setting up a vulnerable web application
Web application scanning using WMAP
Metasploit auxiliaries for web application enumeration and scanning
Summary
Exercise
10
Chapter 8: Antivirus Evasion and Anti-Forensics
Chapter 8: Antivirus Evasion and Anti-Forensics
Technical requirements
Using encoders to avoid antivirus detection
Using the new evasion module
Using packagers and encrypters
Understanding what a sandbox is
Using Metasploit for anti-forensics
Summary
Exercises
Further reading
11
Chapter 9: Cyber Attack Management with Armitage
Chapter 9: Cyber Attack Management with Armitage
Technical requirements
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Finding and launching attacks
Summary
Exercise
Further reading
12
Chapter 10: Extending Metasploit and Exploit Development
Chapter 10: Extending Metasploit and Exploit Development
Technical requirements
Understanding exploit development concepts
Understanding exploit templates and mixins
Understanding Metasploit mixins
Adding external exploits to Metasploit
Summary
Exercises
Further reading
13
Chapter 11: Case Studies
Chapter 11: Case Studies
Case study 1
Case study 2
Summary
Exercises
Further reading
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Preface

For more than a decade or so, the use of technology has been rising exponentially. Almost all businesses are partially or completely dependent on the use of technology. From Bitcoin to the cloud to the Internet of Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring threats along with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern to thousands of organizations and businesses around the world. Organizations worldwide are deeply concerned about keeping their data safe. Protecting data is certainly important; however, testing whether adequate protection mechanisms have been put in place is equally important. Protection mechanisms can fail, hence testing them before someone exploits them for real is a challenging task. Having said that, vulnerability assessment and penetration testing have gained great importance and are now trivially included in all compliance programs. With vulnerability assessment and penetration testing done in the right way, organizations can ensure that they have put in the right security controls and they are functioning as expected! For many, the process of vulnerability assessment and penetration testing may look easy just by running an automated scanner and generating a long report with false positives. However, in reality, this process is not just about running tools but a complete life cycle. Fortunately, the Metasploit Framework can be plugged into almost every phase of the penetration testing life cycle, making complex tasks easier. This book will take you through some of the absolute basics of Metasploit Framework 5.x to the advanced and sophisticated features that the framework has to offer!

Previous Section
Next Section