Book Image

The Complete Metasploit Guide

By : Sagar Rahalkar, Nipun Jaswal

Book Image

The Complete Metasploit Guide

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure. This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework. By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing. This Learning Path includes content from the following Packt products: Metasploit for Beginners by Sagar Rahalkar Mastering Metasploit - Third Edition by Nipun Jaswal

Title Page

Copyright

The Complete Metasploit Guide

About Packt

Contributors

About the Authors

Packt Is Searching for Authors Like You

Preface

Who This Book Is For

What This Book Covers

To Get the Most out of This Book

Free Chapter

Introduction to Metasploit and Supporting Tools

Introduction to Metasploit and Supporting Tools

The importance of penetration testing

Vulnerability assessment versus penetration testing

The need for a penetration testing framework

Introduction to Metasploit

When to use Metasploit?

Making Metasploit effective and powerful using supplementary tools

Setting up Your Environment

Setting up Your Environment

Using the Kali Linux virtual machine - the easiest way

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up exploitable targets in a virtual environment

Metasploit Components and Environment Configuration

Metasploit Components and Environment Configuration

Anatomy and structure of Metasploit

Metasploit components

Playing around with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Information Gathering with Metasploit

Information Gathering with Metasploit

Information gathering and enumeration

Password sniffing

Advanced search with shodan

Vulnerability Hunting with Metasploit

Vulnerability Hunting with Metasploit

Managing the database

Vulnerability detection with Metasploit auxiliaries

Auto exploitation with db_autopwn

Post exploitation

Client-side Attacks with Metasploit

Client-side Attacks with Metasploit

Need of client-side attacks

The msfvenom utility

Social Engineering with Metasploit

Browser Autopwn

Web Application Scanning with Metasploit

Web Application Scanning with Metasploit

Setting up a vulnerable application

Web application scanning using WMAP

Metasploit Auxiliaries for Web Application enumeration and scanning

Antivirus Evasion and Anti-Forensics

Antivirus Evasion and Anti-Forensics

Using encoders to avoid AV detection

Cyber Attack Management with Armitage

Cyber Attack Management with Armitage

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Find and launch attacks

Extending Metasploit and Exploit Development

Extending Metasploit and Exploit Development

Exploit development concepts

Exploit templates and mixins

Adding external exploits to Metasploit

Approaching a Penetration Test Using Metasploit

Approaching a Penetration Test Using Metasploit

Organizing a penetration test

Mounting the environment

The fundamentals of Metasploit

Conducting a penetration test with Metasploit

Benefits of penetration testing using Metasploit

Case study - diving deep into an unknown network

Revisiting the case study

Summary and exercises

Reinventing Metasploit

Reinventing Metasploit

Ruby - the heart of Metasploit

Developing custom modules

Breakthrough Meterpreter scripting

Working with RailGun

Summary and exercises

The Exploit Formulation Process

The Exploit Formulation Process

The absolute basics of exploitation

Exploiting stack-based buffer overflows with Metasploit

Exploiting SEH-based buffer overflows with Metasploit

Bypassing DEP in Metasploit modules

Other protection mechanisms

Porting Exploits

Porting Exploits

Importing a stack-based buffer overflow exploit

Importing web-based RCE into Metasploit

Importing TCP server/browser-based exploits into Metasploit

Testing Services with Metasploit

Testing Services with Metasploit

Fundamentals of testing SCADA systems

Database exploitation

Testing VOIP services

Virtual Test Grounds and Staging

Virtual Test Grounds and Staging

Performing a penetration test with integrated Metasploit services

Generating manual reports

Client-Side Exploitation

Client-Side Exploitation

Exploiting browsers for fun and profit

Metasploit and Arduino - the deadly combination

File format-based exploitation

Attacking Android with Metasploit

Summary and exercises

Metasploit Extended

Metasploit Extended

Basics of post-exploitation with Metasploit

Basic post-exploitation commands

Advanced post-exploitation with Metasploit

Additional post-exploitation modules

Advanced extended features of Metasploit

Summary and exercises

Evasion with Metasploit

Evasion with Metasploit

Evading Meterpreter using C wrappers and custom encoders

Evading intrusion detection systems with Metasploit

Bypassing Windows firewall blocked ports

Summary and exercises

Metasploit for Secret Agents

Metasploit for Secret Agents

Maintaining anonymity in Meterpreter sessions

Maintaining access using vulnerabilities in common software

Harvesting files from target systems

Using venom for obfuscation

Covering tracks with anti-forensics modules

Visualizing with Armitage

Visualizing with Armitage

The fundamentals of Armitage

Scanning networks and host management

Exploitation with Armitage

Post-exploitation with Armitage

Red teaming with Armitage team server

Scripting Armitage

Tips and Tricks

Tips and Tricks

Automation using Minion script

Using connect as Netcat

Shell upgrades and background sessions

Naming conventions

Saving configurations in Metasploit

Using inline handler and renaming jobs

Running commands on multiple Meterpreters

Automating the Social Engineering Toolkit

Cheat sheets on Metasploit and penetration testing

Further reading

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Evading intrusion detection systems with Metasploit

Your sessions on the target can be short-lived if an intrusion detection system is in place. Snort, a popular IDS system, can generate quick alerts when an anomaly is found on the network. Consider the following case of exploiting a Rejetto HFS server with a target with Snort IDS enabled:

We can see that we successfully got the Meterpreter session. However, the image on the right suggests some priority one issues. I must admit that the rules created by the Snort team and the community are pretty strict and tough to bypass at times. However, for the maximum coverage of Metasploit evasion techniques and for the sake of learning, we have created a simple rule to detect logins at the vulnerable HFS server, which is as follows:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Rejetto HttpFileServer...