Book Image

The Complete Metasploit Guide

By : Sagar Rahalkar, Nipun Jaswal
Book Image

The Complete Metasploit Guide

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure. This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework. By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing. This Learning Path includes content from the following Packt products: Metasploit for Beginners by Sagar Rahalkar Mastering Metasploit - Third Edition by Nipun Jaswal

Related Content you might be interested in

Current Title:

Small book image
The Complete Metasploit Guide
Sagar Rahalkar | Nipun Jaswal
Jun, 2019 | 11 hours 0 minutes
No titles found
Table of Contents (28 chapters)
Title Page
Title Page
Copyright
Copyright
The Complete Metasploit Guide
About Packt
About Packt
Why Subscribe?
Packt.com
Contributors
Contributors
About the Authors
Packt Is Searching for Authors Like You
Preface
Preface
Who This Book Is For
What This Book Covers
To Get the Most out of This Book
Get in Touch
Free Chapter
1
Introduction to Metasploit and Supporting Tools
Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
2
Setting up Your Environment
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
3
Metasploit Components and Environment Configuration
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
4
Information Gathering with Metasploit
Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
5
Vulnerability Hunting with Metasploit
Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
6
Client-side Attacks with Metasploit
Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
7
Web Application Scanning with Metasploit
Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
8
Antivirus Evasion and Anti-Forensics
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
9
Cyber Attack Management with Armitage
Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
10
Extending Metasploit and Exploit Development
Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises
11
Approaching a Penetration Test Using Metasploit
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Mounting the environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Case study - diving deep into an unknown network
Revisiting the case study
Summary and exercises
12
Reinventing Metasploit
Reinventing Metasploit
Ruby - the heart of Metasploit
Developing custom modules
Breakthrough Meterpreter scripting
Working with RailGun
Summary and exercises
13
The Exploit Formulation Process
The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
14
Porting Exploits
Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Summary
15
Testing Services with Metasploit
Testing Services with Metasploit
Fundamentals of testing SCADA systems
Database exploitation
Testing VOIP services
Summary
16
Virtual Test Grounds and Staging
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Generating manual reports
Summary
17
Client-Side Exploitation
Client-Side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Attacking Android with Metasploit
Summary and exercises
18
Metasploit Extended
Metasploit Extended
Basics of post-exploitation with Metasploit
Basic post-exploitation commands
Advanced post-exploitation with Metasploit
Additional post-exploitation modules
Advanced extended features of Metasploit
Summary and exercises
19
Evasion with Metasploit
Evasion with Metasploit
Evading Meterpreter using C wrappers and custom encoders
Evading intrusion detection systems with Metasploit
Bypassing Windows firewall blocked ports
Summary and exercises
20
Metasploit for Secret Agents
Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions
Maintaining access using vulnerabilities in common software
Harvesting files from target systems
Using venom for obfuscation
Covering tracks with anti-forensics modules
Summary
21
Visualizing with Armitage
Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Red teaming with Armitage team server
Scripting Armitage
Summary
22
Tips and Tricks
Tips and Tricks
Automation using Minion script
Using connect as Netcat
Shell upgrades and background sessions
Naming conventions
Saving configurations in Metasploit
Using inline handler and renaming jobs
Running commands on multiple Meterpreters
Automating the Social Engineering Toolkit
Cheat sheets on Metasploit and penetration testing
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Maintaining access using vulnerabilities in common software

The DLL search order hijacking/DLL planting technique is one of my favorite persistence-gaining methods in achieving long-time access while evading the eyes of the administrators. Let's talk about this technique in the next section.

DLL search order hijacking

As the name suggests, the DLL search order hijacking vulnerability allows an attacker to hijack the search order of DLLs loaded by a program and will enable them to insert a malicious DLL instead of a legit one.

Mostly, software, once executed, will look for DLL files in its current folder and System32 folder. However, sometimes the DLLs, which are not found in its current directory, are then searched in the System32...

Previous Section
End of Section 3
Next Section