Book Image

The Complete Metasploit Guide

By : Sagar Rahalkar, Nipun Jaswal
Book Image

The Complete Metasploit Guide

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure. This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework. By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing. This Learning Path includes content from the following Packt products: Metasploit for Beginners by Sagar Rahalkar Mastering Metasploit - Third Edition by Nipun Jaswal
Table of Contents (28 chapters)
Title Page

Using venom for obfuscation

In the previous chapter, we saw how we could defeat AVs with custom encoders. Let's go one step ahead and talk about encryption and obfuscation in the Metasploit payloads; we can use a great tool called venom for this. Let's create some encrypted Meterpreter shellcode, as shown in the following screenshot:

As soon as you start venom in Kali Linux, you will be presented with the screen shown in the preceding screenshot. The venom framework is a creative work from Pedro Nobrega and Chaitanya Haritash (Suspicious-Shell-Activity), who worked extensively to simplify shellcode and backdoor generation for various operating systems. Let's hit Enter to continue:

As we can see, we have options to create payloads for a variety of operating systems, and we even have options to create multi-OS payloads. Let's choose 2 to select Windows-OS payloads...