You are previewing Learning Metasploit Exploitation and Development.
O'Reilly logo
Learning Metasploit Exploitation and Development

Book Description

Develop advanced exploits and modules with a fast-paced, practical learning guide to protect what's most important to your organization, all using the Metasploit Framework

  • Step-by-step instructions to learn exploit development with Metasploit, along with crucial aspects of client-side exploitation to secure against unauthorized access and defend vulnerabilities

  • This book contains the latest exploits tested on new operating systems and also covers the concept of hacking recent network topologies

  • This tutorial encourages you to really think out of the box and test your ability to beat the vulnerabilities when the chances appear slim

In Detail

Metasploit is an open source exploit framework that provides you with heaps of exploits, as well as tools to assist you in creating your own exploits. This includes the ability to generate a large range of shellcodes for different purposes and platforms that can be customized to attack your target. The recent improvements in network security mechanisms have given rise to new trends and techniques of compromising a network. This book deals with these recent trends and attack tips to compromise the weakest to the strongest of networks. Metasploit Exploitation and Development describes actual penetration testing skills and ways to penetrate and assess different types of networks.

Metasploit Exploitation and Development is a perfect fit for hackers who want to develop some real exploitation skills. This book has been designed with a practical approach which emphasizes hands-on rather than theoretical reading. It covers all the new exploits for new operating systems and tips from the experience of real hackers. This is a best buy book for learning the art of exploitation and skills of a penetration tester.

Metasploit Exploitation and Development is a guide to real network hacking with the best tricks to master the art of exploitation.

This book has been designed in well-defined stages so the reader learns more effectively. From the actual setup to vulnerability assessment, this book provides an individual with in-depth knowledge of an expert penetration tester. The book deals with vulnerability assessment exercises with some of the industrially-used tools and report-making tips. It covers topics such as client exploitation, backdoors, post exploitation, and also exploitation development with Metasploit.

This book has been developed with a practical hands-on approach so that readers can effectively try and test what they actually read.

Metasploit Exploitation and Development covers the experience of real network hacking with some of the latest operating systems. The readers will go through a journey in which they will learn from basic to advanced levels of the art of exploitation.

This book covers real hacking and exploitation of the current vulnerabilities in some of the latest operating systems.

Table of Contents

  1. Learning Metasploit Exploitation and Development
    1. Table of Contents
    2. Learning Metasploit Exploitation and Development
    3. Credits
    4. About the Author
    5. About the Reviewers
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. Lab Setup
      1. Installing Oracle VM VirtualBox
      2. Installing WindowsXP on Oracle VM VirtualBox
      3. Installing BackTrack5 R2 on Oracle VM Virtual Box
      4. Summary
    9. 2. Metasploit Framework Organization
      1. Metasploit interfaces and basics
      2. Exploit modules
        1. Auxiliary modules
      3. Payloads – in-depth
      4. Summary
      5. References
    10. 3. Exploitation Basics
      1. Basic terms of exploitation
        1. How does exploitation work?
        2. A typical process for compromising a system
          1. Finding exploits from online databases
      2. Summary
      3. References
    11. 4. Meterpreter Basics
      1. Working of the Meterpreter
      2. Meterpreter in action
      3. Summary
      4. References
    12. 5. Vulnerability Scanning and Information Gathering
      1. Information Gathering through Metasploit
      2. Active Information Gathering
      3. Working with Nmap
        1. Nmap discovery options
        2. Nmap advanced scanning options
        3. Port scanning options
      4. Working with Nessus
      5. Report importing in Metasploit
      6. Summary
      7. References
    13. 6. Client-side Exploitation
      1. What are client-side attacks?
        1. Browser exploits
          1. Tutorial
        2. Internet Explorer shortcut icon exploit
        3. Internet Explorer malicious VBScript code execution exploit
      2. Summary
      3. References
    14. 7. Post Exploitation
      1. What is post exploitation?
        1. Phases of post exploitation
          1. Tutorial
      2. Summary
      3. References
    15. 8. Post Exploitation – Privilege Escalation
      1. Understanding Privilege Escalation
        1. Exploiting the victim's system
        2. Privilege escalation by post exploitation
      2. Summary
      3. References
    16. 9. Post Exploitation – Cleaning Up Traces
      1. Disabling firewalls and other network defenses
        1. Disabling firewalls through VBScript
        2. Antivirus killing and log deletion
      2. Summary
      3. References
    17. 10. Post Exploitation – Backdoors
      1. What is a backdoor?
        1. Payload tools
      2. Creating an EXE backdoor
        1. Creating a fully undetectable backdoor
        2. Metasploit persistent backdoor
      3. Summary
      4. References
    18. 11. Post Exploitation – Pivoting and Network Sniffing
      1. What is pivoting?
      2. Pivoting in a network
      3. Sniffing in a network
        1. Espia Extension
      4. Summary
      5. References
    19. 12. Exploit Research with Metasploit
      1. Exploit writing tips and tricks
        1. Important points
        2. Format for an exploit
        3. Exploit mixins
        4. The Auxiliary::Report mixin
        5. Widely used exploit mixins
        6. Editing an exploit module
        7. Working with payloads
      2. Writing exploits
      3. Scripting with Metasploit
      4. Summary
      5. References
    20. 13. Using Social Engineering Toolkit and Armitage
      1. Understanding the Social Engineering Toolkit
        1. Attack options
      2. Armitage
        1. Working with Hail Mary
        2. Meterpreter—access option
      3. Summary
      4. References
    21. Index