You are previewing Mastering Metasploit.
O'Reilly logo
Mastering Metasploit

Book Description

Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit

About This Book
  • Gain the skills to carry out penetration testing in complex and highly-secured environments

  • Become a master using the Metasploit framework, develop exploits, and generate modules for a variety of real-world scenarios

  • Get this completely updated edition with new useful methods and techniques to make your network robust and resilient

  • Who This Book Is For

    This book is a hands-on guide to penetration testing using Metasploit and covers its complete development. It shows a number of techniques and methodologies that will help you master the Metasploit framework and explore approaches to carrying out advanced penetration testing in highly secured environments.

    What You Will Learn
  • Develop advanced and sophisticated auxiliary modules

  • Port exploits from PERL, Python, and many more programming languages

  • Test services such as databases, SCADA, and many more

  • Attack the client side with highly advanced techniques

  • Test mobile and tablet devices with Metasploit

  • Perform social engineering with Metasploit

  • Simulate attacks on web servers and systems with Armitage GUI

  • Script attacks in Armitage using CORTANA scripting

  • In Detail

    Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities.

    We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher, and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit.

    In the next section, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.

    By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

    Style and approach

    This is a step-by-step guide that provides great Metasploit framework methodologies. All the key concepts are explained details with the help of examples and demonstrations that will help you understand everything you need to know about Metasploit.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Mastering Metasploit
      1. Mastering Metasploit
        1. Second Edition
      2. Credits
      3. Foreword
      4. About the Author
      5. About the Reviewer
      6. www.PacktPub.com
        1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Approaching a Penetration Test Using Metasploit
        1. Organizing a penetration test
        2. Preinteractions
        3. Intelligence gathering/reconnaissance phase
        4. Predicting the test grounds
          1. Modeling threats
          2. Vulnerability analysis
          3. Exploitation and post-exploitation
          4. Reporting
          5. Mounting the environment
        5. Setting up Kali Linux in virtual environment
        6. The fundamentals of Metasploit
        7. Conducting a penetration test with Metasploit
          1. Recalling the basics of Metasploit
        8. Benefits of penetration testing using Metasploit
          1. Open source
          2. Support for testing large networks and easy naming conventions
          3. Smart payload generation and switching mechanism
          4. Cleaner exits
          5. The GUI environment
        9. Penetration testing an unknown network
          1. Assumptions
          2. Gathering intelligence
        10. Using databases in Metasploit
        11. Modeling threats
        12. Vulnerability analysis of VSFTPD 2.3.4 backdoor
          1. The attack procedure
          2. The procedure of exploiting the vulnerability
          3. Exploitation and post exploitation
        13. Vulnerability analysis of PHP-CGI query string parameter vulnerability
          1. Exploitation and post exploitation
        14. Vulnerability analysis of HFS 2.3
          1. Exploitation and post exploitation
        15. Maintaining access
        16. Clearing tracks
        17. Revising the approach
        18. Summary
      9. 2. Reinventing Metasploit
        1. Ruby – the heart of Metasploit
          1. Creating your first Ruby program
            1. Interacting with the Ruby shell
            2. Defining methods in the shell
          2. Variables and data types in Ruby
            1. Working with strings
              1. Concatenating strings
              2. The substring function
              3. The split function
            2. Numbers and conversions in Ruby
              1. Conversions in Ruby
            3. Ranges in Ruby
            4. Arrays in Ruby
          3. Methods in Ruby
          4. Decision-making operators
          5. Loops in Ruby
          6. Regular expressions
          7. Wrapping up with Ruby basics
        2. Developing custom modules
          1. Building a module in a nutshell
            1. The architecture of the Metasploit framework
            2. Understanding the file structure
            3. The libraries layout
          2. Understanding the existing modules
            1. The format of a Metasploit module
          3. Disassembling existing HTTP server scanner module
            1. Libraries and the function
          4. Writing out a custom FTP scanner module
            1. Libraries and the function
              1. Using msftidy
          5. Writing out a custom SSH authentication brute forcer
            1. Rephrasing the equation
          6. Writing a drive disabler post exploitation module
          7. Writing a credential harvester post exploitation module
        3. Breakthrough meterpreter scripting
          1. Essentials of meterpreter scripting
          2. Pivoting the target network
          3. Setting up persistent access
          4. API calls and mixins
          5. Fabricating custom meterpreter scripts
        4. Working with RailGun
          1. Interactive Ruby shell basics
          2. Understanding RailGun and its scripting
          3. Manipulating Windows API calls
          4. Fabricating sophisticated RailGun scripts
        5. Summary
      10. 3. The Exploit Formulation Process
        1. The absolute basics of exploitation
          1. The basics
          2. The architecture
            1. System organization basics
          3. Registers
        2. Exploiting stack-based buffer overflows with Metasploit
          1. Crashing the vulnerable application
          2. Building the exploit base
          3. Calculating the offset
            1. Using the pattern_create tool
            2. Using the pattern_offset tool
          4. Finding the JMP ESP address
            1. Using Immunity Debugger to find executable modules
            2. Using msfbinscan
          5. Stuffing the space
            1. Relevance of NOPs
          6. Determining bad characters
          7. Determining space limitations
          8. Writing the Metasploit exploit module
        3. Exploiting SEH-based buffer overflows with Metasploit
          1. Building the exploit base
          2. Calculating the offset
            1. Using pattern_create tool
            2. Using pattern_offset tool
          3. Finding the POP/POP/RET address
            1. The Mona script
            2. Using msfbinscan
          4. Writing the Metasploit SEH exploit module
            1. Using NASM shell for writing assembly instructions
        4. Bypassing DEP in Metasploit modules
          1. Using msfrop to find ROP gadgets
          2. Using Mona to create ROP chains
          3. Writing the Metasploit exploit module for DEP bypass
        5. Other protection mechanisms
        6. Summary
      11. 4. Porting Exploits
        1. Importing a stack-based buffer overflow exploit
          1. Gathering the essentials
          2. Generating a Metasploit module
          3. Exploiting the target application with Metasploit
          4. Implementing a check method for exploits in Metasploit
        2. Importing web-based RCE into Metasploit
          1. Gathering the essentials
          2. Grasping the important web functions
          3. The essentials of the GET/POST method
          4. Importing an HTTP exploit into Metasploit
        3. Importing TCP server/ browser-based exploits into Metasploit
          1. Gathering the essentials
          2. Generating the Metasploit module
        4. Summary
      12. 5. Testing Services with Metasploit
        1. The fundamentals of SCADA
          1. The fundamentals of ICS and its components
          2. The significance of ICS-SCADA
          3. Analyzing security in SCADA systems
            1. Fundamentals of testing SCADA
            2. SCADA-based exploits
          4. Securing SCADA
            1. Implementing secure SCADA
            2. Restricting networks
        2. Database exploitation
          1. SQL server
          2. Fingerprinting SQL server with Nmap
          3. Scanning with Metasploit modules
          4. Brute forcing passwords
          5. Locating/capturing server passwords
          6. Browsing SQL server
          7. Post-exploiting/executing system commands
            1. Reloading the xp_cmdshell functionality
            2. Running SQL-based queries
        3. Testing VOIP services
          1. VOIP fundamentals
            1. An introduction to PBX
            2. Types of VOIP services
            3. Self-hosted network
            4. Hosted services
            5. SIP service providers
          2. Fingerprinting VOIP services
          3. Scanning VOIP services
          4. Spoofing a VOIP call
          5. Exploiting VOIP
            1. About the vulnerability
            2. Exploiting the application
        4. Summary
      13. 6. Virtual Test Grounds and Staging
        1. Performing a penetration test with integrated Metasploit services
          1. Interaction with the employees and end users
          2. Gathering intelligence
            1. Example environment under test
          3. Vulnerability scanning with OpenVAS using Metasploit
          4. Modeling the threat areas
          5. Gaining access to the target
            1. Vulnerability scanning with Nessus
          6. Maintaining access and covering tracks
          7. Managing a penetration test with Faraday
          8. Generating manual reports
            1. The format of the report
            2. The executive summary
            3. Methodology / network admin level report
            4. Additional sections
        2. Summary
      14. 7. Client-side Exploitation
        1. Exploiting browsers for fun and profit
          1. The browser autopwn attack
            1. The technology behind a browser autopwn attack
            2. Attacking browsers with Metasploit browser autopwn
          2. Compromising the clients of a website
            1. Injecting malicious web scripts
            2. Hacking the users of a website
          3. Conjunction with DNS spoofing
            1. Tricking victims with DNS hijacking
        2. Metasploit and Arduino - the deadly combination
        3. File format-based exploitation
          1. PDF-based exploits
          2. Word-based exploits
        4. Compromising Linux clients with Metasploit
        5. Attacking Android with Metasploit
        6. Summary
      15. 8. Metasploit Extended
        1. The basics of post exploitation with Metasploit
        2. Basic post exploitation commands
          1. The help menu
          2. Background command
          3. Machine ID and UUID command
          4. Reading from a channel
          5. Getting the username and process information
          6. Getting system information
          7. Networking commands
          8. File operation commands
          9. Desktop commands
          10. Screenshots and camera enumeration
        3. Advanced post exploitation with Metasploit
          1. Migrating to safer processes
          2. Obtaining system privileges
          3. Obtaining password hashes using hashdump
          4. Changing access, modification and creation time with timestomp
        4. Additional post exploitation modules
          1. Gathering wireless SSIDs with Metasploit
          2. Gathering Wi-Fi passwords with Metasploit
          3. Getting applications list
          4. Gathering skype passwords
          5. Gathering USB history
          6. Searching files with Metasploit
          7. Wiping logs from target with clearev command
        5. Advanced extended features of Metasploit
          1. Privilege escalation using Metasploit
          2. Finding passwords in clear text using mimikatz
          3. Sniffing traffic with Metasploit
          4. Host file injection with Metasploit
          5. Phishing window login passwords
        6. Summary
      16. 9. Speeding up Penetration Testing
        1. Using pushm and popm commands
        2. The loadpath command
        3. Pacing up development using reload, edit and reload_all commands
        4. Making use of resource scripts
        5. Using AutoRunScript in Metasploit
          1. Using multiscript module in AutoRunScript option
        6. Globalizing variables in Metasploit
        7. Automating Social-Engineering Toolkit
        8. Summary
      17. 10. Visualizing with Armitage
        1. The fundamentals of Armitage
          1. Getting started
          2. Touring the user interface
          3. Managing the workspace
        2. Scanning networks and host management
          1. Modeling out vulnerabilities
          2. Finding the match
        3. Exploitation with Armitage
        4. Post-exploitation with Armitage
        5. Attacking on the client side with Armitage
        6. Scripting Armitage
          1. The fundamentals of Cortana
          2. Controlling Metasploit
          3. Post-exploitation with Cortana
          4. Building a custom menu in Cortana
          5. Working with interfaces
        7. Summary
        8. Further reading