You are previewing Metasploit Penetration Testing Cookbook - Second Edition.
O'Reilly logo
Metasploit Penetration Testing Cookbook - Second Edition

Book Description

Know how hackers behave to stop them! This cookbook provides many recipes for penetration testing using Metasploit and virtual machines. From basics to advanced techniques, it’s ideal for Metaspoilt veterans and newcomers alike.

  • Special focus on the latest operating systems, exploits, and penetration testing techniques for wireless, VOIP, and cloud

  • This book covers a detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience

  • Detailed penetration testing techniques for different specializations like wireless networks, VOIP systems with a brief introduction to penetration testing in the cloud

  • In Detail

    Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

    Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

    Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

    The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

    This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

    Table of Contents

    1. Metasploit Penetration Testing Cookbook - Second Edition
      1. Table of Contents
      2. Metasploit Penetration Testing Cookbook - Second Edition
      3. Credits
      4. About the Authors
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Metasploit Quick Tips for Security Professionals
        1. Introduction
        2. Configuring Metasploit on Windows
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
            1. Database error during installation
        3. Configuring Metasploit on Ubuntu
          1. Getting ready
          2. How to do it...
          3. There's more...
            1. Cloning the Metasploit framework
            2. Error during installation
        4. Installing Metasploit with BackTrack 5 R3
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more
            1. Upgrading from R2 to R3
              1. 32-bit tools
              2. 64-bit tools
        5. Setting up penetration testing using VMware
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Disabling the firewall and antivirus protection
        6. Setting up Metasploit on a virtual machine with SSH connectivity
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Installing and configuring PostgreSQL in BackTrack 5 R3
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Getting an error while connecting to the database
            2. Deleting the database
        8. Using the database to store the penetration testing results
          1. Getting ready
          2. How to do it...
        9. Working with BBQSQL
          1. How to do it...
          2. How it works...
      9. 2. Information Gathering and Scanning
        1. Introduction
        2. Passive information gathering
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Using third-party websites
        3. Port scanning – the Nmap way
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Operating system and version detection
            2. Increasing anonymity
        4. Port scanning – the DNmap way
          1. Getting ready
          2. How to do it...
        5. Using keimpx – an SMB credentials scanner
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Detecting SSH versions with the SSH version scanner
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. FTP scanning
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. SNMP sweeping
          1. Getting ready
          2. How to do it...
          3. How it works...
        9. Vulnerability scanning with Nessus
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Working with Nessus in the web browser
        10. Scanning with NeXpose
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Importing the scan results
        11. Working with OpenVAS – a vulnerability scanner
          1. Getting ready
          2. How to do it...
          3. How it works...
      10. 3. Operating-System-based Vulnerability Assessment
        1. Introduction
        2. Penetration testing on a Windows XP SP2 machine
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Binding a shell to the target for remote access
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Gaining complete control of the target
        4. Penetration testing on Windows 8
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Exploiting a Linux (Ubuntu) machine
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Other relevant exploit modules for Linux
        6. Understanding the Windows DLL injection flaws
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. The DLLHijackAudit kit by H. D. Moore
      11. 4. Client-side Exploitation and Antivirus Bypass
        1. Introduction
        2. Exploiting Internet Explorer execCommand Use-After-Free vulnerability
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Understanding Adobe Flash Player "new function" invalid pointer use
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Understanding Microsoft Word RTF stack buffer overflow
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Microsoft Excel 2007 buffer overflow
        5. Working with Adobe Reader U3D Memory Corruption
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Generating binary and shell code from msfpayload
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Msfencoding schemes with the detection ratio
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. Using the killav.rb script to disable the antivirus programs
          1. Getting ready
          2. How to do it...
          3. How it works...
        9. Killing the antiviruses' services from the command line
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Some services were not killed – what next?
        10. Working with the syringe utility
          1. Getting ready
          2. How to do it...
          3. How it works...
      12. 5. Working with Modules for Penetration Testing
        1. Introduction
        2. Working with scanner auxiliary modules
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
            1. Generating passwords using Crunch
          5. See also
        3. Working with auxiliary admin modules
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. SQL injection and DoS attack module
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Post-exploitation modules
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Understanding the basics of module building
          1. Getting ready
          2. How to do it...
        7. Analyzing an existing module
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. Building your own post-exploitation module
          1. Getting ready
          2. How to do it...
      13. 6. Exploring Exploits
        1. Introduction
        2. Exploiting the module structure
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Working with msfvenom
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Converting an exploit to a Metasploit module
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Porting and testing the new exploit module
          1. Getting ready
          2. How to do it...
        6. Fuzzing with Metasploit
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Writing a simple FileZilla FTP fuzzer
          1. How to do it...
          2. How it works...
          3. There's more...
            1. Antiparser fuzzing framework
      14. 7. VoIP Penetration Testing
        1. Introduction
          1. VoIP topologies
          2. SIP basics
            1. SIP requests/methods:
            2. SIP response:
          3. Lab setup
        2. Scanning and enumeration phase
          1. Getting ready
          2. How to do it...
            1. SMAP
            2. SVWAR
          3. How it works...
          4. There's more...
        3. Yielding passwords
          1. Getting ready
          2. How to do it...
        4. VLAN hopping
          1. Getting ready
          2. How to do it...
          3. There's more...
        5. VoIP MAC spoofing
          1. Getting ready
          2. How to do it...
        6. Impersonation attack
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. DoS attack
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      15. 8. Wireless Network Penetration Testing
        1. Introduction
        2. Setting up and running Fern WiFi Cracker
          1. Getting ready
          2. How to do it...
        3. Sniffing interfaces with tcpdump
          1. Getting ready
          2. How to do it...
          3. There's more…
        4. Cracking WEP and WPA with Fern WiFi Cracker
          1. Getting ready
          2. How to do it...
        5. Session hijacking via a MAC address
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Locating a target's geolocation
          1. Getting ready
          2. How to do it...
          3. Getting ready
          4. How to do it...
          5. How it works...
          6. There's more...
        7. Understanding an evil twin attack
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. Configuring Karmetasploit
          1. Getting ready
          2. How to do it...
      16. 9. Social-Engineer Toolkit
        1. Introduction
        2. Getting started with the Social-Engineer Toolkit (SET)
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Working with the SET config file
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Working with the spear-phishing attack vector
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Website attack vectors
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Working with the multi-attack web method
          1. How to do it...
          2. How it works...
        7. Infectious media generator
          1. How to do it...
          2. How it works...
      17. 10. Working with Meterpreter
        1. Introduction
        2. Understanding the Meterpreter system commands
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Understanding the Meterpreter filesystem commands
          1. How to do it...
          2. How it works...
        4. Understanding the Meterpreter networking commands
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Privilege escalation and process migration
          1. How to do it...
          2. How it works...
        6. Setting up multiple communication channels with the target
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Meterpreter anti-forensics – timestomp
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. The getdesktop and keystroke sniffing
          1. Getting ready
          2. How to do it...
          3. There's more...
        9. Using a scraper Meterpreter script
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Using winenum.rb
        10. Passing the hash
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Online password decryption
        11. Setting up a persistent connection with backdoors
          1. Getting ready
          2. How to do it...
          3. How it works...
        12. Pivoting with Meterpreter
          1. Getting ready
          2. How to do it...
          3. How it works...
        13. Port forwarding with Meterpreter
          1. Getting ready
          2. How to do it...
          3. How it works...
        14. Meterpreter API and mixins
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        15. Railgun – converting Ruby into a weapon
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Railgun definitions and documentation
        16. Adding DLL and function definition to Railgun
          1. How to do it...
          2. How it works...
        17. Building a "Windows Firewall De-activator" Meterpreter script
          1. Getting Ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Re-using the code
        18. Analyzing an existing Meterpreter script
          1. How to do it...
          2. How it works...
        19. Injecting the VNC server remotely
          1. Getting ready
          2. How to do it...
          3. How it works...
        20. Exploiting a vulnerable PHP application
          1. Getting ready
          2. How to do it...
        21. Incognito attack with Meterpreter
          1. Getting ready
          2. How to do it...
          3. See also
      18. A. Pentesting in the Cloud
        1. Introduction
          1. Instruction as a service
          2. Platform as a service
          3. Software as a service
        2. Pentesting in the cloud
        3. Pentesting in the cloud with hackaserver.com
          1. Getting ready
          2. How to do it...
          3. There's more...
      19. Index