You are previewing Metasploit Penetration Testing Cookbook.
O'Reilly logo
Metasploit Penetration Testing Cookbook

Book Description

"

Over 80 recipes to master the most widely used penetration testing framework with this book and ebook.

  • More than 80 recipes/practicaltasks that will escalate the reader’s knowledge from beginner to an advanced level

  • Special focus on the latest operating systems, exploits, and penetration testing techniques

  • Detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience

In Detail

Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation.

This book will help readers in thinking from a hacker’s perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET.

Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.

"

Table of Contents

  1. Metasploit Penetration Testing Cookbook
    1. Metasploit Penetration Testing Cookbook
    2. Credits
    3. About the Author
    4. About the Reviewers
    5. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    6. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    7. 1. Metasploit Quick Tips for Security Professionals
      1. Introduction
      2. Configuring Metasploit on Windows
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Database error during installation
      3. Configuring Metasploit on Ubuntu
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Error during installation
      4. Metasploit with BackTrack 5 the ultimate combination
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Setting up the penetration testing lab on a single machine
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Disabling the firewall and antivirus protection
          2. Installing virtual box guest additions
      6. Setting up Metasploit on a virtual machine with SSH connectivity
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Beginning with the interfaces the "Hello World" of Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Some commands to try out and get started
      8. Setting up the database in Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Getting an error while connecting the database
          2. Deleting the database
      9. Using the database to store penetration testing results
        1. Getting ready
        2. How to do it...
        3. How it works...
      10. Analyzing the stored results of the database
        1. Getting ready
        2. How to do it...
        3. How it works...
    8. 2. Information Gathering and Scanning
      1. Introduction
      2. Passive information gathering 1.0 - the traditional way
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Using third-party websites
      3. Passive information gathering 2.0 - the next level
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Fun with dorks
      4. Port scanning - the Nmap way
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Operating system and version detection
          2. Increasing anonymity
      5. Exploring auxiliary modules for scanning
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Managing the threads
      6. Target service scanning with auxiliary modules
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Vulnerability scanning with Nessus
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Working with Nessus in the web browser
      8. Scanning with NeXpose
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Importing the scan results
      9. Sharing information with the Dradis framework
        1. Getting ready
        2. How to do it...
        3. How it works...
    9. 3. Operating System-based Vulnerability Assessment and Exploitation
      1. Introduction
      2. Exploit usage quick tips
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Penetration testing on a Windows XP SP2 machine
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Binding a shell to the target for remote access
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Gaining complete control of the target
      5. Penetration testing on the Windows 2003 Server
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Windows 7/Server 2008 R2 SMB client infinite loop
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Exploiting a Linux (Ubuntu) machine
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Other relevant exploit modules for Linux
      8. Understanding the Windows DLL injection flaws
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. The DllHijackAudit kit by H. D. Moore
    10. 4. Client-side Exploitation and Antivirus Bypass
      1. Introduction
      2. Internet Explorer unsafe scripting misconfiguration vulnerability
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Internet Explorer Aurora memory corruption
      3. Internet Explorer CSS recursive call memory corruption
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Missing .NET CLR 2.0.50727
      4. Microsoft Word RTF stack buffer overflow
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Microsoft Excel 2007 buffer overflow
      5. Adobe Reader util.printf() buffer overflow
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Generating binary and shellcode from msfpayload
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Bypassing client-side antivirus protection using msfencode
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Quick multiple scanning with VirusTotal
      8. Using the killav.rb script to disable antivirus programs
        1. Getting ready
        2. How to do it...
        3. How it works...
      9. A deeper look into the killav.rb script
        1. Getting ready
        2. How to do it...
        3. How it works...
      10. Killing antivirus services from the command line
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Some services did not kill—what next?
    11. 5. Using Meterpreter to Explore the Compromised Target
      1. Introduction
      2. Analyzing meterpreter system commands
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Privilege escalation and process migration
        1. How to do it...
        2. How it works...
      4. Setting up multiple communication channels with the target
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Meterpreter filesystem commands
        1. How to do it...
        2. How it works...
      6. Changing file attributes using timestomp
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Using meterpreter networking commands
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. The getdesktop and keystroke sniffing
        1. How to do it...
        2. How it works...
      9. Using a scraper meterpreter script
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Using winenum.rb
    12. 6. Advanced Meterpreter Scripting
      1. Introduction
      2. Passing the hash
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Online password decryption
      3. Setting up a persistent connection with backdoors
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Pivoting with meterpreter
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Port forwarding with meterpreter
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Meterpreter API and mixins
        1. Getting ready
        2. How to do it...
          1. Meterpreter mixins
        3. How it works...
      7. Railgun - converting Ruby into a weapon
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Railgun definitions and documentation
      8. Adding DLL and function definition to Railgun
        1. How to do it...
          1. How it works...
      9. Building a "Windows Firewall De-activator" meterpreter script
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Code re-use
      10. Analyzing an existing meterpreter script
        1. How to do it...
        2. How it works...
    13. 7. Working with Modules for Penetration Testing
      1. Introduction
      2. Working with scanner auxiliary modules
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Generating passwords using "Crunch"
      3. Working with auxiliary admin modules
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. SQL injection and DOS attack modules
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Post-exploitation modules
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Understanding the basics of module building
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Analyzing an existing module
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Building your own post-exploitation module
        1. How to do it...
        2. How it works...
    14. 8. Working with Exploits
      1. Introduction
      2. Exploiting the module structure
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Common exploit mixins
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Some more mixins
      4. Working with msfvenom
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Converting exploit to a Metasploit module
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Porting and testing the new exploit module
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Fuzzing with Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Writing a simple FileZilla FTP fuzzer
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Antiparser fuzzing framework
    15. 9. Working with Armitage
      1. Introduction
      2. Getting started with Armitage
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Setting up Armitage on Linux
      3. Scanning and information gathering
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Finding vulnerabilities and attacking targets
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Handling multiple targets using the tab switch
        1. How to do it...
        2. How it works...
      6. Post-exploitation with Armitage
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Client-side exploitation with Armitage
        1. Getting ready
        2. How to do it...
        3. How it works...
    16. 10. Social Engineer Toolkit
      1. Introduction
      2. Getting started with Social Engineer Toolkit (SET)
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Working with the SET config file
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Spear-phishing attack vector
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Website attack vectors
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Multi-attack web method
        1. How to do it...
        2. How it works...
      7. Infectious media generator
        1. How to do it...
        2. How it works...