Book description
Over 80 recipes to master the most widely used penetration testing framework with this book and ebook.
- More than 80 recipes/practicaltasks that will escalate the reader’s knowledge from beginner to an advanced level
- Special focus on the latest operating systems, exploits, and penetration testing techniques
- Detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience
In Detail
Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.
Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation.
This book will help readers in thinking from a hacker’s perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.
The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET.
Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.
Table of contents
-
Metasploit Penetration Testing Cookbook
- Table of Contents
- Metasploit Penetration Testing Cookbook
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Metasploit Quick Tips for Security Professionals
- Introduction
- Configuring Metasploit on Windows
- Configuring Metasploit on Ubuntu
- Metasploit with BackTrack 5 – the ultimate combination
- Setting up the penetration testing lab on a single machine
- Setting up Metasploit on a virtual machine with SSH connectivity
- Beginning with the interfaces – the "Hello World" of Metasploit
- Setting up the database in Metasploit
- Using the database to store penetration testing results
- Analyzing the stored results of the database
-
2. Information Gathering and Scanning
- Introduction
- Passive information gathering 1.0 – the traditional way
- Passive information gathering 2.0 – the next level
- Port scanning – the Nmap way
- Exploring auxiliary modules for scanning
- Target service scanning with auxiliary modules
- Vulnerability scanning with Nessus
- Scanning with NeXpose
- Sharing information with the Dradis framework
-
3. Operating System-based Vulnerability Assessment and Exploitation
- Introduction
- Exploit usage quick tips
- Penetration testing on a Windows XP SP2 machine
- Binding a shell to the target for remote access
- Penetration testing on the Windows 2003 Server
- Windows 7/Server 2008 R2 SMB client infinite loop
- Exploiting a Linux (Ubuntu) machine
- Understanding the Windows DLL injection flaws
-
4. Client-side Exploitation and Antivirus Bypass
- Introduction
- Internet Explorer unsafe scripting misconfiguration vulnerability
- Internet Explorer CSS recursive call memory corruption
- Microsoft Word RTF stack buffer overflow
- Adobe Reader util.printf() buffer overflow
- Generating binary and shellcode from msfpayload
- Bypassing client-side antivirus protection using msfencode
- Using the killav.rb script to disable antivirus programs
- A deeper look into the killav.rb script
- Killing antivirus services from the command line
-
5. Using Meterpreter to Explore the Compromised Target
- Introduction
- Analyzing meterpreter system commands
- Privilege escalation and process migration
- Setting up multiple communication channels with the target
- Meterpreter filesystem commands
- Changing file attributes using timestomp
- Using meterpreter networking commands
- The getdesktop and keystroke sniffing
- Using a scraper meterpreter script
-
6. Advanced Meterpreter Scripting
- Introduction
- Passing the hash
- Setting up a persistent connection with backdoors
- Pivoting with meterpreter
- Port forwarding with meterpreter
- Meterpreter API and mixins
- Railgun – converting Ruby into a weapon
- Adding DLL and function definition to Railgun
- Building a "Windows Firewall De-activator" meterpreter script
- Analyzing an existing meterpreter script
- 7. Working with Modules for Penetration Testing
- 8. Working with Exploits
- 9. Working with Armitage
- 10. Social Engineer Toolkit
- Index
Product information
- Title: Metasploit Penetration Testing Cookbook
- Author(s):
- Release date: June 2012
- Publisher(s): Packt Publishing
- ISBN: 9781849517423
You might also like
book
Metasploit Penetration Testing Cookbook - Third Edition
Over 100 recipes for penetration testing using Metasploit and virtual machines About This Book Special focus …
book
Kali Linux Web Penetration Testing Cookbook
Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux …
book
Kali Linux Web Penetration Testing Cookbook - Second Edition
Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's …
book
Hands-On Web Penetration Testing with Metasploit
Identify, exploit, and test web application security with ease Key Features Get up to speed with …