Book description
Exploit the secrets of Metasploit to master the art of penetration testing.
About This Book
- Discover techniques to integrate Metasploit with the industry's leading tools
- Carry out penetration testing in highly-secured environments with Metasploit and acquire skills to build your defense against organized and complex attacks
- Using the Metasploit framework, develop exploits and generate modules for a variety of real-world scenarios
Who This Book Is For
This course is for penetration testers, ethical hackers, and security professionals who'd like to master the Metasploit framework and explore approaches to carrying out advanced penetration testing to build highly secure networks. Some familiarity with networking and security concepts is expected, although no familiarity of Metasploit is required.
What You Will Learn
- Get to know the absolute basics of the Metasploit framework so you have a strong foundation for advanced attacks
- Integrate and use various supporting tools to make Metasploit even more powerful and precise
- Test services such as databases, SCADA, and many more
- Attack the client side with highly advanced techniques
- Test mobile and tablet devices with Metasploit
- Understand how to Customize Metasploit modules and modify existing exploits
- Write simple yet powerful Metasploit automation scripts
- Explore steps involved in post-exploitation on Android and mobile platforms
In Detail
Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities.
This learning path will begin by introducing you to Metasploit and its functionalities. You will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components and get hands-on experience with carrying out client-side attacks. In the next part of this learning path, you'll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services.
After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.
The final instalment of your learning journey will be covered through a bootcamp approach. You will be able to bring together the learning together and speed up and integrate Metasploit with leading industry tools for penetration testing. You'll finish by working on challenges based on user's preparation and work towards solving the challenge.
The course provides you with highly practical content explaining Metasploit from the following Packt books:
- Metasploit for Beginners
- Mastering Metasploit, Second Edition
- Metasploit Bootcamp
Style and approach
This pragmatic learning path is packed with start-to-end instructions from getting started with Metasploit to effectively building new things and solving real-world examples. All the key concepts are explained with the help of examples and demonstrations that will help you understand everything to use this essential IT power tool.
Publisher resources
Table of contents
- Preface
- Module 1
- Introduction to Metasploit and Supporting Tools
- Setting up Your Environment
- Metasploit Components and Environment Configuration
- Information Gathering with Metasploit
- Vulnerability Hunting with Metasploit
- Client-side Attacks with Metasploit
- Web Application Scanning with Metasploit
- Antivirus Evasion and Anti-Forensics
- Cyber Attack Management with Armitage
- Extending Metasploit and Exploit Development
- Module 2
-
Approaching a Penetration Test Using Metasploit
- Organizing a penetration test
- Preinteractions
- Intelligence gathering/reconnaissance phase
- Predicting the test grounds
- Setting up Kali Linux in virtual environment
- The fundamentals of Metasploit
- Conducting a penetration test with Metasploit
- Benefits of penetration testing using Metasploit
- Penetration testing an unknown network
- Using databases in Metasploit
- Modeling threats
- Vulnerability analysis of VSFTPD 2.3.4 backdoor
- Vulnerability analysis of PHP-CGI query string parameter vulnerability
- Vulnerability analysis of HFS 2.3
- Maintaining access
- Clearing tracks
- Revising the approach
- Summary
-
Reinventing Metasploit
- Ruby – the heart of Metasploit
-
Developing custom modules
- Building a module in a nutshell
- Understanding the existing modules
- Disassembling existing HTTP server scanner module
- Writing out a custom FTP scanner module
- Writing out a custom SSH authentication brute forcer
- Writing a drive disabler post exploitation module
- Writing a credential harvester post exploitation module
- Breakthrough meterpreter scripting
- Working with RailGun
- Summary
-
The Exploit Formulation Process
- The absolute basics of exploitation
- Exploiting stack-based buffer overflows with Metasploit
- Exploiting SEH-based buffer overflows with Metasploit
- Bypassing DEP in Metasploit modules
- Other protection mechanisms
- Summary
- Porting Exploits
- Testing Services with Metasploit
-
Virtual Test Grounds and Staging
- Performing a penetration test with integrated Metasploit services
- Summary
- Client-side Exploitation
- Metasploit Extended
- Speeding up Penetration Testing
- Visualizing with Armitage
- Module 3
- Getting Started with Metasploit
- Identifying and Scanning Targets
- Exploitation and Gaining Access
- Post-Exploitation with Metasploit
-
Testing Services with Metasploit
-
Testing MySQL with Metasploit
- Using Metasploit's mysql_version module
- Brute-forcing MySQL with Metasploit
- Finding MySQL users with Metasploit
- Dumping the MySQL schema with Metasploit
- Using file enumeration in MySQL using Metasploit
- Checking for writable directories
- Enumerating MySQL with Metasploit
- Running MySQL commands through Metasploit
- Gaining system access through MySQL
- Summary and exercises
-
Testing MySQL with Metasploit
- Fast-Paced Exploitation with Metasploit
-
Exploiting Real-World Challenges with Metasploit
-
Scenario 1: Mirror environment
- Understanding the environment
- Fingerprinting the target with DB_NMAP
- Gaining access to vulnerable web applications
- Migrating from a PHP meterpreter to a Windows meterpreter
- Pivoting to internal networks
- Scanning internal networks through a meterpreter pivot
- Using the socks server module in Metasploit
- Dumping passwords in clear text
- Sniffing a network with Metasploit
- Summary of the attack
- Scenario 2: You can't see my meterpreter
- Further roadmap and summary
-
Scenario 1: Mirror environment
- Bibliography
- Thanks page
Product information
- Title: Metasploit Revealed: Secrets of the Expert Pentester
- Author(s):
- Release date: December 2017
- Publisher(s): Packt Publishing
- ISBN: 9781788624596
You might also like
book
Cybersecurity Attacks – Red Team Strategies
Develop your red team skills by learning essential foundational tactics, techniques, and procedures, and boost the …
book
Mastering Defensive Security
An immersive learning experience enhanced with technical, hands-on labs to understand the concepts, methods, tools, platforms, …
book
Hands-On Network Forensics
Gain basic skills in network forensics and learn how to apply them effectively Key Features Investigate …
video
Certified Ethical Hacker (CEH), 2nd Edition
An updated edition of this video title is available. Please go to Certified Ethical Hacker, Version …