Mastering Metasploit : take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit / Nipun Jaswal.
Discover the next level of network defense with the Metasploit framework About This Book Gain the skills to carry out penetration testing in complex and highly-secured environments Become a master using the Metasploit framework, develop exploits, and generate modules for a variety of real-world scen...
Saved in:
| Online Access: |
Full Text (via O'Reilly/Safari) |
|---|---|
| Main Author: | |
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham, UK :
Packt Publishing,
2018.
|
| Edition: | Third edition. |
| Subjects: |
Table of Contents:
- Cover
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Approaching a Penetration Test Using Metasploit
- Organizing a penetration test
- Preinteractions
- Intelligence gathering/reconnaissance phase
- Threat modeling
- Vulnerability analysis
- Exploitation and post-exploitation
- Reporting
- Mounting the environment
- Setting up Kali Linux in a virtual environment
- The fundamentals of Metasploit
- Conducting a penetration test with Metasploit
- Recalling the basics of Metasploit
- Benefits of penetration testing using Metasploit
- Open source
- Support for testing large networks and natural naming conventions
- Smart payload generation and switching mechanism
- Cleaner exits
- The GUI environment
- Case study
- diving deep into an unknown network
- Gathering intelligence
- Using databases in Metasploit
- Modeling threats
- Vulnerability analysis
- arbitrary file upload (unauthenticated)
- Attacking mechanism on the PhpCollab 2.5.1 application
- Exploitation and gaining access
- Escalating privileges with local root exploits
- Maintaining access with Metasploit
- Post-exploitation and pivoting
- Vulnerability analysis
- SEH based buffer overflow
- Exploiting human errors by compromising Password Managers
- Revisiting the case study
- Revising the approach
- Summary and exercises
- Chapter 2: Reinventing Metasploit
- Ruby
- the heart of Metasploit
- Creating your first Ruby program
- Interacting with the Ruby shell
- Defining methods in the shell
- Variables and data types in Ruby
- Working with strings
- Concatenating strings
- The substring function
- The split function
- Numbers and conversions in Ruby
- Conversions in Ruby
- Ranges in Ruby
- Arrays in Ruby
- Methods in Ruby
- Decision-making operators
- Loops in Ruby.
- Regular expressions
- Wrapping up with Ruby basics
- Developing custom modules
- Building a module in a nutshell
- The architecture of the Metasploit framework
- Understanding the file structure
- The libraries layout
- Understanding the existing modules
- The format of a Metasploit module
- Disassembling the existing HTTP server scanner module
- Libraries and the function
- Writing out a custom FTP scanner module
- Libraries and functions
- Using msftidy
- Writing out a custom SSH-authentication with a brute force attack
- Rephrasing the equation
- Writing a drive-disabler post-exploitation module
- Writing a credential harvester post-exploitation module
- Breakthrough Meterpreter scripting
- Essentials of Meterpreter scripting
- Setting up persistent access
- API calls and mixins
- Fabricating custom Meterpreter scripts
- Working with RailGun
- Interactive Ruby shell basics
- Understanding RailGun and its scripting
- Manipulating Windows API calls
- Fabricating sophisticated RailGun scripts
- Summary and exercises
- Chapter 3: The Exploit Formulation Process
- The absolute basics of exploitation
- The basics
- The architecture
- System organization basics
- Registers
- Exploiting stack-based buffer overflows with Metasploit
- Crashing the vulnerable application
- Building the exploit base
- Calculating the offset
- Using the pattern_create tool
- Using the pattern_offset tool
- Finding the JMP ESP address
- Using the Immunity Debugger to find executable modules
- Using msfpescan
- Stuffing the space
- Relevance of NOPs
- Determining bad characters
- Determining space limitations
- Writing the Metasploit exploit module
- Exploiting SEH-based buffer overflows with Metasploit
- Building the exploit base
- Calculating the offset
- Using the pattern_create tool
- Using the pattern_offset tool.
- Finding the POP/POP/RET address
- The Mona script
- Using msfpescan
- Writing the Metasploit SEH exploit module
- Using the NASM shell for writing assembly instructions
- Bypassing DEP in Metasploit modules
- Using msfrop to find ROP gadgets
- Using Mona to create ROP chains
- Writing the Metasploit exploit module for DEP bypass
- Other protection mechanisms
- Summary
- Chapter 4: Porting Exploits
- Importing a stack-based buffer overflow exploit
- Gathering the essentials
- Generating a Metasploit module
- Exploiting the target application with Metasploit
- Implementing a check method for exploits in Metasploit
- Importing web-based RCE into Metasploit
- Gathering the essentials
- Grasping the important web functions
- The essentials of the GET/POST method
- Importing an HTTP exploit into Metasploit
- Importing TCP server/browser-based exploits into Metasploit
- Gathering the essentials
- Generating the Metasploit module
- Summary
- Chapter 5: Testing Services with Metasploit
- Fundamentals of testing SCADA systems
- The fundamentals of ICS and its components
- The significance of ICS-SCADA
- Exploiting HMI in SCADA servers
- Fundamentals of testing SCADA
- SCADA-based exploits
- Attacking the Modbus protocol
- Securing SCADA
- Implementing secure SCADA
- Restricting networks
- Database exploitation
- SQL server
- Scanning MSSQL with Metasploit modules
- Brute forcing passwords
- Locating/capturing server passwords
- Browsing the SQL server
- Post-exploiting/executing system commands
- Reloading the xp_cmdshell functionality
- Running SQL-based queries
- Testing VOIP services
- VOIP fundamentals
- An introduction to PBX
- Types of VOIP services
- Self-hosted network
- Hosted services
- SIP service providers
- Fingerprinting VOIP services
- Scanning VOIP services
- Spoofing a VOIP call.
- Exploiting VOIP
- About the vulnerability
- Exploiting the application
- Summary
- Chapter 6: Virtual Test Grounds and Staging
- Performing a penetration test with integrated Metasploit services
- Interaction with the employees and end users
- Gathering intelligence
- Example environment being tested
- Vulnerability scanning with OpenVAS using Metasploit
- Modeling the threat areas
- Gaining access to the target
- Exploiting the Active Directory (AD) with Metasploit
- Finding the domain controller
- Enumerating shares in the Active Directory network
- Enumerating the AD computers
- Enumerating signed-in users in the Active Directory
- Enumerating domain tokens
- Using extapi in Meterpreter
- Enumerating open Windows using Metasploit
- Manipulating the clipboard
- Using ADSI management commands in Metasploit
- Using PsExec exploit in the network
- Using Kiwi in Metasploit
- Using cachedump in Metasploit
- Maintaining access to AD
- Generating manual reports
- The format of the report
- The executive summary
- Methodology/network admin-level report
- Additional sections
- Summary
- Chapter 7: Client-Side Exploitation
- Exploiting browsers for fun and profit
- The browser autopwn attack
- The technology behind the browser autopwn attack
- Attacking browsers with Metasploit browser autopwn
- Compromising the clients of a website
- Injecting the malicious web scripts
- Hacking the users of a website
- The autopwn with DNS spoofing and MITM attacks
- Tricking victims with DNS hijacking
- Using Kali NetHunter with browser exploits
- Metasploit and Arduino
- the deadly combination
- File format-based exploitation
- PDF-based exploits
- Word-based exploits
- Attacking Android with Metasploit
- Summary and exercises
- Chapter 8: Metasploit Extended
- Basics of post-exploitation with Metasploit.
- Basic post-exploitation commands
- The help menu
- The background command
- Reading from a channel
- File operation commands
- Desktop commands
- Screenshots and camera enumeration
- Advanced post-exploitation with Metasploit
- Obtaining system privileges
- Changing access, modification, and creation time with timestomp
- Additional post-exploitation modules
- Gathering wireless SSIDs with Metasploit
- Gathering Wi-Fi passwords with Metasploit
- Getting the applications list
- Gathering Skype passwords
- Gathering USB history
- Searching files with Metasploit
- Wiping logs from the target with the clearev command
- Advanced extended features of Metasploit
- Using pushm and popm commands
- Speeding up development using the reload, edit, and reload_all commands
- Making use of resource scripts
- Using AutoRunScript in Metasploit
- Using the multiscript module in AutoRunScript option
- Privilege escalation using Metasploit
- Finding passwords in clear text using mimikatz
- Sniffing traffic with Metasploit
- Host file injection with Metasploit
- Phishing Windows login passwords
- Summary and exercises
- Chapter 9: Evasion with Metasploit
- Evading Meterpreter using C wrappers and custom encoders
- Writing a custom Meterpreter encoder/decoder in C
- Evading intrusion detection systems with Metasploit
- Using random cases for fun and profit
- Using fake relatives to fool IDS systems
- Bypassing Windows firewall blocked ports
- Using the reverse Meterpreter on all ports
- Summary and exercises
- Chapter 10: Metasploit for Secret Agents
- Maintaining anonymity in Meterpreter sessions
- Maintaining access using vulnerabilities in common software
- DLL search order hijacking
- Using code caves for hiding backdoors
- Harvesting files from target systems
- Using venom for obfuscation.