O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Mastering Metasploit - Third Edition

Book Description

Discover the next level of network defense with the Metasploit framework

About This Book
  • Gain the skills to carry out penetration testing in complex and highly-secured environments
  • Become a master using the Metasploit framework, develop exploits, and generate modules for a variety of real-world scenarios
  • Get this completely updated edition with new useful methods and techniques to make your network robust and resilient
Who This Book Is For

This book is a hands-on guide to penetration testing using Metasploit and covers its complete development. It shows a number of techniques and methodologies that will help you master the Metasploit framework and explore approaches to carrying out advanced penetration testing in highly secured environments.

What You Will Learn
  • Develop advanced and sophisticated auxiliary modules
  • Port exploits from PERL, Python, and many more programming languages
  • Test services such as databases, SCADA, and many more
  • Attack the client side with highly advanced techniques
  • Test mobile and tablet devices with Metasploit
  • Bypass modern protections such as an AntiVirus and IDS with Metasploit
  • Simulate attacks on web servers and systems with Armitage GUI
  • Script attacks in Armitage using CORTANA scripting
In Detail

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You'll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit.

In the next section, you'll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.

By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Style and approach

This is a step-by-step guide that provides great Metasploit framework methodologies. All the key concepts are explained details with the help of examples and demonstrations that will help you understand everything you need to know about Metasploit.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Mastering Metasploit Third Edition
  3. Dedication
  4. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  5. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  7. Approaching a Penetration Test Using Metasploit
    1. Organizing a penetration test
      1. Preinteractions
      2. Intelligence gathering/reconnaissance phase
      3. Threat modeling
      4. Vulnerability analysis
      5. Exploitation and post-exploitation
      6. Reporting
    2. Mounting the environment
      1. Setting up Kali Linux in a virtual environment
    3. The fundamentals of Metasploit
    4. Conducting a penetration test with Metasploit
      1. Recalling the basics of Metasploit
    5. Benefits of penetration testing using Metasploit
      1. Open source
      2. Support for testing large networks and natural naming conventions
      3. Smart payload generation and switching mechanism
      4. Cleaner exits
      5. The GUI environment
    6. Case study - diving deep into an unknown network
      1. Gathering intelligence
        1. Using databases in Metasploit
      2. Modeling threats
      3. Vulnerability analysis - arbitrary file upload (unauthenticated)
        1. Attacking mechanism on the PhpCollab 2.5.1 application
      4. Exploitation and gaining access
        1. Escalating privileges with local root exploits
      5. Maintaining access with Metasploit
      6. Post-exploitation and pivoting
      7. Vulnerability analysis - SEH based buffer overflow
      8. Exploiting human errors by compromising Password Managers
    7. Revisiting the case study
      1. Revising the approach
    8. Summary and exercises
  8. Reinventing Metasploit
    1. Ruby - the heart of Metasploit
      1. Creating your first Ruby program
        1. Interacting with the Ruby shell
        2. Defining methods in the shell
      2. Variables and data types in Ruby
        1. Working with strings
          1. Concatenating strings
          2. The substring function
          3. The split function
        2. Numbers and conversions in Ruby
          1. Conversions in Ruby
        3. Ranges in Ruby
        4. Arrays in Ruby
      3. Methods in Ruby
      4. Decision-making operators
      5. Loops in Ruby
      6. Regular expressions
      7. Wrapping up with Ruby basics
    2. Developing custom modules
      1. Building a module in a nutshell
        1. The architecture of the Metasploit framework
        2. Understanding the file structure
        3. The libraries layout
      2. Understanding the existing modules
        1. The format of a Metasploit module
      3. Disassembling the existing HTTP server scanner module
        1. Libraries and the function
      4. Writing out a custom FTP scanner module
        1. Libraries and functions
          1. Using msftidy
      5. Writing out a custom SSH-authentication with a brute force attack
        1. Rephrasing the equation
      6. Writing a drive-disabler post-exploitation module
      7. Writing a credential harvester post-exploitation module
    3. Breakthrough Meterpreter scripting
      1. Essentials of Meterpreter scripting
      2. Setting up persistent access
      3. API calls and mixins
      4. Fabricating custom Meterpreter scripts
    4. Working with RailGun
      1. Interactive Ruby shell basics
      2. Understanding RailGun and its scripting
      3. Manipulating Windows API calls
      4. Fabricating sophisticated RailGun scripts
    5. Summary and exercises
  9. The Exploit Formulation Process
    1. The absolute basics of exploitation
      1. The basics
      2. The architecture
        1. System organization basics
      3. Registers
    2. Exploiting stack-based buffer overflows with Metasploit
      1. Crashing the vulnerable application
      2. Building the exploit base
      3. Calculating the offset
        1. Using the pattern_create tool
        2. Using the pattern_offset tool
      4. Finding the JMP ESP address
        1. Using the Immunity Debugger to find executable modules
        2. Using msfpescan
      5. Stuffing the space
        1. Relevance of NOPs
      6. Determining bad characters
      7. Determining space limitations
      8. Writing the Metasploit exploit module
    3. Exploiting SEH-based buffer overflows with Metasploit
      1. Building the exploit base
      2. Calculating the offset
        1. Using the pattern_create tool
        2. Using the pattern_offset tool
      3. Finding the POP/POP/RET address
        1. The Mona script
        2. Using msfpescan
      4. Writing the Metasploit SEH exploit module
        1. Using the NASM shell for writing assembly instructions
    4. Bypassing DEP in Metasploit modules
      1. Using msfrop to find ROP gadgets
      2. Using Mona to create ROP chains
      3. Writing the Metasploit exploit module for DEP bypass
    5. Other protection mechanisms
    6. Summary
  10. Porting Exploits
    1. Importing a stack-based buffer overflow exploit
      1. Gathering the essentials
      2. Generating a Metasploit module
      3. Exploiting the target application with Metasploit
      4. Implementing a check method for exploits in Metasploit
    2. Importing web-based RCE into Metasploit
      1. Gathering the essentials
      2. Grasping the important web functions
      3. The essentials of the GET/POST method
      4. Importing an HTTP exploit into Metasploit
    3. Importing TCP server/browser-based exploits into Metasploit
      1. Gathering the essentials
      2. Generating the Metasploit module
    4. Summary
  11. Testing Services with Metasploit
    1. Fundamentals of testing SCADA systems
      1. The fundamentals of ICS and its components
      2. The significance of ICS-SCADA
      3. Exploiting HMI in SCADA servers
        1. Fundamentals of testing SCADA
        2. SCADA-based exploits
      4. Attacking the Modbus protocol
      5. Securing SCADA
        1. Implementing secure SCADA
        2. Restricting networks
    2. Database exploitation
      1. SQL server
      2. Scanning MSSQL with Metasploit modules
      3. Brute forcing passwords
      4. Locating/capturing server passwords
      5. Browsing the SQL server
      6. Post-exploiting/executing system commands
        1. Reloading the xp_cmdshell functionality
        2. Running SQL-based queries
    3. Testing VOIP services
      1. VOIP fundamentals
        1. An introduction to PBX
        2. Types of VOIP services
        3. Self-hosted network
        4. Hosted services
        5. SIP service providers
      2. Fingerprinting VOIP services
      3. Scanning VOIP services
      4. Spoofing a VOIP call
      5. Exploiting VOIP
        1. About the vulnerability
        2. Exploiting the application
    4. Summary
  12. Virtual Test Grounds and Staging
    1. Performing a penetration test with integrated Metasploit services
      1. Interaction with the employees and end users
      2. Gathering intelligence
        1. Example environment being tested
      3. Vulnerability scanning with OpenVAS using Metasploit
      4. Modeling the threat areas
      5. Gaining access to the target
      6. Exploiting the Active Directory (AD) with Metasploit
        1. Finding the domain controller
        2. Enumerating shares in the Active Directory network
        3. Enumerating the AD computers
        4. Enumerating signed-in users in the Active Directory
        5. Enumerating domain tokens
        6. Using extapi in Meterpreter
        7. Enumerating open Windows using Metasploit
        8. Manipulating the clipboard
        9. Using ADSI management commands in Metasploit
        10. Using PsExec exploit in the network
        11. Using Kiwi in Metasploit
        12. Using cachedump in Metasploit
      7. Maintaining access to AD
    2. Generating manual reports
      1. The format of the report
      2. The executive summary
      3. Methodology/network admin-level report
      4. Additional sections
    3. Summary
  13. Client-Side Exploitation
    1. Exploiting browsers for fun and profit
      1. The browser autopwn attack
        1. The technology behind the browser autopwn attack
        2. Attacking browsers with Metasploit browser autopwn
      2. Compromising the clients of a website
        1. Injecting the malicious web scripts
        2. Hacking the users of a website
      3. The autopwn with DNS spoofing and MITM attacks
        1. Tricking victims with DNS hijacking
        2. Using Kali NetHunter with browser exploits
    2. Metasploit and Arduino - the deadly combination
    3. File format-based exploitation
      1. PDF-based exploits
      2. Word-based exploits
    4. Attacking Android with Metasploit
    5. Summary and exercises
  14. Metasploit Extended
    1. Basics of post-exploitation with Metasploit
    2. Basic post-exploitation commands
      1. The help menu
      2. The background command
      3. Reading from a channel
      4. File operation commands
      5. Desktop commands
      6. Screenshots and camera enumeration
    3. Advanced post-exploitation with Metasploit
      1. Obtaining system privileges
      2. Changing access, modification, and creation time with timestomp
    4. Additional post-exploitation modules
      1. Gathering wireless SSIDs with Metasploit
      2. Gathering Wi-Fi passwords with Metasploit
      3. Getting the applications list
      4. Gathering Skype passwords
      5. Gathering USB history
      6. Searching files with Metasploit
      7. Wiping logs from the target with the clearev command
    5. Advanced extended features of Metasploit
      1. Using pushm and popm commands
      2. Speeding up development using the reload, edit, and reload_all commands
      3. Making use of resource scripts
      4. Using AutoRunScript in Metasploit
      5. Using the multiscript module in AutoRunScript option
      6. Privilege escalation using Metasploit
      7. Finding passwords in clear text using mimikatz
      8. Sniffing traffic with Metasploit
      9. Host file injection with Metasploit
      10. Phishing Windows login passwords
    6. Summary and exercises
  15. Evasion with Metasploit
    1. Evading Meterpreter using C wrappers and custom encoders
      1. Writing a custom Meterpreter encoder/decoder in C
    2. Evading intrusion detection systems with Metasploit
      1. Using random cases for fun and profit
      2. Using fake relatives to fool IDS systems
    3. Bypassing Windows firewall blocked ports
      1. Using the reverse Meterpreter on all ports
    4. Summary and exercises
  16. Metasploit for Secret Agents
    1. Maintaining anonymity in Meterpreter sessions
    2. Maintaining access using vulnerabilities in common software
      1. DLL search order hijacking
      2. Using code caves for hiding backdoors
    3. Harvesting files from target systems
    4. Using venom for obfuscation
    5. Covering tracks with anti-forensics modules
    6. Summary
  17. Visualizing with Armitage
    1. The fundamentals of Armitage
      1. Getting started
      2. Touring the user interface
      3. Managing the workspace
    2. Scanning networks and host management
      1. Modeling out vulnerabilities
      2. Finding the match
    3. Exploitation with Armitage
    4. Post-exploitation with Armitage
    5. Red teaming with Armitage team server
    6. Scripting Armitage
      1. The fundamentals of Cortana
      2. Controlling Metasploit
      3. Post-exploitation with Cortana
      4. Building a custom menu in Cortana
      5. Working with interfaces
    7. Summary
  18. Tips and Tricks
    1. Automation using Minion script
    2. Using connect as Netcat
    3. Shell upgrades and background sessions
    4. Naming conventions
      1. Changing the prompt and making use of database variables
    5. Saving configurations in Metasploit
    6. Using inline handler and renaming jobs
    7. Running commands on multiple Meterpreters
    8. Automating the Social Engineering Toolkit
    9. Cheat sheets on Metasploit and penetration testing
    10. Further reading
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think