book

Metasploit, 2nd Edition

by David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman

January 2025

Intermediate to advanced

288 pages

7h 12m

English

No Starch Press

Read now

Unlock full access

Why Do a Penetration Test?Why Metasploit?About This BookWhat’s New to This EditionA Note on Ethics
The Phases of the PTESPreengagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReportingTypes of Penetration TestsOvertCovertVulnerability ScannersInstalling Kali, Metasploit, and MetasploitableWrapping Up
TerminologyExploitPayloadShellcodeModuleListenerMetasploit InterfacesMSFconsoleResource ScriptsArmitage and Cobalt StrikeMetasploit UtilitiesMSFvenomNASM ShellMetasploit ProWrapping Up

Passive Information GatheringWhois LookupsNetcraftDNS AnalysisActive Information GatheringPort Scanning with NmapPort Scanning with MetasploitTargeted ScanningScanning for Server Message BlockHunting for Poorly Configured Microsoft SQL ServersScanning for S3 BucketsScanning for SSH Server VersionScanning for FTP ServersSweeping for Simple Network Management ProtocolWriting a Custom ScannerWrapping Up
The Basic Vulnerability ScanScanning with NexposeConfiguring NexposeImporting Reports into MetasploitRunning Nexpose in MSFconsoleScanning with NessusConfiguring NessusCreating ScansCreating Scan PoliciesViewing ReportsImporting Results into MetasploitNessus Scanning in MetasploitSpecialty Vulnerability ScannersValidating SMB LoginsFinding Scanners for Recent ExploitsWrapping Up
Basic ExploitationSearching for an ExploitsearchsploitinfoSelecting an Exploitshow payloadsshow targetsset and unsetsetg and unsetgsaveexploitExploiting a Windows MachineExploiting an Ubuntu MachineWrapping Up
Compromising a Windows Virtual MachinePort Scanning with NmapBrute-Forcing MySQL Server AuthenticationUploading User-Defined FunctionsBasic Meterpreter CommandsCapturing ScreenshotsFinding Platform InformationCapturing KeystrokesExtracting Password HashesPassing the HashMimikatz and KiwiPrivilege EscalationLateral Movement TechniquesToken ImpersonationDCSync and Golden Ticket AttacksOther Useful Meterpreter CommandsEnabling Remote Desktop ServicesViewing All Traffic on a TargetScraping a SystemEstablishing PersistenceManipulating Windows APIs with RailgunPivoting to Other SystemsWrapping Up
Creating Stand-Alone Binaries with MSFvenomEncoding with MSFvenomPacking ExecutablesCustom Executable TemplatesLaunching Payloads StealthilyEvasion ModulesDeveloping Custom PayloadsGenerating Executables from Python FilesWrapping Up
Updating and Configuring the Social-Engineer ToolkitSpear-Phishing AttacksSetting Up an Email ServerSending Malicious EmailPhishing with GophishWeb AttacksUsername and Password HarvestingTabnabbingBypassing Two-Factor AuthenticationInfectious Media Generation AttacksWrapping Up
Browser-Based ExploitsFinding Exploits in MetasploitAutomating Exploitation with AutoPwn2Finding Even More Recent ExploitsFile-Format ExploitsExploiting Word DocumentsSending PayloadsWrapping Up
Connecting to Wireless AdaptersMonitoring Wi-Fi TrafficDeauth and DoS AttacksCapturing and Cracking HandshakesEvil Twin AttacksSniffing Traffic with MetasploitHarvesting Credentials with the Wi-Fi PineappleWrapping Up
Exploring Auxiliary ModulesSearching for HTTP ModulesCreating an Auxiliary ModuleWriting the ModuleRunning the ModuleDebugging the ModuleWrapping Up
Assembly Language BasicsEIP and ESP RegistersThe JMP Instruction SetNOPs and NOP SlidesDisabling ProtectionsPorting Buffer OverflowsStripping Existing ExploitsConfiguring the Exploit DefinitionTesting the Base ExploitImplementing Features of the FrameworkAdding RandomizationRemoving the NOP SlideRemoving the Dummy ShellcodePorting an SEH Overwrite ExploitWrapping Up
Getting Command Execution on MS SQLEnabling Administrator-Level ProceduresRunning the ModuleExploring the Module CodeCreating a New ModuleEditing an Existing ModuleRunning the Shell ExploitDefining the ExploitUploading PowerShell ScriptsRunning the ExploitWrapping Up
The Art of FuzzingDownloading the Test ApplicationWriting the FuzzerTesting the FuzzerControlling the Structured Exception HandlerHopping Around RestrictionsGetting a Return AddressIncluding Backward Jumps and Near JumpsAdding a PayloadBad Characters and Remote Code ExecutionWrapping Up
Preengagement InteractionsIntelligence GatheringThreat ModelingExploitationExecuting the ExploitEstablishing PersistencePost ExploitationScanning the Linux SystemIdentifying Vulnerable ServicesAttacking Apache TomcatAttacking Obscure ServicesCovering Your TracksWrapping Up
Cloud Security BasicsIdentity and Access ManagementServerless FunctionsStorageDocker ContainersSetting Up Cloud Testing EnvironmentsContainer TakeoversEscaping Docker ContainersKubernetesWrapping Up
x86 and AMD64ARM and Apple SiliconInstalling Kali Meta Packages
MSFconsoleMeterpreterMSFvenomMeterpreter Post Exploitation

Content preview from Metasploit, 2nd Edition

B CHEAT SHEET

For convenience, this appendix lists the most frequently used commands and syntax within Metasploit’s various interfaces and utilities.

MSFconsole

check Determine whether a target is vulnerable to an attack.

db_connect name Create and connect to a database (for example: db_connect autopwn).

db_create name Create a database to use with database-driven attacks (for example: db_create autopwn).

db_destroy Delete the current database.

db_destroy user:password@host:port/database Delete a database using advanced options.

db_nmap Use Nmap and place the results in a database; this command supports normal Nmap syntax, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Hacking: The Art of Exploitation, 2nd Edition

Jon Erickson

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Serious Cryptography, 2nd Edition

Jean-Philippe Aumasson

CISSP, 4th Edition

Sari Greene

Publisher Resources

ISBN: 9798341620032Errata Page