book

Metasploit, 2nd Edition

by David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman

January 2025

Intermediate to advanced

288 pages

7h 12m

English

No Starch Press

Read now

Unlock full access

Why Do a Penetration Test?Why Metasploit?About This BookWhat’s New to This EditionA Note on Ethics
The Phases of the PTESPreengagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReportingTypes of Penetration TestsOvertCovertVulnerability ScannersInstalling Kali, Metasploit, and MetasploitableWrapping Up
TerminologyExploitPayloadShellcodeModuleListenerMetasploit InterfacesMSFconsoleResource ScriptsArmitage and Cobalt StrikeMetasploit UtilitiesMSFvenomNASM ShellMetasploit ProWrapping Up

Passive Information GatheringWhois LookupsNetcraftDNS AnalysisActive Information GatheringPort Scanning with NmapPort Scanning with MetasploitTargeted ScanningScanning for Server Message BlockHunting for Poorly Configured Microsoft SQL ServersScanning for S3 BucketsScanning for SSH Server VersionScanning for FTP ServersSweeping for Simple Network Management ProtocolWriting a Custom ScannerWrapping Up
The Basic Vulnerability ScanScanning with NexposeConfiguring NexposeImporting Reports into MetasploitRunning Nexpose in MSFconsoleScanning with NessusConfiguring NessusCreating ScansCreating Scan PoliciesViewing ReportsImporting Results into MetasploitNessus Scanning in MetasploitSpecialty Vulnerability ScannersValidating SMB LoginsFinding Scanners for Recent ExploitsWrapping Up
Basic ExploitationSearching for an ExploitsearchsploitinfoSelecting an Exploitshow payloadsshow targetsset and unsetsetg and unsetgsaveexploitExploiting a Windows MachineExploiting an Ubuntu MachineWrapping Up
Compromising a Windows Virtual MachinePort Scanning with NmapBrute-Forcing MySQL Server AuthenticationUploading User-Defined FunctionsBasic Meterpreter CommandsCapturing ScreenshotsFinding Platform InformationCapturing KeystrokesExtracting Password HashesPassing the HashMimikatz and KiwiPrivilege EscalationLateral Movement TechniquesToken ImpersonationDCSync and Golden Ticket AttacksOther Useful Meterpreter CommandsEnabling Remote Desktop ServicesViewing All Traffic on a TargetScraping a SystemEstablishing PersistenceManipulating Windows APIs with RailgunPivoting to Other SystemsWrapping Up
Creating Stand-Alone Binaries with MSFvenomEncoding with MSFvenomPacking ExecutablesCustom Executable TemplatesLaunching Payloads StealthilyEvasion ModulesDeveloping Custom PayloadsGenerating Executables from Python FilesWrapping Up
Updating and Configuring the Social-Engineer ToolkitSpear-Phishing AttacksSetting Up an Email ServerSending Malicious EmailPhishing with GophishWeb AttacksUsername and Password HarvestingTabnabbingBypassing Two-Factor AuthenticationInfectious Media Generation AttacksWrapping Up
Browser-Based ExploitsFinding Exploits in MetasploitAutomating Exploitation with AutoPwn2Finding Even More Recent ExploitsFile-Format ExploitsExploiting Word DocumentsSending PayloadsWrapping Up
Connecting to Wireless AdaptersMonitoring Wi-Fi TrafficDeauth and DoS AttacksCapturing and Cracking HandshakesEvil Twin AttacksSniffing Traffic with MetasploitHarvesting Credentials with the Wi-Fi PineappleWrapping Up
Exploring Auxiliary ModulesSearching for HTTP ModulesCreating an Auxiliary ModuleWriting the ModuleRunning the ModuleDebugging the ModuleWrapping Up
Assembly Language BasicsEIP and ESP RegistersThe JMP Instruction SetNOPs and NOP SlidesDisabling ProtectionsPorting Buffer OverflowsStripping Existing ExploitsConfiguring the Exploit DefinitionTesting the Base ExploitImplementing Features of the FrameworkAdding RandomizationRemoving the NOP SlideRemoving the Dummy ShellcodePorting an SEH Overwrite ExploitWrapping Up
Getting Command Execution on MS SQLEnabling Administrator-Level ProceduresRunning the ModuleExploring the Module CodeCreating a New ModuleEditing an Existing ModuleRunning the Shell ExploitDefining the ExploitUploading PowerShell ScriptsRunning the ExploitWrapping Up
The Art of FuzzingDownloading the Test ApplicationWriting the FuzzerTesting the FuzzerControlling the Structured Exception HandlerHopping Around RestrictionsGetting a Return AddressIncluding Backward Jumps and Near JumpsAdding a PayloadBad Characters and Remote Code ExecutionWrapping Up
Preengagement InteractionsIntelligence GatheringThreat ModelingExploitationExecuting the ExploitEstablishing PersistencePost ExploitationScanning the Linux SystemIdentifying Vulnerable ServicesAttacking Apache TomcatAttacking Obscure ServicesCovering Your TracksWrapping Up
Cloud Security BasicsIdentity and Access ManagementServerless FunctionsStorageDocker ContainersSetting Up Cloud Testing EnvironmentsContainer TakeoversEscaping Docker ContainersKubernetesWrapping Up
x86 and AMD64ARM and Apple SiliconInstalling Kali Meta Packages
MSFconsoleMeterpreterMSFvenomMeterpreter Post Exploitation

Content preview from Metasploit, 2nd Edition

15 A SIMULATED PENETRATION TEST

Successfully bypassing an organization’s defenses during a penetration test is one of our most rewarding experiences. In this chapter, we’ll pull together what you’ve learned in previous chapters as we simulate a complete penetration test. You’ll re-create steps covered in previous chapters, so most of what we show here should be familiar.

Before you begin, start both the Linux and Windows Metasploitable machines. If you need to set up these machines again, follow the instructions in Appendix A. We’ll run both machines to simulate a small networked environment, configuring the Windows virtual machine so that ...