O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Metasploit Bootcamp

Book Description

Master the art of penetration testing with Metasploit Framework in 7 days

About This Book

  • A fast-paced guide that will quickly enhance your penetration testing skills in just 7 days

  • Carry out penetration testing in complex and highly-secured environments.

  • Learn techniques to Integrate Metasploit with industry's leading tools

  • Who This Book Is For

    If you are a penetration tester, ethical hacker, or security consultant who quickly wants to master the Metasploit framework and carry out advanced penetration testing in highly secured environments then, this book is for you.

    What You Will Learn

  • Get hands-on knowledge of Metasploit

  • Perform penetration testing on services like Databases, VOIP and much more

  • Understand how to Customize Metasploit modules and modify existing exploits

  • Write simple yet powerful Metasploit automation scripts

  • Explore steps involved in post-exploitation on Android and mobile platforms.

  • In Detail

    The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user's preparation over the past six days and ends with a Metasploit challenge to solve.

    Style and approach

    This book is all about fast and intensive learning. That means we don't waste time in helping readers get started. The new content is basically about filling in with highly-effective examples to build new things, show solving problems in newer and unseen ways, and solve real-world examples.

    Table of Contents

    1. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the color images of this book
        2. Errata
        3. Piracy
        4. Questions
    2. Getting Started with Metasploit
      1. Setting up Kali Linux in a virtual environment
      2. The fundamentals of Metasploit
        1. Basics of Metasploit Framework
        2. Architecture of Metasploit
        3. Metasploit Framework console and commands
      3. Benefits of using Metasploit
      4. Penetration testing with Metasploit
        1. Assumptions and testing setup
      5. Phase-I: footprinting and scanning
      6. Phase-II: gaining access to the target
      7. Phase-III: maintaining access / post-exploitation / covering tracks
      8. Summary and exercises
    3. Identifying and Scanning Targets
      1. Working with FTP servers using Metasploit
        1. Scanning FTP services
        2. Modifying scanner modules for fun and profit
      2. Scanning MSSQL servers with Metasploit
        1. Using the mssql_ping module
        2. Brute-forcing MSSQL passwords
      3. Scanning SNMP services with Metasploit
      4. Scanning NetBIOS services with Metasploit
      5. Scanning HTTP services with Metasploit
      6. Scanning HTTPS/SSL with Metasploit
      7. Module building essentials
        1. The format of a Metasploit module
      8. Disassembling existing HTTP server scanner modules
        1. Libraries and the function
      9. Summary and exercises
    4. Exploitation and Gaining Access
      1. Setting up the practice environment
      2. Exploiting applications with Metasploit
        1. Using db_nmap in Metasploit
        2. Exploiting Desktop Central 9 with Metasploit
        3. Testing the security of a GlassFish web server with Metasploit
        4. Exploiting FTP services with Metasploit
      3. Exploiting browsers for fun and profit
        1. The browser autopwn attack
          1. The technology behind a browser autopwn attack
          2. Attacking browsers with Metasploit browser_autopwn
      4. Attacking Android with Metasploit
      5. Converting exploits to Metasploit
        1. Gathering the essentials
        2. Generating a Metasploit module
        3. Exploiting the target application with Metasploit
      6. Summary and exercises
    5. Post-Exploitation with Metasploit
      1. Extended post-exploitation with Metasploit
        1. Basic post-exploitation commands
          1. The help menu
          2. Background command
          3. Machine ID and the UUID command
          4. Networking commands
          5. File operation commands
          6. Desktop commands
          7. Screenshots and camera enumeration
        2. Advanced post-exploitation with Metasploit
          1. Migrating to safer processes
          2. Obtaining system privileges
          3. Changing access, modification, and creation time with timestomp
          4. Obtaining password hashes using hashdump
      2. Metasploit and privilege escalation
        1. Escalating privileges on Windows Server 2008
        2. Privilege escalation on Linux with Metasploit
      3. Gaining persistent access with Metasploit
        1. Gaining persistent access on Windows-based systems
        2. Gaining persistent access on Linux systems
      4. Summary
    6. Testing Services with Metasploit
      1. Testing MySQL with Metasploit
        1. Using Metasploit's mysql_version module
        2. Brute-forcing MySQL with Metasploit
        3. Finding MySQL users with Metasploit
        4. Dumping the MySQL schema with Metasploit
        5. Using file enumeration in MySQL using Metasploit
        6. Checking for writable directories
        7. Enumerating MySQL with Metasploit
        8. Running MySQL commands through Metasploit
        9. Gaining system access through MySQL
      2. The fundamentals of SCADA
        1. Analyzing security in SCADA systems
          1. The fundamentals of testing SCADA
          2. SCADA-based exploits
        2. Implementing secure SCADA
          1. Restricting networks
      3. Testing Voice over Internet Protocol services
        1. VoIP fundamentals
        2. Fingerprinting VoIP services
        3. Scanning VoIP services
        4. Spoofing a VoIP call
        5. Exploiting VoIP
          1. About the vulnerability
          2. Exploiting the application
      4. Summary and exercises
    7. Fast-Paced Exploitation with Metasploit
      1. Using pushm and popm commands
      2. Making use of resource scripts
      3. Using AutoRunScript in Metasploit
        1. Using the multiscript module in the AutoRunScript option
      4. Global variables in Metasploit
      5. Wrapping up and generating manual reports
        1. The format of the report
        2. The executive summary
        3. Methodology/network admin-level report
        4. Additional sections
      6. Summary and preparation for real-world scenarios
    8. Exploiting Real-World Challenges with Metasploit
      1. Scenario 1: Mirror environment
        1. Understanding the environment
        2. Fingerprinting the target with DB_NMAP
        3. Gaining access to vulnerable web applications
        4. Migrating from a PHP meterpreter to a Windows meterpreter
        5. Pivoting to internal networks
        6. Scanning internal networks through a meterpreter pivot
        7. Using the socks server module in Metasploit
        8. Dumping passwords in clear text
        9. Sniffing a network with Metasploit
        10. Summary of the attack
      2. Scenario 2: You can't see my meterpreter
        1. Using shellcode for fun and profit
        2. Encrypting the shellcode
        3. Creating a decoder executable
      3. Further roadmap and summary