O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Metasploit Penetration Testing Cookbook - Third Edition

Book Description

Over 100 recipes for penetration testing using Metasploit and virtual machines

About This Book

  • Special focus on the latest operating systems, exploits, and penetration testing techniques
  • Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures
  • Automate post exploitation with AutoRunScript
  • Exploit Android devices, record audio and video, send and read SMS, read call logs, and much more
  • Build and analyze Metasploit modules in Ruby
  • Integrate Metasploit with other penetration testing tools

Who This Book Is For

If you are a Security professional or pentester and want to get into vulnerability exploitation and make the most of the Metasploit framework, then this book is for you. Some prior understanding of penetration testing and Metasploit is required.

What You Will Learn

  • Set up a complete penetration testing environment using Metasploit and virtual machines
  • Master the world's leading penetration testing tool and use it in professional penetration testing
  • Make the most of Metasploit with PostgreSQL, importing scan results, using workspaces, hosts, loot, notes, services, vulnerabilities, and exploit results
  • Use Metasploit with the Penetration Testing Execution Standard methodology
  • Use MSFvenom efficiently to generate payloads and backdoor files, and create shellcode
  • Leverage Metasploit's advanced options, upgrade sessions, use proxies, use Meterpreter sleep control, and change timeouts to be stealthy

In Detail

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.

In this book, you will go through great recipes that will allow you to start using Metasploit effectively. With an ever increasing level of complexity, and covering everything from the fundamentals to more advanced features in Metasploit, this book is not just for beginners but also for professionals keen to master this awesome tool.

You will begin by building your lab environment, setting up Metasploit, and learning how to perform intelligence gathering, threat modeling, vulnerability analysis, exploitation, and post exploitation—all inside Metasploit. You will learn how to create and customize payloads to evade anti-virus software and bypass an organization's defenses, exploit server vulnerabilities, attack client systems, compromise mobile phones, automate post exploitation, install backdoors, run keyloggers, highjack webcams, port public exploits to the framework, create your own modules, and much more.

Style and approach

This book follows a cookbook style with recipes explaining penetration testing steps with Metasploit. Plenty plethora of code and commands are used to make your learning curve easy and quick.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Metasploit Penetration Testing Cookbook Third Edition
  3. Contributors
    1. About the authors
    2. Packt is searching for authors like you
  4. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
    5. Get in touch
      1. Reviews
    6. Disclaimer
  6. Metasploit Quick Tips for Security Professionals
    1. Introduction
    2. Installing Metasploit on Windows
      1. Getting ready
      2. How to do it...
    3. Installing Linux and macOS
      1. How to do it...
    4. Installing Metasploit on macOS
      1. How to do it...
    5. Using Metasploit in Kali Linux
      1. Getting ready
      2. How to do it...
      3. There's more...
        1. Upgrading Kali Linux
    6. Setting up a penetration-testing lab
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Setting up SSH connectivity
      1. Getting ready
      2. How to do it...
    8. Connecting to Kali using SSH
      1. How to do it...
    9. Configuring PostgreSQL
      1. Getting ready
      2. How to do it...
      3. There's more...
    10. Creating  workspaces
      1. How to do it...
    11. Using the database
      1. Getting ready
      2. How to do it...
    12. Using the hosts command
      1. How to do it...
    13. Understanding the services command
      1. How to do it...
  7. Information Gathering and Scanning
    1. Introduction
    2. Passive information gathering with Metasploit
      1. Getting ready
      2. How to do it...
        1. DNS Record Scanner and Enumerator
      3. There's more...
        1. CorpWatch Company Name Information Search
        2. Search Engine Subdomains Collector
        3. Censys Search
        4. Shodan Search
        5. Shodan Honeyscore Client
        6. Search Engine Domain Email Address Collector
    3. Active information gathering with Metasploit
      1. How to do it...
        1. TCP Port Scanner
        2. TCP SYN Port Scanner
    4. Port scanning—the Nmap way
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Operating system and version detection
        2. Increasing anonymity
    5. Port scanning—the db_nmap way
      1. Getting ready
      2. How to do it...
        1. Nmap Scripting Engine
    6. Host discovery with ARP Sweep
      1. Getting ready
      2. How to do it...
    7. UDP Service Sweeper
      1. How to do it...
    8. SMB scanning and enumeration
      1. How to do it...
    9. Detecting SSH versions with the SSH Version Scanner
      1. Getting ready
      2. How to do it...
    10. FTP scanning
      1. Getting ready
      2. How to do it...
    11. SMTP enumeration
      1. Getting ready
      2. How to do it...
    12. SNMP enumeration
      1. Getting ready
      2. How to do it...
    13. HTTP scanning
      1. Getting ready
      2. How to do it...
    14. WinRM scanning and brute forcing
      1. Getting ready
      2. How to do it...
    15. Integrating with Nessus
      1. Getting ready
      2. How to do it...
    16. Integrating with NeXpose
      1. Getting ready
      2. How to do it...
    17. Integrating with OpenVAS
      1. How to do it...
  8. Server-Side Exploitation
    1. Introduction
      1. Getting to know MSFconsole
        1. MSFconsole commands
    2. Exploiting a Linux server
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. What about the payload?
    3. SQL injection
      1. Getting ready
      2. How to do it...
    4. Types of shell
      1. Getting ready
      2. How to do it...
    5. Exploiting a Windows Server machine
      1. Getting ready
      2. How to do it...
    6. Exploiting common services
      1. Getting ready
      2. How to do it
    7. MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
      1. Getting ready
      2. How to do it...
    8. MS17-010 EternalRomance/EternalSynergy/EternalChampion
      1. How to do it...
    9. Installing backdoors
      1. Getting ready
      2. How to do it...
    10. Denial of Service
      1. Getting ready
      2. How to do it...
      3. How to do it...
  9. Meterpreter
    1. Introduction
    2. Understanding the Meterpreter core commands
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Understanding the Meterpreter filesystem commands
      1. How to do it...
      2. How it works...
    4. Understanding Meterpreter networking commands
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Understanding the Meterpreter system commands
      1. How to do it...
    6. Setting up multiple communication channels with the target
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Meterpreter anti-forensics
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    8. The getdesktop and keystroke sniffing
      1. Getting ready
      2. How to do it...
      3. There's more...
    9. Using a scraper Meterpreter script
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Scraping the system using winenum
      1. How to do it...
    11. Automation with AutoRunScript
      1. How to do it...
    12. Meterpreter resource scripts
      1. How to do it...
    13. Meterpreter timeout control
      1. How to do it...
    14. Meterpreter sleep control
      1. How to do it...
    15. Meterpreter transports
      1. How to do it...
    16. Interacting with the registry
      1. Getting ready
      2. How to do it...
    17. Loading framework plugins
      1. How to do it...
    18. Meterpreter API and mixins
      1. Getting ready
      2. How to do it...
      3. How it works...
    19. Railgun—converting Ruby into a weapon
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    20. Adding DLL and function definitions to Railgun
      1. How to do it...
      2. How it works...
    21. Injecting the VNC server remotely
      1. Getting ready
      2. How to do it...
    22. Enabling Remote Desktop
      1. How to do it...
      2. How it works...
  10. Post-Exploitation
    1. Introduction
    2. Post-exploitation modules
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. How to do it...
      5. How it works...
    3. Bypassing UAC
      1. Getting ready
      2. How to do it...
    4. Dumping the contents of the SAM database
      1. Getting ready
      2. How to do it...
    5. Passing the hash
      1. How to do it...
    6. Incognito attacks with Meterpreter
      1. How to do it...
    7. Using Mimikatz
      1. Getting ready
      2. How to do it...
      3. There's more...
    8. Setting up a persistence with backdoors
      1. Getting ready
      2. How to do it...
    9. Becoming TrustedInstaller
      1. How to do it...
    10. Backdooring Windows binaries
      1. How to do it...
    11. Pivoting with Meterpreter
      1. Getting ready
      2. How to do it...
      3. How it works...
    12. Port forwarding with Meterpreter
      1. Getting ready
      2. How to do it...
    13. Credential harvesting
      1. How to do it...
    14. Enumeration modules
      1. How to do it...
    15. Autoroute and socks proxy server
      1. How to do it...
    16. Analyzing an existing post-exploitation module
      1. Getting ready
      2. How to do it...
      3. How it works...
    17. Writing a post-exploitation module
      1. Getting ready
      2. How to do it...
  11. Using MSFvenom
    1. Introduction
    2. Payloads and payload options
      1. Getting ready
      2. How to do it...
    3. Encoders
      1. How to do it...
      2. There's more...
    4. Output formats
      1. How to do it...
    5. Templates
      1. Getting ready
      2. How to do it...
    6. Meterpreter payloads with trusted certificates
      1. Getting ready
      2. How to do it...
      3. There's more...
  12. Client-Side Exploitation and Antivirus Bypass
    1. Introduction
    2. Exploiting a Windows 10 machine
      1. Getting ready
      2. How to do it...
    3. Bypassing antivirus and IDS/IPS
      1. How to do it...
    4. Metasploit macro exploits
      1. How to do it...
      2. There's more...
    5. Human Interface Device attacks
      1. Getting ready
      2. How to do it...
    6. HTA attack
      1. How to do it...
    7. Backdooring executables using a MITM attack
      1. Getting ready
      2. How to do it...
    8. Creating a Linux trojan
      1. How to do it...
    9. Creating an Android backdoor
      1. Getting ready
      2. How to do it...
      3. There's more...
  13. Social-Engineer Toolkit
    1. Introduction
    2. Getting started with the Social-Engineer Toolkit
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Working with the spear-phishing attack vector
      1. How to do it...
    4. Website attack vectors
      1. How to do it...
    5. Working with the multi-attack web method
      1. How to do it...
    6. Infectious media generator
      1. How to do it...
      2. How it works...
  14. Working with Modules for Penetration Testing
    1. Introduction
    2. Working with auxiliary modules
      1. Getting ready
      2. How to do it...
    3. DoS attack modules
      1. How to do it...
        1. HTTP
        2. SMB
    4. Post-exploitation modules
      1. Getting ready
      2. How to do it...
    5. Understanding the basics of module building
      1. How to do it...
    6. Analyzing an existing module
      1. Getting ready
      2. How to do it...
    7. Building your own post-exploitation module
      1. Getting ready
      2. How to do it...
    8. Building your own auxiliary module
      1. Getting ready
      2. How to do it...
  15. Exploring Exploits
    1. Introduction
    2. Common exploit mixins
      1. How to do it...
    3. Exploiting the module structure
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Using MSFvenom to generate shellcode
      1. Getting ready
      2. How to do it...
    5. Converting an exploit to a Metasploit module
      1. Getting ready
      2. How to do it...
    6. Porting and testing the new exploit module
      1. Getting ready
      2. How to do it...
    7. Fuzzing with Metasploit
      1. Getting ready
      2. How to do it...
    8. Writing a simple fuzzer
      1. How to do it...
      2. How it works...
  16. Wireless Network Penetration Testing
    1. Introduction
      1. Getting ready
    2. Metasploit and wireless
      1. How to do it...
    3. Understanding an evil twin attack
      1. Getting ready
      2. How to do it...
    4. Configuring Karmetasploit
      1. Getting ready
      2. How to do it...
    5. Wireless MITM attacks
      1. Getting ready
      2. How to do it...
    6. SMB relay attacks
      1. How to do it...
      2. There's more...
  17. Cloud Penetration Testing
    1. Introduction
    2. Metasploit in the cloud
      1. Getting ready
      2. How to do it...
      3. There's more...
    3. Metasploit PHP Hop
      1. Getting ready
      2. How to do it...
    4. Phishing from the cloud
      1. Getting ready
      2. How to do it...
    5. Setting up a cloud penetration testing lab
      1. How to do it...
      2. There's more...
  18. Best Practices
    1. Introduction
    2. Best practices
      1. How to do it...
        1. Guided partitioning with encrypted LVM
    3. Using Metasploit over the Tor network
      1. Getting ready
      2. How to do it...
    4. Metasploit logging
      1. How to do it...
      2. There's more...
    5. Documentation
      1. How to do it...
    6. Cleaning up
      1. How to do it...
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think