Metasploit Unleashed: Build defense against complex attacks

Metasploit Unleashed: Build defense against complex attacks

by Shane Hartman
Released January 2020
Publisher(s): Packt Publishing
ISBN: 9781789618846

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Metasploit is a platform for testing, executing, and exploiting computer systems using a modular framework. It is used to create security testing tools and exploit modules and also as a penetration testing system. In this course, you will use a powerful VM called Metasploitable which is a vulnerable version of Linux for Metasploit. You will begin with setting up of the Metasploit architecture and get familiar with Meterpreter commands, and using these to launch payloads and interact with exploited systems. You will use Metasploit as a vulnerability scanner, leveraging tools such as NMap and Nessus and then work on real-world sophisticated scenarios in which performing penetration tests is a challenge. You will go on a journey through client-side and server-side attacks using Metasploit and various scripts built on the Metasploit framework. Then you will establish foothold on the network by staying hidden, and pivoting to other systems. Finally, you will carry out a cyber attack using Armitage, a GUI-based tool. By the end of the course, you will get well versed with Metasploit modules, exploiting systems, carrying out breaches, as well as building and porting exploits of various kinds in Metasploit. There is something for everyone from the beginner to experienced practitioner looking to broaden their knowledge. No prior knowledge of Metasploit is assumed.

What You Will Learn

  • Understand Metasploit and the Metasploit commands used in the command line interface
  • Exploit commands: set to set variables and show to show the exploit options, targets, payloads, encoders, nops and the evasion options
  • Meterpreter commands to get you started and help familiarize you with this most powerful tool
  • Use of Metasploit as a vulnerability scanner leveraging tools such as NMap and Nessus
  • Use Pivoting for routing traffic from a normally non-routable network
  • Perform test services such as SCADA, and test in a highly secured environment
  • Simulate attacks on web servers and systems with Armitage

Audience

This course is a primer for the use of Metasploit. Designed for people interested in system security and pentesting using the Metasploit framework. There is something for everyone from the beginner to experienced practitioner looking to broaden their knowledge. No prior knowledge of Metasploit is assumed.

About The Author

Shane Hartman: Shane Hartman, Founder and Executive Director of SpecterLabs. With over 20 years of IT experience ranging from network engineering to enterprise security, His experience gives him a broad understanding security needs facing the IT industry today. He has a masters degree in digital forensics and currently teaches forensics, enterprise security, and offensive computing at the collegiate level. https://www.linkedin.com/in/shanehartman/

Table of contents

  1. Chapter 1 : Working and Setting Up Metasploit Architecture
    1. The Course Overview
    2. Organizing a Pentest with Metasploit
    3. Introduction to Exploitation
    4. Metasploit Installation
    5. Metasploit Interfaces and Modules
    6. Metasploit Databases
    7. Metasploitable Setup
  2. Chapter 2 : Scanning and Information Gathering
    1. Scanning with Metasploit
    2. Nmap Integration for Advanced Scanning
    3. Nessus integration in to Metasploit
    4. Scanning with Nessus
    5. Nexpose Integration to Prioritize Vulnerabilities
  3. Chapter 3 : Launching Payloads with Meterpreter
    1. What Is Meterpreter?
    2. Working with Meterpreter
    3. Meterpreter Scripting
    4. Working with Railgun
    5. Custom Meterpreter Scripts
  4. Chapter 4 : Executing Client Type Exploitation
    1. Types of Client-Side Exploits
    2. Browser Exploits to Breach Browser Security
    3. Exploit File Formats to Create Custom Files
    4. Standalone Attacks
    5. Delivering Exploits
  5. Chapter 5 : Server-Side Exploitation
    1. Server-Side Exploitation Types
    2. Exploiting Web Servers
    3. Exploit Database with Remote Exploits
    4. Exploiting VOIP
    5. Exploiting SCADA Systems
  6. Chapter 6 : Types of Exploits and Operations
    1. Privilege Escalation to Grant Access
    2. Gathering Passwords with Mimikatz and Kiwi
    3. Post Exploitations
    4. Maintaining Access
    5. Covering Your Tracks
  7. Chapter 7 : Phishing and Visualization
    1. Social Engineering Toolkit (SET)
    2. Using Armitage to Share Access
    3. Turning on RDP
    4. Screen Capture, Keylogging, and Webcam
    5. Manipulating the Registry
  8. Chapter 8 : Advanced Metasploit
    1. Evasion with MSFvenom
    2. Evasion with Veil
    3. Evasion with Trojanizer
    4. Evasion with Metasploit
    5. Creating Custom Modules
    6. Implementing Custom Modules

Product information

  • Title: Metasploit Unleashed: Build defense against complex attacks
  • Author(s): Shane Hartman
  • Release date: January 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781789618846