book

Metasploit

by David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni

July 2011

Intermediate to advanced

328 pages

9h 1m

English

No Starch Press

Read now

Unlock full access

The Phases of the PTESPre-engagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReporting
Overt Penetration TestingCovert Penetration Testing
TerminologyExploitPayloadShellcodeModuleListener
MSFconsoleStarting MSFconsoleMSFcliSample UsageArmitageRunning Armitage
MSFpayloadMSFencodeNasm Shell
Passive Information Gatheringwhois LookupsNetcraftNSLookup
Port Scanning with NmapWorking with Databases in MetasploitImporting Nmap Results into MetasploitAdvanced Nmap Scanning: TCP Idle ScanRunning Nmap from MSFconsolePort Scanning with Metasploit
Server Message Block ScanningHunting for Poorly Configured Microsoft SQL ServersSSH Server ScanningFTP ScanningSimple Network Management Protocol Sweeping
The Basic Vulnerability Scan
ConfigurationThe New Site WizardThe New Manual Scan WizardThe New Report WizardImporting Your Report into the Metasploit FrameworkRunning NeXpose Within MSFconsole
Nessus ConfigurationCreating a Nessus Scan PolicyRunning a Nessus ScanNessus ReportsImporting Results into the Metasploit FrameworkScanning with Nessus from Within Metasploit
Validating SMB LoginsScanning for Open VNC AuthenticationScanning for Open X11 Servers
Basic Exploitationmsf> show exploitsmsf> show auxiliarymsf> show optionsmsf> show payloadsmsf> show targetsinfoset and unsetsetg and unsetgsave
Compromising a Windows XP Virtual MachineScanning for Ports with NmapAttacking MS SQLBrute Forcing MS SQL ServerThe xp_cmdshellBasic Meterpreter CommandsCapturing a ScreenshotsysinfoCapturing Keystrokes
Extracting the Password HashesDumping the Password Hash
Migrating a ProcessKilling Antivirus SoftwareObtaining System Password HashesViewing All Traffic on a Target MachineScraping a SystemUsing Persistence
Creating Stand-Alone Binaries with MSFpayload
Encoding with MSFencodeMulti-encoding
Browser-Based ExploitsHow Browser-Based Exploits WorkLooking at NOPs
Auxiliary Modules in Use
Configuring the Social-Engineer Toolkit
Java AppletClient-Side Web ExploitsUsername and Password HarvestingTabnabbingMan-Left-in-the-MiddleWeb JackingPutting It All Together with a Multipronged Attack
Microsoft SQL InjectionSQL Injector—Query String AttackSQL Injector—POST Parameter AttackManual InjectionMSSQL BruterSQLPwnage
Configuration
Getting Command Execution on Microsoft SQL
PowerShellRunning the Shell ExploitCreating powershell_upload_execConversion from Hex to BinaryCountersRunning the Exploit
The Art of Fuzzing
Assembly Language BasicsEIP and ESP RegistersThe JMP Instruction SetNOPs and NOP Slides
Stripping the Existing ExploitConfiguring the Exploit DefinitionTesting Our Base ExploitImplementing Features of the FrameworkAdding RandomizationRemoving the NOP SlideRemoving the Dummy ShellcodeOur Completed Module
Meterpreter Scripting Basics
Printing OutputBase API CallsMeterpreter Mixins
Pre-engagement Interactions
Scanning the Metasploitable SystemIdentifying Vulnerable Services
Installing and Setting Up the System
Configuring Your Web Server on Windows XPBuilding a SQL ServerCreating a Vulnerable Web ApplicationUpdating Back|Track
MSFconsole Commands

Content preview from Metasploit

Chapter 8. Exploitation Using Client-Side Attacks

Years of focus on defensive network perimeters have drastically shrunk the traditional attack surfaces. When one avenue of attack becomes too difficult to penetrate, attackers can find new and easier methods for attacking their targets. Client-side attacks were the next evolution of attacks after network defenses became more prominent. These attacks target software commonly installed on computers in such programs as web browsers, PDF readers, and Microsoft Office applications. Because these programs are commonly installed on computers out of the box, they are obvious attack vectors for hackers. It’s also common for these applications to be out of date on users’ machines because of irregular patching ...