Mastering Metasploit - Second Edition [2nd ed] 9781786463166, 1786463164, 9781786462343, 1786462346
Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book wi
291 21 31MB
English Pages 432 Year 2016
Table of contents :
Cover
Credits
Foreword
About the Author
About the Reviewer
www.PacktPub.com
Table of Contents
Preface
Chapter 1: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Modeling threats
Vulnerability analysis
Exploitation and post-exploitation
Reporting
Mounting the environment
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Recalling the basics of Metasploit. Benefits of penetration testing using MetasploitOpen source
Support for testing large networks and easy naming conventions
Smart payload generation and switching mechanism
Cleaner exits
The GUI environment
Penetration testing an unknown network
Assumptions
Gathering intelligence
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
The attack procedure
The procedure of exploiting the vulnerability
Exploitation and post exploitation
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Exploitation and post exploitation. Vulnerability analysis of HFS 2.3Exploitation and post exploitation
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 2: Reinventing Metasploit
Ruby --
the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell
Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings
The substring function
The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby
Arrays in Ruby
Methods in Ruby
Decision-making operators
Loops in Ruby
Regular expressions. Wrapping up with Ruby basicsDeveloping custom modules
Building a module in a nutshell
The architecture of the Metasploit framework
Understanding the file structure
The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and the function
Using msftidy
Writing out a custom SSH authentication brute forcer
Rephrasing the equation
Writing a drive disabler post exploitation module. Writing a credential harvester post exploitation moduleBreakthrough meterpreter scripting
Essentials of meterpreter scripting
Pivoting the target network
Setting up persistent access
API calls and mixins
Fabricating custom meterpreter scripts
Working with RailGun
Interactive Ruby shell basics
Understanding RailGun and its scripting
Manipulating Windows API calls
Fabricating sophisticated RailGun scripts
Summary
Chapter 3: The Exploit Formulation Process
The absolute basics of exploitation
The basics
The architecture
System organization basics
Registers.
Cover
Credits
Foreword
About the Author
About the Reviewer
www.PacktPub.com
Table of Contents
Preface
Chapter 1: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Modeling threats
Vulnerability analysis
Exploitation and post-exploitation
Reporting
Mounting the environment
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Recalling the basics of Metasploit. Benefits of penetration testing using MetasploitOpen source
Support for testing large networks and easy naming conventions
Smart payload generation and switching mechanism
Cleaner exits
The GUI environment
Penetration testing an unknown network
Assumptions
Gathering intelligence
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
The attack procedure
The procedure of exploiting the vulnerability
Exploitation and post exploitation
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Exploitation and post exploitation. Vulnerability analysis of HFS 2.3Exploitation and post exploitation
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 2: Reinventing Metasploit
Ruby --
the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell
Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings
The substring function
The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby
Arrays in Ruby
Methods in Ruby
Decision-making operators
Loops in Ruby
Regular expressions. Wrapping up with Ruby basicsDeveloping custom modules
Building a module in a nutshell
The architecture of the Metasploit framework
Understanding the file structure
The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and the function
Using msftidy
Writing out a custom SSH authentication brute forcer
Rephrasing the equation
Writing a drive disabler post exploitation module. Writing a credential harvester post exploitation moduleBreakthrough meterpreter scripting
Essentials of meterpreter scripting
Pivoting the target network
Setting up persistent access
API calls and mixins
Fabricating custom meterpreter scripts
Working with RailGun
Interactive Ruby shell basics
Understanding RailGun and its scripting
Manipulating Windows API calls
Fabricating sophisticated RailGun scripts
Summary
Chapter 3: The Exploit Formulation Process
The absolute basics of exploitation
The basics
The architecture
System organization basics
Registers.
![Mastering Metasploit - Second Edition [2nd ed]
9781786463166, 1786463164, 9781786462343, 1786462346](https://ebin.pub/img/200x200/mastering-metasploit-second-edition-2nd-ed-9781786463166-1786463164-9781786462343-1786462346.jpg)
![Mastering Microsoft Intune, Second Edition [Second Edition]
9781835468517](https://ebin.pub/img/200x200/mastering-microsoft-intune-second-edition-second-edition-9781835468517.jpg)
![Mastering regular expressions [Second Edition]
9780596002893, 0596002890](https://ebin.pub/img/200x200/mastering-regular-expressions-second-edition-9780596002893-0596002890.jpg)
![Mastering PyTorch, 2nd Edition [2 ed.]
9781801074308](https://ebin.pub/img/200x200/mastering-pytorch-2nd-edition-2nbsped-9781801074308.jpg)
![Mastering Microsoft Intune, Second Edition [2 ed.]
9781835468517](https://ebin.pub/img/200x200/mastering-microsoft-intune-second-edition-2nbsped-9781835468517.jpg)
![Essentials Medical Statistics (Second Edition) [2nd ed.]
0865428719, 9780865428713](https://ebin.pub/img/200x200/essentials-medical-statistics-second-edition-2ndnbsped-0865428719-9780865428713.jpg)
![Numerical Optimization. Second Edition [2nd ed.]
9780387303031, 0387303030](https://ebin.pub/img/200x200/numerical-optimization-second-edition-2ndnbsped-9780387303031-0387303030.jpg)
![Principles of Turbomachinery - Second Edition [2nd ed.]
9780412602108, 0412602105](https://ebin.pub/img/200x200/principles-of-turbomachinery-second-edition-2ndnbsped-9780412602108-0412602105.jpg)
![Game Engine Architecture, Second Edition [2nd ed.]
978-1466560017](https://ebin.pub/img/200x200/game-engine-architecture-second-edition-2ndnbsped-978-1466560017.jpg)
![Satellite Communication Engineering, Second Edition [2nd ed. 2013]
148221010X, 9781482210101](https://ebin.pub/img/200x200/satellite-communication-engineering-second-edition-2nd-ed-2013-148221010x-9781482210101.jpg)