eBook - ePub
Improving your Penetration Testing Skills
Strengthen your defense against web attacks with Kali Linux and Metasploit
Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh
This is a test
Share book
- 712 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Improving your Penetration Testing Skills
Strengthen your defense against web attacks with Kali Linux and Metasploit
Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh
Book details
Book preview
Table of contents
Citations
About This Book
Evade antiviruses and bypass firewalls with the most widely used penetration testing frameworks
Key Features
- Gain insights into the latest antivirus evasion techniques
- Set up a complete pentesting environment using Metasploit and virtual machines
- Discover a variety of tools and techniques that can be used with Kali Linux
Book Description
Penetration testing or ethical hacking is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats.
This Learning Path starts with an in-depth explanation of what hacking and penetration testing is. You'll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it's exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to improve your defense against online attacks.
By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities.
This Learning Path includes content from the following Packt products:
- Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez
- Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh, Monika Agarwal, et al
What you will learn
- Build and analyze Metasploit modules in Ruby
- Integrate Metasploit with other penetration testing tools
- Use server-side attacks to detect vulnerabilities in web servers and their applications
- Explore automated attacks such as fuzzing web applications
- Identify the difference between hacking a web application and network hacking
- Deploy Metasploit with the Penetration Testing Execution Standard (PTES)
- Use MSFvenom to generate payloads and backdoor files, and create shellcode
Who this book is for
This Learning Path is designed for security professionals, web programmers, and pentesters who want to learn vulnerability exploitation and make the most of the Metasploit framework. Some understanding of penetration testing and Metasploit is required, but basic system administration skills and the ability to read code are a must.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Improving your Penetration Testing Skills an online PDF/ePUB?
Yes, you can access Improving your Penetration Testing Skills by Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Meterpreter
In this chapter, we will cover the following recipes:
- Understanding the Meterpreter core commands
- Understanding the Meterpreter filesystem commands
- Understanding the Meterpreter networking commands
- Understanding the Meterpreter system commands
- Setting up multiple communication channels with the target
- Meterpreter anti-forensics
- The getdesktop and keystroke sniffing
- Using a scraper Meterpreter script
- Scraping the system with winenum
- Automation with AutoRunScript
- Meterpreter resource scripts
- Meterpreter timeout control
- Meterpreter sleep control
- Meterpreter transports
- Interacting with the registry
- Load framework plugins
- Meterpreter API and mixins
- Railgunâconverting Ruby into a weapon
- Adding DLL and function definitions to Railgun
- Injecting the VNC server remotely
- Enabling Remote Desktop
Introduction
So far, we have laid more emphasis on the exploitation phase in which we tried out various techniques and exploits to compromise our target. In this chapter, we will focus on Meterpreter, the most advanced payload in Metasploit, and what we can do after we have exploited the target machine. Meterpreter provides us with many features that can ease our task of exploring the target machine. We have already seen how to use Meterpreter in previous chapters but in the following chapters, we will understand Meterpreter in detail, as well as how to use it as a potential tool for the post-exploitation phase.
We have been using payloads in order to achieve specific results, but they have a major disadvantage. Payloads work by creating new processes in the compromised system. This can trigger alarms in antivirus programs and can be caught easily. Also, a payload is limited to perform only some specific tasks or execute specific commands that the shell can run. To overcome these difficulties, Meterpreter was created.
Meterpreter is a command interpreter for Metasploit that acts as a payload and works by using in-memory DLL injections and a native shared object format. It works in context with the exploited process; hence, it does not create any new process. This makes it more stealthy and powerful.
Let's take a look at some Meterpreter functions. The following diagram shows a simple stepwise representation of loading Meterpreter:
In the first step, the exploit and first stage payload are sent to the target machine. After exploitation, the stage establishes a TCP connection back to msfconsole on a given address and port. Next, msfconsole sends the second stage DLL injection payload. After successful injection, it sends the Meterpreter DLL to establish a proper communication channel. Lastly, Meterpreter loads extensions such as stdapi and priv. All these extensions are loaded over TLS using a TLV protocol. Meterpreter uses encrypted communication with the target, which is another major advantage of using it.
Let's quickly summarize the advantages of Meterpreter over specific payloads:
- It works in context with the exploited process, so it doesn't create a new process
- It can migrate easily among processes
- It resides completely in memory, so it writes nothing to disk
- It uses encrypted communications
- It uses a channelized communication system so that we can work with several channels at a time
- It provides a platform to write extensions quickly and easily
This chapter is dedicated entirely to exploring the target machine by using the various commands and scripts that Meterpreter provides us with. We will start by analyzing common Meterpreter commands. Then, we will move ahead with setting up different communication channels, using networking commands, key sniffing, and so on. Finally, we will discuss the scraper Meterpreter script, which can create a single directory containing various pieces of information about the target user. In this chapter, we will mainly focus on the commands and scripts which can be helpful in exploring the compromised system.
So, let's move ahead and look at the recipes which enable us to dive deeper into Meterpreter.
Understanding the Meterpreter core commands
Let's start by using Meterpreter commands to understand their functionality. As it is a post-exploitation tool, we will require a compromised target to execute the commands. We will be using the Metasploitable 3 machine as a target that we have exploited using the Microsoft Windows Authenticated User Code Execution exploit module.
Getting ready
To avoid setting up the Microsoft Windows Authenticated User Code Execution exploit module every single time we want to test Meterpreter commands, we will use one of my favorite Metasploit Framework features, resource scripts. Resource scripts provide an easy way for us to automate repetitive tasks in Metasploit.
How to do it...
- The Metasploit Framework comes packed with several resource scripts that have been contributed to by the community, which you can find at /usr/share/metasploit-framework/scripts/resource/ in your Kali Linux machine:
root@kali:~# ls /usr/share/metasploit-framework/scripts/resource/
auto_brute.rc fileformat_generator.rc
auto_cred_checker.rc mssql_brute.rc
auto_pass_the_hash.rc multi_post.rc
auto_win32_multihandler.rc nessus_vulns_cleaner.rc
autocrawler.rc oracle_login.rc
autoexploit.rc oracle_sids.rc
bap_all.rc oracle_tns.rc
bap_dryrun_only.rc port_cleaner.rc
bap_firefox_only.rc portscan.rc
bap_flash_only.rc run_all_post.rc
bap_ie_only.rc wmap_autotest.rc
basic_discovery.rc
- To create our own resource scripts, we simply need to execute the module and then use the makerc command to create a re...