Improving your Penetration Testing Skills
eBook - ePub

Improving your Penetration Testing Skills

Strengthen your defense against web attacks with Kali Linux and Metasploit

  1. 712 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Improving your Penetration Testing Skills

Strengthen your defense against web attacks with Kali Linux and Metasploit

About this book

Evade antiviruses and bypass firewalls with the most widely used penetration testing frameworks

Key Features

  • Gain insights into the latest antivirus evasion techniques
  • Set up a complete pentesting environment using Metasploit and virtual machines
  • Discover a variety of tools and techniques that can be used with Kali Linux

Book Description

Penetration testing or ethical hacking is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats.

This Learning Path starts with an in-depth explanation of what hacking and penetration testing is. You'll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it's exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to improve your defense against online attacks.

By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities.

This Learning Path includes content from the following Packt products:

  • Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez
  • Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh, Monika Agarwal, et al

What you will learn

  • Build and analyze Metasploit modules in Ruby
  • Integrate Metasploit with other penetration testing tools
  • Use server-side attacks to detect vulnerabilities in web servers and their applications
  • Explore automated attacks such as fuzzing web applications
  • Identify the difference between hacking a web application and network hacking
  • Deploy Metasploit with the Penetration Testing Execution Standard (PTES)
  • Use MSFvenom to generate payloads and backdoor files, and create shellcode

Who this book is for

This Learning Path is designed for security professionals, web programmers, and pentesters who want to learn vulnerability exploitation and make the most of the Metasploit framework. Some understanding of penetration testing and Metasploit is required, but basic system administration skills and the ability to read code are a must.

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2019
Print ISBN
9781838646073
Edition
1
eBook ISBN
9781838644949
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Meterpreter

In this chapter, we will cover the following recipes:
  • Understanding the Meterpreter core commands
  • Understanding the Meterpreter filesystem commands
  • Understanding the Meterpreter networking commands
  • Understanding the Meterpreter system commands
  • Setting up multiple communication channels with the target
  • Meterpreter anti-forensics
  • The getdesktop and keystroke sniffing
  • Using a scraper Meterpreter script
  • Scraping the system with winenum
  • Automation with AutoRunScript
  • Meterpreter resource scripts
  • Meterpreter timeout control
  • Meterpreter sleep control
  • Meterpreter transports
  • Interacting with the registry
  • Load framework plugins
  • Meterpreter API and mixins
  • Railgun—converting Ruby into a weapon
  • Adding DLL and function definitions to Railgun
  • Injecting the VNC server remotely
  • Enabling Remote Desktop

Introduction

So far, we have laid more emphasis on the exploitation phase in which we tried out various techniques and exploits to compromise our target. In this chapter, we will focus on Meterpreter, the most advanced payload in Metasploit, and what we can do after we have exploited the target machine. Meterpreter provides us with many features that can ease our task of exploring the target machine. We have already seen how to use Meterpreter in previous chapters but in the following chapters, we will understand Meterpreter in detail, as well as how to use it as a potential tool for the post-exploitation phase.
We have been using payloads in order to achieve specific results, but they have a major disadvantage. Payloads work by creating new processes in the compromised system. This can trigger alarms in antivirus programs and can be caught easily. Also, a payload is limited to perform only some specific tasks or execute specific commands that the shell can run. To overcome these difficulties, Meterpreter was created.
Meterpreter is a command interpreter for Metasploit that acts as a payload and works by using in-memory DLL injections and a native shared object format. It works in context with the exploited process; hence, it does not create any new process. This makes it more stealthy and powerful.
Let's take a look at some Meterpreter functions. The following diagram shows a simple stepwise representation of loading Meterpreter:
In the first step, the exploit and first stage payload are sent to the target machine. After exploitation, the stage establishes a TCP connection back to msfconsole on a given address and port. Next, msfconsole sends the second stage DLL injection payload. After successful injection, it sends the Meterpreter DLL to establish a proper communication channel. Lastly, Meterpreter loads extensions such as stdapi and priv. All these extensions are loaded over TLS using a TLV protocol. Meterpreter uses encrypted communication with the target, which is another major advantage of using it.
Let's quickly summarize the advantages of Meterpreter over specific payloads:
  • It works in context with the exploited process, so it doesn't create a new process
  • It can migrate easily among processes
  • It resides completely in memory, so it writes nothing to disk
  • It uses encrypted communications
  • It uses a channelized communication system so that we can work with several channels at a time
  • It provides a platform to write extensions quickly and easily
This chapter is dedicated entirely to exploring the target machine by using the various commands and scripts that Meterpreter provides us with. We will start by analyzing common Meterpreter commands. Then, we will move ahead with setting up different communication channels, using networking commands, key sniffing, and so on. Finally, we will discuss the scraper Meterpreter script, which can create a single directory containing various pieces of information about the target user. In this chapter, we will mainly focus on the commands and scripts which can be helpful in exploring the compromised system.
So, let's move ahead and look at the recipes which enable us to dive deeper into Meterpreter.

Understanding the Meterpreter core commands

Let's start by using Meterpreter commands to understand their functionality. As it is a post-exploitation tool, we will require a compromised target to execute the commands. We will be using the Metasploitable 3 machine as a target that we have exploited using the Microsoft Windows Authenticated User Code Execution exploit module.

Getting ready

To avoid setting up the Microsoft Windows Authenticated User Code Execution exploit module every single time we want to test Meterpreter commands, we will use one of my favorite Metasploit Framework features, resource scripts. Resource scripts provide an easy way for us to automate repetitive tasks in Metasploit.

How to do it...

  1. The Metasploit Framework comes packed with several resource scripts that have been contributed to by the community, which you can find at /usr/share/metasploit-framework/scripts/resource/ in your Kali Linux machine:
root@kali:~# ls /usr/share/metasploit-framework/scripts/resource/
auto_brute.rc fileformat_generator.rc
auto_cred_checker.rc mssql_brute.rc
auto_pass_the_hash.rc multi_post.rc
auto_win32_multihandler.rc nessus_vulns_cleaner.rc
autocrawler.rc oracle_login.rc
autoexploit.rc oracle_sids.rc
bap_all.rc oracle_tns.rc
bap_dryrun_only.rc port_cleaner.rc
bap_firefox_only.rc portscan.rc
bap_flash_only.rc run_all_post.rc
bap_ie_only.rc wmap_autotest.rc
basic_discovery.rc
  1. To create our own resource scripts, we simply need to execute the module and then use the makerc command to create a re...

Table of contents

  1. Title Page
  2. Copyright
  3. About Packt
  4. Contributors
  5. Preface
  6. Introduction to Penetration Testing and Web Applications
  7. Setting Up Your Lab with Kali Linux
  8. Reconnaissance and Profiling the Web Server
  9. Authentication and Session Management Flaws
  10. Detecting and Exploiting Injection-Based Flaws
  11. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
  12. Cross-Site Request Forgery, Identification, and Exploitation
  13. Attacking Flaws in Cryptographic Implementations
  14. Using Automated Scanners on Web Applications
  15. Metasploit Quick Tips for Security Professionals
  16. Information Gathering and Scanning
  17. Server-Side Exploitation
  18. Meterpreter
  19. Post-Exploitation
  20. Using MSFvenom
  21. Client-Side Exploitation and Antivirus Bypass
  22. Social-Engineer Toolkit
  23. Working with Modules for Penetration Testing
  24. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Improving your Penetration Testing Skills by Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over 1.5 million books available in our catalogue for you to explore.