eBook - ePub
Mastering Metasploit
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework, 4th Edition
Nipun Jaswal
This is a test
- 502 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Mastering Metasploit
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework, 4th Edition
Nipun Jaswal
Book details
Book preview
Table of contents
Citations
About This Book
Discover the next level of network defense and penetration testing with the Metasploit 5.0 framework
Key Features
- Make your network robust and resilient with this updated edition covering the latest pentesting techniques
- Explore a variety of entry points to compromise a system while remaining undetected
- Enhance your ethical hacking skills by performing penetration tests in highly secure environments
Book Description
Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.
Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you'll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.
By the end of the book, you'll have developed the skills you need to work confidently with efficient exploitation techniques
What you will learn
- Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
- Learn to script automated attacks using CORTANA
- Test services such as databases, SCADA, VoIP, and mobile devices
- Attack the client side with highly advanced pentesting techniques
- Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
- Import public exploits to the Metasploit Framework
- Leverage C and Python programming to effectively evade endpoint protection
Who this book is for
If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Mastering Metasploit an online PDF/ePUB?
Yes, you can access Mastering Metasploit by Nipun Jaswal in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.
Information
Section 1 â Preparation and Development
The preparation and development phase allows you to develop or port your exploits to Metasploit, add custom functionalities, and prepare your arsenal for an attack.
This section comprises the following chapters:
- Chapter 1, Approaching a Penetration Test Using Metasploit
- Chapter 2, Reinventing Metasploit
- Chapter 3, The Exploit Formulation Process
- Chapter 4, Porting Exploits
Chapter 1: Approaching a Penetration Test Using Metasploit
Penetration testing is an intentional attack on a computer-based system where the intention is to find vulnerabilities, security weaknesses, and certify whether a system is secure. A penetration test allows an organization to understand their security posture in terms of whether it is vulnerable to an attack, whether the implemented security is enough to oppose any invasion, which security controls can be bypassed, and much more. Hence, a penetration test focuses on improving the security posture of an organization.
Achieving success in a penetration test largely depends on using the right set of tools and techniques. A penetration tester must choose the right set of tools and methodologies to complete a test. While talking about the best tools for penetration testing, the first one that comes to mind is Metasploit. It is considered one of the most effective auditing tools to carry out penetration testing today. Metasploit offers a wide variety of exploits, an excellent exploit development environment, information gathering and web testing capabilities, and much more.
This book has been written so that it will not only cover the frontend perspectives of Metasploit, but also focus on the development and customization of the framework. With the launch of Metasploit 5.0, Metasploit has recently undergone numerous changes, which brought an array of new capabilities and features, all of which we will discuss in the upcoming chapters. This book assumes that you have basic knowledge of the Metasploit framework. However, some of the sections of this book will help you recall the basics as well.
While covering Metasploit from the very basics to the elite level, we will stick to a step-by-step approach, as shown in the following diagram:
Figure 1.1 â Chapter overview
This chapter will help you recall the basics of penetration testing and Metasploit, which will help you warm up to the pace of this book.
In this chapter, you will learn about the following topics:
- Organizing a penetration test
- Mounting the environment
- Conducting a penetration test with Metasploit
- Benefits of penetration testing using Metasploit
- Case study â reaching the domain controller
An important point to take note of here is that you won't become an expert penetration tester in a single day. It takes practice, familiarization with the work environment, the ability to perform in critical situations, and most importantly, an understanding of how you have to cycle through the various stages of a penetration test.
Technical requirements
In this chapter, we made use of the following software and operating systems (OSes):
- VMWare Workstation 12 Player for virtualization (any version can be used)/Oracle Virtual Box (throughout this book, we will use VMWare Workstation Player).
- Ubuntu 18.03 LTS Desktop as a pentester's workstation VM with an IP of 192.168.188.128. You can download Ubuntu from https://ubuntu.com/download/desktop.
- Windows 7 Ultimate 64-bit, version: 6.1.7601 Service Pack 1 Build 7601 as a target with IPs of 192.168.188.129 and 192.168.248.153 (any 64-bit Windows 7 release version prior to 2017).
- Microsoft Windows Server 2008 R2 Enterprise 64-Bit, Version: 6.1.7601 Service Pack 1 Build 7601 as the domain controller with an IP of 192.168.248.10 (any Windows Server 2008/2012).
- Metasploit 5.0.43 (https://www.metasploit.com/download).
Organizing a penetration test
When we think about conducting a penetration test on an organization, we need to make sure that everything works according to the penetration test standards. Therefore, if you feel you are new to penetration testing standards or uncomfortable with the term Penetration Testing Execution Standard (PTES), please refer to http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines to become more familiar with penetration testing and vulnerability assessments.
In line with to PTES, the following diagram explains the various phases of a penetration test:
Figure 1.2 â Phases of a penetration test
Important Note
Refer to http://www.pentest-standard.org/index.php/Main to set up the hardware and systematic stages to be followed when setting up a work environment.
Before we start firing sophisticated and complex attacks with Metasploit, let's understand the various phases of a penetration test and learn how to organize a penetration test at a professional scale.
Preinteractions
The very first phase of a penetration test, preinteractions, involves a discussion of the critical factors regarding the conduct of a penetration test on a client's organization, company, institute, or network of the client themselves. This phase serves as the connecting line between the penetration tester, the client, and their requirements. Preinteractions ...