Metasploit Penetration Testing Cookbook
eBook - ePub

Metasploit Penetration Testing Cookbook

  1. 320 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Metasploit Penetration Testing Cookbook

About this book

In Detail

Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

Approach

This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.

Who this book is for

This book targets both professional penetration testers as well as new users of Metasploit, who wish to gain expertise over the framework and learn an additional skill of penetration testing, not limited to a particular OS. The book requires basic knowledge of scanning, exploitation, and the Ruby language.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2013
Edition
2
eBook ISBN
9781782166795
Topic
Ciencia de la computación
Subtopic
Ciberseguridad

Metasploit Penetration Testing CookbookSecond Edition

Table of Contents

Metasploit Penetration Testing CookbookSecond Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Metasploit Quick Tips for Security Professionals
Introduction
Configuring Metasploit on Windows
Getting ready
How to do it...
How it works...
There's more…
Database error during installation
Configuring Metasploit on Ubuntu
Getting ready
How to do it...
There's more...
Cloning the Metasploit framework
Error during installation
Installing Metasploit with BackTrack 5 R3
Getting ready
How to do it...
How it works...
There's more
Upgrading from R2 to R3
32-bit tools
64-bit tools
Setting up penetration testing using VMware
Getting ready
How to do it...
How it works...
There's more...
Disabling the firewall and antivirus protection
Setting up Metasploit on a virtual machine with SSH connectivity
Getting ready
How to do it...
How it works...
Installing and configuring PostgreSQL in BackTrack 5 R3
Getting ready
How to do it...
How it works...
There's more...
Getting an error while connecting to the database
Deleting the database
Using the database to store the penetration testing results
Getting ready
How to do it...
Working with BBQSQL
How to do it...
How it works...
2. Information Gathering and Scanning
Introduction
Passive information gathering
Getting ready
How to do it...
How it works...
There's more...
Using third-party websites
Port scanning – the Nmap way
Getting ready
How to do it...
How it works...
There's more...
Operating system and version detection
Increasing anonymity
Port scanning – the DNmap way
Getting ready
How to do it...
Using keimpx – an SMB credentials scanner
Getting ready
How to do it...
How it works...
Detecting SSH versions with the SSH version scanner
Getting ready
How to do it...
How it works...
There's more...
FTP scanning
Getting ready
How to do it...
How it works...
SNMP sweeping
Getting ready
How to do it...
How it works...
Vulnerability scanning with Nessus
Getting ready
How to do it...
How it works...
There's more...
Working with Nessus in the web browser
Scanning with NeXpose
Getting ready
How to do it...
How it works...
There's more...
Importing the scan results
Working with OpenVAS – a vulnerability scanner
Getting ready
How to do it...
How it works...
3. Operating-System-based Vulnerability Assessment
Introduction
Penetration testing on a Windows XP SP2 machine
Getting ready
How to do it...
How it works...
There's more...
Binding a shell to the target for remote access
Getting ready
How to do it...
How it works...
There's more...
Gaining complete control of the target
Penetration testing on Windows 8
Getting ready
How to do it...
How it works...
There's more...
See also
Exploiting a Linux (Ubuntu) machine
Getting ready
How to do it...
How it works...
There's more...
Other relevant exploit modules for Linux
Understanding the Windows DLL injection flaws
Getting ready
How to do it...
How it works...
There's more...
The DLLHijackAudit kit by H. D. Moore
4. Client-side Exploitation and Antivirus Bypass
Introduction
Exploiting Internet Explorer execCommand Use-After-Free vulnerability
Getting ready
How to do it...
How it works...
Understanding Adobe Flash Player "new function" invalid pointer use
Getting ready
How to do it...
How it works...
Understanding Microsoft Word RTF stack buffer overflow
Getting ready
How to do it...
How it works...
There's more...
Microsoft Excel 2007 buffer overflow
Working with Adobe Reader U3D Memory Corruption
Getting ready
How to do it...
How it works...
Generating binary and shell code from msfpayload
Getting ready
How to do it...
How it works...
Msfencoding schemes with the detection ratio
Getting ready
How to do it...
How it works...
Using the killav.rb script to disable the antivirus programs
Getting ready
How to do it...
How it works...
Killing the antiviruses' services from the command line
Getting ready
How to do it...
How it works...
There's more...
Some services were not killed – what next?
Working with the syringe utility
Getting ready
How to do it...
How it works...
5. Working with Modules for Penetration Testing
Introduction
Working with scanner auxiliary modules
Getting ready
How to do it...
How it works...
There's more…
Generating passwords using Crunch
See also
Working with auxiliary admin modules
Getting ready
How to do it...
How it works...
SQL injection and DoS attack module
Getting ready
How to do it...
How it works...
Post-exploitation modules
Getting ready
How to do it...
How it works...
Understanding the basics of module building
Getting ready
How to do it...
Analyzing an existing module
Getting ready
How to do it...
How it works...
Building your own post-exploitation module
Getting ready
How to do it...
6. Exploring Exploits
Introduction
Exploiting the module structure
Getting ready
How to do it...
How it works...
Working wit...

Table of contents

  1. Metasploit Penetration Testing CookbookSecond Edition

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Metasploit Penetration Testing Cookbook by Monika Agarwal, Abhinav Singh in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over one million books available in our catalogue for you to explore.