Metasploit Bootcamp
eBook - ePub

Metasploit Bootcamp

  1. 230 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Metasploit Bootcamp

About this book

Master the art of penetration testing with Metasploit Framework in 7 daysAbout This Book• A fast-paced guide that will quickly enhance your penetration testing skills in just 7 days• Carry out penetration testing in complex and highly-secured environments.• Learn techniques to Integrate Metasploit with industry's leading toolsWho This Book Is ForIf you are a penetration tester, ethical hacker, or security consultant who quickly wants to master the Metasploit framework and carry out advanced penetration testing in highly secured environments then, this book is for you.What You Will Learn• Get hands-on knowledge of Metasploit• Perform penetration testing on services like Databases, VOIP and much more• Understand how to Customize Metasploit modules and modify existing exploits• Write simple yet powerful Metasploit automation scripts• Explore steps involved in post-exploitation on Android and mobile platforms.In DetailThe book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user's preparation over the past six days and ends with a Metasploit challenge to solve.Style and approachThis book is all about fast and intensive learning. That means we don't waste time in helping readers get started. The new content is basically about filling in with highly-effective examples to build new things, show solving problems in newer and unseen ways, and solve real-world examples.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2017
Edition
1
eBook ISBN
9781788298209
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Exploitation and Gaining Access

In the Chapter 2, Identifying and Scanning Targets, we had a precise look at scanning multiple services in a network while fingerprinting their exact version numbers. We had to find the exact version numbers of the services running so that we could exploit the vulnerabilities residing in a particular version of the software. In this chapter, we will make use of the strategies learned in the Chapter 2, Identifying and Scanning Targets, to successfully gain access to some systems by taking advantage of their vulnerabilities. We will learn how to do the following:
  • Exploit applications using Metasploit
  • Test servers for successful exploitation
  • Attack mobile platforms with Metasploit
  • Use browser-based attacks for client-side testing
  • Build and modify existing exploit modules in Metasploit
So let us get started.

Setting up the practice environment

Throughout this chapter and the following ones, we will primarily practice on Metasploitable 2 and Metasploitable 3 (intentionally vulnerable operating systems). Additionally, for the exercises which are not covered in Metasploitable distributions, we will use our customized environment:
  • Please follow the instructions to set up Metasploitable 2 at https://community.rapid7.com/thread/2007
  • To set up Metasploitable 3, refer to https://github.com/rapid7/metasploitable3
  • Refer to the excellent video tutorials to set up Metasploitable 3 at https://www.youtube.com/playlist?list=PLZOToVAK85MpnjpcVtNMwmCxMZRFaY6mT

Exploiting applications with Metasploit

Consider yourself performing a penetration test on a class B range IP network. Let's first add a new workspace for our test and switch to it, as shown in the following screenshot:
We added a new workspace by issuing the workspace command followed by the -a switch followed by the name of our new workspace. We switched our workspace to the one we just created by issuing the workspace command again followed by the name of the workspace, which, in our case is ClassBNetwork.
Throughout Chapter 2, Identifying and Scanning Targets, we used the tcp portscan auxiliary module heavily. Let's use it again and see what surprises we have on this network:
Nothing fancy! We merely have two open ports, that is, port 80 and port 22. Let's verify the information found in the scan by issuing the hosts command and the services command, as shown in the following screenshot:
We can see that the information captured in the scan now resides in Metasploit's database. However, we did not find much in the scan. Let's run a more accurate scan in the next section.

Using db_nmap in Metasploit

Nmap is one of the most popular network scanners and is most widely used in penetration testing and vulnerability assessments. The beauty of Metasploit is that it combines the power of Nmap by integrating and storing results in its database. Let's run a basic stealth scan on the target by providing the -sS switch. Additionally, we have used the -p- switch to tell Nmap to scan for all 65,535 ports on the target, and the --open switch to list all the open ports only (this eliminates filtered and closed ports), as shown in the following screenshot:
We can see providing the preceding command runs a thorough scan on the target. Let's analyze the output generated from the scan as follows:
We can see a number of ports open on the target. We can consider them as an entry point to the system if we find any of them vulnerable. However, as discussed earlier, to exploit these services, we will need to figure out the software and its exact version number. db_nmap can provide us with the version of software running by initiating a service scan. We can perform a service scan similarly by adding the -sV switch to the previous scan command and rerunning the scan:
Awesome! We have fingerprinted almost 80% of the open ports with their exact version numbers. We can see we have many attractive services running on the target. Let's verify whether all the information we gathered from the scan has successfully been migrated to Metasploit by issuing the services command:
Yup! Metasploit has logged everything. Let's target some web server software such as Apache Tomcat/Coyote JSP Engine 1.1 running on port 8022. However, before firing any exploit, we should always check what application is running on the server by manually browsing to the port through a web browser, as shown in the following screenshot:
Surprise! We have Desktop Central 9 running on the se...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. About the Author
  5. About the Reviewer
  6. www.PacktPub.com
  7. Customer Feedback
  8. Dedication
  9. Preface
  10. Getting Started with Metasploit
  11. Identifying and Scanning Targets
  12. Exploitation and Gaining Access
  13. Post-Exploitation with Metasploit
  14. Testing Services with Metasploit
  15. Fast-Paced Exploitation with Metasploit
  16. Exploiting Real-World Challenges with Metasploit

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Metasploit Bootcamp by Nipun Jaswal in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.