eBook - ePub
Metasploit Penetration Testing Cookbook
Abhinav Singh, Nipun Jaswal, Monika Agarwal, Daniel Teixeira
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Metasploit Penetration Testing Cookbook
Abhinav Singh, Nipun Jaswal, Monika Agarwal, Daniel Teixeira
Book details
Book preview
Table of contents
Citations
About This Book
Over 100 recipes for penetration testing using Metasploit and virtual machines
Key Features
- Special focus on the latest operating systems, exploits, and penetration testing techniques
- Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures
- Automate post exploitation with AutoRunScript
- Exploit Android devices, record audio and video, send and read SMS, read call logs, and much more
- Build and analyze Metasploit modules in Ruby
- Integrate Metasploit with other penetration testing tools
Book Description
Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.
In this book, you will go through great recipes that will allow you to start using Metasploit effectively. With an ever increasing level of complexity, and covering everything from the fundamentals to more advanced features in Metasploit, this book is not just for beginners but also for professionals keen to master this awesome tool.
You will begin by building your lab environment, setting up Metasploit, and learning how to perform intelligence gathering, threat modeling, vulnerability analysis, exploitation, and post exploitation—all inside Metasploit. You will learn how to create and customize payloads to evade anti-virus software and bypass an organization's defenses, exploit server vulnerabilities, attack client systems, compromise mobile phones, automate post exploitation, install backdoors, run keyloggers, highjack webcams, port public exploits to the framework, create your own modules, and much more.
What you will learn
- Set up a complete penetration testing environment using Metasploit and virtual machines
- Master the world's leading penetration testing tool and use it in professional penetration testing
- Make the most of Metasploit with PostgreSQL, importing scan results, using workspaces, hosts, loot, notes, services, vulnerabilities, and exploit results
- Use Metasploit with the Penetration Testing Execution Standard methodology
- Use MSFvenom efficiently to generate payloads and backdoor files, and create shellcode
- Leverage Metasploit's advanced options, upgrade sessions, use proxies, use Meterpreter sleep control, and change timeouts to be stealthy
Who this book is for
If you are a Security professional or pentester and want to get into vulnerability exploitation and make the most of the Metasploit framework, then this book is for you. Some prior understanding of penetration testing and Metasploit is required.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Metasploit Penetration Testing Cookbook an online PDF/ePUB?
Yes, you can access Metasploit Penetration Testing Cookbook by Abhinav Singh, Nipun Jaswal, Monika Agarwal, Daniel Teixeira in PDF and/or ePUB format, as well as other popular books in Informatique & Administration du système. We have over one million books available in our catalogue for you to explore.
Information
Meterpreter
In this chapter, we will cover the following recipes:
- Understanding the Meterpreter core commands
- Understanding the Meterpreter filesystem commands
- Understanding the Meterpreter networking commands
- Understanding the Meterpreter system commands
- Setting up multiple communication channels with the target
- Meterpreter anti-forensics
- The getdesktop and keystroke sniffing
- Using a scraper Meterpreter script
- Scraping the system with winenum
- Automation with AutoRunScript
- Meterpreter resource scripts
- Meterpreter timeout control
- Meterpreter sleep control
- Meterpreter transports
- Interacting with the registry
- Load framework plugins
- Meterpreter API and mixins
- Railgun—converting Ruby into a weapon
- Adding DLL and function definitions to Railgun
- Injecting the VNC server remotely
- Enabling Remote Desktop
Introduction
So far, we have laid more emphasis on the exploitation phase in which we tried out various techniques and exploits to compromise our target. In this chapter, we will focus on Meterpreter, the most advanced payload in Metasploit, and what we can do after we have exploited the target machine. Meterpreter provides us with many features that can ease our task of exploring the target machine. We have already seen how to use Meterpreter in previous chapters but in the following chapters, we will understand Meterpreter in detail, as well as how to use it as a potential tool for the post-exploitation phase.
We have been using payloads in order to achieve specific results, but they have a major disadvantage. Payloads work by creating new processes in the compromised system. This can trigger alarms in antivirus programs and can be caught easily. Also, a payload is limited to perform only some specific tasks or execute specific commands that the shell can run. To overcome these difficulties, Meterpreter was created.
Meterpreter is a command interpreter for Metasploit that acts as a payload and works by using in-memory DLL injections and a native shared object format. It works in context with the exploited process; hence, it does not create any new process. This makes it more stealthy and powerful.
Let's take a look at some Meterpreter functions. The following diagram shows a simple stepwise representation of loading Meterpreter:
In the first step, the exploit and first stage payload are sent to the target machine. After exploitation, the stage establishes a TCP connection back to msfconsole on a given address and port. Next, msfconsole sends the second stage DLL injection payload. After successful injection, it sends the Meterpreter DLL to establish a proper communication channel. Lastly, Meterpreter loads extensions such as stdapi and priv. All these extensions are loaded over TLS using a TLV protocol. Meterpreter uses encrypted communication with the target, which is another major advantage of using it.
Let's quickly summarize the advantages of Meterpreter over specific payloads:
- It works in context with the exploited process, so it doesn't create a new process
- It can migrate easily among processes
- It resides completely in memory, so it writes nothing to disk
- It uses encrypted communications
- It uses a channelized communication system so that we can work with several channels at a time
- It provides a platform to write extensions quickly and easily
This chapter is dedicated entirely to exploring the target machine by using the various commands and scripts that Meterpreter provides us with. We will start by analyzing common Meterpreter commands. Then, we will move ahead with setting up different communication channels, using networking commands, key sniffing, and so on. Finally, we will discuss the scraper Meterpreter script, which can create a single directory containing various pieces of information about the target user. In this chapter, we will mainly focus on the commands and scripts which can be helpful in exploring the compromised system.
So, let's move ahead and look at the recipes which enable us to dive deeper into Meterpreter.
Understanding the Meterpreter core commands
Let's start by using Meterpreter commands to understand their functionality. As it is a post-exploitation tool, we will require a compromised target to execute the commands. We will be using the Metasploitable 3 machine as a target that we have exploited using the Microsoft Windows Authenticated User Code Execution exploit module.
Getting ready
To avoid setting up the Microsoft Windows Authenticated User Code Execution exploit module every single time we want to test Meterpreter commands, we will use one of my favorite Metasploit Framework features, resource scripts. Resource scripts provide an easy way for us to automate repetitive tasks in Metasploit.
How to do it...
- The Metasploit Framework comes packed with several resource scripts that have been contributed to by the community, which you can find at /usr/share/metasploit-framework/scripts/resource/ in your Kali Linux machine:
root@kali:~# ls /usr/share/metasploit-framework/scripts/resource/
auto_brute.rc fileformat_generator.rc
auto_cred_checker.rc mssql_brute.rc
auto_pass_the_hash.rc multi_post.rc
auto_win32_multihandler.rc nessus_vulns_cleaner.rc
autocrawler.rc oracle_login.rc
autoexploit.rc oracle_sids.rc
bap_all.rc oracle_tns.rc
bap_dryrun_only.rc port_cleaner.rc
bap_firefox_only.rc portscan.rc
bap_flash_only.rc run_all_post.rc
bap_ie_only.rc wmap_autotest.rc
basic_discovery.rc
- ...