Metasploit Penetration Testing Cookbook, Second Edition

Metasploit Penetration Testing Cookbook, Second Edition
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 6%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Special focus on the latest operating systems, exploits, and penetration testing techniques for wireless, VOIP, and cloud
  • This book covers a detailed analysis of third-party tools based on the Metasploit framework to enhance the penetration testing experience.
  • Detailed penetration testing techniques for different specializations like wireless networks, VOIP systems with a brief introduction to penetration testing in the cloud

Book Details

Language : English
Paperback : 320 pages [ 235mm x 191mm ]
Release Date : October 2013
ISBN : 1782166785
ISBN 13 : 9781782166788
Author(s) : Monika Agarwal, Abhinav Singh
Topics and Technologies : All Books, Networking and Servers, Cookbooks, Open Source

Table of Contents

Chapter 1: Metasploit Quick Tips for Security Professionals
Chapter 2: Information Gathering and Scanning
Chapter 3: Operating-System-based Vulnerability Assessment
Chapter 4: Client-side Exploitation and Antivirus Bypass
Chapter 5: Working with Modules for Penetration Testing
Chapter 6: Exploring Exploits
Chapter 7: VoIP Penetration Testing
Chapter 8: Wireless Network Penetration Testing
Chapter 9: Social-Engineer Toolkit
Chapter 10: Working with Meterpreter
Appendix: Pentesting in the Cloud
  • Chapter 1: Metasploit Quick Tips for Security Professionals
    • Introduction
    • Configuring Metasploit on Windows
    • Configuring Metasploit on Ubuntu
    • Installing Metasploit with BackTrack 5 R3
    • Setting up penetration testing using VMware
    • Setting up Metasploit on a virtual machine with SSH connectivity
    • Installing and configuring PostgreSQL in BackTrack 5 R3
    • Using the database to store the penetration testing results
    • Working with BBQSQL
    • Chapter 2: Information Gathering and Scanning
      • Introduction
      • Passive information gathering
      • Port scanning – the Nmap way
      • Port scanning – the DNmap way
      • Using keimpx – an SMB credentials scanner
      • Detecting SSH versions with the SSH version scanner
      • FTP scanning
      • SNMP sweeping
      • Vulnerability scanning with Nessus
      • Scanning with NeXpose
      • Working with OpenVAS – a vulnerability scanner
        • Chapter 4: Client-side Exploitation and Antivirus Bypass
          • Introduction
          • Exploiting Internet Explorer execCommand Use-After-Free vulnerability
          • Understanding Adobe Flash Player "new function" invalid pointer use
          • Understanding Microsoft Word RTF stack buffer overflow
          • Working with Adobe Reader U3D Memory Corruption
          • Generating binary and shell code from msfpayload
          • Msfencoding schemes with the detection ratio
          • Using the killav.rb script to disable the antivirus programs
          • Killing the antiviruses' services from the command line
          • Working with the syringe utility
          • Chapter 5: Working with Modules for Penetration Testing
            • Introduction
            • Working with scanner auxiliary modules
            • Working with auxiliary admin modules
            • SQL injection and DoS attack module
            • Post-exploitation modules
            • Understanding the basics of module building
            • Analyzing an existing module
            • Building your own post-exploitation module
            • Chapter 6: Exploring Exploits
              • Introduction
              • Exploiting the module structure
              • Working with msfvenom
              • Converting an exploit to a Metasploit module
              • Porting and testing the new exploit module
              • Fuzzing with Metasploit
              • Writing a simple FileZilla FTP fuzzer
                • Chapter 8: Wireless Network Penetration Testing
                  • Introduction
                  • Setting up and running Fern WiFi Cracker
                  • Sniffing interfaces with tcpdump
                  • Cracking WEP and WPA with Fern WiFi Cracker
                  • Session hijacking via a MAC address
                  • Locating a target's geolocation
                  • Understanding an evil twin attack
                  • Configuring Karmetasploit
                  • Chapter 9: Social-Engineer Toolkit
                    • Introduction
                    • Getting started with the Social-Engineer Toolkit (SET)
                    • Working with the SET config file
                    • Working with the spear-phishing attack vector
                    • Website attack vectors
                    • Working with the multi-attack web method
                    • Infectious media generator
                    • Chapter 10: Working with Meterpreter
                      • Introduction
                      • Understanding the Meterpreter system commands
                      • Understanding the Meterpreter filesystem commands
                      • Understanding the Meterpreter networking commands
                      • Privilege escalation and process migration
                      • Setting up multiple communication channels with the target
                      • Meterpreter anti-forensics – timestomp
                      • The getdesktop and keystroke sniffing
                      • Using a scraper Meterpreter script
                      • Passing the hash
                      • Setting up a persistent connection with backdoors
                      • Pivoting with Meterpreter
                      • Port forwarding with Meterpreter
                      • Meterpreter API and mixins
                      • Railgun – converting Ruby into a weapon
                      • Adding DLL and function definition to Railgun
                      • Building a "Windows Firewall De-activator" Meterpreter script
                      • Analyzing an existing Meterpreter script
                      • Injecting the VNC server remotely
                      • Exploiting a vulnerable PHP application
                      • Incognito attack with Meterpreter

                        Monika Agarwal

                        Monika Agarwal is a young Information Security Researcher from India. She has presented many research papers at both national and international conferences. She is a member of IAENG (International Association of Engineers). Her main areas of interest are ethical hacking and ad hoc networking.

                        Abhinav Singh

                        Abhinav Singh is a young Information Security specialist from India. He has a keen interest in the field of hacking and network security and has adopted it as his full-time profession. He is also the author of Metasploit Penetration Testing Cookbook, Packt Publishing. He is an active contributor to the SecurityXploded community. Abhinav's works have been quoted in several security and technology magazines and portals.
                        Sorry, we don't have any reviews for this title yet.

                        Code Downloads

                        Download the code and support files for this book.

                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        Metasploit Penetration Testing Cookbook, Second Edition +    Haskell Data Analysis Cookbook =
                        50% Off
                        the second eBook
                        Price for both: $43.05

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Set up a complete penetration testing environment using Metasploit and virtual machines
                        • Discover how to penetration test popular operating systems such as Windows 8
                        • Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
                        • Build and analyze meterpreter scripts in Ruby
                        • Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
                        • Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
                        • Work with BBQSQL to analyze the stored results of the database

                        In Detail

                        Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

                        Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

                        Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

                        The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

                        This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.


                        This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.

                        Who this book is for

                        This book targets both professional penetration testers as well as new users of Metasploit, who wish to gain expertise over the framework and learn an additional skill of penetration testing, not limited to a particular OS. The book requires basic knowledge of scanning, exploitation, and the Ruby language.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software