Metasploit Penetration Testing Cookbook

There is a newer version of this book available - Metasploit Penetration Testing Cookbook, Second Edition
Metasploit Penetration Testing Cookbook
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 6%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • More than 80 recipes/practicaltasks that will escalate the reader’s knowledge from beginner to an advanced level
  • Special focus on the latest operating systems, exploits, and penetration testing techniques
  • Detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience

Book Details

Language : English
Paperback : 268 pages [ 235mm x 191mm ]
Release Date : June 2012
ISBN : 1849517428
ISBN 13 : 9781849517423
Author(s) : Abhinav Singh
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Cookbooks, Networking & Telephony, Open Source

Table of Contents

Chapter 1: Metasploit Quick Tips for Security Professionals
Chapter 2: Information Gathering and Scanning
Chapter 3: Operating System-based Vulnerability Assessment and Exploitation
Chapter 4: Client-side Exploitation and Antivirus Bypass
Chapter 5: Using Meterpreter to Explore the Compromised Target
Chapter 6: Advanced Meterpreter Scripting
Chapter 7: Working with Modules for Penetration Testing
Chapter 8: Working with Exploits
Chapter 9: Working with Armitage
Chapter 10: Social Engineer Toolkit
  • Chapter 1: Metasploit Quick Tips for Security Professionals
    • Introduction
    • Configuring Metasploit on Windows
    • Configuring Metasploit on Ubuntu
    • Metasploit with BackTrack 5 – the ultimate combination
    • Setting up the penetration testing lab on a single machine
    • Setting up Metasploit on a virtual machine with SSH connectivity
    • Beginning with the interfaces – the "Hello World" of Metasploit
    • Setting up the database in Metasploit
    • Using the database to store penetration testing results
    • Analyzing the stored results of the database
    • Chapter 2: Information Gathering and Scanning
      • Introduction
      • Passive information gathering 1.0 – the traditional way
      • Passive information gathering 2.0 – the next level
      • Port scanning – the Nmap way
      • Exploring auxiliary modules for scanning
      • Target service scanning with auxiliary modules
      • Vulnerability scanning with Nessus
      • Scanning with NeXpose
      • Sharing information with the Dradis framework
      • Chapter 3: Operating System-based Vulnerability Assessment and Exploitation
        • Introduction
        • Exploit usage quick tips
        • Penetration testing on a Windows XP SP2 machine
        • Binding a shell to the target for remote access
        • Penetration testing on the Windows 2003 Server
        • Windows 7/Server 2008 R2 SMB client infinite loop
        • Exploiting a Linux (Ubuntu) machine
        • Understanding the Windows DLL injection flaws
        • Chapter 4: Client-side Exploitation and Antivirus Bypass
          • Introduction
          • Internet Explorer unsafe scripting misconfiguration vulnerability
          • Internet Explorer CSS recursive call memory corruption
          • Microsoft Word RTF stack buffer overflow
          • Adobe Reader util.printf() buffer overflow
          • Generating binary and shellcode from msfpayload
          • Bypassing client-side antivirus protection using msfencode
          • Using the killav.rb script to disable antivirus programs
          • A deeper look into the killav.rb script
          • Killing antivirus services from the command line
          • Chapter 5: Using Meterpreter to Explore the Compromised Target
            • Introduction
            • Analyzing meterpreter system commands
            • Privilege escalation and process migration
            • Setting up multiple communication channels with the target
            • Meterpreter filesystem commands
            • Changing file attributes using timestomp
            • Using meterpreter networking commands
            • The getdesktop and keystroke sniffing
            • Using a scraper meterpreter script
            • Chapter 6: Advanced Meterpreter Scripting
              • Introduction
              • Passing the hash
              • Setting up a persistent connection with backdoors
              • Pivoting with meterpreter
              • Port forwarding with meterpreter
              • Meterpreter API and mixins
              • Railgun – converting Ruby into a weapon
              • Adding DLL and function definition to Railgun
              • Building a "Windows Firewall De-activator" meterpreter script
              • Analyzing an existing meterpreter script
              • Chapter 7: Working with Modules for Penetration Testing
                • Introduction
                • Working with scanner auxiliary modules
                • Working with auxiliary admin modules
                • SQL injection and DOS attack modules
                • Post-exploitation modules
                • Understanding the basics of module building
                • Analyzing an existing module
                • Building your own post-exploitation module
                • Chapter 8: Working with Exploits
                  • Introduction
                  • Exploiting the module structure
                  • Common exploit mixins
                  • Working with msfvenom
                  • Converting exploit to a Metasploit module
                  • Porting and testing the new exploit module
                  • Fuzzing with Metasploit
                  • Writing a simple FileZilla FTP fuzzer
                  • Chapter 9: Working with Armitage
                    • Introduction
                    • Getting started with Armitage
                    • Scanning and information gathering
                    • Finding vulnerabilities and attacking targets
                    • Handling multiple targets using the tab switch
                    • Post-exploitation with Armitage
                    • Client-side exploitation with Armitage
                    • Chapter 10: Social Engineer Toolkit
                      • Introduction
                      • Getting started with Social Engineer Toolkit (SET)
                      • Working with the SET config file
                      • Spear-phishing attack vector
                      • Website attack vectors
                      • Multi-attack web method
                      • Infectious media generator

                      Abhinav Singh

                      Abhinav Singh is a young Information Security specialist from India. He has a keen interest in the field of hacking and network security and has adopted it as his full-time profession. He is also the author of Metasploit Penetration Testing Cookbook, Packt Publishing. He is an active contributor to the SecurityXploded community. Abhinav's works have been quoted in several security and technology magazines and portals.

                      Code Downloads

                      Download the code and support files for this book.

                      Submit Errata

                      Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                      Sample chapters

                      You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                      Frequently bought together

                      Metasploit Penetration Testing Cookbook +    (MCTS) Microsoft BizTalk Server (70-595) Certification and Assessment Guide: Second Edition =
                      50% Off
                      the second eBook
                      Price for both: $48.15

                      Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                      What you will learn from this book

                      • Set up a complete penetration testing environment using metasploit and virtual machines
                      • Learn to penetration-test popular operating systems such as Windows7, Windows 2008 Server, Ubuntu etc.
                      • Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
                      • Avail of exclusive coverage of antivirus bypassing techniques using metasploit
                      • Master post-exploitation techniques such as exploring the target, keystrokes capturing, sniffing, pivoting, setting persistent connections etc.
                      • Build and analyze meterpreter scripts in Ruby
                      • Build and export exploits to framework
                      • Use extension tools like Armitage, SET etc.

                      In Detail

                      Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

                      Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation.

                      This book will help readers in thinking from a hacker’s perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

                      The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET.

                      Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.


                      This is a Cookbook which follows a practical task-based style. There are plenty of code and commands used for illustration which make your learning curve easy and quick.

                      Who this book is for

                      This book targets both professional penetration testers as well as new users of Metasploit who wish to gain expertise over the framework. The book requires basic knowledge of scanning, exploitation, and Ruby language.

                      Code Download and Errata
                      Packt Anytime, Anywhere
                      Register Books
                      Print Upgrades
                      eBook Downloads
                      Video Support
                      Contact Us
                      Awards Voting Nominations Previous Winners
                      Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                      Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software