Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Metasploit 5.0 for Beginners - Second Edition
Metasploit 5.0 for Beginners - Second Edition

Metasploit 5.0 for Beginners: Perform penetration testing to secure your IT environment against threats and vulnerabilities, Second Edition

By Sagar Rahalkar
€19.99 €13.98
Book Apr 2020 246 pages 2nd Edition
eBook
€19.99 €13.98
Print
€24.99
Subscription
€14.99 Monthly
eBook
€19.99 €13.98
Print
€24.99
Subscription
€14.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Apr 10, 2020
Length 246 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781838982669
Category :
Security
Concepts :
Penetration Testing
Tools :
Metasploit (Beginner)
Table of content icon View table of contents Preview book icon Preview Book

Metasploit 5.0 for Beginners - Second Edition

Chapter 1: Introduction to Metasploit and Supporting Tools

Before we take a deep dive into various aspects of the Metasploit Framework, let's first lay a solid foundation of some of the absolute basics. In this chapter, we'll conceptually understand what penetration testing is all about and where the Metasploit Framework fits in exactly. We'll also browse through some of the additional tools that enhance the Metasploit Framework's capabilities.

In this chapter, we will cover the following topics:

  • The importance of penetration testing
  • Understanding the difference between vulnerability assessments and penetration testing
  • The need for a penetration testing framework
  • Introduction to Metasploit
  • Introduction to new features in Metasploit 5.0
  • When to use Metasploit
  • Making Metasploit effective and powerful using supplementary tools

Technical requirements

The following software is required:

  • Kali Linux
  • The Metasploit Framework
  • Nessus
  • NMAP
  • w3af
  • Armitage

The importance of penetration testing

For over a decade or so, the use of technology has been rising exponentially. Almost all businesses are partially or completely dependent on the use of technology. From Bitcoins to the cloud to the Internet of Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring along threats with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern for thousands of organizations and businesses around the world.

Organizations worldwide are deeply concerned about keeping their data safe. Protecting data is certainly important. However, testing whether adequate protection mechanisms have been put to work is also equally important. Protection mechanisms can fail, hence, testing them before someone exploits them for real is a challenging task. Having said this, vulnerability assessments and penetration...

Understanding the difference between vulnerability assessments and penetration testing

Vulnerability assessments and penetration testing are two of the most common phrases that are often used interchangeably. However, it is important to understand the difference between the two. To understand the exact difference, let's consider a real-world scenario.

A thief intends to rob a house. To proceed with his robbery plan, he decides to recon his robbery target. He visits the house (that he intends to rob) casually and tries to gauge what security measures are in place. He notices that there is a window at the back of the house that is often open and so it's easy to break in. In our terms, the thief just performed a vulnerability assessment. Now, after a few days, the thief actually goes to the house again and enters through the back window that he had discovered earlier during his recon phase. In this case, the thief performed an actual penetration into his target house with...

The need for a penetration testing framework

Penetration testing is not just about running a set of a few automated tools against your target. It's a complete process that involves multiple stages and each stage is equally important for the success of the project. Now, for performing all the tasks throughout every stage of penetration testing, we would need to use various tools and might need to perform some tasks manually. Then, at the end, we would need to combine the results from all the different tools together to produce a single meaningful report. This is certainly a daunting task. It would be really easy and timesaving if one single tool could help us perform all the required tasks for penetration testing. This exact need is satisfied by a framework such as Metasploit.

Now let's move on to learning more about the Metasploit Framework.

Introduction to Metasploit

The birth of Metasploit dates back to 16 years ago, when H. D. Moore, in 2003, wrote a portable network tool using Perl. By 2007, it was rewritten in Ruby. The Metasploit project received a major commercial boost when Rapid7 acquired the project in 2009. Metasploit is essentially a robust and versatile penetration testing framework. It can literally perform all the tasks that are involved in a penetration testing life cycle. With the use of Metasploit, you don't really need to reinvent the wheel! You just need to focus on the core objectives, the supporting actions will all be performed through various components and modules of the framework. Also, since it's a complete framework and not just an application, it can be customized and extended as per our requirements.

Metasploit is, no doubt, a very powerful tool for penetration testing. However, it's certainly not a magic wand that can help you hack into any given target system. It's...

Introduction to new features in Metasploit 5.0

Ever since the Metasploit Framework was born 16 years ago, it has been through significant changes and improvements. In early 2019, Metasploit 5.0 was released, which is considered its first major release since 2011. While the Metasploit is commercially supported and developed by Rapid7, it also has rich community support, which enables its growth.

The latest Metasploit 5.0 version brings in a lot more features and improvements:

  • Database and automation API's: The latest Metasploit 5.0 now allow users to run the database as a RESTful service. It also introduces the new JSON-RPC API, which would be of significant help to users who wish to integrate Metasploit with other tools. The API interface can be extremely handy in several automation and orchestration scenarios. It thus makes the framework even more agile and powerful.
  • Evasion modules and libraries: In 2018, a new evasion module was introduced that allowed users...

When to use Metasploit

There are literally tons of tools available for performing various tasks related to penetration testing. However, most of the tools serve only one unique purpose. Unlike these tools, Metasploit can perform multiple tasks throughout the penetration testing life cycle. Before we check the exact use of Metasploit in penetration testing, let's have a brief overview of the various phases of penetration testing.

The following diagram shows the typical phases of the penetration testing life cycle:

Figure 1.1 – Phases of the Penetration testing life cycle

Figure 1.1 – Phases of the penetration testing life cycle

Now let's move on to understanding the phases in detail:

  • Information gathering: Though the information gathering phase may look very trivial, it is one of the most important phases for the success of a penetration testing project. The more you know about your target, the higher the chances are that you will find the right vulnerabilities and exploits to work...

Making Metasploit effective and powerful using supplementary tools

So far, we have seen that Metasploit is a really powerful framework for penetration testing. However, it can be made even more useful if integrated with some other tools. This section covers a few tools that complement Metasploit's capability to perform more precise penetration on the target system. We'll start with the Nessus tool.

Nessus

Nessus is a product from Tenable Network Security and is one of the most popular vulnerability assessment tools. It belongs to the vulnerability scanner category. It is quite easy to use, and it quickly identifies infrastructure-level vulnerabilities in the target system. Once Nessus tells us what vulnerabilities exist on the target system, we can then feed those vulnerabilities to Metasploit to see whether they can be exploited for real.

Its official website is https://www.tenable.com/.

The following screenshot shows the Nessus homepage:

Figure 1.3 – Nessus homepage ...

Summary

We started this chapter with understanding the relevance of penetration testing and then glanced at the practical difference between vulnerability assessment and penetration testing. We then tried to understand the exact need of a penetration testing framework and got introduced to the Metasploit Framework. We also covered the new features introduced as part of latest Metasploit 5.x Framework.

We also got an overview on when to use the Metasploit Framework in the penetration testing life cycle along with some other useful tools like Nessus, NMAP, and so on.

Now that we have got a high-level overview of what Metasploit is all about and the new features in the latest Metasploit 5.0 version, its applicability in penetration testing, and supporting tools, we'll browse through the installation and environment setup for Metasploit in the next chapter.

Exercise

You can try the following exercises:

  • Visit Metasploit's official website and try to learn about the differences in various editions of Metasploit.
  • Try to explore more on how Nessus and NMAP can help us during a penetration test.
  • Install Nessus and w3af on your Kali Linux system.

Further reading

More information on the Metasploit Framework along with various versions can be found at https://metasploit.help.rapid7.com/docs.

Left arrow icon

Page 1 of 12

Right arrow icon

Key benefits

  • Perform pentesting in highly secured environments with Metasploit 5.0
  • Become well-versed with the latest features and improvements in the Metasploit Framework 5.0
  • Analyze, find, exploit, and gain access to different systems by bypassing various defenses

Description

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing. Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You’ll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you’ll get hands-on with the essential tools. As you progress, you’ll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you’ve gained to ethically hack into target systems. You’ll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit. By the end of this book, you’ll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.

What you will learn

Set up the environment for Metasploit Understand how to gather sensitive information and exploit vulnerabilities Get up to speed with client-side attacks and web application scanning using Metasploit Leverage the latest features of Metasploit 5.0 to evade anti-virus Delve into cyber attack management using Armitage Understand exploit development and explore real-world case studies

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Apr 10, 2020
Length 246 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781838982669
Category :
Security
Concepts :
Penetration Testing
Tools :
Metasploit (Beginner)

Table of Contents

15 Chapters
Preface Chevron down icon Chevron up icon
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Introduction and Environment Setup Chevron down icon Chevron up icon
Section 1: Introduction and Environment Setup
Chapter 1: Introduction to Metasploit and Supporting Tools Chevron down icon Chevron up icon
Chapter 1: Introduction to Metasploit and Supporting Tools
Technical requirements
The importance of penetration testing
Understanding the difference between vulnerability assessments and penetration testing
The need for a penetration testing framework
Introduction to Metasploit
Introduction to new features in Metasploit 5.0
When to use Metasploit
Making Metasploit effective and powerful using supplementary tools
Summary
Exercise
Further reading
Chapter 2: Setting Up Your Environment Chevron down icon Chevron up icon
Chapter 2: Setting Up Your Environment
Using Metasploit on a Kali Linux virtual machine
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up Docker
Setting up vulnerable targets in a VM
Summary
Exercises
Chapter 3: Metasploit Components and Environment Configuration Chevron down icon Chevron up icon
Chapter 3: Metasploit Components and Environment Configuration
Technical requirements
Anatomy and structure of Metasploit
Metasploit components and environment configuration
Getting started with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercise
Further reading
Section 2: Practical Metasploit Chevron down icon Chevron up icon
Section 2: Practical Metasploit
Chapter 4: Information Gathering with Metasploit Chevron down icon Chevron up icon
Chapter 4: Information Gathering with Metasploit
Technical requirements
Information gathering and enumeration on various protocols
Password sniffing with Metasploit
Advanced search using Shodan
Summary
Exercises
Further reading
Chapter 5: Vulnerability Hunting with Metasploit Chevron down icon Chevron up icon
Chapter 5: Vulnerability Hunting with Metasploit
Technical requirements
Managing the database
Vulnerability detection with Metasploit auxiliaries
Auto-exploitation with db_autopwn
Exploring post exploitation
Introduction to msf utilities
Summary
Exercises
Further reading
Chapter 6: Client-Side Attacks with Metasploit Chevron down icon Chevron up icon
Chapter 6: Client-Side Attacks with Metasploit
Understanding the need for client-side attacks
Exploring the msfvenom utility
Using MSFvenom Payload Creator (MSFPC)
Social engineering with Metasploit
Using browser autopwn
Summary
Exercises
Chapter 7: Web Application Scanning with Metasploit Chevron down icon Chevron up icon
Chapter 7: Web Application Scanning with Metasploit
Technical requirements
Setting up a vulnerable web application
Web application scanning using WMAP
Metasploit auxiliaries for web application enumeration and scanning
Summary
Exercise
Chapter 8: Antivirus Evasion and Anti-Forensics Chevron down icon Chevron up icon
Chapter 8: Antivirus Evasion and Anti-Forensics
Technical requirements
Using encoders to avoid antivirus detection
Using the new evasion module
Using packagers and encrypters
Understanding what a sandbox is
Using Metasploit for anti-forensics
Summary
Exercises
Further reading
Chapter 9: Cyber Attack Management with Armitage Chevron down icon Chevron up icon
Chapter 9: Cyber Attack Management with Armitage
Technical requirements
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Finding and launching attacks
Summary
Exercise
Further reading
Chapter 10: Extending Metasploit and Exploit Development Chevron down icon Chevron up icon
Chapter 10: Extending Metasploit and Exploit Development
Technical requirements
Understanding exploit development concepts
Understanding exploit templates and mixins
Understanding Metasploit mixins
Adding external exploits to Metasploit
Summary
Exercises
Further reading
Chapter 11: Case Studies Chevron down icon Chevron up icon
Chapter 11: Case Studies
Case study 1
Case study 2
Summary
Exercises
Further reading
Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Leave a review - let other readers know what you think

Recommendations for you

Left arrow icon
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Mar 2023 362
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
Dec 2020 550
ebook
eBook
  • ebook eBook $16.99
  • print Print $30.99
$16.99 $24.99
$30.99
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Feb 2023 618
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Aug 2023 314
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Jul 2023 350
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Jul 2023 328
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Jul 2023 572
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
Mar 2022 654
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $44.99
$27.98 $39.99
$49.99
$44.99
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
May 2023 720
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Nov 2021 340
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Sep 2022 570
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Aug 2022 816
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Sep 2021 280
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Pentesting Web Applications: Testing real time web apps [Video]
Pentesting Web Applications: Testing real time web apps [Video]
Nov 2017
video
Video
  • video Video $130.99
$130.99
Right arrow icon

Authors (1)

Profile icon Sagar Rahalkar
Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.
Read more
See other products by Sagar Rahalkar
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.