Mastering Metasploit

With this tutorial you can improve your Metasploit skills and learn to put your network’s defenses to the ultimate test. The step-by-step approach teaches you the techniques and languages needed to become an expert.

Mastering Metasploit

Mastering
Nipun Jaswal

With this tutorial you can improve your Metasploit skills and learn to put your network’s defenses to the ultimate test. The step-by-step approach teaches you the techniques and languages needed to become an expert.
$29.99
$49.99
RRP $29.99
RRP $49.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
Code Files
+ Collection
Free Sample

Book Details

ISBN 139781782162223
Paperback378 pages

About This Book

  • Develops Real World Approaches to Penetration testing using Metasploit
  • Develop advanced skills to carry out effective Risk validation
  • Develop skills to fabricate any kind of function within the Framework.

Who This Book Is For

If you are a penetration tester, security engineer, or someone who is looking to extend their penetration testing skills with Metasploit, then this book is ideal for you. The readers ofthis book must have a basic knowledge of using Metasploit. They are also expected to have knowledge of exploitation and an in-depth understanding of object-oriented programming languages.

Table of Contents

Chapter 1: Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
Chapter 2: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 3: The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
Chapter 4: Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
Chapter 5: Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
Chapter 6: Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
Chapter 7: Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
Chapter 8: The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
Chapter 9: Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
Chapter 10: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading

What You Will Learn

  • To perform effective penetration testing with Metasploit
  • To develop advanced and sophisticated auxiliary modules
  • To fuzz applications and create exploits in Metasploit
  • To port sophisticated exploits from Perl and Python
  • To automate web application attack scripts
  • To test services such as databases, VoIP, and SCADA systems
  • To reinvent traditional browser-based exploits
  • To speed up penetration testing with Metasploit's automated mode
  • To attack clients with the Social Engineering Toolkit
  • To implement attacks on web servers and systems with Armitage GUI
  • To script attacks in Armitage using Cortana scripting

In Detail

The Metasploit framework has been around for a number of years and is one of the most widely used tools for carrying out penetration testing on various services.

This book is a hands-on guide to penetration testing using Metasploit and covers its complete development. It will help you clearly understand the creation process of various exploits and modules and develop approaches to writing custom functionalities into the Metasploit framework.

This book covers a number of techniques and methodologies that will help you learn and master the Metasploit framework.

You will also explore approaches to carrying out advanced penetration testing in highly secured environments, and the book's hands-on approach will help you understand everything you need to know about Metasploit.

Authors

Table of Contents

Chapter 1: Approaching a Penetration Test Using Metasploit
Setting up the environment
Mounting the environment
Conducting a penetration test with Metasploit
The dominance of Metasploit
Summary
Chapter 2: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 3: The Exploit Formulation Process
The elemental assembly primer
The joy of fuzzing
Building up the exploit base
Finalizing the exploit
The fundamentals of a structured exception handler
Summary
Chapter 4: Porting Exploits
Porting a Perl-based exploit
Porting a Python-based exploit
Porting a web-based exploit
Summary
Chapter 5: Offstage Access to Testing Services
The fundamentals of SCADA
SCADA torn apart
Securing SCADA
Database exploitation
VOIP exploitation
Post-exploitation on Apple iDevices
Summary
Chapter 6: Virtual Test Grounds and Staging
Performing a white box penetration test
Generating manual reports
Performing a black box penetration test
Summary
Chapter 7: Sophisticated Client-side Attacks
Exploiting browsers
File format-based exploitation
Compromising XAMPP servers
Compromising the clients of a website
Bypassing AV detections
Conjunction with DNS spoofing
Attacking Linux with malicious packages
Summary
Chapter 8: The Social Engineering Toolkit
Explaining the fundamentals of the social engineering toolkit
Attacking with SET
Providing additional features and further readings
Summary
Chapter 9: Speeding Up Penetration Testing
Introducing automated tools
Fast Track MS SQL attack vectors
Automated exploitation in Metasploit
Fake updates with the DNS-spoofing attack
Summary
Chapter 10: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading

Book Details

ISBN 139781782162223
Paperback378 pages
Read More