Mastering Metasploit - Second Edition

Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit
Preview in Mapt
Code Files

Mastering Metasploit - Second Edition

Nipun Jaswal

4 customer reviews
Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit
Mapt Subscription
FREE
$29.99/m after trial
eBook
$10.00
RRP $39.99
Save 74%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$10.00
$49.99
$29.99 p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Mastering Metasploit - Second Edition Book Cover
Mastering Metasploit - Second Edition
$ 39.99
$ 10.00
Mastering vRealize Operations Manager - Second Edition Book Cover
Mastering vRealize Operations Manager - Second Edition
$ 39.99
$ 10.00
Buy 2 for $20.00
Save $59.98
Add to Cart

Book Details

ISBN 139781786463166
Paperback440 pages

Book Description

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities.

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher, and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit.

In the next section, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.

By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.

Table of Contents

Chapter 1: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Penetration testing an unknown network
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Vulnerability analysis of HFS 2.3
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 2: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 3: The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
Chapter 4: Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Summary
Chapter 5: Testing Services with Metasploit
The fundamentals of SCADA
Database exploitation
Testing VOIP services
Summary
Chapter 6: Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Summary
Chapter 7: Client-side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Compromising Linux clients with Metasploit
Attacking Android with Metasploit
Summary
Chapter 8: Metasploit Extended
The basics of post exploitation with Metasploit
Basic post exploitation commands
Advanced post exploitation with Metasploit
Additional post exploitation modules
Advanced extended features of Metasploit
Summary
Chapter 9: Speeding up Penetration Testing
Using pushm and popm commands
The loadpath command
Pacing up development using reload, edit and reload_all commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Globalizing variables in Metasploit
Automating Social-Engineering Toolkit
Summary
Chapter 10: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading

What You Will Learn

  • Develop advanced and sophisticated auxiliary modules
  • Port exploits from PERL, Python, and many more programming languages
  • Test services such as databases, SCADA, and many more
  • Attack the client side with highly advanced techniques
  • Test mobile and tablet devices with Metasploit
  • Perform social engineering with Metasploit
  • Simulate attacks on web servers and systems with Armitage GUI
  • Script attacks in Armitage using CORTANA scripting

Authors

Table of Contents

Chapter 1: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Penetration testing an unknown network
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Vulnerability analysis of HFS 2.3
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 2: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 3: The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
Chapter 4: Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Summary
Chapter 5: Testing Services with Metasploit
The fundamentals of SCADA
Database exploitation
Testing VOIP services
Summary
Chapter 6: Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Summary
Chapter 7: Client-side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Compromising Linux clients with Metasploit
Attacking Android with Metasploit
Summary
Chapter 8: Metasploit Extended
The basics of post exploitation with Metasploit
Basic post exploitation commands
Advanced post exploitation with Metasploit
Additional post exploitation modules
Advanced extended features of Metasploit
Summary
Chapter 9: Speeding up Penetration Testing
Using pushm and popm commands
The loadpath command
Pacing up development using reload, edit and reload_all commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Globalizing variables in Metasploit
Automating Social-Engineering Toolkit
Summary
Chapter 10: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading

Book Details

ISBN 139781786463166
Paperback440 pages
Read More
From 4 reviews

Read More Reviews

Recommended for You

Metasploit Bootcamp Book Cover
Metasploit Bootcamp
$ 35.99
$ 10.00
Python: Penetration Testing for Developers Book Cover
Python: Penetration Testing for Developers
$ 67.99
$ 10.00
Penetration Testing: A Survival Guide Book Cover
Penetration Testing: A Survival Guide
$ 69.99
$ 10.00
Applied Network Security Book Cover
Applied Network Security
$ 35.99
$ 10.00
Beginning C++ Game Programming Book Cover
Beginning C++ Game Programming
$ 39.99
$ 10.00
Smart Internet of Things Projects Book Cover
Smart Internet of Things Projects
$ 31.99
$ 10.00