Metasploit Penetration Testing Cookbook, Second Edition

Know how hackers behave to stop them! This cookbook provides many recipes for penetration testing using Metasploit and virtual machines. From basics to advanced techniques, it’s ideal for Metaspoilt veterans and newcomers alike.

Metasploit Penetration Testing Cookbook, Second Edition

Cookbook
Monika Agarwal, Abhinav Singh

Know how hackers behave to stop them! This cookbook provides many recipes for penetration testing using Metasploit and virtual machines. From basics to advanced techniques, it’s ideal for Metaspoilt veterans and newcomers alike.
$29.99
$49.99
RRP $29.99
RRP $49.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
+ Collection
Free Sample

Book Details

ISBN 139781782166788
Paperback320 pages

About This Book

  • Special focus on the latest operating systems, exploits, and penetration testing techniques for wireless, VOIP, and cloud
  • This book covers a detailed analysis of third-party tools based on the Metasploit framework to enhance the penetration testing experience.
  • Detailed penetration testing techniques for different specializations like wireless networks, VOIP systems with a brief introduction to penetration testing in the cloud

Who This Book Is For

This book targets both professional penetration testers as well as new users of Metasploit, who wish to gain expertise over the framework and learn an additional skill of penetration testing, not limited to a particular OS. The book requires basic knowledge of scanning, exploitation, and the Ruby language.

Table of Contents

Chapter 1: Metasploit Quick Tips for Security Professionals
Introduction
Configuring Metasploit on Windows
Configuring Metasploit on Ubuntu
Installing Metasploit with BackTrack 5 R3
Setting up penetration testing using VMware
Setting up Metasploit on a virtual machine with SSH connectivity
Installing and configuring PostgreSQL in BackTrack 5 R3
Using the database to store the penetration testing results
Working with BBQSQL
Chapter 2: Information Gathering and Scanning
Introduction
Passive information gathering
Port scanning – the Nmap way
Port scanning – the DNmap way
Using keimpx – an SMB credentials scanner
Detecting SSH versions with the SSH version scanner
FTP scanning
SNMP sweeping
Vulnerability scanning with Nessus
Scanning with NeXpose
Working with OpenVAS – a vulnerability scanner
Chapter 3: Operating-System-based Vulnerability Assessment
Introduction
Penetration testing on a Windows XP SP2 machine
Binding a shell to the target for remote access
Penetration testing on Windows 8
Exploiting a Linux (Ubuntu) machine
Understanding the Windows DLL injection flaws
Chapter 4: Client-side Exploitation and Antivirus Bypass
Introduction
Exploiting Internet Explorer execCommand Use-After-Free vulnerability
Understanding Adobe Flash Player "new function" invalid pointer use
Understanding Microsoft Word RTF stack buffer overflow
Working with Adobe Reader U3D Memory Corruption
Generating binary and shell code from msfpayload
Msfencoding schemes with the detection ratio
Using the killav.rb script to disable the antivirus programs
Killing the antiviruses' services from the command line
Working with the syringe utility
Chapter 5: Working with Modules for Penetration Testing
Introduction
Working with scanner auxiliary modules
Working with auxiliary admin modules
SQL injection and DoS attack module
Post-exploitation modules
Understanding the basics of module building
Analyzing an existing module
Building your own post-exploitation module
Chapter 6: Exploring Exploits
Introduction
Exploiting the module structure
Working with msfvenom
Converting an exploit to a Metasploit module
Porting and testing the new exploit module
Fuzzing with Metasploit
Writing a simple FileZilla FTP fuzzer
Chapter 7: VoIP Penetration Testing
Introduction
Scanning and enumeration phase
Yielding passwords
VLAN hopping
VoIP MAC spoofing
Impersonation attack
DoS attack
Chapter 8: Wireless Network Penetration Testing
Introduction
Setting up and running Fern WiFi Cracker
Sniffing interfaces with tcpdump
Cracking WEP and WPA with Fern WiFi Cracker
Session hijacking via a MAC address
Locating a target's geolocation
Understanding an evil twin attack
Configuring Karmetasploit
Chapter 9: Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit (SET)
Working with the SET config file
Working with the spear-phishing attack vector
Website attack vectors
Working with the multi-attack web method
Infectious media generator
Chapter 10: Working with Meterpreter
Introduction
Understanding the Meterpreter system commands
Understanding the Meterpreter filesystem commands
Understanding the Meterpreter networking commands
Privilege escalation and process migration
Setting up multiple communication channels with the target
Meterpreter anti-forensics – timestomp
The getdesktop and keystroke sniffing
Using a scraper Meterpreter script
Passing the hash
Setting up a persistent connection with backdoors
Pivoting with Meterpreter
Port forwarding with Meterpreter
Meterpreter API and mixins
Railgun – converting Ruby into a weapon
Adding DLL and function definition to Railgun
Building a "Windows Firewall De-activator" Meterpreter script
Analyzing an existing Meterpreter script
Injecting the VNC server remotely
Exploiting a vulnerable PHP application
Incognito attack with Meterpreter

What You Will Learn

  • Set up a complete penetration testing environment using Metasploit and virtual machines
  • Discover how to penetration test popular operating systems such as Windows 8
  • Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
  • Build and analyze meterpreter scripts in Ruby
  • Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
  • Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
  • Work with BBQSQL to analyze the stored results of the database

In Detail

Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

Authors

Table of Contents

Chapter 1: Metasploit Quick Tips for Security Professionals
Introduction
Configuring Metasploit on Windows
Configuring Metasploit on Ubuntu
Installing Metasploit with BackTrack 5 R3
Setting up penetration testing using VMware
Setting up Metasploit on a virtual machine with SSH connectivity
Installing and configuring PostgreSQL in BackTrack 5 R3
Using the database to store the penetration testing results
Working with BBQSQL
Chapter 2: Information Gathering and Scanning
Introduction
Passive information gathering
Port scanning – the Nmap way
Port scanning – the DNmap way
Using keimpx – an SMB credentials scanner
Detecting SSH versions with the SSH version scanner
FTP scanning
SNMP sweeping
Vulnerability scanning with Nessus
Scanning with NeXpose
Working with OpenVAS – a vulnerability scanner
Chapter 3: Operating-System-based Vulnerability Assessment
Introduction
Penetration testing on a Windows XP SP2 machine
Binding a shell to the target for remote access
Penetration testing on Windows 8
Exploiting a Linux (Ubuntu) machine
Understanding the Windows DLL injection flaws
Chapter 4: Client-side Exploitation and Antivirus Bypass
Introduction
Exploiting Internet Explorer execCommand Use-After-Free vulnerability
Understanding Adobe Flash Player "new function" invalid pointer use
Understanding Microsoft Word RTF stack buffer overflow
Working with Adobe Reader U3D Memory Corruption
Generating binary and shell code from msfpayload
Msfencoding schemes with the detection ratio
Using the killav.rb script to disable the antivirus programs
Killing the antiviruses' services from the command line
Working with the syringe utility
Chapter 5: Working with Modules for Penetration Testing
Introduction
Working with scanner auxiliary modules
Working with auxiliary admin modules
SQL injection and DoS attack module
Post-exploitation modules
Understanding the basics of module building
Analyzing an existing module
Building your own post-exploitation module
Chapter 6: Exploring Exploits
Introduction
Exploiting the module structure
Working with msfvenom
Converting an exploit to a Metasploit module
Porting and testing the new exploit module
Fuzzing with Metasploit
Writing a simple FileZilla FTP fuzzer
Chapter 7: VoIP Penetration Testing
Introduction
Scanning and enumeration phase
Yielding passwords
VLAN hopping
VoIP MAC spoofing
Impersonation attack
DoS attack
Chapter 8: Wireless Network Penetration Testing
Introduction
Setting up and running Fern WiFi Cracker
Sniffing interfaces with tcpdump
Cracking WEP and WPA with Fern WiFi Cracker
Session hijacking via a MAC address
Locating a target's geolocation
Understanding an evil twin attack
Configuring Karmetasploit
Chapter 9: Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit (SET)
Working with the SET config file
Working with the spear-phishing attack vector
Website attack vectors
Working with the multi-attack web method
Infectious media generator
Chapter 10: Working with Meterpreter
Introduction
Understanding the Meterpreter system commands
Understanding the Meterpreter filesystem commands
Understanding the Meterpreter networking commands
Privilege escalation and process migration
Setting up multiple communication channels with the target
Meterpreter anti-forensics – timestomp
The getdesktop and keystroke sniffing
Using a scraper Meterpreter script
Passing the hash
Setting up a persistent connection with backdoors
Pivoting with Meterpreter
Port forwarding with Meterpreter
Meterpreter API and mixins
Railgun – converting Ruby into a weapon
Adding DLL and function definition to Railgun
Building a "Windows Firewall De-activator" Meterpreter script
Analyzing an existing Meterpreter script
Injecting the VNC server remotely
Exploiting a vulnerable PHP application
Incognito attack with Meterpreter

Book Details

ISBN 139781782166788
Paperback320 pages
Read More