Metasploit Revealed: Secrets of the Expert Pentester

Exploit the secrets of Metasploit to master the art of penetration testing.
Preview in Mapt
Code Files

Metasploit Revealed: Secrets of the Expert Pentester

Sagar Rahalkar, Nipun Jaswal

1 customer reviews
Exploit the secrets of Metasploit to master the art of penetration testing.

Quick links: > What will you learn?> Table of content> Product reviews

eBook
$5.00
RRP $71.99
Save 93%
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$5.00
RRP $71.99
eBook

Frequently bought together


Metasploit Revealed: Secrets of the Expert Pentester Book Cover
Metasploit Revealed: Secrets of the Expert Pentester
$ 71.99
$ 5.00
Unity 2017 Game AI programming - Third Edition Book Cover
Unity 2017 Game AI programming - Third Edition
$ 39.99
$ 5.00
Buy 2 for $10.00
Save $101.98
Add to Cart

Book Details

ISBN 139781788624596
Paperback860 pages

Book Description

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities.

This learning path will begin by introducing you to Metasploit and its functionalities. You will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components and get hands-on experience with carrying out client-side attacks. In the next part of this learning path, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services.

After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework.

The final instalment of your learning journey will be covered through a bootcamp approach. You will be able to bring together the learning together and speed up and integrate Metasploit with leading industry tools for penetration testing. You’ll finish by working on challenges based on user’s preparation and work towards solving the challenge.

The course provides you with highly practical content explaining Metasploit from the following Packt books:

  1. Metasploit for Beginners
  2. Mastering Metasploit, Second Edition
  3. Metasploit Bootcamp

Table of Contents

Chapter 1: Module 1
Metasploit for Beginners
Chapter 2: Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
Chapter 3: Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
Chapter 4: Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
Chapter 5: Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
Chapter 6: Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
Chapter 7: Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
Chapter 8: Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
Chapter 9: Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
Chapter 10: Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
Chapter 11: Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises
Chapter 12: Module 2
Mastering Metasploit
Chapter 13: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Penetration testing an unknown network
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Vulnerability analysis of HFS 2.3
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 14: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 15: The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
Chapter 16: Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Summary
Chapter 17: Testing Services with Metasploit
The fundamentals of SCADA
Database exploitation
Testing VOIP services
Summary
Chapter 18: Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Summary
Chapter 19: Client-side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Compromising Linux clients with Metasploit
Attacking Android with Metasploit
Summary
Chapter 20: Metasploit Extended
The basics of post exploitation with Metasploit
Basic post exploitation commands
Additional post exploitation modules
Advanced extended features of Metasploit
Summary
Chapter 21: Speeding up Penetration Testing
The loadpath command
Pacing up development using reload, edit and reload_all commands
Automating Social-Engineering Toolkit
Summary
Chapter 22: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Chapter 23: Module 3
Metasploit Bootcamp
Chapter 24: Getting Started with Metasploit
The fundamentals of Metasploit
Benefits of using Metasploit
Penetration testing with Metasploit
Phase-I: footprinting and scanning
Phase-II: gaining access to the target
Phase-III: maintaining access / post-exploitation / covering tracks
Summary and exercises
Chapter 25: Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning MSSQL servers with Metasploit
Scanning SNMP services with Metasploit
Scanning NetBIOS services with Metasploit
Scanning HTTP services with Metasploit
Scanning HTTPS/SSL with Metasploit
Summary and exercises
Chapter 26: Exploitation and Gaining Access
Setting up the practice environment
Exploiting applications with Metasploit
Converting exploits to Metasploit
Summary and exercises
Chapter 27: Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Metasploit and privilege escalation
Gaining persistent access with Metasploit
Summary
Chapter 28: Testing Services with Metasploit
Testing MySQL with Metasploit
Summary and exercises
Chapter 29: Fast-Paced Exploitation with Metasploit
Using pushm and popm commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Global variables in Metasploit
Wrapping up and generating manual reports
Summary and preparation for real-world scenarios
Chapter 30: Exploiting Real-World Challenges with Metasploit
Scenario 1: Mirror environment
Scenario 2: You can't see my meterpreter
Further roadmap and summary
Chapter 31: Bibliography
Chapter 32: Thanks page
About Packt Publishing
Writing for Packt

What You Will Learn

  • Get to know the absolute basics of the Metasploit framework so you have a strong foundation for advanced attacks
  • Integrate and use various supporting tools to make Metasploit even more powerful and precise
  • Test services such as databases, SCADA, and many more
  • Attack the client side with highly advanced techniques
  • Test mobile and tablet devices with Metasploit
  • Understand how to Customize Metasploit modules and modify existing exploits
  • Write simple yet powerful Metasploit automation scripts
  • Explore steps involved in post-exploitation on Android and mobile platforms

Authors

Table of Contents

Chapter 1: Module 1
Metasploit for Beginners
Chapter 2: Introduction to Metasploit and Supporting Tools
The importance of penetration testing
Vulnerability assessment versus penetration testing
The need for a penetration testing framework
Introduction to Metasploit
When to use Metasploit?
Making Metasploit effective and powerful using supplementary tools
Summary
Exercises
Chapter 3: Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up exploitable targets in a virtual environment
Summary
Exercises
Chapter 4: Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit
Metasploit components
Playing around with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercises
Chapter 5: Information Gathering with Metasploit
Information gathering and enumeration
Password sniffing
Advanced search with shodan
Summary
Exercises
Chapter 6: Vulnerability Hunting with Metasploit
Managing the database
NMAP
Nessus
Vulnerability detection with Metasploit auxiliaries
Auto exploitation with db_autopwn
Post exploitation
Summary
Exercises
Chapter 7: Client-side Attacks with Metasploit
Need of client-side attacks
The msfvenom utility
Social Engineering with Metasploit
Browser Autopwn
Summary
Exercises
Chapter 8: Web Application Scanning with Metasploit
Setting up a vulnerable application
Web application scanning using WMAP
Metasploit Auxiliaries for Web Application enumeration and scanning
Summary
Exercises
Chapter 9: Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Anti-forensics
Summary
Exercises
Chapter 10: Cyber Attack Management with Armitage
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Find and launch attacks
Summary
Exercises
Chapter 11: Extending Metasploit and Exploit Development
Exploit development concepts
Exploit templates and mixins
Adding external exploits to Metasploit
Summary
Exercises
Chapter 12: Module 2
Mastering Metasploit
Chapter 13: Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Predicting the test grounds
Setting up Kali Linux in virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Penetration testing an unknown network
Using databases in Metasploit
Modeling threats
Vulnerability analysis of VSFTPD 2.3.4 backdoor
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Vulnerability analysis of HFS 2.3
Maintaining access
Clearing tracks
Revising the approach
Summary
Chapter 14: Reinventing Metasploit
Ruby – the heart of Metasploit
Developing custom modules
Breakthrough meterpreter scripting
Working with RailGun
Summary
Chapter 15: The Exploit Formulation Process
The absolute basics of exploitation
Exploiting stack-based buffer overflows with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Summary
Chapter 16: Porting Exploits
Importing a stack-based buffer overflow exploit
Importing web-based RCE into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Summary
Chapter 17: Testing Services with Metasploit
The fundamentals of SCADA
Database exploitation
Testing VOIP services
Summary
Chapter 18: Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Summary
Chapter 19: Client-side Exploitation
Exploiting browsers for fun and profit
Metasploit and Arduino - the deadly combination
File format-based exploitation
Compromising Linux clients with Metasploit
Attacking Android with Metasploit
Summary
Chapter 20: Metasploit Extended
The basics of post exploitation with Metasploit
Basic post exploitation commands
Additional post exploitation modules
Advanced extended features of Metasploit
Summary
Chapter 21: Speeding up Penetration Testing
The loadpath command
Pacing up development using reload, edit and reload_all commands
Automating Social-Engineering Toolkit
Summary
Chapter 22: Visualizing with Armitage
The fundamentals of Armitage
Scanning networks and host management
Exploitation with Armitage
Post-exploitation with Armitage
Attacking on the client side with Armitage
Scripting Armitage
Summary
Further reading
Chapter 23: Module 3
Metasploit Bootcamp
Chapter 24: Getting Started with Metasploit
The fundamentals of Metasploit
Benefits of using Metasploit
Penetration testing with Metasploit
Phase-I: footprinting and scanning
Phase-II: gaining access to the target
Phase-III: maintaining access / post-exploitation / covering tracks
Summary and exercises
Chapter 25: Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning MSSQL servers with Metasploit
Scanning SNMP services with Metasploit
Scanning NetBIOS services with Metasploit
Scanning HTTP services with Metasploit
Scanning HTTPS/SSL with Metasploit
Summary and exercises
Chapter 26: Exploitation and Gaining Access
Setting up the practice environment
Exploiting applications with Metasploit
Converting exploits to Metasploit
Summary and exercises
Chapter 27: Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Metasploit and privilege escalation
Gaining persistent access with Metasploit
Summary
Chapter 28: Testing Services with Metasploit
Testing MySQL with Metasploit
Summary and exercises
Chapter 29: Fast-Paced Exploitation with Metasploit
Using pushm and popm commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Global variables in Metasploit
Wrapping up and generating manual reports
Summary and preparation for real-world scenarios
Chapter 30: Exploiting Real-World Challenges with Metasploit
Scenario 1: Mirror environment
Scenario 2: You can't see my meterpreter
Further roadmap and summary
Chapter 31: Bibliography
Chapter 32: Thanks page
About Packt Publishing
Writing for Packt

Book Details

ISBN 139781788624596
Paperback860 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Unity 2017 Game AI programming - Third Edition Book Cover
Unity 2017 Game AI programming - Third Edition
$ 39.99
$ 5.00
Wireshark Revealed: Essential Skills for IT Professionals Book Cover
Wireshark Revealed: Essential Skills for IT Professionals
$ 79.99
$ 5.00
Hands-On Chatbots and Conversational UI Development Book Cover
Hands-On Chatbots and Conversational UI Development
$ 31.99
$ 5.00
Continuous Deployment of Cloud-Native Applications [Video] Book Cover
Continuous Deployment of Cloud-Native Applications [Video]
$ 124.99
$ 5.00
Advanced Concepts of Multithreading with C++ [Video] Book Cover
Advanced Concepts of Multithreading with C++ [Video]
$ 124.99
$ 5.00
Practical Internet of Things with JavaScript Book Cover
Practical Internet of Things with JavaScript
$ 27.99
$ 5.00