Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Metasploit Bootcamp
  • Table Of Contents Toc
  • Feedback & Rating feedback
Metasploit Bootcamp

Metasploit Bootcamp

By : Nipun Jaswal
4.4 (8)
close
close
Metasploit Bootcamp

Metasploit Bootcamp

4.4 (8)
By: Nipun Jaswal

Overview of this book

The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user’s preparation over the past six days and ends with a Metasploit challenge to solve.
Table of Contents (8 chapters)
close
close
close
Preface
chevron up
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Getting Started with Metasploit
Getting Started with Metasploit
Setting up Kali Linux in a virtual environment
The fundamentals of Metasploit
Benefits of using Metasploit
Penetration testing with Metasploit
Phase-I: footprinting and scanning
Phase-II: gaining access to the target
Phase-III: maintaining access / post-exploitation / covering tracks
Summary and exercises
2
Identifying and Scanning Targets
Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning MSSQL servers with Metasploit
Scanning SNMP services with Metasploit
Scanning NetBIOS services with Metasploit
Scanning HTTP services with Metasploit
Scanning HTTPS/SSL with Metasploit
Module building essentials
Disassembling existing HTTP server scanner modules
Summary and exercises
3
Exploitation and Gaining Access
Exploitation and Gaining Access
Setting up the practice environment
Exploiting applications with Metasploit
Exploiting browsers for fun and profit
Attacking Android with Metasploit
Converting exploits to Metasploit
Summary and exercises
4
Post-Exploitation with Metasploit
Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Metasploit and privilege escalation
Gaining persistent access with Metasploit
Summary
5
Testing Services with Metasploit
Testing Services with Metasploit
Testing MySQL with Metasploit
The fundamentals of SCADA
Testing Voice over Internet Protocol services
Summary and exercises
6
Fast-Paced Exploitation with Metasploit
Fast-Paced Exploitation with Metasploit
Using pushm and popm commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Global variables in Metasploit
Wrapping up and generating manual reports
Summary and preparation for real-world scenarios
7
Exploiting Real-World Challenges with Metasploit
Exploiting Real-World Challenges with Metasploit
Scenario 1: Mirror environment
Scenario 2: You can't see my meterpreter
Further roadmap and summary

What this book covers

Chapter 1, Getting Started with Metasploit, takes us through the absolute basics of doing a penetration test with Metasploit. It helps in establishing a plan and setting up the environment for testing. Moreover, it takes us through the various stages of a penetration test systematically, while covering some cutting edge post-exploitation modules. It further discusses the advantages of using Metasploit over traditional and manual testing.

Chapter 2, Identifying and Scanning Targets, covers intelligence gathering and scanning using Metasploit. The chapter focuses on scanning a variety of different services such as FTP, MSSQL, SNMP, HTTP, SSL, NetBIOS, and so on. The chapter also dismantles the format, the inner working of scanning modules, and sheds light on libraries used for building modules.

Chapter 3, Exploitation and Gaining Access, moves our discussion to exploiting real-world software. The chapter mixes up a combination of critical and med/low entropy vulnerabilities, and presents them together as a challenge. The chapter also discusses escalation and better quality of access, while discussing challenging topics such as Android and browser exploitation. At the end, the chapter discusses techniques to convert a non-Metasploit exploit to a Metasploit-compatible exploit module.

Chapter 4, Post-Exploitation with Metasploit, talks about the basic and advanced post-exploitation features of Metasploit. The chapter discusses the essential post-exploitation features available on the meterpreter payload and advanced and hardcore post-exploitation, while storming through privilege escalation for both Windows and Linux operating systems.

Chapter 5, Testing Services with Metasploit, moves the discussion on to performing a penetration test with various services. This chapter covers some important modules in Metasploit that help in testing SCADA, MySQL databases, and VOIP services.

Chapter 6, Fast-Paced Exploitation with Metasploit, moves the discussion on to building strategies and scripts that expedite the penetration testing process. Not only does this chapter help with vital know-how about improving the penetration testing process, it also uncovers many features of Metasploit that save time while scripting exploits. At the end, the chapter also discusses automating the post-exploitation process.

Chapter 7, Exploiting Real-World Challenges with Metasploit, moves the action to an environment simulating real-world problems. This chapter focuses on techniques used in the day-to-day life of a penetration tester, which also means where the exploitation is not just a piece of cake; you will have to earn the means to exploit the scenarios. Techniques such as brute-force, identifying applications, pivoting to internal networks, cracking hashes, finding passwords in clear text, evading antivirus detection, forming complex SQL queries, and enumerating data from DBs are a few of the techniques that you will learn in this chapter.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete