Mastering Metasploit
Nipun Jaswal更新时间:2021-06-25 21:36:48
最新章节:Leave a review - let other readers know what you think封面
版权信息
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Threat modeling
Vulnerability analysis
Exploitation and post-exploitation
Reporting
Mounting the environment
Setting up Kali Linux in a virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Recalling the basics of Metasploit
Benefits of penetration testing using Metasploit
Open source
Support for testing large networks and natural naming conventions
Smart payload generation and switching mechanism
Cleaner exits
The GUI environment
Case study - diving deep into an unknown network
Gathering intelligence
Using databases in Metasploit
Modeling threats
Vulnerability analysis - arbitrary file upload (unauthenticated)
Attacking mechanism on the PhpCollab 2.5.1 application
Exploitation and gaining access
Escalating privileges with local root exploits
Maintaining access with Metasploit
Post-exploitation and pivoting
Vulnerability analysis - SEH based buffer overflow
Exploiting human errors by compromising Password Managers
Revisiting the case study
Revising the approach
Summary and exercises
Reinventing Metasploit
Ruby - the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell
Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings
The substring function
The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby
Arrays in Ruby
Methods in Ruby
Decision-making operators
Loops in Ruby
Regular expressions
Wrapping up with Ruby basics
Developing custom modules
Building a module in a nutshell
The architecture of the Metasploit framework
Understanding the file structure
The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling the existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and functions
Using msftidy
Writing out a custom SSH-authentication with a brute force attack
Rephrasing the equation
Writing a drive-disabler post-exploitation module
Writing a credential harvester post-exploitation module
Breakthrough Meterpreter scripting
Essentials of Meterpreter scripting
Setting up persistent access
API calls and mixins
Fabricating custom Meterpreter scripts
Working with RailGun
Interactive Ruby shell basics
Understanding RailGun and its scripting
Manipulating Windows API calls
Fabricating sophisticated RailGun scripts
Summary and exercises
The Exploit Formulation Process
The absolute basics of exploitation
The basics
The architecture
System organization basics
Registers
Exploiting stack-based buffer overflows with Metasploit
Crashing the vulnerable application
Building the exploit base
Calculating the offset
Using the pattern_create tool
Using the pattern_offset tool
Finding the JMP ESP address
Using the Immunity Debugger to find executable modules
Using msfpescan
Stuffing the space
Relevance of NOPs
Determining bad characters
Determining space limitations
Writing the Metasploit exploit module
Exploiting SEH-based buffer overflows with Metasploit
Building the exploit base
Calculating the offset
Using the pattern_create tool
Using the pattern_offset tool
Finding the POP/POP/RET address
The Mona script
Using msfpescan
Writing the Metasploit SEH exploit module
Using the NASM shell for writing assembly instructions
Bypassing DEP in Metasploit modules
Using msfrop to find ROP gadgets
Using Mona to create ROP chains
Writing the Metasploit exploit module for DEP bypass
Other protection mechanisms
Summary
Porting Exploits
Importing a stack-based buffer overflow exploit
Gathering the essentials
Generating a Metasploit module
Exploiting the target application with Metasploit
Implementing a check method for exploits in Metasploit
Importing web-based RCE into Metasploit
Gathering the essentials
Grasping the important web functions
The essentials of the GET/POST method
Importing an HTTP exploit into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Gathering the essentials
Generating the Metasploit module
Summary
Testing Services with Metasploit
Fundamentals of testing SCADA systems
The fundamentals of ICS and its components
The significance of ICS-SCADA
Exploiting HMI in SCADA servers
Fundamentals of testing SCADA
SCADA-based exploits
Attacking the Modbus protocol
Securing SCADA
Implementing secure SCADA
Restricting networks
Database exploitation
SQL server
Scanning MSSQL with Metasploit modules
Brute forcing passwords
Locating/capturing server passwords
Browsing the SQL server
Post-exploiting/executing system commands
Reloading the xp_cmdshell functionality
Running SQL-based queries
Testing VOIP services
VOIP fundamentals
An introduction to PBX
Types of VOIP services
Self-hosted network
Hosted services
SIP service providers
Fingerprinting VOIP services
Scanning VOIP services
Spoofing a VOIP call
Exploiting VOIP
About the vulnerability
Exploiting the application
Summary
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Interaction with the employees and end users
Gathering intelligence
Example environment being tested
Vulnerability scanning with OpenVAS using Metasploit
Modeling the threat areas
Gaining access to the target
Exploiting the Active Directory (AD) with Metasploit
Finding the domain controller
Enumerating shares in the Active Directory network
Enumerating the AD computers
Enumerating signed-in users in the Active Directory
Enumerating domain tokens
Using extapi in Meterpreter
Enumerating open Windows using Metasploit
Manipulating the clipboard
Using ADSI management commands in Metasploit
Using PsExec exploit in the network
Using Kiwi in Metasploit
Using cachedump in Metasploit
Maintaining access to AD
Generating manual reports
The format of the report
The executive summary
Methodology/network admin-level report
Additional sections
Summary
Client-Side Exploitation
Exploiting browsers for fun and profit
The browser autopwn attack
The technology behind the browser autopwn attack
Attacking browsers with Metasploit browser autopwn
Compromising the clients of a website
Injecting the malicious web scripts
Hacking the users of a website
The autopwn with DNS spoofing and MITM attacks
Tricking victims with DNS hijacking
Using Kali NetHunter with browser exploits
Metasploit and Arduino - the deadly combination
File format-based exploitation
PDF-based exploits
Word-based exploits
Attacking Android with Metasploit
Summary and exercises
Metasploit Extended
Basics of post-exploitation with Metasploit
Basic post-exploitation commands
The help menu
The background command
Reading from a channel
File operation commands
Desktop commands
Screenshots and camera enumeration
Advanced post-exploitation with Metasploit
Obtaining system privileges
Changing access modification and creation time with timestomp
Additional post-exploitation modules
Gathering wireless SSIDs with Metasploit
Gathering Wi-Fi passwords with Metasploit
Getting the applications list
Gathering Skype passwords
Gathering USB history
Searching files with Metasploit
Wiping logs from the target with the clearev command
Advanced extended features of Metasploit
Using pushm and popm commands
Speeding up development using the reload edit and reload_all commands
Making use of resource scripts
Using AutoRunScript in Metasploit
Using the multiscript module in AutoRunScript option
Privilege escalation using Metasploit
Finding passwords in clear text using mimikatz
Sniffing traffic with Metasploit
Host file injection with Metasploit
Phishing Windows login passwords
Summary and exercises
Evasion with Metasploit
Evading Meterpreter using C wrappers and custom encoders
Writing a custom Meterpreter encoder/decoder in C
Evading intrusion detection systems with Metasploit
Using random cases for fun and profit
Using fake relatives to fool IDS systems
Bypassing Windows firewall blocked ports
Using the reverse Meterpreter on all ports
Summary and exercises
Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions
Maintaining access using vulnerabilities in common software
DLL search order hijacking
Using code caves for hiding backdoors
Harvesting files from target systems
Using venom for obfuscation
Covering tracks with anti-forensics modules
Summary
Visualizing with Armitage
The fundamentals of Armitage
Getting started
Touring the user interface
Managing the workspace
Scanning networks and host management
Modeling out vulnerabilities
Finding the match
Exploitation with Armitage
Post-exploitation with Armitage
Red teaming with Armitage team server
Scripting Armitage
The fundamentals of Cortana
Controlling Metasploit
Post-exploitation with Cortana
Building a custom menu in Cortana
Working with interfaces
Summary
Tips and Tricks
Automation using Minion script
Using connect as Netcat
Shell upgrades and background sessions
Naming conventions
Changing the prompt and making use of database variables
Saving configurations in Metasploit
Using inline handler and renaming jobs
Running commands on multiple Meterpreters
Automating the Social Engineering Toolkit
Cheat sheets on Metasploit and penetration testing
Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-25 21:36:48