Mastering metasploit take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit
Discover the next level of network defense with the Metasploit framework About This Book Gain the skills to carry out penetration testing in complex and highly-secured environments Become a master using the Metasploit framework, develop exploits, and generate modules for a variety of real-world scen...
| Other Authors: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Birmingham :
Packt Publishing
[2018]
|
| Edition: | Third edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630736206719 |
Table of Contents:
- Cover
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Approaching a Penetration Test Using Metasploit
- Organizing a penetration test
- Preinteractions
- Intelligence gathering/reconnaissance phase
- Threat modeling
- Vulnerability analysis
- Exploitation and post-exploitation
- Reporting
- Mounting the environment
- Setting up Kali Linux in a virtual environment
- The fundamentals of Metasploit
- Conducting a penetration test with Metasploit
- Recalling the basics of Metasploit
- Benefits of penetration testing using Metasploit
- Open source
- Support for testing large networks and natural naming conventions
- Smart payload generation and switching mechanism
- Cleaner exits
- The GUI environment
- Case study - diving deep into an unknown network
- Gathering intelligence
- Using databases in Metasploit
- Modeling threats
- Vulnerability analysis - arbitrary file upload (unauthenticated)
- Attacking mechanism on the PhpCollab 2.5.1 application
- Exploitation and gaining access
- Escalating privileges with local root exploits
- Maintaining access with Metasploit
- Post-exploitation and pivoting
- Vulnerability analysis - SEH based buffer overflow
- Exploiting human errors by compromising Password Managers
- Revisiting the case study
- Revising the approach
- Summary and exercises
- Chapter 2: Reinventing Metasploit
- Ruby - the heart of Metasploit
- Creating your first Ruby program
- Interacting with the Ruby shell
- Defining methods in the shell
- Variables and data types in Ruby
- Working with strings
- Concatenating strings
- The substring function
- The split function
- Numbers and conversions in Ruby
- Conversions in Ruby
- Ranges in Ruby
- Arrays in Ruby
- Methods in Ruby
- Decision-making operators
- Loops in Ruby.
- Regular expressions
- Wrapping up with Ruby basics
- Developing custom modules
- Building a module in a nutshell
- The architecture of the Metasploit framework
- Understanding the file structure
- The libraries layout
- Understanding the existing modules
- The format of a Metasploit module
- Disassembling the existing HTTP server scanner module
- Libraries and the function
- Writing out a custom FTP scanner module
- Libraries and functions
- Using msftidy
- Writing out a custom SSH-authentication with a brute force attack
- Rephrasing the equation
- Writing a drive-disabler post-exploitation module
- Writing a credential harvester post-exploitation module
- Breakthrough Meterpreter scripting
- Essentials of Meterpreter scripting
- Setting up persistent access
- API calls and mixins
- Fabricating custom Meterpreter scripts
- Working with RailGun
- Interactive Ruby shell basics
- Understanding RailGun and its scripting
- Manipulating Windows API calls
- Fabricating sophisticated RailGun scripts
- Summary and exercises
- Chapter 3: The Exploit Formulation Process
- The absolute basics of exploitation
- The basics
- The architecture
- System organization basics
- Registers
- Exploiting stack-based buffer overflows with Metasploit
- Crashing the vulnerable application
- Building the exploit base
- Calculating the offset
- Using the pattern_create tool
- Using the pattern_offset tool
- Finding the JMP ESP address
- Using the Immunity Debugger to find executable modules
- Using msfpescan
- Stuffing the space
- Relevance of NOPs
- Determining bad characters
- Determining space limitations
- Writing the Metasploit exploit module
- Exploiting SEH-based buffer overflows with Metasploit
- Building the exploit base
- Calculating the offset
- Using the pattern_create tool
- Using the pattern_offset tool.
- Finding the POP/POP/RET address
- The Mona script
- Using msfpescan
- Writing the Metasploit SEH exploit module
- Using the NASM shell for writing assembly instructions
- Bypassing DEP in Metasploit modules
- Using msfrop to find ROP gadgets
- Using Mona to create ROP chains
- Writing the Metasploit exploit module for DEP bypass
- Other protection mechanisms
- Summary
- Chapter 4: Porting Exploits
- Importing a stack-based buffer overflow exploit
- Gathering the essentials
- Generating a Metasploit module
- Exploiting the target application with Metasploit
- Implementing a check method for exploits in Metasploit
- Importing web-based RCE into Metasploit
- Gathering the essentials
- Grasping the important web functions
- The essentials of the GET/POST method
- Importing an HTTP exploit into Metasploit
- Importing TCP server/browser-based exploits into Metasploit
- Gathering the essentials
- Generating the Metasploit module
- Summary
- Chapter 5: Testing Services with Metasploit
- Fundamentals of testing SCADA systems
- The fundamentals of ICS and its components
- The significance of ICS-SCADA
- Exploiting HMI in SCADA servers
- Fundamentals of testing SCADA
- SCADA-based exploits
- Attacking the Modbus protocol
- Securing SCADA
- Implementing secure SCADA
- Restricting networks
- Database exploitation
- SQL server
- Scanning MSSQL with Metasploit modules
- Brute forcing passwords
- Locating/capturing server passwords
- Browsing the SQL server
- Post-exploiting/executing system commands
- Reloading the xp_cmdshell functionality
- Running SQL-based queries
- Testing VOIP services
- VOIP fundamentals
- An introduction to PBX
- Types of VOIP services
- Self-hosted network
- Hosted services
- SIP service providers
- Fingerprinting VOIP services
- Scanning VOIP services
- Spoofing a VOIP call.
- Exploiting VOIP
- About the vulnerability
- Exploiting the application
- Summary
- Chapter 6: Virtual Test Grounds and Staging
- Performing a penetration test with integrated Metasploit services
- Interaction with the employees and end users
- Gathering intelligence
- Example environment being tested
- Vulnerability scanning with OpenVAS using Metasploit
- Modeling the threat areas
- Gaining access to the target
- Exploiting the Active Directory (AD) with Metasploit
- Finding the domain controller
- Enumerating shares in the Active Directory network
- Enumerating the AD computers
- Enumerating signed-in users in the Active Directory
- Enumerating domain tokens
- Using extapi in Meterpreter
- Enumerating open Windows using Metasploit
- Manipulating the clipboard
- Using ADSI management commands in Metasploit
- Using PsExec exploit in the network
- Using Kiwi in Metasploit
- Using cachedump in Metasploit
- Maintaining access to AD
- Generating manual reports
- The format of the report
- The executive summary
- Methodology/network admin-level report
- Additional sections
- Summary
- Chapter 7: Client-Side Exploitation
- Exploiting browsers for fun and profit
- The browser autopwn attack
- The technology behind the browser autopwn attack
- Attacking browsers with Metasploit browser autopwn
- Compromising the clients of a website
- Injecting the malicious web scripts
- Hacking the users of a website
- The autopwn with DNS spoofing and MITM attacks
- Tricking victims with DNS hijacking
- Using Kali NetHunter with browser exploits
- Metasploit and Arduino - the deadly combination
- File format-based exploitation
- PDF-based exploits
- Word-based exploits
- Attacking Android with Metasploit
- Summary and exercises
- Chapter 8: Metasploit Extended
- Basics of post-exploitation with Metasploit.
- Basic post-exploitation commands
- The help menu
- The background command
- Reading from a channel
- File operation commands
- Desktop commands
- Screenshots and camera enumeration
- Advanced post-exploitation with Metasploit
- Obtaining system privileges
- Changing access, modification, and creation time with timestomp
- Additional post-exploitation modules
- Gathering wireless SSIDs with Metasploit
- Gathering Wi-Fi passwords with Metasploit
- Getting the applications list
- Gathering Skype passwords
- Gathering USB history
- Searching files with Metasploit
- Wiping logs from the target with the clearev command
- Advanced extended features of Metasploit
- Using pushm and popm commands
- Speeding up development using the reload, edit, and reload_all commands
- Making use of resource scripts
- Using AutoRunScript in Metasploit
- Using the multiscript module in AutoRunScript option
- Privilege escalation using Metasploit
- Finding passwords in clear text using mimikatz
- Sniffing traffic with Metasploit
- Host file injection with Metasploit
- Phishing Windows login passwords
- Summary and exercises
- Chapter 9: Evasion with Metasploit
- Evading Meterpreter using C wrappers and custom encoders
- Writing a custom Meterpreter encoder/decoder in C
- Evading intrusion detection systems with Metasploit
- Using random cases for fun and profit
- Using fake relatives to fool IDS systems
- Bypassing Windows firewall blocked ports
- Using the reverse Meterpreter on all ports
- Summary and exercises
- Chapter 10: Metasploit for Secret Agents
- Maintaining anonymity in Meterpreter sessions
- Maintaining access using vulnerabilities in common software
- DLL search order hijacking
- Using code caves for hiding backdoors
- Harvesting files from target systems
- Using venom for obfuscation.
- Covering tracks with anti-forensics modules.
