Metasploit for beginners create a threat-free environment with the best-in-class tool
An easy to digest practical guide to Metasploit covering all aspects of the framework from installation, configuration, and vulnerability hunting to advanced client side attacks and anti-forensics. About This Book Carry out penetration testing in highly-secured environments with Metasploit Learn to...
| Other Authors: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Birmingham, England ; Mumbai, [India] :
Packt Publishing
2017.
|
| Edition: | 1st edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631292206719 |
Table of Contents:
- Cover
- Copyright
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Table of Contents
- Preface
- Chapter 1: Introduction to Metasploit and Supporting Tools
- The importance of penetration testing
- Vulnerability assessment versus penetration testing
- The need for a penetration testing framework
- Introduction to Metasploit
- When to use Metasploit?
- Making Metasploit effective and powerful using supplementary tools
- Nessus
- NMAP
- w3af
- Armitage
- Summary
- Exercises
- Chapter 2: Setting up Your Environment
- Using the Kali Linux virtual machine - the easiest way
- Installing Metasploit on Windows
- Installing Metasploit on Linux
- Setting up exploitable targets in a virtual environment
- Summary
- Exercises
- Chapter 3: Metasploit Components and Environment Configuration
- Anatomy and structure of Metasploit
- Metasploit components
- Auxiliaries
- Exploits
- Encoders
- Payloads
- Post
- Playing around with msfconsole
- Variables in Metasploit
- Updating the Metasploit Framework
- Summary
- Exercises
- Chapter 4: Information Gathering with Metasploit
- Information gathering and enumeration
- Transmission Control Protocol
- User Datagram Protocol
- File Transfer Protocol
- Server Message Block
- Hypertext Transfer Protocol
- Simple Mail Transfer Protocol
- Secure Shell
- Domain Name System
- Remote Desktop Protocol
- Password sniffing
- Advanced search with shodan
- Summary
- Exercises
- Chapter 5: Vulnerability Hunting with Metasploit
- Managing the database
- Work spaces
- Importing scans
- Backing up the database
- NMAP
- NMAP scanning approach
- Nessus
- Scanning using Nessus from msfconsole
- Vulnerability detection with Metasploit auxiliaries
- Auto exploitation with db_autopwn
- Post exploitation
- What is meterpreter?.
- Searching for content
- Screen capture
- Keystroke logging
- Dumping the hashes and cracking with JTR
- Shell command
- Privilege escalation
- Summary
- Exercises
- Chapter 6: Client-side Attacks with Metasploit
- Need of client-side attacks
- What are client-side attacks?
- What is a Shellcode?
- What is a reverse shell?
- What is a bind shell?
- What is an encoder?
- The msfvenom utility
- Generating a payload with msfvenom
- Social Engineering with Metasploit
- Generating malicious PDF
- Creating infectious media drives
- Browser Autopwn
- Summary
- Exercises
- Chapter 7: Web Application Scanning with Metasploit
- Setting up a vulnerable application
- Web application scanning using WMAP
- Metasploit Auxiliaries for Web Application enumeration and scanning
- Summary
- Exercises
- Chapter 8: Antivirus Evasion and Anti-Forensics
- Using encoders to avoid AV detection
- Using packagers and encrypters
- What is a sandbox?
- Anti-forensics
- Timestomp
- clearev
- Summary
- Exercises
- Chapter 9: Cyber Attack Management with Armitage
- What is Armitage?
- Starting the Armitage console
- Scanning and enumeration
- Find and launch attacks
- Summary
- Exercises
- Chapter 10: Extending Metasploit and Exploit Development
- Exploit development concepts
- What is a buffer overflow?
- What are fuzzers?
- Exploit templates and mixins
- What are Metasploit mixins?
- Adding external exploits to Metasploit
- Summary
- Exercises
- Index.
