evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework Metasploit Penetration testing cookbook

Over 100 recipes for penetration testing using Metasploit and virtual machines About This Book Special focus on the latest operating systems, exploits, and penetration testing techniques Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures Automate post exploitation wi...

Full description

Bibliographic Details
Other Authors: Teixeira, Daniel, author (author), Singh, Abhinav, author, Jaswal, Nipun, author
Format: eBook
Language:Inglés
Published: Birmingham, [England] ; Mumbai, [India] : Packt Publishing 2018.
Edition:Third edition
Subjects:
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631593006719
Table of Contents:
  • Cover
  • Copyright and Credits
  • Contributors
  • Packt Upsell
  • Table of Contents
  • Preface
  • Chapter 1: Metasploit Quick Tips for Security Professionals
  • Introduction
  • Installing Metasploit on Windows
  • Getting ready
  • How to do it...
  • Installing Linux and macOS
  • How to do it...
  • Installing Metasploit on macOS
  • How to do it...
  • Using Metasploit in Kali Linux
  • Getting ready
  • How to do it...
  • There's more...
  • Upgrading Kali Linux
  • Setting up a penetration-testing lab
  • Getting ready
  • How to do it...
  • How it works...
  • Setting up SSH connectivity
  • Getting ready
  • How to do it...
  • Connecting to Kali using SSH
  • How to do it...
  • Configuring PostgreSQL
  • Getting ready
  • How to do it...
  • There's more...
  • Creating  workspaces
  • How to do it...
  • Using the database
  • Getting ready
  • How to do it...
  • Using the hosts command
  • How to do it...
  • Understanding the services command
  • How to do it...
  • Chapter 2: Information Gathering and Scanning
  • Introduction
  • Passive information gathering with Metasploit
  • Getting ready
  • How to do it...
  • DNS Record Scanner and Enumerator
  • There's more...
  • CorpWatch Company Name Information Search
  • Search Engine Subdomains Collector
  • Censys Search
  • Shodan Search
  • Shodan Honeyscore Client
  • Search Engine Domain Email Address Collector
  • Active information gathering with Metasploit
  • How to do it...
  • TCP Port Scanner
  • TCP SYN Port Scanner
  • Port scanning-the Nmap way
  • Getting ready
  • How to do it...
  • How it works...
  • There's more...
  • Operating system and version detection
  • Increasing anonymity
  • Port scanning-the db_nmap way
  • Getting ready
  • How to do it...
  • Nmap Scripting Engine
  • Host discovery with ARP Sweep
  • Getting ready
  • How to do it...
  • UDP Service Sweeper
  • How to do it...
  • SMB scanning and enumeration.
  • How to do it...
  • Detecting SSH versions with the SSH Version Scanner
  • Getting ready
  • How to do it...
  • FTP scanning
  • Getting ready
  • How to do it...
  • SMTP enumeration
  • Getting ready
  • How to do it...
  • SNMP enumeration
  • Getting ready
  • How to do it...
  • HTTP scanning
  • Getting ready
  • How to do it...
  • WinRM scanning and brute forcing
  • Getting ready
  • How to do it...
  • Integrating with Nessus
  • Getting ready
  • How to do it...
  • Integrating with NeXpose
  • Getting ready
  • How to do it...
  • Integrating with OpenVAS
  • How to do it...
  • Chapter 3: Server-Side Exploitation
  • Introduction
  • Getting to know MSFconsole
  • MSFconsole commands
  • Exploiting a Linux server
  • Getting ready
  • How to do it...
  • How it works...
  • What about the payload?
  • SQL injection
  • Getting ready
  • How to do it...
  • Types of shell
  • Getting ready
  • How to do it...
  • Exploiting a Windows Server machine
  • Getting ready
  • How to do it...
  • Exploiting common services
  • Getting ready
  • How to do it
  • MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
  • Getting ready
  • How to do it...
  • MS17-010 EternalRomance/EternalSynergy/EternalChampion
  • How to do it...
  • Installing backdoors
  • Getting ready
  • How to do it...
  • Denial of Service
  • Getting ready
  • How to do it...
  • How to do it...
  • Chapter 4: Meterpreter
  • Introduction
  • Understanding the Meterpreter core commands
  • Getting ready
  • How to do it...
  • How it works...
  • Understanding the Meterpreter filesystem commands
  • How to do it...
  • How it works...
  • Understanding Meterpreter networking commands
  • Getting ready
  • How to do it...
  • How it works...
  • Understanding the Meterpreter system commands
  • How to do it...
  • Setting up multiple communication channels with the target
  • Getting ready
  • How to do it...
  • How it works.
  • Meterpreter anti-forensics
  • Getting ready
  • How to do it...
  • How it works...
  • There's more...
  • The getdesktop and keystroke sniffing
  • Getting ready
  • How to do it...
  • There's more...
  • Using a scraper Meterpreter script
  • Getting ready
  • How to do it...
  • How it works...
  • Scraping the system using winenum
  • How to do it...
  • Automation with AutoRunScript
  • How to do it...
  • Meterpreter resource scripts
  • How to do it...
  • Meterpreter timeout control
  • How to do it...
  • Meterpreter sleep control
  • How to do it...
  • Meterpreter transports
  • How to do it...
  • Interacting with the registry
  • Getting ready
  • How to do it...
  • Loading framework plugins
  • How to do it...
  • Meterpreter API and mixins
  • Getting ready
  • How to do it...
  • How it works...
  • Railgun-converting Ruby into a weapon
  • Getting ready
  • How to do it...
  • How it works...
  • There's more...
  • Adding DLL and function definitions to Railgun
  • How to do it...
  • How it works...
  • Injecting the VNC server remotely
  • Getting ready
  • How to do it...
  • Enabling Remote Desktop
  • How to do it...
  • How it works...
  • Chapter 5: Post-Exploitation
  • Introduction
  • Post-exploitation modules
  • Getting ready
  • How to do it...
  • How it works...
  • How to do it...
  • How it works...
  • Bypassing UAC
  • Getting ready
  • How to do it...
  • Dumping the contents of the SAM database
  • Getting ready
  • How to do it...
  • Passing the hash
  • How to do it...
  • Incognito attacks with Meterpreter
  • How to do it...
  • Using Mimikatz
  • Getting ready
  • How to do it...
  • There's more...
  • Setting up a persistence with backdoors
  • Getting ready
  • How to do it...
  • Becoming TrustedInstaller
  • How to do it...
  • Backdooring Windows binaries
  • How to do it...
  • Pivoting with Meterpreter
  • Getting ready
  • How to do it...
  • How it works.
  • Port forwarding with Meterpreter
  • Getting ready
  • How to do it...
  • Credential harvesting
  • How to do it...
  • Enumeration modules
  • How to do it...
  • Autoroute and socks proxy server
  • How to do it...
  • Analyzing an existing post-exploitation module
  • Getting ready
  • How to do it...
  • How it works...
  • Writing a post-exploitation module
  • Getting ready
  • How to do it...
  • Chapter 6: Using MSFvenom
  • Introduction
  • Payloads and payload options
  • Getting ready
  • How to do it...
  • Encoders
  • How to do it...
  • There's more...
  • Output formats
  • How to do it...
  • Templates
  • Getting ready
  • How to do it...
  • Meterpreter payloads with trusted certificates
  • Getting ready
  • How to do it...
  • There's more...
  • Chapter 7: Client-Side Exploitation and Antivirus Bypass
  • Introduction
  • Exploiting a Windows 10 machine
  • Getting ready
  • How to do it...
  • Bypassing antivirus and IDS/IPS
  • How to do it...
  • Metasploit macro exploits
  • How to do it...
  • There's more...
  • Human Interface Device attacks
  • Getting ready
  • How to do it...
  • HTA attack
  • How to do it...
  • Backdooring executables using a MITM attack
  • Getting ready
  • How to do it...
  • Creating a Linux trojan
  • How to do it...
  • Creating an Android backdoor
  • Getting ready
  • How to do it...
  • There's more...
  • Chapter 8: Social-Engineer Toolkit
  • Introduction
  • Getting started with the Social-Engineer Toolkit
  • Getting ready
  • How to do it...
  • How it works...
  • Working with the spear-phishing attack vector
  • How to do it...
  • Website attack vectors
  • How to do it...
  • Working with the multi-attack web method
  • How to do it...
  • Infectious media generator
  • How to do it...
  • How it works...
  • Chapter 9: Working with Modules for Penetration Testing
  • Introduction
  • Working with auxiliary modules
  • Getting ready
  • How to do it.
  • DoS attack modules
  • How to do it...
  • HTTP
  • SMB
  • Post-exploitation modules
  • Getting ready
  • How to do it...
  • Understanding the basics of module building
  • How to do it...
  • Analyzing an existing module
  • Getting ready
  • How to do it...
  • Building your own post-exploitation module
  • Getting ready
  • How to do it...
  • Building your own auxiliary module
  • Getting ready
  • How to do it...
  • Chapter 10: Exploring Exploits
  • Introduction
  • Common exploit mixins
  • How to do it...
  • Exploiting the module structure
  • Getting ready
  • How to do it...
  • How it works...
  • Using MSFvenom to generate shellcode
  • Getting ready
  • How to do it...
  • Converting an exploit to a Metasploit module
  • Getting ready
  • How to do it...
  • Porting and testing the new exploit module
  • Getting ready
  • How to do it...
  • Fuzzing with Metasploit
  • Getting ready
  • How to do it...
  • Writing a simple fuzzer
  • How to do it...
  • How it works...
  • Chapter 11: Wireless Network Penetration Testing
  • Introduction
  • Getting ready
  • Metasploit and wireless
  • How to do it...
  • Understanding an evil twin attack
  • Getting ready
  • How to do it...
  • Configuring Karmetasploit
  • Getting ready
  • How to do it...
  • Wireless MITM attacks
  • Getting ready
  • How to do it...
  • SMB relay attacks
  • How to do it...
  • There's more...
  • Chapter 12: Cloud Penetration Testing
  • Introduction
  • Metasploit in the cloud
  • Getting ready
  • How to do it...
  • There's more...
  • Metasploit PHP Hop
  • Getting ready
  • How to do it...
  • Phishing from the cloud
  • Getting ready
  • How to do it...
  • Setting up a cloud penetration testing lab
  • How to do it...
  • There's more...
  • Chapter 13: Best Practices
  • Introduction
  • Best practices
  • How to do it...
  • Guided partitioning with encrypted LVM
  • Using Metasploit over the Tor network
  • Getting ready.
  • How to do it.