Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Metasploit
Foreword
Preface
Acknowledgments
Special Thanks
Introduction
Why Do a Penetration Test?
Why Metasploit?
A Brief History of Metasploit
About This Book
What’s in the Book?
A Note on Ethics
1. The Absolute Basics of Penetration Testing
The Phases of the PTES
Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
Types of Penetration Tests
Overt Penetration Testing
Covert Penetration Testing
Vulnerability Scanners
Pulling It All Together
2. Metasploit Basics
Terminology
Exploit
Payload
Shellcode
Module
Listener
Metasploit Interfaces
MSFconsole
Starting MSFconsole
MSFcli
Sample Usage
Armitage
Running Armitage
Metasploit Utilities
MSFpayload
MSFencode
Nasm Shell
Metasploit Express and Metasploit Pro
Wrapping Up
3. Intelligence Gathering
Passive Information Gathering
whois Lookups
Netcraft
NSLookup
Active Information Gathering
Port Scanning with Nmap
Working with Databases in Metasploit
Importing Nmap Results into Metasploit
Advanced Nmap Scanning: TCP Idle Scan
Running Nmap from MSFconsole
Port Scanning with Metasploit
Targeted Scanning
Server Message Block Scanning
Hunting for Poorly Configured Microsoft SQL Servers
SSH Server Scanning
FTP Scanning
Simple Network Management Protocol Sweeping
Writing a Custom Scanner
Looking Ahead
4. Vulnerability Scanning
The Basic Vulnerability Scan
Scanning with NeXpose
Configuration
The New Site Wizard
The New Manual Scan Wizard
The New Report Wizard
Importing Your Report into the Metasploit Framework
Running NeXpose Within MSFconsole
Scanning with Nessus
Nessus Configuration
Creating a Nessus Scan Policy
Running a Nessus Scan
Nessus Reports
Importing Results into the Metasploit Framework
Scanning with Nessus from Within Metasploit
Specialty Vulnerability Scanners
Validating SMB Logins
Scanning for Open VNC Authentication
Scanning for Open X11 Servers
Using Scan Results for Autopwning
5. The Joy of Exploitation
Basic Exploitation
msf> show exploits
msf> show auxiliary
msf> show options
msf> show payloads
msf> show targets
info
set and unset
setg and unsetg
save
Exploiting Your First Machine
Exploiting an Ubuntu Machine
All-Ports Payloads: Brute Forcing Ports
Resource Files
Wrapping Up
6. Meterpreter
Compromising a Windows XP Virtual Machine
Scanning for Ports with Nmap
Attacking MS SQL
Brute Forcing MS SQL Server
The xp_cmdshell
Basic Meterpreter Commands
Capturing a Screenshot
sysinfo
Capturing Keystrokes
Dumping Usernames and Passwords
Extracting the Password Hashes
Dumping the Password Hash
Pass the Hash
Privilege Escalation
Token Impersonation
Using ps
Pivoting onto Other Systems
Using Meterpreter Scripts
Migrating a Process
Killing Antivirus Software
Obtaining System Password Hashes
Viewing All Traffic on a Target Machine
Scraping a System
Using Persistence
Leveraging Post Exploitation Modules
Upgrading Your Command Shell to Meterpreter
Manipulating Windows APIs with the Railgun Add-On
Wrapping Up
7. Avoiding Detection
Creating Stand-Alone Binaries with MSFpayload
Evading Antivirus Detection
Encoding with MSFencode
Multi-encoding
Custom Executable Templates
Launching a Payload Stealthily
Packers
A Final Note on Antivirus Software Evasion
8. Exploitation Using Client-Side Attacks
Browser-Based Exploits
How Browser-Based Exploits Work
Looking at NOPs
Using Immunity Debugger to Decipher NOP Shellcode
Exploring the Internet Explorer Aurora Exploit
File Format Exploits
Sending the Payload
Wrapping Up
9. Metasploit Auxiliary Modules
Auxiliary Modules in Use
Anatomy of an Auxiliary Module
Going Forward
10. The Social-Engineer Toolkit
Configuring the Social-Engineer Toolkit
Spear-Phishing Attack Vector
Web Attack Vectors
Java Applet
Client-Side Web Exploits
Username and Password Harvesting
Tabnabbing
Man-Left-in-the-Middle
Web Jacking
Putting It All Together with a Multipronged Attack
Infectious Media Generator
Teensy USB HID Attack Vector
Additional SET Features
Looking Ahead
11. Fast-Track
Microsoft SQL Injection
SQL Injector—Query String Attack
SQL Injector—POST Parameter Attack
Manual Injection
MSSQL Bruter
SQLPwnage
Binary-to-Hex Generator
Mass Client-Side Attack
A Few Words About Automation
12. Karmetasploit
Configuration
Launching the Attack
Credential Harvesting
Getting a Shell
Wrapping Up
13. Building Your Own Module
Getting Command Execution on Microsoft SQL
Exploring an Existing Metasploit Module
Creating a New Module
PowerShell
Running the Shell Exploit
Creating powershell_upload_exec
Conversion from Hex to Binary
Counters
Running the Exploit
The Power of Code Reuse
14. Creating Your Own Exploits
The Art of Fuzzing
Controlling the Structured Exception Handler
Hopping Around SEH Restrictions
Getting a Return Address
Bad Characters and Remote Code Execution
Wrapping Up
15. Porting Exploits to the Metasploit Framework
Assembly Language Basics
EIP and ESP Registers
The JMP Instruction Set
NOPs and NOP Slides
Porting a Buffer Overflow
Stripping the Existing Exploit
Configuring the Exploit Definition
Testing Our Base Exploit
Implementing Features of the Framework
Adding Randomization
Removing the NOP Slide
Removing the Dummy Shellcode
Our Completed Module
SEH Overwrite Exploit
Wrapping Up
16. Meterpreter Scripting
Meterpreter Scripting Basics
Meterpreter API
Printing Output
Base API Calls
Meterpreter Mixins
Rules for Writing Meterpreter Scripts
Creating Your Own Meterpreter Script
Wrapping Up
17. Simulated Penetration Test
Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Exploitation
Customizing MSFconsole
Post Exploitation
Scanning the Metasploitable System
Identifying Vulnerable Services
Attacking Apache Tomcat
Attacking Obscure Services
Covering Your Tracks
Wrapping Up
A. Configuring Your Target Machines
Installing and Setting Up the System
Booting Up the Linux Virtual Machines
Setting Up a Vulnerable Windows XP Installation
Configuring Your Web Server on Windows XP
Building a SQL Server
Creating a Vulnerable Web Application
Updating Back|Track
B. Cheat Sheet
MSFconsole Commands
Meterpreter Commands
MSFpayload Commands
MSFencode Commands
MSFcli Commands
MSF, Ninja, Fu
MSFvenom
Meterpreter Post Exploitation Commands
Index
About the Authors
Colophon
C. Updates
← Prev
Back
Next →
← Prev
Back
Next →