Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Metasploit
Foreword Preface Acknowledgments
Special Thanks
Introduction
Why Do a Penetration Test? Why Metasploit? A Brief History of Metasploit About This Book What’s in the Book? A Note on Ethics
1. The Absolute Basics of Penetration Testing
The Phases of the PTES
Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting
Types of Penetration Tests
Overt Penetration Testing Covert Penetration Testing
Vulnerability Scanners Pulling It All Together
2. Metasploit Basics
Terminology
Exploit Payload Shellcode Module Listener
Metasploit Interfaces
MSFconsole
Starting MSFconsole
MSFcli
Sample Usage
Armitage
Running Armitage
Metasploit Utilities
MSFpayload MSFencode Nasm Shell
Metasploit Express and Metasploit Pro Wrapping Up
3. Intelligence Gathering
Passive Information Gathering
whois Lookups Netcraft NSLookup
Active Information Gathering
Port Scanning with Nmap Working with Databases in Metasploit
Importing Nmap Results into Metasploit Advanced Nmap Scanning: TCP Idle Scan Running Nmap from MSFconsole
Port Scanning with Metasploit
Targeted Scanning
Server Message Block Scanning Hunting for Poorly Configured Microsoft SQL Servers SSH Server Scanning FTP Scanning Simple Network Management Protocol Sweeping
Writing a Custom Scanner Looking Ahead
4. Vulnerability Scanning
The Basic Vulnerability Scan Scanning with NeXpose
Configuration
The New Site Wizard The New Manual Scan Wizard The New Report Wizard
Importing Your Report into the Metasploit Framework Running NeXpose Within MSFconsole
Scanning with Nessus
Nessus Configuration Creating a Nessus Scan Policy Running a Nessus Scan Nessus Reports Importing Results into the Metasploit Framework Scanning with Nessus from Within Metasploit
Specialty Vulnerability Scanners
Validating SMB Logins Scanning for Open VNC Authentication Scanning for Open X11 Servers
Using Scan Results for Autopwning
5. The Joy of Exploitation
Basic Exploitation
msf> show exploits msf> show auxiliary msf> show options msf> show payloads msf> show targets info set and unset setg and unsetg save
Exploiting Your First Machine Exploiting an Ubuntu Machine All-Ports Payloads: Brute Forcing Ports Resource Files Wrapping Up
6. Meterpreter
Compromising a Windows XP Virtual Machine
Scanning for Ports with Nmap Attacking MS SQL Brute Forcing MS SQL Server The xp_cmdshell Basic Meterpreter Commands
Capturing a Screenshot sysinfo
Capturing Keystrokes
Dumping Usernames and Passwords
Extracting the Password Hashes Dumping the Password Hash
Pass the Hash Privilege Escalation Token Impersonation Using ps Pivoting onto Other Systems Using Meterpreter Scripts
Migrating a Process Killing Antivirus Software Obtaining System Password Hashes Viewing All Traffic on a Target Machine Scraping a System Using Persistence
Leveraging Post Exploitation Modules Upgrading Your Command Shell to Meterpreter Manipulating Windows APIs with the Railgun Add-On Wrapping Up
7. Avoiding Detection
Creating Stand-Alone Binaries with MSFpayload Evading Antivirus Detection
Encoding with MSFencode Multi-encoding
Custom Executable Templates Launching a Payload Stealthily Packers A Final Note on Antivirus Software Evasion
8. Exploitation Using Client-Side Attacks
Browser-Based Exploits
How Browser-Based Exploits Work Looking at NOPs
Using Immunity Debugger to Decipher NOP Shellcode Exploring the Internet Explorer Aurora Exploit File Format Exploits Sending the Payload Wrapping Up
9. Metasploit Auxiliary Modules
Auxiliary Modules in Use Anatomy of an Auxiliary Module Going Forward
10. The Social-Engineer Toolkit
Configuring the Social-Engineer Toolkit Spear-Phishing Attack Vector Web Attack Vectors
Java Applet Client-Side Web Exploits Username and Password Harvesting Tabnabbing Man-Left-in-the-Middle Web Jacking Putting It All Together with a Multipronged Attack
Infectious Media Generator Teensy USB HID Attack Vector Additional SET Features Looking Ahead
11. Fast-Track
Microsoft SQL Injection
SQL Injector—Query String Attack SQL Injector—POST Parameter Attack Manual Injection MSSQL Bruter SQLPwnage
Binary-to-Hex Generator Mass Client-Side Attack A Few Words About Automation
12. Karmetasploit
Configuration Launching the Attack Credential Harvesting Getting a Shell Wrapping Up
13. Building Your Own Module
Getting Command Execution on Microsoft SQL Exploring an Existing Metasploit Module Creating a New Module
PowerShell Running the Shell Exploit Creating powershell_upload_exec Conversion from Hex to Binary Counters Running the Exploit
The Power of Code Reuse
14. Creating Your Own Exploits
The Art of Fuzzing Controlling the Structured Exception Handler Hopping Around SEH Restrictions Getting a Return Address Bad Characters and Remote Code Execution Wrapping Up
15. Porting Exploits to the Metasploit Framework
Assembly Language Basics
EIP and ESP Registers The JMP Instruction Set NOPs and NOP Slides
Porting a Buffer Overflow
Stripping the Existing Exploit Configuring the Exploit Definition Testing Our Base Exploit Implementing Features of the Framework Adding Randomization Removing the NOP Slide Removing the Dummy Shellcode Our Completed Module
SEH Overwrite Exploit Wrapping Up
16. Meterpreter Scripting
Meterpreter Scripting Basics Meterpreter API
Printing Output Base API Calls Meterpreter Mixins
Rules for Writing Meterpreter Scripts Creating Your Own Meterpreter Script Wrapping Up
17. Simulated Penetration Test
Pre-engagement Interactions Intelligence Gathering Threat Modeling Exploitation Customizing MSFconsole Post Exploitation
Scanning the Metasploitable System Identifying Vulnerable Services
Attacking Apache Tomcat Attacking Obscure Services Covering Your Tracks Wrapping Up
A. Configuring Your Target Machines
Installing and Setting Up the System Booting Up the Linux Virtual Machines Setting Up a Vulnerable Windows XP Installation
Configuring Your Web Server on Windows XP Building a SQL Server Creating a Vulnerable Web Application Updating Back|Track
B. Cheat Sheet
MSFconsole Commands Meterpreter Commands MSFpayload Commands MSFencode Commands MSFcli Commands MSF, Ninja, Fu MSFvenom Meterpreter Post Exploitation Commands
Index About the Authors Colophon C. Updates
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion