Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright
The Complete Metasploit Guide
About Packt
Why Subscribe? Packt.com
Contributors
About the Authors Packt Is Searching for Authors Like You
Preface
Who This Book Is For What This Book Covers To Get the Most out of This Book
Download the Example Code Files Conventions Used
Get in Touch
Reviews
Introduction to Metasploit and Supporting Tools
The importance of penetration testing Vulnerability assessment versus penetration testing The need for a penetration testing framework Introduction to Metasploit When to use Metasploit? Making Metasploit effective and powerful using supplementary tools
Nessus NMAP w3af Armitage
Summary Exercises
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way Installing Metasploit on Windows Installing Metasploit on Linux Setting up exploitable targets in a virtual environment Summary Exercises
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit Metasploit components
Auxiliaries Exploits Encoders Payloads Post
Playing around with msfconsole Variables in Metasploit Updating the Metasploit Framework Summary Exercises
Information Gathering with Metasploit
Information gathering and enumeration
Transmission Control Protocol User Datagram Protocol File Transfer Protocol Server Message Block Hypertext Transfer Protocol Simple Mail Transfer Protocol Secure Shell Domain Name System Remote Desktop Protocol
Password sniffing Advanced search with shodan Summary Exercises
Vulnerability Hunting with Metasploit
Managing the database
Work spaces Importing scans Backing up the database
NMAP
NMAP scanning approach
Nessus
Scanning using Nessus from msfconsole
Vulnerability detection with Metasploit auxiliaries Auto exploitation with db_autopwn Post exploitation
What is meterpreter? Searching for content Screen capture Keystroke logging Dumping the hashes and cracking with JTR Shell command Privilege escalation
Summary Exercises
Client-side Attacks with Metasploit
Need of client-side attacks
What are client-side attacks?
What is a Shellcode? What is a reverse shell? What is a bind shell? What is an encoder?
The msfvenom utility
Generating a payload with msfvenom
Social Engineering with Metasploit
Generating malicious PDF Creating infectious media drives
Browser Autopwn Summary Exercises
Web Application Scanning with Metasploit
Setting up a vulnerable application Web application scanning using WMAP Metasploit Auxiliaries for Web Application enumeration and scanning Summary Exercises
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Using packagers and encrypters What is a sandbox?
Anti-forensics
Timestomp clearev
Summary Exercises
Cyber Attack Management with Armitage
What is Armitage? Starting the Armitage console Scanning and enumeration Find and launch attacks Summary Exercises
Extending Metasploit and Exploit Development
Exploit development concepts
What is a buffer overflow? What are fuzzers?
Exploit templates and mixins
What are Metasploit mixins?
Adding external exploits to Metasploit Summary Exercises
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions Intelligence gathering/reconnaissance phase Threat modeling Vulnerability analysis Exploitation and post-exploitation Reporting
Mounting the environment
Setting up Kali Linux in a virtual environment
The fundamentals of Metasploit Conducting a penetration test with Metasploit
Recalling the basics of Metasploit
Benefits of penetration testing using Metasploit
Open source Support for testing large networks and natural naming conventions Smart payload generation and switching mechanism Cleaner exits The GUI environment
Case study - diving deep into an unknown network
Gathering intelligence
Using databases in Metasploit
Modeling threats Vulnerability analysis - arbitrary file upload (unauthenticated)
Attacking mechanism on the PhpCollab 2.5.1 application
Exploitation and gaining access
Escalating privileges with local root exploits
Maintaining access with Metasploit Post-exploitation and pivoting Vulnerability analysis - SEH based buffer overflow Exploiting human errors by compromising Password Managers
Revisiting the case study
Revising the approach
Summary and exercises
Reinventing Metasploit
Ruby - the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings The substring function The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby Arrays in Ruby
Methods in Ruby Decision-making operators Loops in Ruby Regular expressions Wrapping up with Ruby basics
Developing custom modules
Building a module in a nutshell
The architecture of the Metasploit framework Understanding the file structure The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling the existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and functions
Using msftidy
Writing out a custom SSH-authentication with a brute force attack
Rephrasing the equation
Writing a drive-disabler post-exploitation module Writing a credential harvester post-exploitation module
Breakthrough Meterpreter scripting
Essentials of Meterpreter scripting Setting up persistent access API calls and mixins Fabricating custom Meterpreter scripts
Working with RailGun
Interactive Ruby shell basics Understanding RailGun and its scripting Manipulating Windows API calls Fabricating sophisticated RailGun scripts
Summary and exercises
The Exploit Formulation Process
The absolute basics of exploitation
The basics The architecture
System organization basics
Registers
Exploiting stack-based buffer overflows with Metasploit
Crashing the vulnerable application Building the exploit base Calculating the offset
Using the pattern_create tool Using the pattern_offset tool
Finding the JMP ESP address
Using the Immunity Debugger to find executable modules Using msfpescan
Stuffing the space
Relevance of NOPs
Determining bad characters Determining space limitations Writing the Metasploit exploit module
Exploiting SEH-based buffer overflows with Metasploit
Building the exploit base Calculating the offset
Using the pattern_create tool Using the pattern_offset tool
Finding the POP/POP/RET address
The Mona script Using msfpescan
Writing the Metasploit SEH exploit module
Using the NASM shell for writing assembly instructions
Bypassing DEP in Metasploit modules
Using msfrop to find ROP gadgets Using Mona to create ROP chains Writing the Metasploit exploit module for DEP bypass
Other protection mechanisms Summary
Porting Exploits
Importing a stack-based buffer overflow exploit
Gathering the essentials Generating a Metasploit module Exploiting the target application with Metasploit Implementing a check method for exploits in Metasploit
Importing web-based RCE into Metasploit
Gathering the essentials Grasping the important web functions The essentials of the GET/POST method Importing an HTTP exploit into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Gathering the essentials Generating the Metasploit module
Summary
Testing Services with Metasploit
Fundamentals of testing SCADA systems
The fundamentals of ICS and its components The significance of ICS-SCADA Exploiting HMI in SCADA servers
Fundamentals of testing SCADA SCADA-based exploits
Attacking the Modbus protocol Securing SCADA
Implementing secure SCADA Restricting networks
Database exploitation
SQL server Scanning MSSQL with Metasploit modules Brute forcing passwords Locating/capturing server passwords Browsing the SQL server Post-exploiting/executing system commands
Reloading the xp_cmdshell functionality Running SQL-based queries
Testing VOIP services
VOIP fundamentals
An introduction to PBX Types of VOIP services Self-hosted network Hosted services SIP service providers
Fingerprinting VOIP services Scanning VOIP services Spoofing a VOIP call Exploiting VOIP
About the vulnerability Exploiting the application
Summary
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Interaction with the employees and end users Gathering intelligence
Example environment being tested
Vulnerability scanning with OpenVAS using Metasploit Modeling the threat areas Gaining access to the target Exploiting the Active Directory (AD) with Metasploit
Finding the domain controller Enumerating shares in the Active Directory network Enumerating the AD computers Enumerating signed-in users in the Active Directory Enumerating domain tokens Using extapi in Meterpreter Enumerating open Windows using Metasploit Manipulating the clipboard Using ADSI management commands in Metasploit Using PsExec exploit in the network Using Kiwi in Metasploit Using cachedump in Metasploit
Maintaining access to AD
Generating manual reports
The format of the report The executive summary Methodology/network admin-level report Additional sections
Summary
Client-Side Exploitation
Exploiting browsers for fun and profit
The browser autopwn attack
The technology behind the browser autopwn attack Attacking browsers with Metasploit browser autopwn
Compromising the clients of a website
Injecting the malicious web scripts Hacking the users of a website
The autopwn with DNS spoofing and MITM attacks
Tricking victims with DNS hijacking Using Kali NetHunter with browser exploits
Metasploit and Arduino - the deadly combination File format-based exploitation
PDF-based exploits Word-based exploits
Attacking Android with Metasploit Summary and exercises
Metasploit Extended
Basics of post-exploitation with Metasploit Basic post-exploitation commands
The help menu The background command Reading from a channel File operation commands Desktop commands Screenshots and camera enumeration
Advanced post-exploitation with Metasploit
Obtaining system privileges Changing access, modification, and creation time with timestomp
Additional post-exploitation modules
Gathering wireless SSIDs with Metasploit Gathering Wi-Fi passwords with Metasploit Getting the applications list Gathering Skype passwords Gathering USB history Searching files with Metasploit Wiping logs from the target with the clearev command
Advanced extended features of Metasploit
Using pushm and popm commands Speeding up development using the reload, edit, and reload_all commands Making use of resource scripts Using AutoRunScript in Metasploit Using the multiscript module in AutoRunScript option Privilege escalation using Metasploit Finding passwords in clear text using mimikatz Sniffing traffic with Metasploit Host file injection with Metasploit Phishing Windows login passwords
Summary and exercises
Evasion with Metasploit
Evading Meterpreter using C wrappers and custom encoders
Writing a custom Meterpreter encoder/decoder in C
Evading intrusion detection systems with Metasploit
Using random cases for fun and profit Using fake relatives to fool IDS systems
Bypassing Windows firewall blocked ports
Using the reverse Meterpreter on all ports
Summary and exercises
Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions Maintaining access using vulnerabilities in common software
DLL search order hijacking Using code caves for hiding backdoors
Harvesting files from target systems Using venom for obfuscation Covering tracks with anti-forensics modules Summary
Visualizing with Armitage
The fundamentals of Armitage
Getting started Touring the user interface Managing the workspace
Scanning networks and host management
Modeling out vulnerabilities Finding the match
Exploitation with Armitage Post-exploitation with Armitage Red teaming with Armitage team server Scripting Armitage
The fundamentals of Cortana Controlling Metasploit Post-exploitation with Cortana Building a custom menu in Cortana Working with interfaces
Summary
Tips and Tricks
Automation using Minion script Using connect as Netcat Shell upgrades and background sessions Naming conventions
Changing the prompt and making use of database variables
Saving configurations in Metasploit Using inline handler and renaming jobs Running commands on multiple Meterpreters Automating the Social Engineering Toolkit Cheat sheets on Metasploit and penetration testing Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion