Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
What this learning path covers What you need for this learning path Who this learning path is for Reader feedback Customer support Errata Piracy Questions
Module 1
Metasploit for Beginners
Introduction to Metasploit and Supporting Tools
The importance of penetration testing Vulnerability assessment versus penetration testing The need for a penetration testing framework Introduction to Metasploit When to use Metasploit? Making Metasploit effective and powerful using supplementary tools
Nessus NMAP w3af Armitage
Summary Exercises
Setting up Your Environment
Using the Kali Linux virtual machine - the easiest way Installing Metasploit on Windows Installing Metasploit on Linux Setting up exploitable targets in a virtual environment Summary Exercises
Metasploit Components and Environment Configuration
Anatomy and structure of Metasploit Metasploit components
Auxiliaries Exploits Encoders Payloads Post
Playing around with msfconsole Variables in Metasploit Updating the Metasploit Framework Summary Exercises
Information Gathering with Metasploit
Information gathering and enumeration
Transmission Control Protocol User Datagram Protocol File Transfer Protocol Server Message Block Hypertext Transfer Protocol Simple Mail Transfer Protocol Secure Shell Domain Name System Remote Desktop Protocol
Password sniffing Advanced search with shodan Summary Exercises
Vulnerability Hunting with Metasploit
Managing the database
Work spaces Importing scans Backing up the database
NMAP
NMAP scanning approach
Nessus
Scanning using Nessus from msfconsole
Vulnerability detection with Metasploit auxiliaries Auto exploitation with db_autopwn Post exploitation
What is meterpreter? Searching for content Screen capture Keystroke logging Dumping the hashes and cracking with JTR Shell command Privilege escalation
Summary Exercises
Client-side Attacks with Metasploit
Need of client-side attacks
What are client-side attacks?
What is a Shellcode? What is a reverse shell? What is a bind shell? What is an encoder?
The msfvenom utility
Generating a payload with msfvenom
Social Engineering with Metasploit
Generating malicious PDF Creating infectious media drives
Browser Autopwn Summary Exercises
Web Application Scanning with Metasploit
Setting up a vulnerable application Web application scanning using WMAP Metasploit Auxiliaries for Web Application enumeration and scanning Summary Exercises
Antivirus Evasion and Anti-Forensics
Using encoders to avoid AV detection
Using packagers and encrypters What is a sandbox?
Anti-forensics
Timestomp clearev
Summary Exercises
Cyber Attack Management with Armitage
What is Armitage? Starting the Armitage console Scanning and enumeration Find and launch attacks Summary Exercises
Extending Metasploit and Exploit Development
Exploit development concepts
What is a buffer overflow? What are fuzzers?
Exploit templates and mixins
What are Metasploit mixins?
Adding external exploits to Metasploit Summary Exercises
Module 2
Mastering Metasploit
Approaching a Penetration Test Using Metasploit
Organizing a penetration test Preinteractions Intelligence gathering/reconnaissance phase Predicting the test grounds
Modeling threats Vulnerability analysis Exploitation and post-exploitation Reporting Mounting the environment
Setting up Kali Linux in virtual environment The fundamentals of Metasploit Conducting a penetration test with Metasploit
Recalling the basics of Metasploit
Benefits of penetration testing using Metasploit
Open source Support for testing large networks and easy naming conventions Smart payload generation and switching mechanism Cleaner exits The GUI environment
Penetration testing an unknown network
Assumptions Gathering intelligence
Using databases in Metasploit Modeling threats Vulnerability analysis of VSFTPD 2.3.4 backdoor
The attack procedure The procedure of exploiting the vulnerability Exploitation and post exploitation
Vulnerability analysis of PHP-CGI query string parameter vulnerability
Exploitation and post exploitation
Vulnerability analysis of HFS 2.3
Exploitation and post exploitation
Maintaining access Clearing tracks Revising the approach Summary
Reinventing Metasploit
Ruby – the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings The substring function The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby Arrays in Ruby
Methods in Ruby Decision-making operators Loops in Ruby Regular expressions Wrapping up with Ruby basics
Developing custom modules
Building a module in a nutshell
The architecture of the Metasploit framework Understanding the file structure The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and the function
Using msftidy
Writing out a custom SSH authentication brute forcer
Rephrasing the equation
Writing a drive disabler post exploitation module Writing a credential harvester post exploitation module
Breakthrough meterpreter scripting
Essentials of meterpreter scripting Pivoting the target network Setting up persistent access API calls and mixins Fabricating custom meterpreter scripts
Working with RailGun
Interactive Ruby shell basics Understanding RailGun and its scripting Manipulating Windows API calls Fabricating sophisticated RailGun scripts
Summary
The Exploit Formulation Process
The absolute basics of exploitation
The basics The architecture
System organization basics
Registers
Exploiting stack-based buffer overflows with Metasploit
Crashing the vulnerable application Building the exploit base Calculating the offset
Using the pattern_create tool Using the pattern_offset tool
Finding the JMP ESP address
Using Immunity Debugger to find executable modules Using msfbinscan
Stuffing the space
Relevance of NOPs
Determining bad characters Determining space limitations Writing the Metasploit exploit module
Exploiting SEH-based buffer overflows with Metasploit
Building the exploit base Calculating the offset
Using pattern_create tool Using pattern_offset tool
Finding the POP/POP/RET address
The Mona script Using msfbinscan
Writing the Metasploit SEH exploit module
Using NASM shell for writing assembly instructions
Bypassing DEP in Metasploit modules
Using msfrop to find ROP gadgets Using Mona to create ROP chains Writing the Metasploit exploit module for DEP bypass
Other protection mechanisms Summary
Porting Exploits
Importing a stack-based buffer overflow exploit
Gathering the essentials Generating a Metasploit module Exploiting the target application with Metasploit Implementing a check method for exploits in Metasploit
Importing web-based RCE into Metasploit
Gathering the essentials Grasping the important web functions The essentials of the GET/POST method Importing an HTTP exploit into Metasploit
Importing TCP server/ browser-based exploits into Metasploit
Gathering the essentials Generating the Metasploit module
Summary
Testing Services with Metasploit
The fundamentals of SCADA
The fundamentals of ICS and its components The significance of ICS-SCADA Analyzing security in SCADA systems
Fundamentals of testing SCADA SCADA-based exploits
Securing SCADA
Implementing secure SCADA Restricting networks
Database exploitation
SQL server Fingerprinting SQL server with Nmap Scanning with Metasploit modules Brute forcing passwords Locating/capturing server passwords Browsing SQL server Post-exploiting/executing system commands
Reloading the xp_cmdshell functionality Running SQL-based queries
Testing VOIP services
VOIP fundamentals
An introduction to PBX Types of VOIP services Self-hosted network Hosted services SIP service providers
Fingerprinting VOIP services Scanning VOIP services Spoofing a VOIP call Exploiting VOIP
About the vulnerability Exploiting the application
Summary
Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Interaction with the employees and end users Gathering intelligence
Example environment under test
Vulnerability scanning with OpenVAS using Metasploit Modeling the threat areas Gaining access to the target
Vulnerability scanning with Nessus
Maintaining access and covering tracks Managing a penetration test with Faraday
Summary
Client-side Exploitation
Exploiting browsers for fun and profit
The browser autopwn attack
The technology behind a browser autopwn attack Attacking browsers with Metasploit browser autopwn
Compromising the clients of a website
Injecting malicious web scripts Hacking the users of a website
Conjunction with DNS spoofing
Tricking victims with DNS hijacking
Metasploit and Arduino - the deadly combination File format-based exploitation
PDF-based exploits Word-based exploits
Compromising Linux clients with Metasploit Attacking Android with Metasploit Summary
Metasploit Extended
The basics of post exploitation with Metasploit Basic post exploitation commands
The help menu Background command Machine ID and UUID command Reading from a channel Getting the username and process information Getting system information Networking commands File operation commands Desktop commands Screenshots and camera enumeration
Additional post exploitation modules
Gathering wireless SSIDs with Metasploit Gathering Wi-Fi passwords with Metasploit Getting applications list Gathering skype passwords Gathering USB history Searching files with Metasploit Wiping logs from target with clearev command
Advanced extended features of Metasploit
Privilege escalation using Metasploit Finding passwords in clear text using mimikatz Sniffing traffic with Metasploit Host file injection with Metasploit Phishing window login passwords
Summary
Speeding up Penetration Testing
The loadpath command Pacing up development using reload, edit and reload_all commands Automating Social-Engineering Toolkit Summary
Visualizing with Armitage
The fundamentals of Armitage
Getting started Touring the user interface Managing the workspace
Scanning networks and host management
Modeling out vulnerabilities Finding the match
Exploitation with Armitage Post-exploitation with Armitage Attacking on the client side with Armitage Scripting Armitage
The fundamentals of Cortana Controlling Metasploit Post-exploitation with Cortana Building a custom menu in Cortana Working with interfaces
Summary Further reading
Module 3
Metasploit Bootcamp
Getting Started with Metasploit
The fundamentals of Metasploit
Metasploit Framework console and commands
Benefits of using Metasploit Penetration testing with Metasploit
Assumptions and testing setup
Phase-I: footprinting and scanning Phase-II: gaining access to the target Phase-III: maintaining access / post-exploitation / covering tracks Summary and exercises
Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning FTP services Modifying scanner modules for fun and profit
Scanning MSSQL servers with Metasploit
Using the mssql_ping module Brute-forcing MSSQL passwords
Scanning SNMP services with Metasploit Scanning NetBIOS services with Metasploit Scanning HTTP services with Metasploit Scanning HTTPS/SSL with Metasploit Summary and exercises
Exploitation and Gaining Access
Setting up the practice environment Exploiting applications with Metasploit
Using db_nmap in Metasploit Exploiting Desktop Central 9 with Metasploit Testing the security of a GlassFish web server with Metasploit Exploiting FTP services with Metasploit
Converting exploits to Metasploit
Gathering the essentials Generating a Metasploit module Exploiting the target application with Metasploit
Summary and exercises
Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Advanced post-exploitation with Metasploit
Migrating to safer processes Obtaining system privileges Changing access, modification, and creation time with timestomp Obtaining password hashes using hashdump
Metasploit and privilege escalation
Escalating privileges on Windows Server 2008 Privilege escalation on Linux with Metasploit
Gaining persistent access with Metasploit
Gaining persistent access on Windows-based systems Gaining persistent access on Linux systems
Summary
Testing Services with Metasploit
Testing MySQL with Metasploit
Using Metasploit's mysql_version module Brute-forcing MySQL with Metasploit Finding MySQL users with Metasploit Dumping the MySQL schema with Metasploit Using file enumeration in MySQL using Metasploit Checking for writable directories Enumerating MySQL with Metasploit Running MySQL commands through Metasploit Gaining system access through MySQL
Summary and exercises
Fast-Paced Exploitation with Metasploit
Using pushm and popm commands Making use of resource scripts Using AutoRunScript in Metasploit
Using the multiscript module in the AutoRunScript option
Global variables in Metasploit Wrapping up and generating manual reports
The format of the report The executive summary Methodology/network admin-level report Additional sections
Summary and preparation for real-world scenarios
Exploiting Real-World Challenges with Metasploit
Scenario 1: Mirror environment
Understanding the environment Fingerprinting the target with DB_NMAP Gaining access to vulnerable web applications Migrating from a PHP meterpreter to a Windows meterpreter Pivoting to internal networks Scanning internal networks through a meterpreter pivot Using the socks server module in Metasploit Dumping passwords in clear text Sniffing a network with Metasploit Summary of the attack
Scenario 2: You can't see my meterpreter
Using shellcode for fun and profit Encrypting the shellcode Creating a decoder executable
Further roadmap and summary
Bibliography Thanks page
About Packt Publishing Writing for Packt
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion