Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Metasploit Bootcamp
Metasploit Bootcamp

Metasploit Bootcamp: The fastest way to learn Metasploit

eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Metasploit Bootcamp

Identifying and Scanning Targets

We learned the basics of Metasploit in the Chapter 1, Getting Started with Metasploit. Let us now shift our focus to an essential aspect of every penetration test, that is, the scanning phase. One of the most critical aspects of penetration testing, the scanning phase involves identification of various software and services running on the target, hence, making it the most time consuming and the most crucial aspect of a professional penetration test. They say, and I quote, "If you know the enemy and know yourself, you need not fear the result of a hundred battles". If you want to gain access to the target by exploiting vulnerable software, the first step for you to take is to figure out if a particular version of the software is running on the target. The scanning and identification should be conducted thoroughly, so that you don&apos...

Working with FTP servers using Metasploit

The module we will be using for this demonstration is ftp_version.rb from scanners in the auxiliary section.

Scanning FTP services

Let us select the module using the use command and check what different options are required by the module for it to work:

We can see we have a number of modules to work with. However, for now, let us use the ftp_version module, as shown in the following screenshot:

To scan the entire network, let's set RHOSTS to 192.168.10.0/24 (0-255) and also increase the number of threads for a speedy operation:

Let's run the module and analyze the output:

We can see we have scanned the entire network and found two hosts running FTP services, which are...

Scanning MSSQL servers with Metasploit

Let us now jump into Metasploit-specific modules for testing the MSSQL server and see what kind of information we can gain by using them.

Using the mssql_ping module

The very first auxiliary module that we will be using is mssql_ping. This module will gather service information related to the MSSQL server.

So, let us load the module and start the scanning process as follows:

We can clearly see that mssql_ping has generated an excellent output of the fingerprinted MSSQL service.

Brute-forcing MSSQL passwords

Metasploit also offers...

Scanning SNMP services with Metasploit

Let us perform a TCP port scan of a different network as shown in the following screenshot:

We will be using the tcp scan module listed under auxiliary/scanner/portscan, as shown in the preceding screenshot. Let's run the module and analyze the results as follows:

We can see that we found two services only that don't look that appealing. Let us also perform a UDP sweep of the network and check if we can find something interesting:

To carry out a UDP sweep, we will use the auxiliary/scanner/discovery/udp_sweep module as shown in the preceding screenshot. Next, we only need to provide the network range by setting the RHOSTS option. Additionally, you can increase the number of threads as well. Let's run the module and analyze results:

Amazing! We can see plenty of results generated by the UDP sweep module. Additionally, a...

Scanning NetBIOS services with Metasploit

Netbios services also provide vital information about the target and help us uncover the target architecture, operating system version, and many other things. To scan a network for NetBIOS services, we can use the nbname module from auxiliary/scanner/netbios, as shown in the following screenshot:

As we did previously, we set the RHOSTS to the entire network by providing the CIDR identifier. Let's run the module and analyze the results as follows:

We can see that we have almost every system running the NetBIOS service on the network listed in the preceding screenshot. This information provides us with useful evidence for the operating system type, name, domain, and related IP addresses of the systems.

Scanning HTTP services with Metasploit

Metasploit allows us to perform fingerprinting of various HTTP services. Additionally, Metasploit contains a large number of exploit modules targeting different kinds of web servers. Hence, scanning HTTP services not only allows for fingerprinting the web servers, but it builds a base of web server vulnerabilities that Metasploit can attack later. Let us use the http_version module and run it against the network as follows:

Let's execute the module after setting up all the necessary options such as RHOSTS and Threads as follows:

The http_version module from Metasploit has successfully fingerprinted various web server software and applications in the network. We will exploit some of these services in Chapter 3, Exploitation and Gaining Access. We saw how we could fingerprint HTTP services, so let's try figuring out if we can scan...

Working with FTP servers using Metasploit


The module we will be using for this demonstration is ftp_version.rb from scanners in the auxiliary section.

Scanning FTP services

Let us select the module using the use command and check what different options are required by the module for it to work:

We can see we have a number of modules to work with. However, for now, let us use the ftp_version module, as shown in the following screenshot:

To scan the entire network, let's set RHOSTS to 192.168.10.0/24 (0-255) and also increase the number of threads for a speedy operation:

Let's run the module and analyze the output:

We can see we have scanned the entire network and found two hosts running FTP services, which are TP-LINK FTP server and FTP Utility FTP server. So now that we know what services are running on the target, it will be easy for us to find any matching exploit if the version of these FTP services is vulnerable.

We can also see that some lines are displaying the progress of the scan and generating...

Scanning MSSQL servers with Metasploit


Let us now jump into Metasploit-specific modules for testing the MSSQL server and see what kind of information we can gain by using them.

Using the mssql_ping module

The very first auxiliary module that we will be using is mssql_ping. This module will gather service information related to the MSSQL server.

So, let us load the module and start the scanning process as follows:

We can clearly see that mssql_ping has generated an excellent output of the fingerprinted MSSQL service.

Brute-forcing MSSQL passwords

Metasploit also offers brute-force modules. A successful brute-force does exploit low entropy vulnerabilities; if it produces results in a reasonable amount of time it is considered a valid finding. Hence, we will cover brute-forcing in this phase of the penetration test itself. Metasploit has a built-in module named mssql_login, which we can use as an authentication tester for brute-forcing the username and password of an MSSQL server database.

Let us...

Scanning SNMP services with Metasploit


Let us perform a TCP port scan of a different network as shown in the following screenshot:

We will be using the tcp scan module listed under auxiliary/scanner/portscan, as shown in the preceding screenshot. Let's run the module and analyze the results as follows:

We can see that we found two services only that don't look that appealing. Let us also perform a UDP sweep of the network and check if we can find something interesting:

To carry out a UDP sweep, we will use the auxiliary/scanner/discovery/udp_sweep module as shown in the preceding screenshot. Next, we only need to provide the network range by setting the RHOSTS option. Additionally, you can increase the number of threads as well. Let's run the module and analyze results:

Amazing! We can see plenty of results generated by the UDP sweep module. Additionally, a Simple Network Management Protocol (SNMP) service is also discovered on 192.168.1.19.

The SNMP, is a commonly used service that provides...

Scanning NetBIOS services with Metasploit


Netbios services also provide vital information about the target and help us uncover the target architecture, operating system version, and many other things. To scan a network for NetBIOS services, we can use the nbname module from auxiliary/scanner/netbios, as shown in the following screenshot:

As we did previously, we set the RHOSTS to the entire network by providing the CIDR identifier. Let's run the module and analyze the results as follows:

We can see that we have almost every system running the NetBIOS service on the network listed in the preceding screenshot. This information provides us with useful evidence for the operating system type, name, domain, and related IP addresses of the systems.

Left arrow icon Right arrow icon

Key benefits

  • A fast-paced guide that will quickly enhance your penetration testing skills in just 7 days
  • Carry out penetration testing in complex and highly-secured environments.
  • Learn techniques to Integrate Metasploit with industry’s leading tools

Description

The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user’s preparation over the past six days and ends with a Metasploit challenge to solve.

Who is this book for?

If you are a penetration tester, ethical hacker, or security consultant who quickly wants to master the Metasploit framework and carry out advanced penetration testing in highly secured environments then, this book is for you.

What you will learn

  • Get hands-on knowledge of Metasploit
  • Perform penetration testing on services like Databases, VOIP and much more
  • Understand how to Customize Metasploit modules and modify existing exploits
  • Write simple yet powerful Metasploit automation scripts
  • Explore steps involved in post-exploitation on Android and mobile platforms.
Estimated delivery fee Deliver to Austria

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 25, 2017
Length: 230 pages
Edition : 1st
Language : English
ISBN-13 : 9781788297134
Vendor :
Rapid7
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Estimated delivery fee Deliver to Austria

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Publication date : May 25, 2017
Length: 230 pages
Edition : 1st
Language : English
ISBN-13 : 9781788297134
Vendor :
Rapid7
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 108.97
Mastering Metasploit
€41.99
Metasploit for Beginners
€29.99
Metasploit Bootcamp
€36.99
Total 108.97 Stars icon

Table of Contents

7 Chapters
Getting Started with Metasploit Chevron down icon Chevron up icon
Identifying and Scanning Targets Chevron down icon Chevron up icon
Exploitation and Gaining Access Chevron down icon Chevron up icon
Post-Exploitation with Metasploit Chevron down icon Chevron up icon
Testing Services with Metasploit Chevron down icon Chevron up icon
Fast-Paced Exploitation with Metasploit Chevron down icon Chevron up icon
Exploiting Real-World Challenges with Metasploit Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(8 Ratings)
5 star 75%
4 star 12.5%
3 star 0%
2 star 0%
1 star 12.5%
Filter icon Filter
Top Reviews

Filter reviews by




Wendy Feb 06, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is well written, with plenty of examples, and covers a good portion of what you need to know to get started with metasploit. Importantly, it was written in 2018 so it's more current than some other books on the market. This is important because commands have changed, and things have moved on from what you might find in older books. The book covers all of the basics and then some. At the end of the book, the author gives two walkthroughs showing the methods used to tackle some challenges.
Amazon Verified review Amazon
hemanthkumar Mar 13, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
S3xiest book I had ever read mostly the final chapter was deadly awesome
Amazon Verified review Amazon
JAIVIK PATEL Jul 11, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
awesome book sirji....keep it up with this type of books...it will very helpful for me......
Amazon Verified review Amazon
Chris Feb 06, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Amazing book. Fast paced. It more than met my expectations.
Amazon Verified review Amazon
Seth Jan 13, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Love this book!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela