Packt+ | Advance your knowledge in tech

You're reading from Metasploit Revealed: Secrets of the Expert Pentester Build your defense against complex attacks

Product type Course

Published in Dec 2017

Publisher

ISBN-13 9781788624596

Length 860 pages

Edition 1st Edition

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Nipun Jaswal

Sagar Rahalkar

View More author details

Table of Contents (35) Chapters

Title Page

Credits

Preface

1. Module 1 FREE CHAPTER

Metasploit for Beginners

2. Introduction to Metasploit and Supporting Tools

3. Setting up Your Environment

4. Metasploit Components and Environment Configuration

5. Information Gathering with Metasploit

6. Vulnerability Hunting with Metasploit

7. Client-side Attacks with Metasploit

8. Web Application Scanning with Metasploit

9. Antivirus Evasion and Anti-Forensics

10. Cyber Attack Management with Armitage

11. Extending Metasploit and Exploit Development

12. Module 2

Mastering Metasploit

13. Approaching a Penetration Test Using Metasploit

14. Reinventing Metasploit

15. The Exploit Formulation Process

16. Porting Exploits

17. Testing Services with Metasploit

18. Virtual Test Grounds and Staging

19. Client-side Exploitation

20. Metasploit Extended

21. Speeding up Penetration Testing

22. Visualizing with Armitage

23. Module 3

Metasploit Bootcamp

24. Getting Started with Metasploit

25. Identifying and Scanning Targets

26. Exploitation and Gaining Access

27. Post-Exploitation with Metasploit

28. Testing Services with Metasploit

29. Fast-Paced Exploitation with Metasploit

30. Exploiting Real-World Challenges with Metasploit

31. Bibliography

32. Thanks page

Revising the approach

Let us summarize the entire penetration test step by step:

In the very first step, we did an NMAP scan over the target.
We found that VSFTPD 2.3.4 is running on port 21 and is vulnerable to attack.
We exploited VSFTPD 2.3.5 running on port 21.
We got the shell access to the target running at 192.168.10.112.

We created a Linux meterpreter shell and copied it to the /var/www directory of Apache. Next, we ran the wget command from the shell and downloaded our newly created meterpreter shell onto the target.
We assigned full privileges to the shell backdoor file via chmod 777 backdoor.elf.
Setting up an exploit handler in a separate window, which is listening on port 4444, we ran the backdoor.elf file on the target.
We got the Linux meterpreter access on the target system, which is 192.168.10.112.

Running the arp command on the compromised system, we found that it was internally connected to a separate network and is connected to another system running on an internal IP address...

The rest of the chapter is locked

You're reading from Metasploit Revealed: Secrets of the Expert Pentester Build your defense against complex attacks

Table of Contents (35) Chapters

Revising the approach

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you