Metasploit Penetration Testing Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

1. Metasploit Quick Tips for Security Professionals

• Introduction
• Configuring Metasploit on Windows
• Configuring Metasploit on Ubuntu
• Metasploit with BackTrack 5 – the ultimate combination
• Setting up the penetration testing lab on a single machine
• Setting up Metasploit on a virtual machine with SSH connectivity
• Beginning with the interfaces – the "Hello World" of Metasploit
• Setting up the database in Metasploit
• Using the database to store penetration testing results
• Analyzing the stored results of the database

2. Information Gathering and Scanning FREE CHAPTER

• Introduction
• Passive information gathering 1.0 – the traditional way
• Passive information gathering 2.0 – the next level
• Port scanning – the Nmap way
• Exploring auxiliary modules for scanning
• Target service scanning with auxiliary modules
• Vulnerability scanning with Nessus
• Scanning with NeXpose
• Sharing information with the Dradis framework

3. Operating System-based Vulnerability Assessment and Exploitation

• Introduction
• Exploit usage quick tips
• Penetration testing on a Windows XP SP2 machine
• Binding a shell to the target for remote access
• Penetration testing on the Windows 2003 Server
• Windows 7/Server 2008 R2 SMB client infinite loop
• Exploiting a Linux (Ubuntu) machine
• Understanding the Windows DLL injection flaws

4. Client-side Exploitation and Antivirus Bypass

• Introduction
• Internet Explorer unsafe scripting misconfiguration vulnerability
• Internet Explorer CSS recursive call memory corruption
• Microsoft Word RTF stack buffer overflow
• Adobe Reader util.printf() buffer overflow
• Generating binary and shellcode from msfpayload
• Bypassing client-side antivirus protection using msfencode
• Using the killav.rb script to disable antivirus programs
• A deeper look into the killav.rb script
• Killing antivirus services from the command line

5. Using Meterpreter to Explore the Compromised Target

• Introduction
• Analyzing meterpreter system commands
• Privilege escalation and process migration
• Setting up multiple communication channels with the target
• Meterpreter filesystem commands
• Changing file attributes using timestomp
• Using meterpreter networking commands
• The getdesktop and keystroke sniffing
• Using a scraper meterpreter script

6. Advanced Meterpreter Scripting

• Introduction
• Passing the hash
• Setting up a persistent connection with backdoors
• Pivoting with meterpreter
• Port forwarding with meterpreter
• Meterpreter API and mixins
• Railgun – converting Ruby into a weapon
• Adding DLL and function definition to Railgun
• Building a "Windows Firewall De-activator" meterpreter script
• Analyzing an existing meterpreter script

7. Working with Modules for Penetration Testing

• Introduction
• Working with scanner auxiliary modules
• Working with auxiliary admin modules
• SQL injection and DOS attack modules
• Post-exploitation modules
• Understanding the basics of module building
• Analyzing an existing module
• Building your own post-exploitation module

8. Working with Exploits

• Introduction
• Exploiting the module structure
• Common exploit mixins
• Working with msfvenom
• Converting exploit to a Metasploit module
• Porting and testing the new exploit module
• Fuzzing with Metasploit
• Writing a simple FileZilla FTP fuzzer

9. Working with Armitage

• Introduction
• Getting started with Armitage
• Scanning and information gathering
• Finding vulnerabilities and attacking targets
• Handling multiple targets using the tab switch
• Post-exploitation with Armitage
• Client-side exploitation with Armitage

10. Social Engineer Toolkit

• Introduction
• Getting started with Social Engineer Toolkit (SET)
• Working with the SET config file
• Spear-phishing attack vector
• Website attack vectors
• Multi-attack web method
• Infectious media generator

Index