Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from The Complete Metasploit Guide Explore effective penetration testing techniques with Metasploit

Product type Course

Published in Jun 2019

Publisher Packt

ISBN-13 9781838822477

Length 660 pages

Edition 1st Edition

Languages

Ruby

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Sagar Rahalkar

Nipun Jaswal

View More author details

Table of Contents (28) Chapters

Title Page

The Complete Metasploit Guide

About Packt

Contributors

Preface

1. Introduction to Metasploit and Supporting Tools FREE CHAPTER

2. Setting up Your Environment

3. Metasploit Components and Environment Configuration

4. Information Gathering with Metasploit

5. Vulnerability Hunting with Metasploit

6. Client-side Attacks with Metasploit

7. Web Application Scanning with Metasploit

8. Antivirus Evasion and Anti-Forensics

9. Cyber Attack Management with Armitage

10. Extending Metasploit and Exploit Development

11. Approaching a Penetration Test Using Metasploit

12. Reinventing Metasploit

13. The Exploit Formulation Process

14. Porting Exploits

15. Testing Services with Metasploit

16. Virtual Test Grounds and Staging

17. Client-Side Exploitation

18. Metasploit Extended

19. Evasion with Metasploit

20. Metasploit for Secret Agents

21. Visualizing with Armitage

22. Tips and Tricks

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting SEH-based buffer overflows with Metasploit

Exception handlers are code modules that catch exceptions and errors generated during the execution of the program. This allows the program to continue execution instead of crashing. Windows operating systems have default exception handlers, and we see them generally when an application crashes and throws a pop-up that says XYZ program has encountered an error and needed to close. When the program generates an exception, the equivalent address of the catch code is loaded and called from the stack. However, if we somehow manage to overwrite the address in the stack for the catch code of the handler, we will be able to control the application. Let's see how things are arranged in a stack when an application is implemented with exception handlers:

In the preceding diagram, we can see that we have the address of the catch...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Sagar Rahalkar

Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

See other products by Sagar Rahalkar

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal