Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Reviews

1. Section 1 – Preparation and Development

2. Chapter 1: Approaching a Penetration Test Using Metasploit FREE CHAPTER

• Technical requirements
• Organizing a penetration test
• Mounting the environment
• The fundamentals of Metasploit
• Conducting a penetration test with Metasploit
• Benefits of penetration testing using Metasploit
• Case study – reaching the domain controller
• Revisiting the case study
• Summary

3. Chapter 2: Reinventing Metasploit

• Technical requirements
• Ruby – the heart of Metasploit
• Understanding Metasploit modules
• Developing an auxiliary – the FTP scanner module
• Developing an auxiliary—the SSH brute force module
• Developing post-exploitation modules
• Post-exploitation with RailGun
• Summary

4. Chapter 3: The Exploit Formulation Process

• Technical requirements
• The absolute basics of exploitation
• Exploiting a stack overflow vulnerability with Metasploit
• Exploiting SEH-based buffer overflows with Metasploit
• Bypassing DEP in Metasploit modules
• Other protection mechanisms
• Summary

5. Chapter 4: Porting Exploits

• Technical requirements
• Importing a stack-based buffer overflow exploit
• Importing a web-based RCE exploit into Metasploit
• Importing TCP server/browser-based exploits into Metasploit
• Summary

6. Section 2 – The Attack Phase

7. Chapter 5: Testing Services with Metasploit

• Technical requirements
• The fundamentals of testing SCADA systems
• Database exploitation
• Testing VOIP services
• Summary

8. Chapter 6: Virtual Test Grounds and Staging

• Technical requirements
• Performing a penetration test with integrated Metasploit services
• Generating manual reports
• Summary

9. Chapter 7: Client-Side Exploitation

• Technical requirements
• Exploiting browsers for fun and profit
• Compromising the clients of a website
• Metasploit and Arduino – the deadly combination
• File format-based exploitation
• Attacking Android with Metasploit
• Summary

10. Section 3 – Post-Exploitation and Evasion

11. Chapter 8: Metasploit Extended

• Technical requirements
• Basic Windows post-exploitation commands
• Windows versus Linux basic post-exploitation commands
• Advanced Windows post-exploitation modules
• Advanced multi-OS extended features of Metasploit
• Privilege escalation with Metasploit
• Summary

12. Chapter 9: Evasion with Metasploit

• Technical requirements
• Evading Meterpreter detection using C wrappers and custom encoders
• Evading Meterpreter with Python
• Evading intrusion detection systems with Metasploit
• Bypassing Windows firewall blocked ports
• Summary

13. Chapter 10: Metasploit for Secret Agents

• Technical requirements
• Maintaining anonymity in Meterpreter sessions using proxy and HOP payloads
• Maintaining access using search order hijacking in standard software
• Harvesting files from target systems
• Using Venom for obfuscation
• Covering tracks with anti-forensics modules
• Summary

14. Chapter 11: Visualizing Metasploit

• Technical requirements
• Kage for Meterpreter sessions
• Automated exploitation using Armitage
• Red teaming with the Armitage team server
• Scripting Armitage
• Summary

15. Chapter 12: Tips and Tricks

• Technical requirements
• Automation using the Minion script
• Using connect instead of Netcat
• Shell upgrades and background sessions
• Naming conventions
• Saving configurations in Metasploit
• Using inline handler and renaming jobs
• Running commands on multiple Meterpreters
• Automating the Social Engineering Toolkit
• Cheat sheets for Metasploit and penetration testing
• Summary
• Further reading

16. Other Books You May Enjoy

• Leave a review - let other readers know what you think