Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from The Complete Metasploit Guide Explore effective penetration testing techniques with Metasploit

Product type Course

Published in Jun 2019

Publisher Packt

ISBN-13 9781838822477

Length 660 pages

Edition 1st Edition

Languages

Ruby

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Sagar Rahalkar

Nipun Jaswal

View More author details

Table of Contents (28) Chapters

Title Page

The Complete Metasploit Guide

About Packt

Contributors

Preface

1. Introduction to Metasploit and Supporting Tools FREE CHAPTER

2. Setting up Your Environment

3. Metasploit Components and Environment Configuration

4. Information Gathering with Metasploit

5. Vulnerability Hunting with Metasploit

6. Client-side Attacks with Metasploit

7. Web Application Scanning with Metasploit

8. Antivirus Evasion and Anti-Forensics

9. Cyber Attack Management with Armitage

10. Extending Metasploit and Exploit Development

11. Approaching a Penetration Test Using Metasploit

12. Reinventing Metasploit

13. The Exploit Formulation Process

14. Porting Exploits

15. Testing Services with Metasploit

16. Virtual Test Grounds and Staging

17. Client-Side Exploitation

18. Metasploit Extended

19. Evasion with Metasploit

20. Metasploit for Secret Agents

21. Visualizing with Armitage

22. Tips and Tricks

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Auto exploitation with db_autopwn

In the previous section, we have seen how the Metasploit Framework helps us import scans from various other tools such as NMAP and Nessus. Now, once we have imported the scan results into the database, the next logical step would be to find exploits matching the vulnerabilities/ports from the imported scan. We can certainly do this manually; for instance, if our target is Windows XP and it has TCP port 445 open, then we can try out the MS08_67 netapi vulnerability against it.

The Metasploit Framework offers a script called db_autopwn that automates the exploit matching process, executes the appropriate exploit if match found, and gives us remote shell. However, before you try this script, a few of the following things need to be considered:

The db_autopwn script is officially depreciated from the Metasploit Framework. You would need to explicitly...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Sagar Rahalkar

Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

See other products by Sagar Rahalkar

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal