Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from The Complete Metasploit Guide Explore effective penetration testing techniques with Metasploit

Product type Course

Published in Jun 2019

Publisher Packt

ISBN-13 9781838822477

Length 660 pages

Edition 1st Edition

Languages

Ruby

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Sagar Rahalkar

Nipun Jaswal

View More author details

Table of Contents (28) Chapters

Title Page

The Complete Metasploit Guide

About Packt

Contributors

Preface

1. Introduction to Metasploit and Supporting Tools FREE CHAPTER

2. Setting up Your Environment

3. Metasploit Components and Environment Configuration

4. Information Gathering with Metasploit

5. Vulnerability Hunting with Metasploit

6. Client-side Attacks with Metasploit

7. Web Application Scanning with Metasploit

8. Antivirus Evasion and Anti-Forensics

9. Cyber Attack Management with Armitage

10. Extending Metasploit and Exploit Development

11. Approaching a Penetration Test Using Metasploit

12. Reinventing Metasploit

13. The Exploit Formulation Process

14. Porting Exploits

15. Testing Services with Metasploit

16. Virtual Test Grounds and Staging

17. Client-Side Exploitation

18. Metasploit Extended

19. Evasion with Metasploit

20. Metasploit for Secret Agents

21. Visualizing with Armitage

22. Tips and Tricks

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Using venom for obfuscation

In the previous chapter, we saw how we could defeat AVs with custom encoders. Let's go one step ahead and talk about encryption and obfuscation in the Metasploit payloads; we can use a great tool called venom for this. Let's create some encrypted Meterpreter shellcode, as shown in the following screenshot:

As soon as you start venom in Kali Linux, you will be presented with the screen shown in the preceding screenshot. The venom framework is a creative work from Pedro Nobrega and Chaitanya Haritash (Suspicious-Shell-Activity), who worked extensively to simplify shellcode and backdoor generation for various operating systems. Let's hit Enter to continue:

As we can see, we have options to create payloads for a variety of operating systems, and we even have options to create multi-OS payloads. Let's choose 2 to select Windows-OS payloads...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at ₹800/month. Cancel anytime

Authors (2)

Sagar Rahalkar

Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

See other products by Sagar Rahalkar

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal