Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Metasploit

You're reading from   Mastering Metasploit Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit

Arrow left icon
Product type Paperback
Published in May 2018
Publisher Packt
ISBN-13 9781788990615
Length 492 pages
Edition 3rd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Approaching a Penetration Test Using Metasploit 2. Reinventing Metasploit FREE CHAPTER 3. The Exploit Formulation Process 4. Porting Exploits 5. Testing Services with Metasploit 6. Virtual Test Grounds and Staging 7. Client-Side Exploitation 8. Metasploit Extended 9. Evasion with Metasploit 10. Metasploit for Secret Agents 11. Visualizing with Armitage 12. Tips and Tricks 13. Other Books You May Enjoy

Preface

Penetration testing is required everywhere in business today. With the rise of cyber and computer-based crime over the past few years, penetration testing has become one of the core aspects of network security and helps keep a business secure from internal and external threats. The reason that penetration testing is a necessity is that it helps uncover potential flaws in a network, a system, or an application. Moreover, it helps identify weaknesses and threats from an attacker's perspective. Various inherent weaknesses in a system are exploited to find out the impact it can have on an organization and the risk to the assets that exist as well. However, the success rate of a penetration test depends mostly on knowledge of the target under test. Therefore, we generally approach a penetration test using two different methods: black box testing and white box testing. Black box testing refers to testing where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. However, in the case of a white box penetration test, a penetration tester has knowledge about the target under test and starts off by identifying weaknesses of the target. In general, a penetration test is divided into seven different phases, which are as follows:

  • Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions, basically, everything you need to discuss with the client before the testing starts.
  • Intelligence gathering: This phase is all about collecting information about the target under test, by connecting to the target directly and passively, and without connecting to the target at all.
  • Threat modeling: This phase involves matching the information detected to the assets to find the areas with the highest threat level.
  • Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
  • Exploitation: This phase works on taking advantage of the vulnerabilities found in the previous stage and typically means that we are trying to gain access to the target.
  • Post-exploitation: The actual actions to perform on the target, such as downloading a file, shutting a system down, creating a new user account on the target, are parts of this phase. In general, this phase describes what you need to do after exploitation.
  • Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.

These seven stages may look easy when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems is to be tested. Therefore, in a case like this, manual work is to be replaced with an automated approach. Consider a scenario where the number of systems under test is precisely 100, and they are running the same operating system and services. Testing every system manually will consume much time and energy. Situations such as these demand the use of a penetration testing framework. Using a penetration testing framework will not only save time but will also offer much more flexibility regarding changing the attack vectors and covering a much wider range of targets under test. A penetration testing framework will eliminate additional time consumption and also help to automate most of the attack vectors, scanning processes, identifying vulnerabilities, and most importantly, exploiting the vulnerabilities, thus saving time and pacing a penetration test, and this is where Metasploit kicks in.

Metasploit is considered one of the best and is the most widely used penetration testing framework. With a lot of reputation in the IT security community, Metasploit is not only an excellent penetration test framework, but also delivers innovative features that make the life of a penetration tester easy.

Mastering Metasploit, Third Edition aims to provide readers with insights into the legendary Metasploit framework. This book focuses explicitly on mastering Metasploit with respect to exploitation, writing custom exploits, porting exploits, testing services, and conducting sophisticated client-side testing. Moreover, this book helps to convert your customized attack vectors into Metasploit modules, covering Ruby and attack scripting, such as Cortana. This book will not only cater to your penetration testing knowledge but will also help you build programming skills as well.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime