Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Metasploit Penetration Testing Cookbook Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623179

Length 426 pages

Edition 3rd Edition

Languages

Ruby

Tools

Metasploit

Concepts

Penetration Testing

Authors (4):

Monika Agarwal

Abhinav Singh

Nipun Jaswal

Daniel Teixeira

View More author details

Table of Contents (15) Chapters

Preface

1. Metasploit Quick Tips for Security Professionals FREE CHAPTER

2. Information Gathering and Scanning

3. Server-Side Exploitation

4. Meterpreter

5. Post-Exploitation

6. Using MSFvenom

7. Client-Side Exploitation and Antivirus Bypass

8. Social-Engineer Toolkit

9. Working with Modules for Penetration Testing

10. Exploring Exploits

11. Wireless Network Penetration Testing

12. Cloud Penetration Testing

13. Best Practices

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Using MSFvenom to generate shellcode

We already read about MSFvenom and now we will use it again, but this time to generate custom shellcode that we can safely use in a PoC exploit. PoC exploits found online often use a bind shell, have hardcoded IP addresses, or simply open a calculator to prove code execution, which means that they may not fit your needs during a penetration test. For this reason, most of the time we need to replace the shellcode with our own code.

Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called shellcode because most of the time it is used to launch a shell so that the attacker can control the compromised target.

Getting ready

...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

Teixeira

Daniel Teixeira is an IT security expert, author, and trainer, specializing in red team engagements, penetration testing, and vulnerability assessments. His main areas of focus are adversary simulation, emulation of modern adversarial tactics, techniques and procedures; vulnerability research, and exploit development.

See other products by Teixeira

Agarwal

Deepak Agarwal is a Microsoft Certified Professional who has more than 6 years of relevant experience. He has worked with different versions of Axapta, such as AX 2009, AX 2012, and Dynamics 365. He has had a wide range of development, consulting, and leading roles, while always maintaining a significant role as a business application developer. Although his strengths are rooted in X++ development, he is a highly regarded developer and expert in the technical aspects of Dynamics AX development and customization. He has also worked on base product development with the Microsoft team. He was awarded the Most Valuable Professional (MVP) award from Microsoft for Dynamics AX four times in a row, and he has held this title since 2013. He shares his experience with Dynamics AX on his blog: Axapta V/s Me Deepak has also worked on the following Packt books: Microsoft Dynamics AX 2012 R3 Reporting Cookbook Dynamics AX 2012 Reporting Cookbook Microsoft Dynamics AX 2012 Programming: Getting Started

See other products by Agarwal

Singh

Contacted on 12/01/18 by Davis Anto

See other products by Singh

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal