Metasploit Penetration Testing Cookbook
🔞 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻
Metasploit Penetration Testing Cookbook
Home
Networking-and-servers
Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook
Metasploit Quick Tips for Security Professionals
Operating System-based Vulnerability Assessment and Exploitation
Client-side Exploitation and Antivirus Bypass
Using Meterpreter to Explore the Compromised Target
Working with Modules for Penetration Testing
Chapter 1. Metasploit Quick Tips for Security Professionals
Metasploit with BackTrack 5 – the ultimate combination
Setting up the penetration testing lab on a single machine
Disabling the firewall and antivirus protection
Installing virtual box guest additions
Setting up Metasploit on a virtual machine with SSH connectivity
Beginning with the interfaces – the "Hello World" of Metasploit
Some commands to try out and get started
Setting up the database in Metasploit
Getting an error while connecting the database
Using the database to store penetration testing results
Analyzing the stored results of the database
Unlock this book and the full library FREE for 7 days
Expires:
Get all the quality content you’ll ever need to stay ahead with a Packt subscription – access over 7,500 online books and videos on everything in tech.
Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks. Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation. This book will help readers in thinking from a hacker’s perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level. The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET. Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.
Metasploit with BackTrack 5 – the ultimate combination
Setting up the penetration testing lab on a single machine
Setting up Metasploit on a virtual machine with SSH connectivity
Beginning with the interfaces – the "Hello World" of Metasploit
Setting up the database in Metasploit
Using the database to store penetration testing results
Analyzing the stored results of the database
Metasploit is currently the most buzzing word in the field of information security and penetration testing. It has totally revolutionized the way we can perform security tests on our systems. The reason which makes Metasploit so popular is the wide range of tasks that it can perform to ease the work of penetration testing to make systems more secure. Metasploit is available for all popular operating systems. The working process of the framework is almost the same for all of them. Here in this book, we will primarily work on BackTrack 5 OS as it comes with the pre-installed Metasploit framework and other third-party tools which run over the framework.
Let us start with a quick introduction to the framework and the various terminologies related to it:
Metasploit framework : It is a free, open source penetration testing framework started by H. D. Moore in 2003 which was later acquired by Rapid7. The current stable versions of the framework are written using the Ruby language. It has the world's largest database of tested exploits and receives more than a million downloads every year. It is also one of the most complex projects built in Ruby to date.
Vulnerability : It is a weakness which allows an attacker/pen-tester to break into/compromise a system's security. This weakness can either exist in the operating system, application software, or even in the network protocols.
Exploit : Exploit is a code which allows an attacker/tester to take advantage of the vulnerable system and compromise its security. Every vulnerability has its own corresponding exploit. Metasploit v4 has more than 700 exploits.
Payload : It is the actual code which does the work. It runs on the system after exploitation. They are mostly used to set up a connection between the attacking and the victim machine. Metasploit v4 has more than 250 payloads.
Module : Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built up by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.
The Metasploit framework has a modular architecture and the exploits, payload, encoders, and so on are considered as separate modules.
Let us examine the architecture diagram closely .
Metasploit uses different libraries which hold the key to the proper functioning of the framework. These libraries are a collection of pre-defined tasks, operations, and functions that can be utilized by different modules of the framework. The most fundamental part of the framework is the
Ruby Extension ( Rex ) library. Some of the components provided by Rex include a wrapper socket subsystem, implementations of protocol clients and servers, a logging subsystem, exploitation utility classes, and a number of other useful classes. Rex itself is designed to have no dependencies, other than what comes with the default Ruby installation.
Then we have the MSF Core library which extends Rex. Core is responsible for implementing all of the required interfaces that allow for interacting with exploit modules, sessions, and plugins. This core library is extended by the framework base library which is designed to provide simpler wrapper routines for dealing with the framework core, as well as providing utility classes for dealing with different aspects of the framework, such as serializing a module state to different output formats. Finally, the base library is extended by the framework's User Interface ( UI ) that implements support for the different types of user interfaces to the framework itself, such as the command console and the web interface.
There are four different user interfaces provided with the framework namely msfconsole , msfcli , msfgui , and msfweb . It is highly encouraged that one should check out all these different interfaces, but in this book we will primarily work on the msfconsole interface. The reason behind it is that msfconsole provides the best support to the framework, leveraging all the functionalities.
Let us now move to the recipes of this chapter and practically analyze the various aspects.
Installation of the Metasploit framework on Windows is simple and requires almost no effort. The framework installer can be downloaded from the Metasploit official website ( http://www.metasploit.com/download ).
You will notice that there are two types of installer available for Windows. It is recommended to download the complete installer of the Metasploit framework which contains the console and all other relevant dependencies, along with the database and runtime setup. In case you already have a configured database that you want to use for the framework as well, then you can go for the mini installer of the framework which only installs the console and dependencies.
Once you have completed downloading the installer, simply run it and sit back. It will automatically install all the relevant components and set up the database for you. Once the installation is complete, you can access the framework through various shortcuts created by the installer.
You will find that the installer has created lots of shortcuts for you. Most of the things are click-and-go in a Windows environment. Some of the options that you will find are Metasploit web, cmd console, Metasploit update, and so on.
While installing Metasploit on Windows, you should disable the antivirus protection as it may detect some of the installation files as potential viruses or threats and can block the installation process. Once the installation is complete, make sure that you have white-listed the framework installation directory in your antivirus, as it will detect the exploits and payloads as malicious.
Now let's talk about some other options, or possibly some pieces of general information, that are relevant to installing the Metasploit framework on Windows explicitly.
There is a common problem with many users while installing the Metasploit framework on the Windows machine. While running the setup you may encounter an error message, as shown in the screenshot:
This is the result of an error in configuring the PostgreSQL server. The possible causes are:
PostgreSQL not running. Use Netstat to figure out if the port is open and the database is running.
Some installers require a default installation path. For example, if the default path is C drive, changing it to D drive will give this error.
If you face this problem then you can overcome it by downloading the simpler version of the framework which contains only the console and dependencies. Then, configure the database manually and connect it with Metasploit.
The Metasploit framework has full support for Ubuntu-based Linux operating systems. The installation process is a bit different from that of Windows .
Download the setup from the official Metasploit website ( http://www.metasploit.com/download ).
Again, you will have the option to choose either a minimal setup or full setup. Choose your download according to your need. The full setup will include all the dependencies, database setup, environment etc whereas the minimal setup will only contain the dependencies with no database setup.
The process for installing a full setup is a bit different from a minimal setup. Let us analyze each of them:
Full installer : You will need to execute the following commands to install the framework on your Ubuntu machine:
Minimal installer : You will need to execute the following commands to install the framework with minimal options:
The installation process demonstrated above is a simple Ubuntu-based installation procedure for almost all software. Once the installation is complete, you can run hash –r to reload your path.
This installation process can be followed on almost all flavors and versions of Linux.
Now let's talk about some other options, or possibly some pieces of general information that are relevant to this task.
There can be chances that the installer may not work for you for some reason. Some versions of Ubuntu come with broken libraries of the Ruby language, which may be one of the reasons for the installation failure. In that case, we can install the dependencies separately by executing the following commands:
For installing Ruby dependencies run:
For installing the subversion client run:
For building native extensions run:
After installing the following dependencies, download the Metasploit Unix tarball from the official Metasploit download page and execute the following commands:
On successful execution of the preceding commands, the framework will be up and running to receive your instructions.
BackTrack is the most popular operating system for security professionals for two reasons. Firstly, it has all the popular penetration testing tools pre-installed in it so it reduces the cost of a separate installation. Secondly, it is a Linux-based operating system which makes it less prone to virus attacks and provides more stability during penetration testing. It saves your time from installing relevant components and tools and who knows when you may encounter an unknown error during the installation process.
Either you can have a separate installation of BackTrack on your hard disk or you can also use it over a host on a virtual machine. The installation process is simple and the same as installing any Linux-based operating system.
On booting the BackTrack OS, you will be asked to enter the username and password. The default username for the root user is root and the password is toor .
On successful login, you can either work over the command line or enter startx to enter in the GUI mode.
You can either start the Metasploit framework from the Applications menu or from the command line. To launch Metasploit from the Applications menu go to Applications | BackTrack | Exploitation Tools | Network Exploitation Tools | Metasploit Framework , as shown in the following screenshot:
Metasploit follows a simple directory structure hierarchy where the root folder is pentest . The directory further branches to /exploits/framework3 . To launch Metasploit from the command line, launch the terminal and enter the following command to move to the Metasploit directory:
Launching Metasploit from the command line will follow the complete path to msfconsole . Launching it from the Application menu will provide us a direct access to different UIs available to us.
You can always have a penetration testing lab set up by using multiple machines and it is considered the ideal setup as well. But what if you have an emergency and you immediately need to set up a testing scenario and you only have a single machine? Well using a virtual machine is the obvious answer. You can work simultaneously on more than one operating system and perform the task of penetration testing. So let us have a quick look at how we can set up a penetration testing lab on a single system with the help of a virtual machine.
We will be using a virtual box to set up two virtual machines with BackTrack 5 and Windows XP SP2 operating systems. Our host system is a Windows 7 machine. We will need the virtual box installer and either an image file or an installation disk of the two operating systems we want to set up in the virtual machine. So our complete setup will consist of a host system running Windows 7 with two virtual systems running BackTrack 5 and Windows XP SP2 respectively.
The process of installing a virtual machine is simple and self-explanatory. Follow these steps:
After installing the virtual box, create a new virtual machine. Select the appropriate options and click on Next . You will have to provide an installation medium to start the setup. The medium can either be an image file or installation disk. For a complete manual on a virtual machine and installation procedure,you can visit the following link:
For a better virtual machine performance, it is recommended to have at least 4 GB of available RAM for a 32-bit operating system and 8 GB RAM for 64-bit. In the next recipe, I will show you a cool way to bring down your memory usage while running multiple virtual machines.
Once the virtual machine ( VM ) is created, you can use the "clone" option. This will create an exact copy of your VM so in case some failure occurs in your operating VM, then you can switch to the cloned VM without worrying about re-installing it. Also you can use the "snapshot" option to save the current state of your VM. Snapshot will save the current working settings of your virtual machine and you can revert back to your saved snapshot anytime in the future.
Before you start your virtual machines, there is an important configuration that we will have to make in order to make the two virtual machines communicate with each other. Select one of the virtual machines and click on Settings . Then move to Network settings . In the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine. Under Adapter 2 select Host only Adapter :
Follow this process for both the virtual machines. The reason for setting up Host-only adapter is to make the two virtual machines communicate with each other. Now, in order to test whether everything is fine, check the IP address of the windows virtual machine by entering ipconfig in the command prompt. Now ping the Windows machine (using the local IP address obtained from the ipconfig command) from the BackTrack machine to see if it is receiving the packets or not. Follow the vice versa process to crosscheck both the machines.
Now let's talk about some other options, or possibly some pieces of general information, that are relevant to this task.
There can be situations when we may find that while pinging the Windows machine from the BackTrack machine the packets are not received. That means the Windows machine is not alive. This can possibly be due to the default Windows firewall setting. So, disable the firewall protection and ping again to see if the packets are getting received or not. Also, disable any firewall that may be installed in the virtual machine.
A Virtual box provides an additional installation of add-ons that can improve your virtual usage experience. Some of its key benefits are:
Seamless mouse movement from host OS to virtual OS
Automatic keyboard integration to virtual OS
To install the guest additions, power on the virtual machine, go to the Device tab and click on Install guest additions .
In the previous recipe, we focused on setting up a penetration testing lab on a single machine with the help of virtualization. But there can be serious memory usage concerns while using multiple virtual machines. So, here we will discuss a conservation technique which can be really handy in bad times.
All we need is an SSH client. We will use PuTTY as it is the most popular and free SSH client available for Windows. We will set up an SSH connectivity with the Backtrack machine as it has more memory consumption than the Windows XP machine.
We will start by booting our BackTrack virtual machine. On reaching the login prompt, enter the credentials to start the command line. Now don't start the GUI. Execute any one of the following commands:
This will start the SSH process on the BackTrack machine.
Now find the IP address of the machine by entering the following command:
Now start PuTTY on the host operating system. Enter the IP address of the BackTrack virtual machine and enter port 22 :
Now click on Open to launch the command line. If the connection is successful, you will see the PuTTY command line functioning on behalf of the BackTrack machine. It will ask you to log in. Enter the credentials and enter ifconfig to check if the IP is the same as that of the virtual BackTrack:
In this SSH session we can now interact with the BackTrack virtual machine using PuTTY. As the GUI is not loaded, it reduces the memory consumption by almost half. Also minimizing the BackTrack virtual machine will further reduce memory consumption as the Windows operating system provides less memory share to the processes that are minimized and provides faster execution of those tasks that are running in maximized mode. This will further reduce the memory consumption to some extent.
Interfaces provide a fr
Beautiful Pussy Masturbating
Naked Woman Hung
Best Sexy Lingerie