Metasploit The Penetration Tester S Guide
🔞 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻
Metasploit The Penetration Tester S Guide
This document was uploaded by our user. The uploader already confirmed that they had the permission to publish
it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA
report form. Report DMCA
Once you’ve built your foundation for penetration testing, you’ll learn the Framework’s conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: Find and exploit unmaintained, misconfigured, and
Bypass antivirus technologies and circumvent
security controls
Metasploit
The Penetration Tester’s Guide
Integrate Nmap, NeXpose, and Nessus with
Metasploit to automate discovery Use the Meterpreter shell to launch further
attacks from inside the network Harness stand-alone Metasploit utilities, third-
party tools, and plug-ins Learn how to write your own Meterpreter post-
exploitation modules and scripts You’ll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond.
unpatched systems Perform reconnaissance and find valuable
information about your target
T H E F I N E ST I N G E E K E N T E RTA I N M E N T ™
“I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut.
w w w.nostarch.com
$49.95 ($57.95 CDN)
Shelve In: Computers/Internet/Security
The Penetration Tester’s Guide
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Metasploit
“The best guide to the Metasploit Framework.” — HD Moore, Founder of the Metasploit Project
Kennedy O’Gorman Kearns Aharoni
David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Foreword by HD Moore
METASPLOIT
METASPLOIT The Penetration Tester’s Guide
by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni
San Francisco
METASPLOIT. Copyright © 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 15 14 13 12 11
123456789
ISBN-10: 1-59327-288-X ISBN-13: 978-1-59327-288-3 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D’Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Scott White Copyeditor: Lisa Theobald Compositors: Susan Glinert Stevens Proofreader: Ward Webber Indexer: BIM Indexing & Proofreading Services For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com ; www.nostarch.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.
BRIEF CONTENTS Foreword by HD Moore ................................................................................................ xiii Preface .......................................................................................................................xvii Acknowledgments .........................................................................................................xix Introduction .................................................................................................................xxi Chapter 1: The Absolute Basics of Penetration Testing .........................................................1 Chapter 2: Metasploit Basics ............................................................................................7 Chapter 3: Intelligence Gathering ...................................................................................15 Chapter 4: Vulnerability Scanning...................................................................................35 Chapter 5: The Joy of Exploitation...................................................................................57 Chapter 6: Meterpreter ..................................................................................................75 Chapter 7: Avoiding Detection .......................................................................................99 Chapter 8: Exploitation Using Client-Side Attacks............................................................109 Chapter 9: Metasploit Auxiliary Modules .......................................................................123 Chapter 10: The Social-Engineer Toolkit.........................................................................135 Chapter 11: Fast-Track.................................................................................................163 Chapter 12: Karmetasploit ...........................................................................................177 Chapter 13: Building Your Own Module........................................................................185
Chapter 14: Creating Your Own Exploits .......................................................................197 Chapter 15: Porting Exploits to the Metasploit Framework................................................215 Chapter 16: Meterpreter Scripting.................................................................................235 Chapter 17: Simulated Penetration Test..........................................................................251 Appendix A: Configuring Your Target Machines .............................................................267 Appendix B: Cheat Sheet .............................................................................................275 Index .........................................................................................................................285
vi
B ri e f C on t e n t s
CONTENTS IN DETAIL FOREWORD by HD Moore PREFACE A C KN O W L E D G M E N T S
xiii xvii xix
Special Thanks ........................................................................................................ xx
INTRODUCTION
xxi
Why Do A Penetration Test? ................................................................................... xxii Why Metasploit? .................................................................................................. xxii A Brief History of Metasploit ................................................................................... xxii About this Book .....................................................................................................xxiii What’s in the Book? ..............................................................................................xxiii A Note on Ethics .................................................................................................. xxiv
1 T H E A B S O L U T E B A S I C S O F P E N E TR A TI O N TE S TI N G
1
The Phases of the PTES .............................................................................................. 2 Pre-engagement Interactions ......................................................................... 2 Intelligence Gathering .................................................................................. 2 Threat Modeling ......................................................................................... 2 Vulnerability Analysis .................................................................................. 3 Exploitation ................................................................................................ 3 Post Exploitation .......................................................................................... 3 Reporting ................................................................................................... 4 Types of Penetration Tests .......................................................................................... 4 Overt Penetration Testing ............................................................................. 5 Covert Penetration Testing ............................................................................ 5 Vulnerability Scanners .............................................................................................. 5 Pulling It All Together ................................................................................................ 6
2 METASPLOIT BASICS
7
Terminology ............................................................................................................ 7 Exploit ....................................................................................................... 8 Payload ..................................................................................................... 8 Shellcode ................................................................................................... 8 Module ...................................................................................................... 8 Listener ...................................................................................................... 8 Metasploit Interfaces ................................................................................................. 8 MSFconsole ................................................................................................ 9 MSFcli ....................................................................................................... 9 Armitage .................................................................................................. 11
Metasploit Utilities .................................................................................................. 12 MSFpayload ............................................................................................. 12 MSFencode .............................................................................................. 13 Nasm Shell ............................................................................................... 13 Metasploit Express and Metasploit Pro ...................................................................... 14 Wrapping Up ........................................................................................................ 14
3 INTELLIGENCE GATHERING
15
Passive Information Gathering ................................................................................. 16 whois Lookups .......................................................................................... 16 Netcraft ................................................................................................... 17 NSLookup ................................................................................................ 18 Active Information Gathering ................................................................................... 18 Port Scanning with Nmap .......................................................................... 18 Working with Databases in Metasploit ........................................................ 20 Port Scanning with Metasploit ..................................................................... 25 Targeted Scanning ................................................................................................. 26 Server Message Block Scanning .................................................................. 26 Hunting for Poorly Configured Microsoft SQL Servers .................................... 27 SSH Server Scanning ................................................................................. 28 FTP Scanning ............................................................................................ 29 Simple Network Management Protocol Sweeping ......................................... 30 Writing a Custom Scanner ...................................................................................... 31 Looking Ahead ...................................................................................................... 33
4 V U L N E R AB I L IT Y S C A N N IN G
35
The Basic Vulnerability Scan .................................................................................... 36 Scanning with NeXpose .......................................................................................... 37 Configuration ........................................................................................... 37 Importing Your Report into the Metasploit Framework .................................... 42 Running NeXpose Within MSFconsole ......................................................... 43 Scanning with Nessus ............................................................................................. 44 Nessus Configuration ................................................................................ 44 Creating a Nessus Scan Policy ................................................................... 45 Running a Nessus Scan .............................................................................. 47 Nessus Reports ......................................................................................... 47 Importing Results into the Metasploit Framework ............................................ 48 Scanning with Nessus from Within Metasploit .............................................. 49 Specialty Vulnerability Scanners ............................................................................... 51 Validating SMB Logins ............................................................................... 51 Scanning for Open VNC Authentication ....................................................... 52 Scanning for Open X11 Servers .................................................................. 54 Using Scan Results for Autopwning ........................................................................... 56
5 THE JOY OF EXPLOITATION
57
Basic Exploitation ................................................................................................... 58 msf> show exploits .................................................................................... 58 msf> show auxiliary .................................................................................. 58 viii
Contents i n Detail
msf> show options .................................................................................... 58 msf> show payloads .................................................................................. 60 msf> show targets ..................................................................................... 62 info ......................................................................................................... 63 set and unset ............................................................................................ 63 setg and unsetg ......................................................................................... 64 save ........................................................................................................ 64 Exploiting Your First Machine .................................................................................. 64 Exploiting an Ubuntu Machine ................................................................................. 68 All-Ports Payloads: Brute Forcing Ports ....................................................................... 71 Resource Files ........................................................................................................ 72 Wrapping Up ........................................................................................................ 73
6 M E T E R PR E T E R
75
Compromising a Windows XP Virtual Machine .......................................................... 76 Scanning for Ports with Nmap .................................................................... 76 Attacking MS SQL ..................................................................................... 76 Brute Forcing MS SQL Server ...................................................................... 78 The xp_cmdshell ........................................................................................ 79 Basic Meterpreter Commands ..................................................................... 80 Capturing Keystrokes ................................................................................. 81 Dumping Usernames and Passwords ........................................................................ 82 Extracting the Password Hashes .................................................................. 82 Dumping the Password Hash ...................................................................... 83 Pass the Hash ........................................................................................................ 84 Privilege Escalation ................................................................................................ 85 Token Impersonation ............................................................................................... 87 Using ps ............................................................................................................... 87 Pivoting onto Other Systems .................................................................................... 89 Using Meterpreter Scripts ........................................................................................ 92 Migrating a Process ................................................................................... 92 Killing Antivirus Software ........................................................................... 93 Obtaining System Password Hashes ............................................................ 93 Viewing All Traffic on a Target Machine ...................................................... 93 Scraping a System .................................................................................... 93 Using Persistence ...................................................................................... 94 Leveraging Post Exploitation Modules ....................................................................... 95 Upgrading Your Command Shell to Meterpreter ......................................................... 95 Manipulating Windows APIs with the Railgun Add-On .........
Outdoor Porn Video
Lesbians Peeing Porn
Overwatch D Va 3d