Metasploit The Penetration Testers Guide

Metasploit The Penetration Testers Guide




🔞 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻

































Metasploit The Penetration Testers Guide


Help
BuckeyeLink
Map
Find People
Webmail
Search Ohio State






Breadcrumb


Home


Metasploit: The Penetration Tester’s Guide








Metasploit: The Penetration Tester’s Guide




double-arrow Book Access





Find in a Library Near You
Ohio State University Libraries Access
Good Reads
Publisher




Institute for Cybersecurity & Digital Trust

Columbus, Ohio 43210




Copyright ©2022 The Ohio State University
Accessibility Policy
Privacy Policy
Help
Log in

Review cookie settings

Book written by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni


Learning to think like a criminal, or in this case a cybercriminal, is a requirement for all penetration testers. Fundamentally, penetration testing is about probing an organization’s systems for weakness.
While the goal of Metasploit: The Penetration Tester’s Guide is to provide a useful tutorial for beginners, it also serves as a reference for practitioners.
The authors write in the Preface that, “This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest.” While the book is focused on using the Metasploit Framework, it begins by building a foundation for penetration testing and establishing a fundamental methodology.
Using the Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. While Metasploit has been used by security professionals for several years now, the tool can be hard to grasp for first-time users. This book fills the gap by teaching readers how to harness the Framework and interact with the active community of Metasploit contributors.
While the Metasploit Framework is frequently updated with new features and exploits, the long-term value of this book is its emphasis on Metasploit fundamentals, which, when understood and practiced, allow the user to be comfortable with both the frequent updates of the tool and also the changing penetration testing landscape.
Metasploit: The Penetration Tester’s Guide is laid out in two sections, Chapters 1 to 5 introduce the basics of penetration testing and the Metasploit framework with the remaining 11 chapters outlining specific areas of the framework, building on the fundamental concepts introduced in the first section. The bulk of the book takes the penetration tester through using the framework with examples of both use cases and the syntax required. The examples begin with the very basics techniques of the craft and move through carrying out exploits and gaining value from the post-exploitation capabilities of Meterpreter.
The authors give a short overview of each topic before jumping right into the hands on – showing readers the commands to use and then dissecting the output – explaining step by step what is happening and what was accomplished. The book allows readers to move quickly from the basics of penetration testing through using the platform to perform the different phases of intelligence gathering and exploitation.
The exploitation sections cover a wide range of techniques, including attacking MS SQL, dumping password hashes, pass the hash and token impersonation, killing antivirus, and gathering intelligence from the system to pivot deeper into the target network.
Metasploit: The Penetration Tester’s Guide is written in a hands-on, tutorial-like style that is great for beginners, as well as folks who prefer to learn by doing. This is an excellent book for anyone interested in a hands-on learning approach to cybersecurity and the fundamentals of penetration testing. It is also a great reference book for the seasoned Metasploit user and those new to Metasploit who want a step-by-step instruction manual.
The craft of penetration testing is covered deeply and broadly. However, the book’s greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples. The authors’ experiences in formal instruction and practice are evident. This book achieves a good balance between concept and practicality.
The goal of the Cybersecurity Canon is to identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete. Finally, the books must provide timeless technical know-how. Metasploit: The Penetration Tester’s Guide achieves these goals, and I believe it is worthy of inclusion in the Cybersecurity Canon candidate list. It is a valuable resource for all cybersecurity professionals’ libraries, whether they be novices or experienced practitioners.


This document was uploaded by our user. The uploader already confirmed that they had the permission to publish
it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA
report form. Report DMCA


Once you’ve built your foundation for penetration testing, you’ll learn the Framework’s conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to:  Find and exploit unmaintained, misconfigured, and

 Bypass antivirus technologies and circumvent

security controls

Metasploit

The Penetration Tester’s Guide

 Integrate Nmap, NeXpose, and Nessus with

Metasploit to automate discovery  Use the Meterpreter shell to launch further

attacks from inside the network  Harness stand-alone Metasploit utilities, third-

party tools, and plug-ins  Learn how to write your own Meterpreter post-

exploitation modules and scripts You’ll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond.

unpatched systems  Perform reconnaissance and find valuable

information about your target

T H E F I N E ST I N G E E K E N T E RTA I N M E N T ™

“I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut.

w w w.nostarch.com

$49.95 ($57.95 CDN)

Shelve In: Computers/Internet/Security

The Penetration Tester’s Guide

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Metasploit

“The best guide to the Metasploit Framework.” — HD Moore, Founder of the Metasploit Project

Kennedy O’Gorman Kearns Aharoni

David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Foreword by HD Moore

METASPLOIT

METASPLOIT The Penetration Tester’s Guide

by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni

San Francisco

METASPLOIT. Copyright © 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 15 14 13 12 11

123456789

ISBN-10: 1-59327-288-X ISBN-13: 978-1-59327-288-3 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D’Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Scott White Copyeditor: Lisa Theobald Compositors: Susan Glinert Stevens Proofreader: Ward Webber Indexer: BIM Indexing & Proofreading Services For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com ; www.nostarch.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

BRIEF CONTENTS Foreword by HD Moore ................................................................................................ xiii Preface .......................................................................................................................xvii Acknowledgments .........................................................................................................xix Introduction .................................................................................................................xxi Chapter 1: The Absolute Basics of Penetration Testing .........................................................1 Chapter 2: Metasploit Basics ............................................................................................7 Chapter 3: Intelligence Gathering ...................................................................................15 Chapter 4: Vulnerability Scanning...................................................................................35 Chapter 5: The Joy of Exploitation...................................................................................57 Chapter 6: Meterpreter ..................................................................................................75 Chapter 7: Avoiding Detection .......................................................................................99 Chapter 8: Exploitation Using Client-Side Attacks............................................................109 Chapter 9: Metasploit Auxiliary Modules .......................................................................123 Chapter 10: The Social-Engineer Toolkit.........................................................................135 Chapter 11: Fast-Track.................................................................................................163 Chapter 12: Karmetasploit ...........................................................................................177 Chapter 13: Building Your Own Module........................................................................185

Chapter 14: Creating Your Own Exploits .......................................................................197 Chapter 15: Porting Exploits to the Metasploit Framework................................................215 Chapter 16: Meterpreter Scripting.................................................................................235 Chapter 17: Simulated Penetration Test..........................................................................251 Appendix A: Configuring Your Target Machines .............................................................267 Appendix B: Cheat Sheet .............................................................................................275 Index .........................................................................................................................285

vi

B ri e f C on t e n t s

CONTENTS IN DETAIL FOREWORD by HD Moore PREFACE A C KN O W L E D G M E N T S

xiii xvii xix

Special Thanks ........................................................................................................ xx

INTRODUCTION

xxi

Why Do A Penetration Test? ................................................................................... xxii Why Metasploit? .................................................................................................. xxii A Brief History of Metasploit ................................................................................... xxii About this Book .....................................................................................................xxiii What’s in the Book? ..............................................................................................xxiii A Note on Ethics .................................................................................................. xxiv

1 T H E A B S O L U T E B A S I C S O F P E N E TR A TI O N TE S TI N G

1

The Phases of the PTES .............................................................................................. 2 Pre-engagement Interactions ......................................................................... 2 Intelligence Gathering .................................................................................. 2 Threat Modeling ......................................................................................... 2 Vulnerability Analysis .................................................................................. 3 Exploitation ................................................................................................ 3 Post Exploitation .......................................................................................... 3 Reporting ................................................................................................... 4 Types of Penetration Tests .......................................................................................... 4 Overt Penetration Testing ............................................................................. 5 Covert Penetration Testing ............................................................................ 5 Vulnerability Scanners .............................................................................................. 5 Pulling It All Together ................................................................................................ 6

2 METASPLOIT BASICS

7

Terminology ............................................................................................................ 7 Exploit ....................................................................................................... 8 Payload ..................................................................................................... 8 Shellcode ................................................................................................... 8 Module ...................................................................................................... 8 Listener ...................................................................................................... 8 Metasploit Interfaces ................................................................................................. 8 MSFconsole ................................................................................................ 9 MSFcli ....................................................................................................... 9 Armitage .................................................................................................. 11

Metasploit Utilities .................................................................................................. 12 MSFpayload ............................................................................................. 12 MSFencode .............................................................................................. 13 Nasm Shell ............................................................................................... 13 Metasploit Express and Metasploit Pro ...................................................................... 14 Wrapping Up ........................................................................................................ 14

3 INTELLIGENCE GATHERING

15

Passive Information Gathering ................................................................................. 16 whois Lookups .......................................................................................... 16 Netcraft ................................................................................................... 17 NSLookup ................................................................................................ 18 Active Information Gathering ................................................................................... 18 Port Scanning with Nmap .......................................................................... 18 Working with Databases in Metasploit ........................................................ 20 Port Scanning with Metasploit ..................................................................... 25 Targeted Scanning ................................................................................................. 26 Server Message Block Scanning .................................................................. 26 Hunting for Poorly Configured Microsoft SQL Servers .................................... 27 SSH Server Scanning ................................................................................. 28 FTP Scanning ............................................................................................ 29 Simple Network Management Protocol Sweeping ......................................... 30 Writing a Custom Scanner ...................................................................................... 31 Looking Ahead ...................................................................................................... 33

4 V U L N E R AB I L IT Y S C A N N IN G

35

The Basic Vulnerability Scan .................................................................................... 36 Scanning with NeXpose .......................................................................................... 37 Configuration ........................................................................................... 37 Importing Your Report into the Metasploit Framework .................................... 42 Running NeXpose Within MSFconsole ......................................................... 43 Scanning with Nessus ............................................................................................. 44 Nessus Configuration ................................................................................ 44 Creating a Nessus Scan
Nasty Beach
Aiden Lesbian
Shake That Ass

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org