PacktLib: Mastering Metasploit

Mastering Metasploit

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

Approaching a Penetration Test Using Metasploit

Setting up the environment

Mounting the environment

Conducting a penetration test with Metasploit

The dominance of Metasploit

Summary

Reinventing Metasploit

Ruby – the heart of Metasploit

Developing custom modules

Breakthrough meterpreter scripting

Working with RailGun

Summary

The Exploit Formulation Process

The elemental assembly primer

The joy of fuzzing

Building up the exploit base

Finalizing the exploit

The fundamentals of a structured exception handler

Summary

Porting Exploits

Porting a Perl-based exploit

Porting a Python-based exploit

Porting a web-based exploit

Summary

Offstage Access to Testing Services

The fundamentals of SCADA

SCADA torn apart

Securing SCADA

Database exploitation

VOIP exploitation

Post-exploitation on Apple iDevices

Summary

Virtual Test Grounds and Staging

Performing a white box penetration test

Generating manual reports

Performing a black box penetration test

Summary

Sophisticated Client-side Attacks

Exploiting browsers

File format-based exploitation

Compromising XAMPP servers

Compromising the clients of a website

Bypassing AV detections

Conjunction with DNS spoofing

Attacking Linux with malicious packages

Summary

The Social Engineering Toolkit

Explaining the fundamentals of the social engineering toolkit

Attacking with SET

Providing additional features and further readings

Summary

Speeding Up Penetration Testing

Introducing automated tools

Fast Track MS SQL attack vectors

Automated exploitation in Metasploit

Fake updates with the DNS-spoofing attack

Summary

Visualizing with Armitage

The fundamentals of Armitage

Scanning networks and host management

Exploitation with Armitage

Post-exploitation with Armitage

Attacking on the client side with Armitage

Scripting Armitage

Summary

Further reading

Index