PacktLib: Metasploit Penetration Testing Cookbook, Second Edition

Metasploit Penetration Testing CookbookSecond Edition


About the Authors

About the Reviewers


Metasploit Quick Tips for Security Professionals


Configuring Metasploit on Windows

Configuring Metasploit on Ubuntu

Installing Metasploit with BackTrack 5 R3

Setting up penetration testing using VMware

Setting up Metasploit on a virtual machine with SSH connectivity

Installing and configuring PostgreSQL in BackTrack 5 R3

Using the database to store the penetration testing results

Working with BBQSQL

Information Gathering and Scanning


Passive information gathering

Port scanning – the Nmap way

Port scanning – the DNmap way

Using keimpx – an SMB credentials scanner

Detecting SSH versions with the SSH version scanner

FTP scanning

SNMP sweeping

Vulnerability scanning with Nessus

Scanning with NeXpose

Working with OpenVAS – a vulnerability scanner

Operating-System-based Vulnerability Assessment


Penetration testing on a Windows XP SP2 machine

Binding a shell to the target for remote access

Penetration testing on Windows 8

Exploiting a Linux (Ubuntu) machine

Understanding the Windows DLL injection flaws

Client-side Exploitation and Antivirus Bypass


Exploiting Internet Explorer execCommand Use-After-Free vulnerability

Understanding Adobe Flash Player "new function" invalid pointer use

Understanding Microsoft Word RTF stack buffer overflow

Working with Adobe Reader U3D Memory Corruption

Generating binary and shell code from msfpayload

Msfencoding schemes with the detection ratio

Using the killav.rb script to disable the antivirus programs

Killing the antiviruses' services from the command line

Working with the syringe utility

Working with Modules for Penetration Testing


Working with scanner auxiliary modules

Working with auxiliary admin modules

SQL injection and DoS attack module

Post-exploitation modules

Understanding the basics of module building

Analyzing an existing module

Building your own post-exploitation module

Exploring Exploits


Exploiting the module structure

Working with msfvenom

Converting an exploit to a Metasploit module

Porting and testing the new exploit module

Fuzzing with Metasploit

Writing a simple FileZilla FTP fuzzer

VoIP Penetration Testing


Scanning and enumeration phase

Yielding passwords

VLAN hopping

VoIP MAC spoofing

Impersonation attack

DoS attack

Wireless Network Penetration Testing


Setting up and running Fern WiFi Cracker

Sniffing interfaces with tcpdump

Cracking WEP and WPA with Fern WiFi Cracker

Session hijacking via a MAC address

Locating a target's geolocation

Understanding an evil twin attack

Configuring Karmetasploit

Social-Engineer Toolkit


Getting started with the Social-Engineer Toolkit (SET)

Working with the SET config file

Working with the spear-phishing attack vector

Website attack vectors

Working with the multi-attack web method

Infectious media generator

Working with Meterpreter


Understanding the Meterpreter system commands

Understanding the Meterpreter filesystem commands

Understanding the Meterpreter networking commands

Privilege escalation and process migration

Setting up multiple communication channels with the target

Meterpreter anti-forensics – timestomp

The getdesktop and keystroke sniffing

Using a scraper Meterpreter script

Passing the hash

Setting up a persistent connection with backdoors

Pivoting with Meterpreter

Port forwarding with Meterpreter

Meterpreter API and mixins

Railgun – converting Ruby into a weapon

Adding DLL and function definition to Railgun

Building a "Windows Firewall De-activator" Meterpreter script

Analyzing an existing Meterpreter script

Injecting the VNC server remotely

Exploiting a vulnerable PHP application

Incognito attack with Meterpreter

Pentesting in the Cloud

Pentesting in the Cloud

Pentesting in the Cloud

Pentesting in the Cloud