PacktLib: Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook


About the Author

About the Reviewers


Metasploit Quick Tips for Security Professionals


Configuring Metasploit on Windows

Configuring Metasploit on Ubuntu

Metasploit with BackTrack 5 – the ultimate combination

Setting up the penetration testing lab on a single machine

Setting up Metasploit on a virtual machine with SSH connectivity

Beginning with the interfaces – the "Hello World" of Metasploit

Setting up the database in Metasploit

Using the database to store penetration testing results

Analyzing the stored results of the database

Information Gathering and Scanning


Passive information gathering 1.0 – the traditional way

Passive information gathering 2.0 – the next level

Port scanning – the Nmap way

Exploring auxiliary modules for scanning

Target service scanning with auxiliary modules

Vulnerability scanning with Nessus

Scanning with NeXpose

Sharing information with the Dradis framework

Operating System-based Vulnerability Assessment and Exploitation


Exploit usage quick tips

Penetration testing on a Windows XP SP2 machine

Binding a shell to the target for remote access

Penetration testing on the Windows 2003 Server

Windows 7/Server 2008 R2 SMB client infinite loop

Exploiting a Linux (Ubuntu) machine

Understanding the Windows DLL injection flaws

Client-side Exploitation and Antivirus Bypass


Internet Explorer unsafe scripting misconfiguration vulnerability

Internet Explorer CSS recursive call memory corruption

Microsoft Word RTF stack buffer overflow

Adobe Reader util.printf() buffer overflow

Generating binary and shellcode from msfpayload

Bypassing client-side antivirus protection using msfencode

Using the killav.rb script to disable antivirus programs

A deeper look into the killav.rb script

Killing antivirus services from the command line

Using Meterpreter to Explore the Compromised Target


Analyzing meterpreter system commands

Privilege escalation and process migration

Setting up multiple communication channels with the target

Meterpreter filesystem commands

Changing file attributes using timestomp

Using meterpreter networking commands

The getdesktop and keystroke sniffing

Using a scraper meterpreter script

Advanced Meterpreter Scripting


Passing the hash

Setting up a persistent connection with backdoors

Pivoting with meterpreter

Port forwarding with meterpreter

Meterpreter API and mixins

Railgun – converting Ruby into a weapon

Adding DLL and function definition to Railgun

Building a "Windows Firewall De-activator" meterpreter script

Analyzing an existing meterpreter script

Working with Modules for Penetration Testing


Working with scanner auxiliary modules

Working with auxiliary admin modules

SQL injection and DOS attack modules

Post-exploitation modules

Understanding the basics of module building

Analyzing an existing module

Building your own post-exploitation module

Working with Exploits


Exploiting the module structure

Common exploit mixins

Working with msfvenom

Converting exploit to a Metasploit module

Porting and testing the new exploit module

Fuzzing with Metasploit

Writing a simple FileZilla FTP fuzzer

Working with Armitage


Getting started with Armitage

Scanning and information gathering

Finding vulnerabilities and attacking targets

Handling multiple targets using the tab switch

Post-exploitation with Armitage

Client-side exploitation with Armitage

Social Engineer Toolkit


Getting started with Social Engineer Toolkit (SET)

Working with the SET config file

Spear-phishing attack vector

Website attack vectors

Multi-attack web method

Infectious media generator