Mastering Metasploit
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework, 4th Edition
- 502 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Mastering Metasploit
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework, 4th Edition
About This Book
Discover the next level of network defense and penetration testing with the Metasploit 5.0 framework
Key Features
- Make your network robust and resilient with this updated edition covering the latest pentesting techniques
- Explore a variety of entry points to compromise a system while remaining undetected
- Enhance your ethical hacking skills by performing penetration tests in highly secure environments
Book Description
Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.
Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you'll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.
By the end of the book, you'll have developed the skills you need to work confidently with efficient exploitation techniques
What you will learn
- Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
- Learn to script automated attacks using CORTANA
- Test services such as databases, SCADA, VoIP, and mobile devices
- Attack the client side with highly advanced pentesting techniques
- Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
- Import public exploits to the Metasploit Framework
- Leverage C and Python programming to effectively evade endpoint protection
Who this book is for
If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.
Frequently asked questions
Information
Section 1 – Preparation and Development
- Chapter 1, Approaching a Penetration Test Using Metasploit
- Chapter 2, Reinventing Metasploit
- Chapter 3, The Exploit Formulation Process
- Chapter 4, Porting Exploits
Chapter 1: Approaching a Penetration Test Using Metasploit
- Organizing a penetration test
- Mounting the environment
- Conducting a penetration test with Metasploit
- Benefits of penetration testing using Metasploit
- Case study – reaching the domain controller
Technical requirements
- VMWare Workstation 12 Player for virtualization (any version can be used)/Oracle Virtual Box (throughout this book, we will use VMWare Workstation Player).
- Ubuntu 18.03 LTS Desktop as a pentester's workstation VM with an IP of 192.168.188.128. You can download Ubuntu from https://ubuntu.com/download/desktop.
- Windows 7 Ultimate 64-bit, version: 6.1.7601 Service Pack 1 Build 7601 as a target with IPs of 192.168.188.129 and 192.168.248.153 (any 64-bit Windows 7 release version prior to 2017).
- Microsoft Windows Server 2008 R2 Enterprise 64-Bit, Version: 6.1.7601 Service Pack 1 Build 7601 as the domain controller with an IP of 192.168.248.10 (any Windows Server 2008/2012).
- Metasploit 5.0.43 (https://www.metasploit.com/download).
Organizing a penetration test
Preinteractions
Table of contents
- Mastering Metasploit
- Fourth Edition
- Preface
- Section 1 – Preparation and Development
- Chapter 1: Approaching a Penetration Test Using Metasploit
- Chapter 2: Reinventing Metasploit
- Chapter 3: The Exploit Formulation Process
- Chapter 4: Porting Exploits
- Section 2 – The Attack Phase
- Chapter 5: Testing Services with Metasploit
- Chapter 6: Virtual Test Grounds and Staging
- Chapter 7: Client-Side Exploitation
- Section 3 – Post-Exploitation and Evasion
- Chapter 8: Metasploit Extended
- Chapter 9: Evasion with Metasploit
- Chapter 10: Metasploit for Secret Agents
- Chapter 11: Visualizing Metasploit
- Chapter 12: Tips and Tricks
- Other Books You May Enjoy