Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook: Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework , Third Edition

Arrow left icon
Profile Icon Teixeira Profile Icon Agarwal Profile Icon Singh Profile Icon Nipun Jaswal
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (5 Ratings)
Paperback Feb 2018 426 pages 3rd Edition
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Teixeira Profile Icon Agarwal Profile Icon Singh Profile Icon Nipun Jaswal
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (5 Ratings)
Paperback Feb 2018 426 pages 3rd Edition
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Metasploit Penetration Testing Cookbook

Metasploit Quick Tips for Security Professionals

In this chapter, we will cover the following recipes:

  • Installing Metasploit on Windows
  • Installing Linux and macOS
  • Installing Metasploit on macOS
  • Using Metasploit in Kali Linux
  • Setting up a penetration testing lab using VMware
  • Setting up SSH connectivity
  • Connecting to Kali using SSH
  • Configuring Metasploit to use PostgreSQL
  • Creating workspaces
  • Using the database
  • Using the hosts command
  • Understanding the services command

Introduction

Metasploit is currently the world's leading penetration-testing tool, and one of the biggest open-source projects in information security and penetration testing. It has totally revolutionized the way we can perform security tests on our systems. The reason Metasploit is so popular is the wide range of tasks that it can perform to ease the work of penetration testing to make systems more secure. Metasploit is available for all popular operating systems. The working process of the framework is almost the same for all of them. In this book, we will primarily work on Kali Linux as it comes with the preinstalled Metasploit Framework and other third-party tools which run over the framework.

Let's proceed with a quick introduction to the framework and the various terminologies related to it:

  • Metasploit Framework: This is a free, open-source penetration-testing framework started by H. D. Moore in 2003, which was later acquired by Rapid7. The current stable versions of the framework are written using the Ruby language. It has the world's largest database of tested exploits and receives more than a million downloads every year. It is also one of the most complex projects built in Ruby to date.
  • Vulnerability: This is a weakness which allows an attacker/pentester to break into or compromise a system's security. This weakness can exist in the operating system, the application software, or even in the network protocols.
  • Exploit: An exploit is a piece of code which allows an attacker/tester to take advantage of the vulnerable system and compromise its security. Every vulnerability has its own corresponding exploit. Metasploit has more than 1,700 exploits.
  • Payload: This is the actual code which does the work. It runs on the system after exploitation. It is mostly used to set up a connection between the attacking and victim machines. Metasploit has more than 500 payloads.
  • Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate new exploit code and tools into the framework.

The Metasploit Framework has a modular architecture and the exploits, payload, encoders, and so on are considered to be separate modules:

Let's examine the architecture diagram closely.

Metasploit uses different libraries that hold the key to the proper functioning of the framework. These libraries are a collection of predefined tasks, operations, and functions that can be utilized by different modules of the framework. The most fundamental part of the framework is the Ruby extension (Rex) library. Some of the components provided by Rex include a wrapper socket subsystem, implementations of protocol clients and servers, a logging subsystem, exploitation utility classes, and a number of other useful classes. Rex itself is designed to have no dependencies, other than what comes with the default Ruby installation.

Then we have the MSF Core library that extends Rex. Core is responsible for implementing all of the required interfaces that allow for interacting with exploit modules, sessions, and plugins. This core library is extended by the framework base library, which is designed to provide simpler wrapper routines for dealing with the framework core, as well as providing utility classes for dealing with different aspects of the framework, such as serializing a module state to different output formats. Finally, the base library is extended by the framework's user interface (UI) that implements support for the different types of UIs to the framework itself, such as the command console and the web interface.

There are two different UIs provided with the framework, namely msfconsole and a web interface. Checking out bought interfaces is highly recommended but, in this book, we will primarily work on the msfconsole interface. This is because msfconsole provides the best support to the framework, leveraging all of the functionalities.

The msfconsole interface is by far the most talked-about part of the Metasploit Framework, and for good reason, as it is one of the most flexible, character-rich, and well-supported tools within the framework. It actually provides a handy all-in-one interface for every choice and setting attainable in the framework; it's like a one-stop shop for all of your pen-testing dreams. We can use msfconsole to do anything, including launching an exploit, loading an auxiliary, executing enumeration, producing listeners, or executing mass exploitations in contrast to an entire network.

A web interface is available for you to work with Metasploit Community, Express, and Pro. To launch the web interface, open a web browser and go to https://localhost:3790.

To see the operating systems that are currently supported and the minimum system requirements, please visit https://www.rapid7.com/products/metasploit/system-requirements.

Installing Metasploit on Windows

Installation of the Metasploit Framework on Windows is simple and requires almost no effort. The framework installer can be downloaded from the Metasploit official website (http://www.metasploit.com/download). In this recipe, we will learn how to configure Metasploit on Windows.

Getting ready

You will notice that there are four editions of Metasploit available:

  • Pro: For penetration testers and IT security teams
  • Express: For IT generalists at SMBs
  • Community: For small companies and students
  • Framework: For developers and security researchers

To follow along with this book, it is recommended to download the latest framework edition of Metasploit (https://windows.metasploit.com/metasploitframework-latest.msi), which contains the console and all other relevant dependencies.

How to do it...

Once you have completed downloading the installer, simply run it and sit back. It will automatically install all the relevant components. Once the installation is complete, you can access the framework through various shortcuts created by the installer:

While installing Metasploit on Windows, you should disable the antivirus protection, as it may detect some of the installation files as potential viruses or threats and can block the installation process. Once the installation is complete, make sure that you have white-listed the framework installation directory in your antivirus software, as it will detect the exploits and payloads as malicious.

Installing Linux and macOS

The quick installation script will import the Rapid7 signing key and set up the package for all supported Linux and macOS systems:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

The packages will integrate into the OS's native package management and can either be updated with the msfupdate command or by using your preferred package manager.

How to do it...

The full installation process is as follows:

# curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
> chmod 755 msfinstall && \
> ./msfinstall
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5394 100 5394 0 0 17618 0 --:--:-- --:--:-- --:--:-- 17627
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
metasploit-framework

...

Run msfconsole to get started
W: --force-yes is deprecated, use one of the options starting with --allow instead.
# msfconsole
# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *

...

msf >

Installing Metasploit on macOS

How to do it...

Download and launch the installer to install Metasploit Framework with all of its dependencies. Once installed, you can launch msfconsole as /opt/metasploit- framework/bin/msfconsole:

The Metasploit Framework initial setup will help you set up a database and add Metasploit to your local PATH as shown:

$ /opt/metasploit-framework/bin/msfconsole 

** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.

Would you like to add msfconsole and other programs to your default PATH? yes
You may need to start a new terminal or log in again for this to take effect.

Would you like to use and setup a new database (recommended)? yes
Creating database at /Users/user/.msf4/db
Starting database at /Users/user/.msf4/db...success
Creating database users
Creating initial database schema

** Metasploit Framework Initial Setup Complete *

Using Metasploit in Kali Linux

Kali Linux is the most popular operating system for security professionals for two reasons. First, it has all the popular penetration-testing tools preinstalled in it, so it reduces the cost of a separate installation. Secondly, it is a Linux-based operating system, which makes it less prone to virus attacks and provides more stability during penetration testing. It saves you time as you don't have to install the relevant components and tools, and who knows when you may encounter an unknown error during the installation process.

Getting ready

Either you can have a separate installation of Kali Linux on your hard disk, or you can also use it over a host on a virtual machine. The installation process is simple and the same as installing any Linux-based operating system.

To set up a Metasploit development environment on Kali Linux or any Debian-based Linux environment, you can  use the following commands:

sudo apt update
sudo apt -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev libpcap-dev libpq-dev libreadline6-dev libsqlite3-dev libssl-dev libsvn1 libtool libxml2 libxml2-dev libxslt-dev libyaml-dev locate ncurses-dev openssl postgresql postgresql-contrib wget xsel zlib1g zlib1g-dev
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
cd /opt
sudo git clone https://github.com/rapid7/metasploit-framework.git
sudo chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework
rvm --install $(cat .ruby-version)
gem install bundler
bundle install

How to do it...

You can download Kali Linux ISO images from the official site, https://www.kali.org/downloads/, create a bootable USB drive, or burn the ISO image to a DVD-ROM and use it to install Kali Linux as a separate OS on your hard disk or simply boot the Kali ISO image in Live Mode. Another way is to run Kali Linux inside a virtual machine; for that, you can either use the ISO image to install Kali Linux from scratch or just download a Kali Linux VMware, VirtualBox, or ARM image from the official site.

For this book, we will use a Kali Linux VMware virtual machine:

  1. When booting the Kali Linux virtual machine, you will be asked to enter the username and password. The default username for the root user is root and the password is toor.
  2. Upon successful login, the easiest way to get the Metasploit Framework up and running is to start Metasploit from the Applications menu.
  1. To launch Metasploit from the Applications menu, go to Applications | Exploitation Tools | metasploit framework, as shown in the following screenshot:
Starting Metasploit Framework from the Applications menu will automatically set up the PostgreSQL database. It will create the database user, the msf and msf_test databases, configure Metasploit to use the database, create the database schema, and start msfconsole by running the following command: service postgresql start && msfdb init && msfconsole.
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema
# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *


=[ metasploit v4.16.8-dev- ]
+ -- --=[ 1683 exploits - 964 auxiliary - 299 post ]
+ -- --=[ 498 payloads - 40 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

There's more...

Alternatively, you can start the Metasploit Framework by typing msfconsole from a Terminal window.

Upgrading Kali Linux

As a rolling distribution, upgrading Kali Linux is simple. It's recommended to upgrade Kali Linux regularly, to ensure that you will get the latest security updates. To upgrade, use apt update followed by apt upgrade; apt will look for installed packages that can be upgraded without removing any packages, this way being the least intrusive.

For major version upgrades and important upgrades, use apt full-upgrade; this will do a complete upgrade and, if necessary, remove obsolete packages or install new dependencies.

Setting up a penetration-testing lab

Creating a penetration-testing lab is essential, it will allow you to practice and test new techniques and exploits in a secure environment. Using virtual machines for your lab environment will give you portability, flexibility, and low maintenance. You can work simultaneously on more than one operating system, set up complex network scenarios, and perform penetration tests on multiple targets. So, let's have a quick look at how we can set up a penetration-testing lab using virtualization.

Getting ready

For your lab, you can use the hypervisor of your choice; the most common hypervisors are VirtualBox, VMware Workstation Pro, VMware Fusion Pro (for Mac), VMware ESXi, and Microsoft Hyper-V. For the penetration testing lab used in this book, I would recommend you to use VirtualBox since it is an open source hypervisor and a requirement for building one of the virtual machines.

Although you need to build the virtual machine using VirtualBox, after building the machine you can import it to any of the hypervisors you like.

This is the network diagram for the penetration-testing lab:

We will use four virtual machines with Kali Linux, a Linux server, a Windows server, and a Windows 10 client. In this lab, we have a modern scenario that will allow us to test and practice the latest techniques and exploits.

How to do it...

For the Kali Linux machine, the Linux server, and the Windows 10 client, the setup is simple. We can download the Kali Linux virtual machine from the official site, https://www.kali.org/downloads/; for the Linux server, we will use the Metasploitable 2 machine which you can download from SourceForge at https://sourceforge.net/projects/metasploitable/files/Metasploitable2/; and for the Windows 10 client, we can download a 90-day trial from the Microsoft Developer site at https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/.

For the last machine, we will use Metasploitable 3, a Windows virtual machine that we will build, with many security vulnerabilities for us to test. To build the Metasploitable 3 machine, we have to install Packer, Vagrant, the Vagrant Reload plugin, and VirtualBox. The build scripts and documentation, as well as the most up-to-date build instructions, can be found at the official GitHub repository: https://github.com/rapid7/metasploitable3To build the machine automatically, perform the following steps:

  1. Run the build_win2008.sh script if using Bash, or build_win2008.ps1 if using Windows.
  2. Upon successful completion, run vagrant up.
  3. When the process completes, you should be able to open the VM within VirtualBox and log in using the username vagrant and password vagrant.

Before you start your virtual machines, there is an important configuration that you will have to make in order to set up the network communication for the lab:

  1. Select the Kali Linux virtual machine and click on Settings. Then, move to Removable Devices. In the Network Adapter option, the network adapter should be configured to use Internet SharingShare with my Mac, which will allow the virtual machine to access the internet, sharing the IP address of the host machine, since it will provide Network Address Translation (NAT) for network traffic from the virtual machine.
  1. The network adapter of the Metasploitable 3 virtual machine and the first network adapter of the Metasploitable 2 virtual machine should also be configured to use NAT:
  1. In VMware Fusion, go to Preferences, select the Network tab, and create a custom network. Check the box to provide addresses on this network via DHCP; use the Subnet IP of 10.0.0.0  and the Subnet Mask of 255.255.255.0:
  1. Now that you have created the custom network, select the Windows 10 virtual machine, click on Settings, then go to the Network Adapter settings. Choose Custom network and select the custom network we have created. Repeat the process for the second Network Adapter of the Metasploitable 2 virtual machine:
  1. To verify the configuration, log in to the Metasploitable 2 machine and use the ip a command. The default username for the root user is msfadmin and the password is msfadmin:

How it works...

By creating two NAT networks, we can simulate internet-facing servers using the first NAT network and internal machines using the custom network we have created, thus providing a more realistic scenario, and giving you the possibility to learn how to do reconnaissance of internal targets, pivoting, and lateral movement.

Setting up SSH connectivity

Secure Shell (SSH) allows you to connect to a remote host securely over an unsecured network.

Getting ready

To configure the Kali Linux machine for remote logins, we will start by changing the default root password and generating new SSH host keys.

How to do it...

To change the root password, use the passwd command as follows:

root@kali:~# passwd 
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

To generate new SSH host keys, the steps are also relatively straightforward: remove the current SSH host keys, use the dpkg-reconfigure openssh-server command to reconfigure the OpenSSH server, and generate new SSH host keys:

root@kali:~# rm /etc/ssh/ssh_host_*
root@kali:~# dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:Ok/J4YvIGYieDI6YuOLDXADm5YUdrJSnzBKguuD9WWQ root@kali (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:eYU5TtQVzFYQtjo6lyiVHku6SQWbgkMPMDtW8cgaAJ4 root@kali (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:8nj2LMKQNOLKS9S9OsWcBArslPgpFfD/5h4vNrwI4sA root@kali (ED25519)

For lab purposes, we'll edit the OpenSSH server configuration  /etc/ssh/sshd_config  file to permit root login by changing the line #PermitRootLogin without-password to PermitRootLogin yes as you can see in the following example:

...
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
...

To start the OpenSSH service automatically on boot, run the systemctl enable ssh and finish the configuration by restarting the service using the systemctl restart ssh command, as follows:

root@kali:~# systemctl enable ssh
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ssh
root@kali:~# systemctl restart ssh
root@kali:~#
This is fine for a lab environment but when performing penetration tests configure SSH to use cryptographic keys for logging in to the Kali Linux machine. This is much more secure than using only a password.

Connecting to Kali using SSH

To connect to the Kali machine, all we need is an SSH client. Most Unix, Linux, and macOS operating systems already have an SSH client installed; however, if you are using Windows to connect to the Kali Linux machine, you will need to install a client such as PuTTY, which is one of the most popular and free SSH clients for Windows.

How to do it...

  1. To connect to the Kali Linux virtual machine, you need to know its IP address. To find the IP address, log in to the virtual machine, open a Terminal window, and enter the ip address command, or ip a for short:
root@kali:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b6:03:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.216.5/24 brd 192.168.216255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb6:393/64 scope link
valid_lft forever preferred_lft forever

Note down the IP address of the second interface, in this example 192.168.216.5.

  1. Now, use the SSH client on the host operating system. Enter the username root followed by the @ symbol and the IP address of the Kali Linux virtual machine, 192.168.216.5:

In this SSH session, we can now interact with the Kali Linux virtual machine using the SSH client.

You will need to verify the SSH certificate after you launch the connection.

Configuring PostgreSQL

An important feature of Metasploit is the backend database support for PostgreSQL, which you can use to store your penetration-testing results. Any penetration test consists of lots of information and can run for several days, so it becomes essential to store the intermediate results and findings, such as target host data, system logs, collected evidence, and report data. As a good penetration-testing tool, Metasploit has proper database integration to store the results quickly and efficiently. In this recipe, we will be dealing with the installation and configuration process of a database in Kali Linux.

Getting ready

To configure PostgreSQL, we will first start the service and then use the Metasploit msfdb command to initialize the database.

How to do it...

  1. To set up our Metasploit database, we first need to start up the PostgreSQL server, using the following command:
root@kali:~# systemctl start postgresql 
  1. Then we need to create and initialize the msf database with the msfdb command with the init option:
root@kali:~# msfdb init
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema

The msfdb command allows you to manage the Metasploit Framework database, not just initialize the database. To display all the msfdb options, run the command as follows:

root@kali:~# msfdb

Manage a metasploit framework database

msfdb init # initialize the database
msfdb reinit # delete and reinitialize the database
msfdb delete # delete database and stop using it
msfdb start # start the database
msfdb stop # stop the database
  1. To modify the database configuration file, we can edit the database.yml file  located in /usr/share/metasploit-framework/config/database.yml:
root@kali:~# cat /usr/share/metasploit-framework/config/database.yml
development:
adapter: postgresql
database: msf
username: msf
password: 3HcNhAtdH6F9F2iGa4z3wJVoI7UK1Ot+MG1zuKjYzn4=
host: localhost
port: 5432
pool: 5
timeout: 5

production:
adapter: postgresql
database: msf
username: msf
password: 3HcNhAtdH6F9F2iGa4z3wJVoI7UK1Ot+MG1zuKjYzn4=
host: localhost
port: 5432
pool: 5
timeout: 5

test:
adapter: postgresql
database: msf_test
username: msf
password: 3HcNhAtdH6F9F2iGa4z3wJVoI7UK1Ot+MG1zuKjYzn4=
host: localhost
port: 5432
pool: 5
timeout: 5

Notice the default username, password, and default database that has been created. If necessary, you can also change these values according to your preference.

  1. Now, let's launch the msfconsole interface and confirm that Metasploit is successfully connected to the database using the db_status command:
msf > db_status
[*] postgresql connected to msf

There's more...

To connect to a database manually, you can use the db_connect command followed by the credentials, host, and database you want to connect to, using the following syntax:

db_connect <user:pass>@<host:port>/<database>

To test the db_connect command, we can use the values of the username, password, database name, and port number, from the database.yml file:

msf > db_disconnect 
msf > db_status
[*] postgresql selected, no connection
msf > db_connect msf:[email protected]/msf
[*] Rebuilding the module cache in the background...
msf > db_status
[*] postgresql connected to msf

We can also use db_connect with the -y option and the path to the database configuration file:

msf > db_disconnect 
msf > db_status
[*] postgresql selected, no connection
msf > db_connect -y /usr/share/metasploit-framework/config/database.yml
[*] Rebuilding the module cache in the background...
msf > db_status
[*] postgresql connected to msf

If you want the database to connect every time you launch msfconsole, copy the database configuration file to the .msf4 directory which was created in your home directory by the Metasploit installer.

Creating  workspaces

Workspaces in Metasploit are used to separate datasets, allowing you to stay organized. It is a good idea to create a new workspace to organize all your collected data before starting a new penetration test, thereby avoiding contamination by previous tests.

How to do it...

  1. The default workspace is selected when connecting to the database, which is represented by the * character before its name:
msf > workspace 
* default
  1. To display the usage for the workspace command, use the -h option as follows:
msf > workspace -h
Usage:
workspace List workspaces
workspace -v List workspaces verbosely
workspace [name] Switch workspace
workspace -a [name] ... Add workspace(s)
workspace -d [name] ... Delete workspace(s)
workspace -D Delete all workspaces
workspace -r <old> <new> Rename workspace
workspace -h Show this help information
  1. To add a new workspace, use the -a option followed by the name of the workspace:
msf > workspace -a book
[*] Added workspace: book
  1. To list the available workspaces, simply type the workspace command:
msf > workspace 
default
* book
  1. To delete a workspace, use the -d option followed by the name of the workspace:
msf > workspace -d book 
[*] Deleted workspace: book
[*] Switched workspace: default
  1. To change the current workspace, use the workspace command followed by the name of the workspace you want to change to:
msf > workspace book 
[*] Workspace: book
  1. To rename a workspace, use the workspace command with the -r option followed by the old workspace name and the new workspace name:
msf > workspace -r book metasploit
[*] Switched workspace: metasploit

Using the database

Once the database is configured, we can start using it. First, we will take a look at how to import data from external tools using the db_import command.

Getting ready

To view how to use the command and list the currently supported file types in msfconsole, run the db_import command:

msf > db_import 
Usage: db_import <filename> [file2...]

Filenames can be globs like *.xml, or **/*.xml which will search recursively
Currently supported file types include:
Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
Burp Issue XML

...

Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML

How to do it...

  1. To test the db_import command, we will use the nmap command, a free security scanner, port scanner, and network exploration tool, with the -oX option to save the result to an XML file. Here is the syntax used to scan the Metasploitable 3 target machine:
nmap -Pn -A -oX report 192.168.216.10
  1. To import the scan report, you can use the db_import command followed by the path to the report you want to import:
msf > db_import /root/report
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.8.0'</strong>
[*] Importing host 192.168.216.10
[*] Successfully imported /root/report

Alternatively, you can run the db_nmap command directly from msfconsole, and the results will be saved in your current database. The db_nmap command works the same way as the regular nmap command:

msf > db_nmap -Pn -A 192.168.216.129
[*] Nmap: Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-17 05:05 EDT
[*] Nmap: Nmap scan report for 192.168.216.129
[*] Nmap: Host is up (0.00092s latency).
[*] Nmap: Not shown: 977 closed ports
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 21/tcp open ftp vsftpd 2.3.4
[*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
[*] Nmap: | ftp-syst:
[*] Nmap: | STAT:

...

[*] Nmap: |_ System time: 2017-10-04T09:11:38-04:00
[*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
[*] Nmap: TRACEROUTE
[*] Nmap: HOP RTT ADDRESS
[*] Nmap: 1 0.92 ms 192.168.216.129
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 31.88 seconds

Using the hosts command

Now that we have data in the database, we can start by using the hosts command to display all the hosts stored in our current workspace:

How to do it...

  1. Issuing the hosts command with -h will display the help menu:
msf > hosts -h
Usage: hosts [ options ] [addr1 addr2 ...]

OPTIONS:
-a,--add Add the hosts instead of searching
-d,--delete Delete the hosts instead of searching
-c <col1,col2> Only show the given columns (see list below)
-h,--help Show this help information
-u,--up Only show hosts which are up
-o <file> Send output to a file in csv format
-O <column> Order rows by specified column number
-R,--rhosts Set RHOSTS from the results of the search
-S,--search Search string to filter by
-i,--info Change the info of a host
-n,--name Change the name of a host
-m,--comment Change the comment of a host
-t,--tag Add or specify a tag to a range of hosts

Available columns: address, arch, comm, comments, created_at, cred_count, detected_arch, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_family, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count, tags
  1. Using the -c option, we can select which columns to display:
  1. With the -S option, we can search for specific strings, such as the OS name:

Understanding the services command

The services command allows us to display the services running on the hosts. To view the help for the services command, we can use the -h option:

msf > services -h

Usage: services [-h] [-u] [-a] [-r <proto>] [-p <port1,port2>] [-s <name1,name2>] [-o <filename>] [addr1 addr2 ...]

-a,--add Add the services instead of searching
-d,--delete Delete the services instead of searching
-c <col1,col2> Only show the given columns
-h,--help Show this help information
-s <name1,name2> Search for a list of service names
-p <port1,port2> Search for a list of ports
-r <protocol> Only show [tcp|udp] services
-u,--up Only show services which are up
-o <file> Send output to a file in csv format
-O <column> Order rows by specified column number
-R,--rhosts Set RHOSTS from the results of the search
-S,--search Search string to filter by

Available columns: created_at, info, name, port, proto, state, updated_at

How to do it...

  1. Using the search command without any options displays all the available services:
  1. The services command allows us to filter the stored information with granularity, allowing us to search for a specific service name:
  1. Search for a port number as follows:
  1. Like the hosts command, we can use the -S option to search for specific strings:
  1. By combining multiple options, you can search just a specific host and only display the columns you want:
In later chapters, we will address the remaining database commands, such as loot, creds, vulns, and notes.
Left arrow icon Right arrow icon

Key benefits

  • •Special focus on the latest operating systems, exploits, and penetration testing techniques
  • •Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures
  • •Automate post exploitation with AutoRunScript
  • •Exploit Android devices, record audio and video, send and read SMS, read call logs, and much more
  • •Build and analyze Metasploit modules in Ruby
  • •Integrate Metasploit with other penetration testing tools

Description

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports. In this book, you will go through great recipes that will allow you to start using Metasploit effectively. With an ever increasing level of complexity, and covering everything from the fundamentals to more advanced features in Metasploit, this book is not just for beginners but also for professionals keen to master this awesome tool. You will begin by building your lab environment, setting up Metasploit, and learning how to perform intelligence gathering, threat modeling, vulnerability analysis, exploitation, and post exploitation—all inside Metasploit. You will learn how to create and customize payloads to evade anti-virus software and bypass an organization's defenses, exploit server vulnerabilities, attack client systems, compromise mobile phones, automate post exploitation, install backdoors, run keyloggers, highjack webcams, port public exploits to the framework, create your own modules, and much more.

Who is this book for?

If you are a Security professional or pentester and want to get into vulnerability exploitation and make the most of the Metasploit framework, then this book is for you. Some prior understanding of penetration testing and Metasploit is required.

What you will learn

  • •Set up a complete penetration testing environment using Metasploit and virtual machines
  • •Master the world s leading penetration testing tool and use it in professional penetration testing
  • •Make the most of Metasploit with PostgreSQL, importing scan results, using workspaces, hosts, loot, notes, services, vulnerabilities, and exploit results
  • •Use Metasploit with the Penetration Testing Execution Standard methodology
  • •Use MSFvenom efficiently to generate payloads and backdoor files, and create shellcode
  • •Leverage Metasploit s advanced options, upgrade sessions, use proxies, use Meterpreter sleep control, and change timeouts to be stealthy

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 26, 2018
Length: 426 pages
Edition : 3rd
Language : English
ISBN-13 : 9781788623179
Category :
Languages :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Feb 26, 2018
Length: 426 pages
Edition : 3rd
Language : English
ISBN-13 : 9781788623179
Category :
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 152.97
Metasploit Penetration Testing Cookbook
$48.99
Web Penetration Testing with Kali Linux
$54.99
Advanced Infrastructure Penetration Testing
$48.99
Total $ 152.97 Stars icon
Banner background image

Table of Contents

14 Chapters
Metasploit Quick Tips for Security Professionals Chevron down icon Chevron up icon
Information Gathering and Scanning Chevron down icon Chevron up icon
Server-Side Exploitation Chevron down icon Chevron up icon
Meterpreter Chevron down icon Chevron up icon
Post-Exploitation Chevron down icon Chevron up icon
Using MSFvenom Chevron down icon Chevron up icon
Client-Side Exploitation and Antivirus Bypass Chevron down icon Chevron up icon
Social-Engineer Toolkit Chevron down icon Chevron up icon
Working with Modules for Penetration Testing Chevron down icon Chevron up icon
Exploring Exploits Chevron down icon Chevron up icon
Wireless Network Penetration Testing Chevron down icon Chevron up icon
Cloud Penetration Testing Chevron down icon Chevron up icon
Best Practices Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8
(5 Ratings)
5 star 40%
4 star 40%
3 star 0%
2 star 0%
1 star 20%
Hugo Bolé Jul 19, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
3 adjectives for this book: Practical, Objective, Excellent!
Amazon Verified review Amazon
Neetu Kaur Sep 27, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is very helpful
Amazon Verified review Amazon
Nasikh Yishrael Sep 04, 2024
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Feefo Verified review Feefo
S1n0xt0n Nov 16, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A great introduction to Metasploit Penetration Testing. I love the hands on approach to learning. I liked the organization of the chapters and their approach. Some topics, I thought could be more in depth...
Amazon Verified review Amazon
Noe Nevarez Aug 29, 2020
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
I had a hard time reading the ebook translated pages when configurations and command-line commands were shown. It appears the transformation (book to ebook) didn't result in an easily readable output.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.