In this chapter, we made use of the following software and operating systems (OSes):

• VMWare Workstation 12 Player for virtualization (any version can be used)/Oracle Virtual Box (throughout this book, we will use VMWare Workstation Player).
• Ubuntu 18.03 LTS Desktop as a pentester's workstation VM with an IP of 192.168.188.128. You can download Ubuntu from https://ubuntu.com/download/desktop.
• Windows 7 Ultimate 64-bit, version: 6.1.7601 Service Pack 1 Build 7601 as a target with IPs of 192.168.188.129 and 192.168.248.153 (any 64-bit Windows 7 release version prior to 2017).
• Microsoft Windows Server 2008 R2 Enterprise 64-Bit, Version: 6.1.7601 Service Pack 1 Build 7601 as the domain controller with an IP of 192.168.248.10 (any Windows Server 2008/2012).
• Metasploit 5.0.43 (https://www.metasploit.com/download).

When we think about conducting a penetration test on an organization, we need to make sure that everything works according to the penetration test standards. Therefore, if you feel you are new to penetration testing standards or uncomfortable with the term Penetration Testing Execution Standard (PTES), please refer to http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines to become more familiar with penetration testing and vulnerability assessments.

In line with to PTES, the following diagram explains the various phases of a penetration test:

Figure 1.2 – Phases of a penetration test

Important Note

Refer to http://www.pentest-standard.org/index.php/Main to set up the hardware and systematic stages to be followed when setting up a work environment.

Before we start firing sophisticated and complex attacks with Metasploit, let's understand the various phases of a penetration test and learn...

A successful penetration test largely depends on how well your work environment and labs are configured. Moreover, a successful test answers the following set of questions:

• How well is your test lab configured?
• Are all the necessary tools for testing available? How good is your hardware to support such tools?

  Before we start testing anything, we must make sure that all of the required sets of tools are available and updated.

Let's go ahead and set up Metasploit in a virtual environment.

Setting up Metasploit in a virtual environment

Before using Metasploit, we need to have a test lab. The best idea for setting up a test lab is to gather different machines and install different OSes on them. However, if we only have a single device, the best idea is to set up a virtual environment.

Virtualization plays an essential role in penetration testing today. Due to the high cost of hardware, virtualization plays a cost-effective role in...

Now that we have recalled the essential phases of a penetration test and installed Metasploit, let's talk about the big picture; that is, Metasploit. Metasploit is a security project that provides exploits and tons of reconnaissance features to aid any penetration tester. Metasploit was created by H.D. Moore back in 2003, and since then, its rapid development has led it to be recognized as one of the most popular penetration testing tools available. Metasploit was a natively Ruby-driven project, but with its latest releases, it has started to support Python and Go modules as well. Metasploit offers various exploits, post exploits, and auxiliary, scanner, evasion, and exploit development tools.

With the release of Metasploit 5, a number of new capabilities have been added to Metasploit, some of which are as follows:

• A choice between a database and the new HTTP-based data service
• Evasion modules
• The Automation API
• Exploitation...

Now that we've set up Metasploit 5, we are ready to perform our first penetration test. However, before we start the test, let's recall some of the essential functions and terminologies used in Metasploit Framework.

Recalling the basics of Metasploit

After we run Metasploit, we can list all the useful commands available by typing help or ? in the Metasploit console. Let's recall the basic terms used in Metasploit, which are as follows:

• Exploits: This is a piece of code that, when executed, will exploit the vulnerability of the target.
• Payload: This is a piece of code that runs on the target after successful exploitation. It defines the actions we want to perform on the target system.
• Auxiliary: These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more.
• Encoders: Encoders are used to obfuscate modules to avoid detection by a protection mechanism such...

Before we jump into an example penetration test, we must know why we should prefer Metasploit to manual exploitation techniques. Is this because of a hacker-like Terminal that gives us a pro look, or is there a different reason? Metasploit is the preferable choice compared to traditional manual techniques because of specific factors. We will discuss these in this section.

Open source

One of the top reasons why we should go with Metasploit Framework is because it is open source and actively developed. Various other expensive tools exist for carrying out penetration testing. However, Metasploit allows its users to access its source code and add their own custom modules. The Pro version of Metasploit is chargeable, but for the sake of learning, the Framework edition is mostly preferred.

Support for testing large networks and natural naming conventions

Using Metasploit is easy. However, here, ease of use refers to natural naming...

Recalling the basics of Metasploit, we are all set to perform our first penetration test with Metasploit. Let's consider an on-site scenario where we are asked to test an IP address and check if it's vulnerable to an attack. The sole purpose of this test is to ensure all the proper checks are in place. This scenario is quite straightforward. We will presume that all the pre-interactions have been carried out with the client and that the actual testing phase is going to start.

Please refer to the Revisiting the case study section if you want to perform the hands-on exercise while reading the case study, as this will help you emulate the entire case study with exact configuration and network details.

Gathering intelligence

As we discussed earlier, the gathering intelligence phase revolves around collecting as much information as possible about the target. This includes performing active and passive scans, which include...