Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Metasploit

You're reading from   Mastering Metasploit Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework

Arrow left icon
Product type Paperback
Published in Jun 2020
Publisher Packt
ISBN-13 9781838980078
Length 502 pages
Edition 4th Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1 – Preparation and Development
2. Chapter 1: Approaching a Penetration Test Using Metasploit FREE CHAPTER 3. Chapter 2: Reinventing Metasploit 4. Chapter 3: The Exploit Formulation Process 5. Chapter 4: Porting Exploits 6. Section 2 – The Attack Phase
7. Chapter 5: Testing Services with Metasploit 8. Chapter 6: Virtual Test Grounds and Staging 9. Chapter 7: Client-Side Exploitation 10. Section 3 – Post-Exploitation and Evasion
11. Chapter 8: Metasploit Extended 12. Chapter 9: Evasion with Metasploit 13. Chapter 10: Metasploit for Secret Agents 14. Chapter 11: Visualizing Metasploit 15. Chapter 12: Tips and Tricks 16. Other Books You May Enjoy

Preface

Penetration testing and security assessments are necessities for businesses today. With the rise of cyber and computer-based crime in the past few years, penetration testing has become one of the core aspects of network security. It helps in keeping a business secure from internal as well as external threats. The reason that penetration testing is a necessity is that it helps in uncovering the potential flaws in a network, a system, or an application.

Moreover, it helps in identifying weaknesses and threats from an attacker's perspective. Various inherent flaws in a system are exploited to find out the impact they can cause to an organization and to assess the risk factors to the assets as well. However, the success rate of a penetration test depends mostly on the knowledge of the tester about the target under test. Therefore, we generally approach a penetration test using two different methods: black-box testing and white-box testing. Black-box testing refers to a scenario where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. By contrast, in the case of a white-box penetration test, the penetration tester has enough knowledge about the target under test, and they start by identifying known and unknown weaknesses of the target. Generally, a penetration test is divided into seven different phases, as follows:

  • Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions – basically, everything you need to discuss with the client before the testing starts.
  • Intelligence gathering: This phase is all about collecting information about the target under test by connecting to the target directly, and passively, without connecting to the target at all.
  • Threat modeling: This phase involves matching the information detected with the assets to find the areas with the highest threat level.
  • Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
  • Exploitation: This phase involves taking advantage of the vulnerabilities found in the previous stage and typically means that we are trying to gain access to the target.
  • Post exploitation: The actual task to be performed on the target, which might involve downloading a file, shutting down a system, creating a new user account on the target, and so on, are parts of this phase. Generally, this phase describes what you need to do after exploitation.
  • Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.

The seven stages just mentioned may look more natural when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems are to be tested. Therefore, in a case like this, manual work is to be replaced with an automated approach. Consider a scenario where the number of systems under test is precisely 100, and all systems are running the same operating system and services. Testing every system manually will consume much time and energy. Situations like these demand the use of a penetration testing framework. Using a penetration testing framework will not only save time but will also offer much more flexibility regarding changing the attack vectors and covering a much more comprehensive range of targets through the test. A penetration testing framework will eliminate additional time consumption and will also help in automating most of the attack vectors, scanning processes, identifying vulnerabilities, and, most importantly, exploiting the vulnerabilities, thus saving time and pacing a penetration test. This is where Metasploit kicks in.

Metasploit is considered one of the best and most used widely used penetration testing frameworks. With a lot of rep in the IT security community, Metasploit not only caters to the needs of penetration testers by providing an excellent penetration testing framework, but also delivers very innovative features that make the life of a penetration tester easy.

Mastering Metasploit, Fourth Edition aims to provide readers with insights into the legendary Metasploit Framework and specifically, version 5.0. This book focuses explicitly on mastering Metasploit with regard to exploitation, including writing custom exploits, porting exploits, testing services, conducting sophisticated client-side testing, evading antivirus and firewalls, and much more.

Moreover, this book helps to convert your customized attack vectors into Metasploit modules, and covers use of Ruby to do this. This book will not only help advance your penetration testing knowledge but will also help you build programming skills while mastering the most advanced penetration testing techniques.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image