Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook: Over 70 recipes to master the most widely used penetration testing framework with this book and ebook.

Arrow left icon
Profile Icon Abhinav Singh
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.9 (13 Ratings)
Paperback Jun 2012 268 pages 1st Edition
eBook
$22.99 $32.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Abhinav Singh
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.9 (13 Ratings)
Paperback Jun 2012 268 pages 1st Edition
eBook
$22.99 $32.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$22.99 $32.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Metasploit Penetration Testing Cookbook

Chapter 1. Metasploit Quick Tips for Security Professionals

In this chapter, we will cover:

  • Configuring Metasploit on Windows

  • Configuring Metasploit on Ubuntu

  • Metasploit with BackTrack 5 – the ultimate combination

  • Setting up the penetration testing lab on a single machine

  • Setting up Metasploit on a virtual machine with SSH connectivity

  • Beginning with the interfaces – the "Hello World" of Metasploit

  • Setting up the database in Metasploit

  • Using the database to store penetration testing results

  • Analyzing the stored results of the database

Introduction


Metasploit is currently the most buzzing word in the field of information security and penetration testing. It has totally revolutionized the way we can perform security tests on our systems. The reason which makes Metasploit so popular is the wide range of tasks that it can perform to ease the work of penetration testing to make systems more secure. Metasploit is available for all popular operating systems. The working process of the framework is almost the same for all of them. Here in this book, we will primarily work on BackTrack 5 OS as it comes with the pre-installed Metasploit framework and other third-party tools which run over the framework.

Let us start with a quick introduction to the framework and the various terminologies related to it:

  • Metasploit framework: It is a free, open source penetration testing framework started by H. D. Moore in 2003 which was later acquired by Rapid7. The current stable versions of the framework are written using the Ruby language. It has the world's largest database of tested exploits and receives more than a million downloads every year. It is also one of the most complex projects built in Ruby to date.

  • Vulnerability: It is a weakness which allows an attacker/pen-tester to break into/compromise a system's security. This weakness can either exist in the operating system, application software, or even in the network protocols.

  • Exploit: Exploit is a code which allows an attacker/tester to take advantage of the vulnerable system and compromise its security. Every vulnerability has its own corresponding exploit. Metasploit v4 has more than 700 exploits.

  • Payload: It is the actual code which does the work. It runs on the system after exploitation. They are mostly used to set up a connection between the attacking and the victim machine. Metasploit v4 has more than 250 payloads.

  • Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built up by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.

The Metasploit framework has a modular architecture and the exploits, payload, encoders, and so on are considered as separate modules.

Let us examine the architecture diagram closely.

Metasploit uses different libraries which hold the key to the proper functioning of the framework. These libraries are a collection of pre-defined tasks, operations, and functions that can be utilized by different modules of the framework. The most fundamental part of the framework is the Ruby Extension (Rex) library. Some of the components provided by Rex include a wrapper socket subsystem, implementations of protocol clients and servers, a logging subsystem, exploitation utility classes, and a number of other useful classes. Rex itself is designed to have no dependencies, other than what comes with the default Ruby installation.

Then we have the MSF Core library which extends Rex. Core is responsible for implementing all of the required interfaces that allow for interacting with exploit modules, sessions, and plugins. This core library is extended by the framework base library which is designed to provide simpler wrapper routines for dealing with the framework core, as well as providing utility classes for dealing with different aspects of the framework, such as serializing a module state to different output formats. Finally, the base library is extended by the framework's User Interface (UI) that implements support for the different types of user interfaces to the framework itself, such as the command console and the web interface.

There are four different user interfaces provided with the framework namely msfconsole, msfcli, msfgui, and msfweb. It is highly encouraged that one should check out all these different interfaces, but in this book we will primarily work on the msfconsole interface. The reason behind it is that msfconsole provides the best support to the framework, leveraging all the functionalities.

Let us now move to the recipes of this chapter and practically analyze the various aspects.

Configuring Metasploit on Windows


Installation of the Metasploit framework on Windows is simple and requires almost no effort. The framework installer can be downloaded from the Metasploit official website (http://www.metasploit.com/download).

Getting ready

You will notice that there are two types of installer available for Windows. It is recommended to download the complete installer of the Metasploit framework which contains the console and all other relevant dependencies, along with the database and runtime setup. In case you already have a configured database that you want to use for the framework as well, then you can go for the mini installer of the framework which only installs the console and dependencies.

How to do it...

Once you have completed downloading the installer, simply run it and sit back. It will automatically install all the relevant components and set up the database for you. Once the installation is complete, you can access the framework through various shortcuts created by the installer.

How it works...

You will find that the installer has created lots of shortcuts for you. Most of the things are click-and-go in a Windows environment. Some of the options that you will find are Metasploit web, cmd console, Metasploit update, and so on.

Note

While installing Metasploit on Windows, you should disable the antivirus protection as it may detect some of the installation files as potential viruses or threats and can block the installation process. Once the installation is complete, make sure that you have white-listed the framework installation directory in your antivirus, as it will detect the exploits and payloads as malicious.

There's more...

Now let's talk about some other options, or possibly some pieces of general information, that are relevant to installing the Metasploit framework on Windows explicitly.

Database error during installation

There is a common problem with many users while installing the Metasploit framework on the Windows machine. While running the setup you may encounter an error message, as shown in the screenshot:

This is the result of an error in configuring the PostgreSQL server. The possible causes are:

  • PostgreSQL not running. Use Netstat to figure out if the port is open and the database is running.

  • Some installers require a default installation path. For example, if the default path is C drive, changing it to D drive will give this error.

  • Language encoding.

If you face this problem then you can overcome it by downloading the simpler version of the framework which contains only the console and dependencies. Then, configure the database manually and connect it with Metasploit.

Configuring Metasploit on Ubuntu


The Metasploit framework has full support for Ubuntu-based Linux operating systems. The installation process is a bit different from that of Windows.

Getting ready

Download the setup from the official Metasploit website (http://www.metasploit.com/download).

Again, you will have the option to choose either a minimal setup or full setup. Choose your download according to your need. The full setup will include all the dependencies, database setup, environment etc whereas the minimal setup will only contain the dependencies with no database setup.

How to do it...

The process for installing a full setup is a bit different from a minimal setup. Let us analyze each of them:

  • Full installer: You will need to execute the following commands to install the framework on your Ubuntu machine:

    $ chmod +x framework-4.*-linux-full.run
    $ sudo ./framework-4.*-linux-full.run
  • Minimal installer: You will need to execute the following commands to install the framework with minimal options:

    $ chmod +x framework-4.*-linux-mini.run
    $ sudo ./framework-4.*-linux-mini.run

How it works...

The installation process demonstrated above is a simple Ubuntu-based installation procedure for almost all software. Once the installation is complete, you can run hash –r to reload your path.

Note

This installation process can be followed on almost all flavors and versions of Linux.

There's more...

Now let's talk about some other options, or possibly some pieces of general information that are relevant to this task.

Error during installation

There can be chances that the installer may not work for you for some reason. Some versions of Ubuntu come with broken libraries of the Ruby language, which may be one of the reasons for the installation failure. In that case, we can install the dependencies separately by executing the following commands:

For installing Ruby dependencies run:

$ sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby     libiconv-ruby libreadline-ruby irb ri rubygems

For installing the subversion client run:

$ sudo apt-get install subversion

For building native extensions run:

$ sudo apt-get install build-essential ruby-dev libpcap-dev

After installing the following dependencies, download the Metasploit Unix tarball from the official Metasploit download page and execute the following commands:

$ tar xf framework-4.X.tar.gz
$ sudo mkdir -p /opt/metasploit4
$ sudo cp -a msf4/ /opt/metasploit3/msf4
$ sudo chown root:root -R /opt/metasploit4/msf4
$ sudo ln -sf /opt/metasploit3/msf3/msf* /usr/local/bin/

On successful execution of the preceding commands, the framework will be up and running to receive your instructions.

Metasploit with BackTrack 5 – the ultimate combination


BackTrack is the most popular operating system for security professionals for two reasons. Firstly, it has all the popular penetration testing tools pre-installed in it so it reduces the cost of a separate installation. Secondly, it is a Linux-based operating system which makes it less prone to virus attacks and provides more stability during penetration testing. It saves your time from installing relevant components and tools and who knows when you may encounter an unknown error during the installation process.

Getting ready

Either you can have a separate installation of BackTrack on your hard disk or you can also use it over a host on a virtual machine. The installation process is simple and the same as installing any Linux-based operating system.

How to do it...

  1. On booting the BackTrack OS, you will be asked to enter the username and password. The default username for the root user is root and the password is toor.

  2. On successful login, you can either work over the command line or enter startx to enter in the GUI mode.

  3. You can either start the Metasploit framework from the Applications menu or from the command line. To launch Metasploit from the Applications menu go to Applications | BackTrack | Exploitation Tools | Network Exploitation Tools | Metasploit Framework, as shown in the following screenshot:

  4. Metasploit follows a simple directory structure hierarchy where the root folder is pentest. The directory further branches to /exploits/framework3. To launch Metasploit from the command line, launch the terminal and enter the following command to move to the Metasploit directory:

root@bt:~# cd /pentest/exploits/framework3
root@bt:/pentest/exploits/framework3 ~# ./msfconsole

How it works...

Launching Metasploit from the command line will follow the complete path to msfconsole. Launching it from the Application menu will provide us a direct access to different UIs available to us.

Setting up the penetration testing lab on a single machine


You can always have a penetration testing lab set up by using multiple machines and it is considered the ideal setup as well. But what if you have an emergency and you immediately need to set up a testing scenario and you only have a single machine? Well using a virtual machine is the obvious answer. You can work simultaneously on more than one operating system and perform the task of penetration testing. So let us have a quick look at how we can set up a penetration testing lab on a single system with the help of a virtual machine.

Getting ready

We will be using a virtual box to set up two virtual machines with BackTrack 5 and Windows XP SP2 operating systems. Our host system is a Windows 7 machine. We will need the virtual box installer and either an image file or an installation disk of the two operating systems we want to set up in the virtual machine. So our complete setup will consist of a host system running Windows 7 with two virtual systems running BackTrack 5 and Windows XP SP2 respectively.

How to do it...

The process of installing a virtual machine is simple and self-explanatory. Follow these steps:

  1. After installing the virtual box, create a new virtual machine. Select the appropriate options and click on Next. You will have to provide an installation medium to start the setup. The medium can either be an image file or installation disk. For a complete manual on a virtual machine and installation procedure,you can visit the following link:

    http://www.virtualbox.org/manual/UserManual.html

  2. For a better virtual machine performance, it is recommended to have at least 4 GB of available RAM for a 32-bit operating system and 8 GB RAM for 64-bit. In the next recipe, I will show you a cool way to bring down your memory usage while running multiple virtual machines.

  3. Once the virtual machine (VM) is created, you can use the "clone" option. This will create an exact copy of your VM so in case some failure occurs in your operating VM, then you can switch to the cloned VM without worrying about re-installing it. Also you can use the "snapshot" option to save the current state of your VM. Snapshot will save the current working settings of your virtual machine and you can revert back to your saved snapshot anytime in the future.

How it works...

Before you start your virtual machines, there is an important configuration that we will have to make in order to make the two virtual machines communicate with each other. Select one of the virtual machines and click on Settings. Then move to Network settings. In the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine. Under Adapter 2 select Host only Adapter:

Follow this process for both the virtual machines. The reason for setting up Host-only adapter is to make the two virtual machines communicate with each other. Now, in order to test whether everything is fine, check the IP address of the windows virtual machine by entering ipconfig in the command prompt. Now ping the Windows machine (using the local IP address obtained from the ipconfig command) from the BackTrack machine to see if it is receiving the packets or not. Follow the vice versa process to crosscheck both the machines.

There's more...

Now let's talk about some other options, or possibly some pieces of general information, that are relevant to this task.

Disabling the firewall and antivirus protection

There can be situations when we may find that while pinging the Windows machine from the BackTrack machine the packets are not received. That means the Windows machine is not alive. This can possibly be due to the default Windows firewall setting. So, disable the firewall protection and ping again to see if the packets are getting received or not. Also, disable any firewall that may be installed in the virtual machine.

Installing virtual box guest additions

A Virtual box provides an additional installation of add-ons that can improve your virtual usage experience. Some of its key benefits are:

  • Seamless mouse movement from host OS to virtual OS

  • Automatic keyboard integration to virtual OS

  • Better screen size

To install the guest additions, power on the virtual machine, go to the Device tab and click on Install guest additions.

Setting up Metasploit on a virtual machine with SSH connectivity


In the previous recipe, we focused on setting up a penetration testing lab on a single machine with the help of virtualization. But there can be serious memory usage concerns while using multiple virtual machines. So, here we will discuss a conservation technique which can be really handy in bad times.

Getting ready

All we need is an SSH client. We will use PuTTY as it is the most popular and free SSH client available for Windows. We will set up an SSH connectivity with the Backtrack machine as it has more memory consumption than the Windows XP machine.

How to do it...

  1. We will start by booting our BackTrack virtual machine. On reaching the login prompt, enter the credentials to start the command line. Now don't start the GUI. Execute any one of the following commands:

    root@bt:~# /etc/init.d/start ssh
    root@bt:~# start ssh
    

    This will start the SSH process on the BackTrack machine.

  2. Now find the IP address of the machine by entering the following command:

    root@bt:~# ifconfig

    Note down this IP address.

  3. Now start PuTTY on the host operating system. Enter the IP address of the BackTrack virtual machine and enter port 22:

  4. Now click on Open to launch the command line. If the connection is successful, you will see the PuTTY command line functioning on behalf of the BackTrack machine. It will ask you to log in. Enter the credentials and enter ifconfig to check if the IP is the same as that of the virtual BackTrack:

How it works...

In this SSH session we can now interact with the BackTrack virtual machine using PuTTY. As the GUI is not loaded, it reduces the memory consumption by almost half. Also minimizing the BackTrack virtual machine will further reduce memory consumption as the Windows operating system provides less memory share to the processes that are minimized and provides faster execution of those tasks that are running in maximized mode. This will further reduce the memory consumption to some extent.

Beginning with the interfaces – the "Hello World" of Metasploit


Interfaces provide a front end for the user to communicate with the software or platform. Metasploit has four interfaces namely msfgui, msfweb, msfcli, and msfconsole. It is highly recommended that you check out all the interfaces, but here in this book we will primarily focus on the msfconsole interface. It is the most powerful and fully integrated interface among them all.

Getting ready

Boot up your operating system on which you have installed Metasploit. If you are using it on a virtual machine then start it.

How to do it...

Launching msfconsole is an easy task. Follow these steps:

  1. For a Windows operating system, you can launch msfconsole by going to Start | metasploit framework | msfconsole.

  2. For BackTrack you can browse to Applications | Exploitation tools | Network exploitation tools | Metasploit framework | msfconsole.

  3. To launch it directly from the terminal add the following command:

    root@bt:~# cd /pentest/exploits/framework3
  4. The working directory will change to framework3. Entering the following command will start our msfconsole:

root@bt:/pentest/exploits/framework3# ./msfconsole

Now, our msfconsole interface is up and running, and ready to receive the commands.

How it works...

Metasploit interfaces extend the base library which enables them to evoke initial functionalities of the framework. Simple commands, such as setting up exploits and payloads, running updates, and configuring the database can be executed. Once the process grows deep, the other functional libraries are called accordingly.

There's more...

Let us add some additional stuff that you can perform at this stage with the msfconsole interface.

Some commands to try out and get started

Here are some commands that you can try out to explore deeper:

  • msf > ls: The ls command will list all the directories and files that are available. You can further navigate deeper into other directories to explore further.

  • msf > help: This command will list all the available commands for the Metasploit framework that we can use. The commands are categorized into core commands and database backend commands. The former contains commands which are directly related to the framework, while the latter provides commands to interact with the database.

  • msf > msfupdate: This command should be used frequently to update the framework with the latest exploits, payloads, libraries, and so on.

Setting up the database in Metasploit


An important feature of Metasploit is the presence of databases which you can use to store your penetration testing results. Any penetration test consists of lots of information and can run for several days so it becomes essential to store the intermediate results and findings. So a good penetration testing tool should have proper database integration to store the results quickly and efficiently.

Getting ready

Metasploit comes with PostgreSQL as the default database. For the BackTrack machine, we have one more option—MySQL. You can use either of the two databases. Let us first check out the default settings of the PostgreSQL database. We will have to navigate to database.yml located under opt/framework3/config. To do this, run the following command:

root@bt:~# cd /opt/framework3/config
root@bt:/opt/framework3/config# cat database.yml
production:
adapter: postgresql
database: msf3
username: msf3
password: 8b826ac0
host: 127.0.0.1
port: 7175
pool: 75
timeout: 5

Notice the default username, password, and default database that has been created. Note down these values as they will be required further. You can also change these values according to your choice as well.

How to do it...

Now our job is to connect the database and start using it. Let us launch the msfconsole and see how we can set up the databases and store our results.

Let us first check the available database drivers.

msf > db_driver
[*]Active Driver: postgresql
[*]Available: postgresql, mysql

PostgreSQL is set as the default database. If you want to change the database driver then you can execute the following command:

Msf> db_driver mysql
[*]Active Driver: Mysql

This will change the active driver to MySQL. In this book, we will primarily be using PostgreSQL for demonstrations.

Note

Rapid7 has dropped the support for MySQL database in the recent versions of Metasploit so the db_driver command may not work. The only default driver supported with the framework in that case will be PostgreSQL.

How it works...

To connect the driver to msfconsle we will be using the db_connect command. This command will be executed using the following syntax:

db_connect username:password@hostIP:port number/database_name

Here we will use the same default values of username, password, database name, and port number which we just noted down from the database.yml file:

msf > db_connect msf3:[email protected]:7175/msf3

On successful execution of the command, our database is fully configured.

There's more...

Let us discuss some more important facts related to setting up the database.

Getting an error while connecting the database

There are chances of an error while trying to establish the connection. There are two things to keep in mind if any error arises:

  • Check the db_driver and db_connect commands and make sure that you are using the correct combination of the database.

  • Use start/etc/init.d to start the database service and then try connecting it.

If the error still prevails then we can re-install the database and associated libraries using the following commands:

msf> gem install postgres
msf> apt-get install libpq-dev

Deleting the database

At any time, you can drop the database created and start again to store fresh results. The following command can be executed for deleting the database:

msf> db_destroy msf3:[email protected]:7175/msf3
Database "msf3" dropped.
msf>

Using the database to store penetration testing results


Let us now learn how we can use our configured database to store our results of the penetration tests.

Getting ready

If you have successfully executed the previous recipe, you are all set to use the database for storing the results. Enter the help command in msfconsole to have a quick look at the important database commands available to us.

How to do it...

Let us start with a quick example. The db_nmap command stores the results of the port scan directly into the database, along with all relevant information. Launch a simple Nmap scan on the target machine to see how it works:

msf > db_nmap 192.168.56.102
[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-04 20:03 IST
[*] Nmap: Nmap scan report for 192.168.56.102
[*] Nmap: Host is up (0.0012s latency)
[*] Nmap: Not shown: 997 closed ports
[*] Nmap: PORT  STATE SERVICE
[*] Nmap: 135/tcp open  msrpc
[*] Nmap: 139/tcp open  netbios-ssn
[*] Nmap: 445/tcp open  microsoft-ds
[*] Nmap: MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

As we can see, Nmap has produced the scan results and it will automatically populate the msf3 database that we are using.

We can also use the –oX parameter in the Nmap scan to store the result in XML format. This will be very beneficial for us to import the scan results in other third-party software, such as the Dardis framework which we will be analyzing in our next chapter.

msf > nmap 192.168.56.102 –A -oX report
[*] exec: nmap 192.168.56.102 –A -oX report
Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-05 11:57 IST
Nmap scan report for 192.168.56.102
Host is up (0.0032s latency)
Not shown: 997 closed ports
PORT	STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds

Here report is the name of the file where our scanned result will be stored. This will be helpful for us in later recipes of the book.

How it works...

The db_nmap command creates an SQL query with various table columns relevant to the scan results. Once the scan is complete, it starts storing the values into the database. The flexibility to store results in the form of spreadsheets makes it easier to share the results locally or with third-party tools.

Analyzing the stored results of the database


After storing the testing results in the database, the next step is to analyze it. Analyzing the data will give us a deeper understanding of our target systems. The results of the database can be kept either for a long time or for a short time storage depending upon the usage.

Getting ready

Launch msfconsole and follow the steps mentioned in the previous recipe to establish the database connectivity. We can either use it to store fresh results or analyze the previously stored results as well. The XML file for the Nmap scan created in the previous recipe can be imported to analyze the previous scan results.

How to do it...

Let us analyze some of the important commands to have a clearer understanding of the stored results:

  • msf > hosts: This command will show all the hosts that are available in the database. Let us analyze the output of this command:

    The preceding screenshot snapshot reflects the output of the hosts command. As we can observe, the result of this command is not very clean, as there are lots of columns in the table. So we can move ahead and add filters and view only those columns which we are interested in, as illustrated by the following command :

    msf > hosts -c address,os_name
    Hosts
    =====
    address       	   os_name
    -------     	   ------
    192.168.56.1  
    192.168.56.101  
    192.168.56.102  Microsoft Windows
    192.168.56.103  Linux
  • msf > services: This is another interesting command that can give us useful information about the different services running on the target machines:

    msf > services
    Services
    ========
    host        	port  proto  name      	state      info
    ----        	----  -----  ----      	-----      ----
    192.168.56.101  111   tcp	rpcbind   	open   
    192.168.56.102  135   tcp	msrpc     	open   
    192.168.56.102  139   tcp	netbios-ssn   open   
    192.168.56.102  445   tcp	microsoft-ds  open   
    192.168.56.102  135   tcp	msrpc     	open   Microsoft Windows RPC
  • msf > vulns: This command lists all the vulnerabilities that exist in the hosts present in the database.

  • msf > db_autopwn: This is a powerful command that is used to automate the process of exploiting the target machines that are available in the database. This command requires more understanding about the exploitation process so we will analyze this command later.

How it works...

The analysis process is simple and can be easily filtered to get the desired results. We have seen how to read the database output and how we can manage it efficiently. The last two commands, vulns and db_autopwn are post-exploitation commands, which we will deal with in later chapters.

Left arrow icon Right arrow icon

Key benefits

  • More than 80 recipes/practicaltasks that will escalate the reader's knowledge from beginner to an advanced level
  • Special focus on the latest operating systems, exploits, and penetration testing techniques
  • Detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience

Description

Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation. This book will help readers in thinking from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET. Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.

Who is this book for?

This book targets both professional penetration testers as well as new users of Metasploit who wish to gain expertise over the framework. The book requires basic knowledge of scanning, exploitation, and Ruby language.

What you will learn

  • Set up a complete penetration testing environment using metasploit and virtual machines
  • Learn to penetration-test popular operating systems such as Windows7, Windows 2008 Server, Ubuntu etc.
  • Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
  • Avail of exclusive coverage of antivirus bypassing techniques using metasploit
  • Master post-exploitation techniques such as exploring the target, keystrokes capturing, sniffing, pivoting, setting persistent connections etc.
  • Build and analyze meterpreter scripts in Ruby
  • Build and export exploits to framework
  • Use extension tools like Armitage, SET etc.

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 22, 2012
Length: 268 pages
Edition : 1st
Language : English
ISBN-13 : 9781849517423
Category :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 22, 2012
Length: 268 pages
Edition : 1st
Language : English
ISBN-13 : 9781849517423
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 175.97
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$65.99
Metasploit Penetration Testing Cookbook
$54.99
BackTrack 5 Wireless Penetration Testing Beginner's Guide
$54.99
Total $ 175.97 Stars icon
Banner background image

Table of Contents

10 Chapters
Metasploit Quick Tips for Security Professionals Chevron down icon Chevron up icon
Information Gathering and Scanning Chevron down icon Chevron up icon
Operating System-based Vulnerability Assessment and Exploitation Chevron down icon Chevron up icon
Client-side Exploitation and Antivirus Bypass Chevron down icon Chevron up icon
Using Meterpreter to Explore the Compromised Target Chevron down icon Chevron up icon
Advanced Meterpreter Scripting Chevron down icon Chevron up icon
Working with Modules for Penetration Testing Chevron down icon Chevron up icon
Working with Exploits Chevron down icon Chevron up icon
Working with Armitage Chevron down icon Chevron up icon
Social Engineer Toolkit Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.9
(13 Ratings)
5 star 38.5%
4 star 46.2%
3 star 0%
2 star 0%
1 star 15.4%
Filter icon Filter
Top Reviews

Filter reviews by




Kindle Customer Nov 17, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Facebook is good to have your five good test your face challenges everybody is good and easy to understand how they work the tools you need and guys and the steps you can do very easy you do not need to read the book but to know the commands
Amazon Verified review Amazon
Howard Rayle Nov 16, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent information about how to get the most from Metasploit. Takes you through step by step with pictures of commands.
Amazon Verified review Amazon
Manoj Sep 11, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Metasploit penetration testing cookbook is a must have for security professionals and new learners of metasploit framework.The book is easy to grasp and flows from beginner to advance level smoothly. The reason which makes it a better guide is that it targets latest operating systems and also gives a detailed analysis of different exploit codes used in penetration testing. The book also coveres extra topics like Armitage, SET etc which further addes more power to the content of this book. To summerize, the book is a very handy guide to mastering the metasploit framework.
Amazon Verified review Amazon
Michael Mar 25, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
perfect in every aspect for some one avid enough to have found this program, but not necessarily know anything about it, written in easy to understand language and broken down nicely
Amazon Verified review Amazon
CNC guy Sep 11, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Overview: Singh provides an introduction to the widely used Metasploit framework in the form of seventy plus recipes for various penetration testing tasks. In a previous blog, I reviewed Dave Kennedy's Metasploit book. Both texts are well written. The format is different, however. Singh's book is written in a cookbook style which makes it easy to refer to it when attempting specific tasks. Kennedy's book is written in a more traditional style with an introduction and then survey of various aspects of Metasploit. The differences between these two books extends beyond format. Singh's book goes beyond a basic coverage of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools. So which book should you buy if you had to pick just one? To me it mostly comes down to personal preference. If you are just learning Metasploit, either should be a great aid in this process. If you want a book you can refer back to later, the Singh book may be slightly more convenient. The publisher may also be a consideration. The Kennedy book is published by No Starch Press, whereas Singh's book is published by Packt. If you like eBooks you may prefer books from Packt Publishing. Packt provides DRM-free books in both PDF and ePub formats. This can be extremely convenient if you like to read your books on multiple devices. Personally I find myself reading books on my tablet and also keeping a copy on my penetration testing platform as a reference. Here is a brief table of contents for Singh's book:Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a databaseChapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and DradisChapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injectionChapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virusChapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targetsChapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewallsChapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modulesChapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzingChapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machinesChapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generationTo summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.cross-posted from [..]
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.