Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Metasploit Bootcamp

You're reading from   Metasploit Bootcamp The fastest way to learn Metasploit

Arrow left icon
Product type Paperback
Published in May 2017
Publisher
ISBN-13 9781788297134
Length 230 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (8) Chapters Close

Preface 1. Getting Started with Metasploit FREE CHAPTER 2. Identifying and Scanning Targets 3. Exploitation and Gaining Access 4. Post-Exploitation with Metasploit 5. Testing Services with Metasploit 6. Fast-Paced Exploitation with Metasploit 7. Exploiting Real-World Challenges with Metasploit

Preface

Penetration testing is the one necessity required everywhere in business today. With the rise of cyber and computer-based crime in the past few years, penetration testing has become one of the core aspects of network security and helps in keeping a business secure from internal as well as external threats. The reason that makes penetration testing a necessity is that it helps in uncovering the potential flaws in a network, a system, or application. Moreover, it helps in identifying weaknesses and threats from an attacker's perspective. Various potential flaws in a system are exploited to find out the impact they can cause to an organization, and the risk factors to the assets as well. However, the success rate of a penetration test depends primarily on the knowledge of the target under test. Therefore, we approach a penetration test using two different methods: black box testing and white box testing. Black box testing refers to testing where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. Whereas, in the case of a white box penetration test, a penetration tester has enough knowledge about the target under test and he starts off by identifying the known and unknown weaknesses of the target. A penetration test is divided into seven different phases, which are as follows:

  1. Pre-engagement interactions: This step defines all the pre-engagement activities and scope definitions, basically everything you need to discuss with the client before the testing starts.
  2. Intelligence gathering: This phase is all about collecting information about the target under test, by connecting to the target directly or passively, without connecting to the target at all.
  3. Threat modeling: This phase involves matching the information uncovered to the assets to find the areas with the highest threat level.
  4. Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
  5. Exploitation: This phase works on taking advantage of the vulnerabilities discovered in the previous phase. This typically means that we are trying to gain access to the target.
  6. Post-exploitation: The actual tasks to perform at the target, which involve downloading a file, shutting a system down, creating a new user account on the target, and so on, are parts of this phase. This phase describes what you need to do after exploitation.

 

 

 

 

  1. Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.

The seven phases just mentioned may look easier when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems are to be tested. Therefore, in a situation like this, manual work is replaced with an automated approach. Consider a scenario where the number of systems under test is exactly 100, and all are running the same operating system and services. Testing each and every system manually will consume much time and energy. Situations like these demand the use of a penetration testing framework. The use of a penetration testing framework will not only save time, but will also offer much more flexibility regarding changing the attack vectors and covering a much wider range of targets under test. A penetration testing framework will eliminate additional time consumption and will also help in automating most of the attack vectors; scanning processes; identifying vulnerabilities, and most importantly, exploiting the vulnerabilities; thus saving time and pacing a penetration test. This is where Metasploit kicks in.

Metasploit is considered one of the best and most widely used penetration testing frameworks. With a lot of rep in the IT security community, Metasploit not only caters to the needs of being an excellent penetration test framework, but also delivers innovative features that make the life of a penetration tester easy.

Metasploit Bootcamp aims at providing readers with insights into the most popular penetration testing framework, Metasploit. This book specifically focuses on conducting a penetration test with Metasploit while uncovering the many great features Metasploit offers over traditional penetration testing. The book covers in-depth scanning techniques, exploitation of various real-world software, post-exploitation, testing for services such as SCADA, VOIP, MSSQL, MySQL, Android Exploitation, AV evasion techniques, and much more in a boot camp-style approach. You will also find yourself scratching your head while completing self-driven exercises which are meant to be challenging.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image