Metasploit Bootcamp电子书

Title Page

Copyright

Credits

About the Author

About the Reviewer

www.PacktPub.com

Customer Feedback

Dedication

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

Getting Started with Metasploit

Setting up Kali Linux in a virtual environment

The fundamentals of Metasploit

Basics of Metasploit Framework

Architecture of Metasploit

Metasploit Framework console and commands

Benefits of using Metasploit

Penetration testing with Metasploit

Assumptions and testing setup

Phase-I: footprinting and scanning

Phase-II: gaining access to the target

Phase-III: maintaining access / post-exploitation / covering tracks

Summary and exercises

Identifying and Scanning Targets

Working with FTP servers using Metasploit

Scanning FTP services

Modifying scanner modules for fun and profit

Scanning MSSQL servers with Metasploit

Using the mssql_ping module

Brute-forcing MSSQL passwords

Scanning SNMP services with Metasploit

Scanning NetBIOS services with Metasploit

Scanning HTTP services with Metasploit

Scanning HTTPS/SSL with Metasploit

Module building essentials

The format of a Metasploit module

Disassembling existing HTTP server scanner modules

Libraries and the function

Summary and exercises

Exploitation and Gaining Access

Setting up the practice environment

Exploiting applications with Metasploit

Using db_nmap in Metasploit

Exploiting Desktop Central 9 with Metasploit

Testing the security of a GlassFish web server with Metasploit

Exploiting FTP services with Metasploit

Exploiting browsers for fun and profit

The browser autopwn attack

The technology behind a browser autopwn attack

Attacking browsers with Metasploit browser_autopwn

Attacking Android with Metasploit

Converting exploits to Metasploit

Gathering the essentials

Generating a Metasploit module

Exploiting the target application with Metasploit

Summary and exercises

Post-Exploitation with Metasploit

Extended post-exploitation with Metasploit

Basic post-exploitation commands

The help menu

Background command

Machine ID and the UUID command

Networking commands

File operation commands

Desktop commands

Screenshots and camera enumeration

Advanced post-exploitation with Metasploit

Migrating to safer processes

Obtaining system privileges

Changing access, modification, and creation time with timestomp

Obtaining password hashes using hashdump

Metasploit and privilege escalation

Escalating privileges on Windows Server 2008

Privilege escalation on Linux with Metasploit

Gaining persistent access with Metasploit

Gaining persistent access on Windows-based systems

Gaining persistent access on Linux systems

Summary

Testing Services with Metasploit

Testing MySQL with Metasploit

Using Metasploit's mysql_version module

Brute-forcing MySQL with Metasploit

Finding MySQL users with Metasploit

Dumping the MySQL schema with Metasploit

Using file enumeration in MySQL using Metasploit

Checking for writable directories

Enumerating MySQL with Metasploit

Running MySQL commands through Metasploit

Gaining system access through MySQL

The fundamentals of SCADA

Analyzing security in SCADA systems

The fundamentals of testing SCADA

SCADA-based exploits

Implementing secure SCADA

Restricting networks

Testing Voice over Internet Protocol services

VoIP fundamentals

Fingerprinting VoIP services

Scanning VoIP services

Spoofing a VoIP call

Exploiting VoIP

About the vulnerability

Exploiting the application

Summary and exercises

Fast-Paced Exploitation with Metasploit

Using pushm and popm commands

Making use of resource scripts

Using AutoRunScript in Metasploit

Using the multiscript module in the AutoRunScript option

Global variables in Metasploit

Wrapping up and generating manual reports

The format of the report

The executive summary

Methodology/network admin-level report

Additional sections

Summary and preparation for real-world scenarios

Exploiting Real-World Challenges with Metasploit

Scenario 1: Mirror environment

Understanding the environment

Fingerprinting the target with DB_NMAP

Gaining access to vulnerable web applications

Migrating from a PHP meterpreter to a Windows meterpreter

Pivoting to internal networks

Scanning internal networks through a meterpreter pivot

Using the socks server module in Metasploit

Dumping passwords in clear text

Sniffing a network with Metasploit

Summary of the attack

Scenario 2: You can't see my meterpreter

Using shellcode for fun and profit

Encrypting the shellcode

Creating a decoder executable

Further roadmap and summary