Metasploit Penetration Testing Cookbook电子书

Metasploit Penetration Testing Cookbook

Table of Contents

Metasploit Penetration Testing Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Metasploit Quick Tips for Security Professionals

Introduction

Configuring Metasploit on Windows

Getting ready

How to do it...

How it works...

There's more...

Database error during installation

Configuring Metasploit on Ubuntu

Getting ready

How to do it...

How it works...

There's more...

Error during installation

Metasploit with BackTrack 5 the ultimate combination

Getting ready

How to do it...

How it works...

Setting up the penetration testing lab on a single machine

Getting ready

How to do it...

How it works...

There's more...

Disabling the firewall and antivirus protection

Installing virtual box guest additions

Setting up Metasploit on a virtual machine with SSH connectivity

Getting ready

How to do it...

How it works...

Beginning with the interfaces the "Hello World" of Metasploit

Getting ready

How to do it...

How it works...

There's more...

Some commands to try out and get started

Setting up the database in Metasploit

Getting ready

How to do it...

How it works...

There's more...

Getting an error while connecting the database

Deleting the database

Using the database to store penetration testing results

Getting ready

How to do it...

How it works...

Analyzing the stored results of the database

Getting ready

How to do it...

How it works...

2. Information Gathering and Scanning

Introduction

Passive information gathering 1.0 - the traditional way

Getting ready

How to do it...

How it works...

There's more...

Using third-party websites

Passive information gathering 2.0 - the next level

Getting ready

How to do it...

How it works...

There's more...

Fun with dorks

Port scanning - the Nmap way

Getting ready

How to do it...

How it works...

There's more...

Operating system and version detection

Increasing anonymity

Exploring auxiliary modules for scanning

Getting ready

How to do it...

How it works...

There's more...

Managing the threads

Target service scanning with auxiliary modules

Getting ready

How to do it...

How it works...

Vulnerability scanning with Nessus

Getting ready

How to do it...

How it works...

There's more...

Working with Nessus in the web browser

Scanning with NeXpose

Getting ready

How to do it...

How it works...

There's more...

Importing the scan results

Sharing information with the Dradis framework

Getting ready

How to do it...

How it works...

3. Operating System-based Vulnerability Assessment and Exploitation

Introduction

Exploit usage quick tips

Getting ready

How to do it...

How it works...

Penetration testing on a Windows XP SP2 machine

Getting ready

How to do it...

How it works...

Binding a shell to the target for remote access

Getting ready

How to do it...

How it works...

There's more...

Gaining complete control of the target

Penetration testing on the Windows 2003 Server

Getting ready

How to do it...

How it works...

Windows 7/Server 2008 R2 SMB client infinite loop

Getting ready

How to do it...

How it works...

Exploiting a Linux (Ubuntu) machine

Getting ready

How to do it...

How it works...

There's more...

Other relevant exploit modules for Linux

Understanding the Windows DLL injection flaws

Getting ready

How to do it...

How it works...

There's more...

The DllHijackAudit kit by H. D. Moore

4. Client-side Exploitation and Antivirus Bypass

Introduction

Internet Explorer unsafe scripting misconfiguration vulnerability

Getting ready

How to do it...

How it works...

There's more...

Internet Explorer Aurora memory corruption

Internet Explorer CSS recursive call memory corruption

Getting ready

How to do it...

How it works...

There's more...

Missing .NET CLR 2.0.50727

Microsoft Word RTF stack buffer overflow

Getting ready

How to do it...

How it works...

There's more...

Microsoft Excel 2007 buffer overflow

Adobe Reader util.printf() buffer overflow

Getting ready

How to do it...

How it works...

Generating binary and shellcode from msfpayload

Getting ready

How to do it...

How it works...

Bypassing client-side antivirus protection using msfencode

Getting ready

How to do it...

How it works...

There's more...

Quick multiple scanning with VirusTotal

Using the killav.rb script to disable antivirus programs

Getting ready

How to do it...

How it works...

A deeper look into the killav.rb script

Getting ready

How to do it...

How it works...

Killing antivirus services from the command line

Getting ready

How to do it...

How it works...

There's more...

Some services did not kill—what next?

5. Using Meterpreter to Explore the Compromised Target

Introduction

Analyzing meterpreter system commands

Getting ready

How to do it...

How it works...

Privilege escalation and process migration

How to do it...

How it works...

Setting up multiple communication channels with the target

Getting ready

How to do it...

How it works...

Meterpreter filesystem commands

How to do it...

How it works...

Changing file attributes using timestomp

Getting ready

How to do it...

How it works...

Using meterpreter networking commands

Getting ready

How to do it...

How it works...

The getdesktop and keystroke sniffing

How to do it...

How it works...

Using a scraper meterpreter script

Getting ready

How to do it...

How it works...

There's more...

Using winenum.rb

6. Advanced Meterpreter Scripting

Introduction

Passing the hash

Getting ready

How to do it...

How it works...

There's more...

Online password decryption

Setting up a persistent connection with backdoors

Getting ready

How to do it...

How it works...

Pivoting with meterpreter

Getting ready

How to do it...

How it works...

Port forwarding with meterpreter

Getting ready

How to do it...

How it works...

Meterpreter API and mixins

Getting ready

How to do it...

Meterpreter mixins

How it works...

Railgun - converting Ruby into a weapon

Getting ready

How to do it...

How it works...

There's more...

Railgun definitions and documentation

Adding DLL and function definition to Railgun

How to do it...

How it works...

Building a "Windows Firewall De-activator" meterpreter script

Getting ready

How to do it...

How it works...

There's more...

Code re-use

Analyzing an existing meterpreter script

How to do it...

How it works...

7. Working with Modules for Penetration Testing

Introduction

Working with scanner auxiliary modules

Getting ready

How to do it...

How it works...

There's more...

Generating passwords using "Crunch"

Working with auxiliary admin modules

Getting ready

How to do it...

How it works...

SQL injection and DOS attack modules

Getting ready

How to do it...

How it works...

Post-exploitation modules

Getting ready

How to do it...

How it works...

Understanding the basics of module building

Getting ready

How to do it...

How it works...

Analyzing an existing module

Getting ready

How to do it...

How it works...

Building your own post-exploitation module

How to do it...

How it works...

8. Working with Exploits

Introduction

Exploiting the module structure

Getting ready

How to do it...

How it works...

Common exploit mixins

How to do it...

How it works...

There's more...

Some more mixins

Working with msfvenom

Getting ready

How to do it...

How it works...

Converting exploit to a Metasploit module

Getting ready

How to do it...

How it works...

Porting and testing the new exploit module

Getting ready

How to do it...

How it works...

Fuzzing with Metasploit

Getting ready

How to do it...

How it works...

Writing a simple FileZilla FTP fuzzer

How to do it...

How it works...

There's more...

Antiparser fuzzing framework

9. Working with Armitage

Introduction

Getting started with Armitage

How to do it...

How it works...

There's more...

Setting up Armitage on Linux

Scanning and information gathering

Getting ready

How to do it...

How it works...

Finding vulnerabilities and attacking targets

Getting ready

How to do it...

How it works...

Handling multiple targets using the tab switch

How to do it...

How it works...

Post-exploitation with Armitage

Getting ready

How to do it...

How it works...

Client-side exploitation with Armitage

Getting ready

How to do it...

How it works...

10. Social Engineer Toolkit

Introduction

Getting started with Social Engineer Toolkit (SET)

Getting ready

How to do it...

How it works...

Working with the SET config file

Getting ready

How to do it...

How it works...

Spear-phishing attack vector

Getting ready

How to do it...

How it works...

Website attack vectors

Getting ready

How to do it...

How it works...

Multi-attack web method

How to do it...

How it works...

Infectious media generator

How to do it...

How it works...

Index