Metasploit Penetration Testing Cookbook - Third Edition电子书

Title Page

Copyright and Credits

Metasploit Penetration Testing Cookbook Third Edition

Contributors

About the authors

Packt is searching for authors like you

Packt Upsell

Why subscribe?

PacktPub.com

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Sections

Getting ready

How to do it…

How it works…

There's more…

Get in touch

Reviews

Disclaimer

Metasploit Quick Tips for Security Professionals

Introduction

Installing Metasploit on Windows

Getting ready

How to do it...

Installing Linux and macOS

How to do it...

Installing Metasploit on macOS

How to do it...

Using Metasploit in Kali Linux

Getting ready

How to do it...

There's more...

Upgrading Kali Linux

Setting up a penetration-testing lab

Getting ready

How to do it...

How it works...

Setting up SSH connectivity

Getting ready

How to do it...

Connecting to Kali using SSH

How to do it...

Configuring PostgreSQL

Getting ready

How to do it...

There's more...

Creating workspaces

How to do it...

Using the database

Getting ready

How to do it...

Using the hosts command

How to do it...

Understanding the services command

How to do it...

Information Gathering and Scanning

Introduction

Passive information gathering with Metasploit

Getting ready

How to do it...

DNS Record Scanner and Enumerator

There's more...

CorpWatch Company Name Information Search

Search Engine Subdomains Collector

Censys Search

Shodan Search

Shodan Honeyscore Client

Search Engine Domain Email Address Collector

Active information gathering with Metasploit

How to do it...

TCP Port Scanner

TCP SYN Port Scanner

Port scanning—the Nmap way

Getting ready

How to do it...

How it works...

There's more...

Operating system and version detection

Increasing anonymity

Port scanning—the db_nmap way

Getting ready

How to do it...

Nmap Scripting Engine

Host discovery with ARP Sweep

Getting ready

How to do it...

UDP Service Sweeper

How to do it...

SMB scanning and enumeration

How to do it...

Detecting SSH versions with the SSH Version Scanner

Getting ready

How to do it...

FTP scanning

Getting ready

How to do it...

SMTP enumeration

Getting ready

How to do it...

SNMP enumeration

Getting ready

How to do it...

HTTP scanning

Getting ready

How to do it...

WinRM scanning and brute forcing

Getting ready

How to do it...

Integrating with Nessus

Getting ready

How to do it...

Integrating with NeXpose

Getting ready

How to do it...

Integrating with OpenVAS

How to do it...

Server-Side Exploitation

Introduction

Getting to know MSFconsole

MSFconsole commands

Exploiting a Linux server

Getting ready

How to do it...

How it works...

What about the payload?

SQL injection

Getting ready

How to do it...

Types of shell

Getting ready

How to do it...

Exploiting a Windows Server machine

Getting ready

How to do it...

Exploiting common services

Getting ready

How to do it

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

Getting ready

How to do it...

MS17-010 EternalRomance/EternalSynergy/EternalChampion

How to do it...

Installing backdoors

Getting ready

How to do it...

Denial of Service

Getting ready

How to do it...

How to do it...

Meterpreter

Introduction

Understanding the Meterpreter core commands

Getting ready

How to do it...

How it works...

Understanding the Meterpreter filesystem commands

How to do it...

How it works...

Understanding Meterpreter networking commands

Getting ready

How to do it...

How it works...

Understanding the Meterpreter system commands

How to do it...

Setting up multiple communication channels with the target

Getting ready

How to do it...

How it works...

Meterpreter anti-forensics

Getting ready

How to do it...

How it works...

There's more...

The getdesktop and keystroke sniffing

Getting ready

How to do it...

There's more...

Using a scraper Meterpreter script

Getting ready

How to do it...

How it works...

Scraping the system using winenum

How to do it...

Automation with AutoRunScript

How to do it...

Meterpreter resource scripts

How to do it...

Meterpreter timeout control

How to do it...

Meterpreter sleep control

How to do it...

Meterpreter transports

How to do it...

Interacting with the registry

Getting ready

How to do it...

Loading framework plugins

How to do it...

Meterpreter API and mixins

Getting ready

How to do it...

How it works...

Railgun—converting Ruby into a weapon

Getting ready

How to do it...

How it works...

There's more...

Adding DLL and function definitions to Railgun

How to do it...

How it works...

Injecting the VNC server remotely

Getting ready

How to do it...

Enabling Remote Desktop

How to do it...

How it works...

Post-Exploitation

Introduction

Post-exploitation modules

Getting ready

How to do it...

How it works...

How to do it...

How it works...

Bypassing UAC

Getting ready

How to do it...

Dumping the contents of the SAM database

Getting ready

How to do it...

Passing the hash

How to do it...

Incognito attacks with Meterpreter

How to do it...

Using Mimikatz

Getting ready

How to do it...

There's more...

Setting up a persistence with backdoors

Getting ready

How to do it...

Becoming TrustedInstaller

How to do it...

Backdooring Windows binaries

How to do it...

Pivoting with Meterpreter

Getting ready

How to do it...

How it works...

Port forwarding with Meterpreter

Getting ready

How to do it...

Credential harvesting

How to do it...

Enumeration modules

How to do it...

Autoroute and socks proxy server

How to do it...

Analyzing an existing post-exploitation module

Getting ready

How to do it...

How it works...

Writing a post-exploitation module

Getting ready

How to do it...

Using MSFvenom

Introduction

Payloads and payload options

Getting ready

How to do it...

Encoders

How to do it...

There's more...

Output formats

How to do it...

Templates

Getting ready

How to do it...

Meterpreter payloads with trusted certificates

Getting ready

How to do it...

There's more...

Client-Side Exploitation and Antivirus Bypass

Introduction

Exploiting a Windows 10 machine

Getting ready

How to do it...

Bypassing antivirus and IDS/IPS

How to do it...

Metasploit macro exploits

How to do it...

There's more...

Human Interface Device attacks

Getting ready

How to do it...

HTA attack

How to do it...

Backdooring executables using a MITM attack

Getting ready

How to do it...

Creating a Linux trojan

How to do it...

Creating an Android backdoor

Getting ready

How to do it...

There's more...

Social-Engineer Toolkit

Introduction

Getting started with the Social-Engineer Toolkit

Getting ready

How to do it...

How it works...

Working with the spear-phishing attack vector

How to do it...

Website attack vectors

How to do it...

Working with the multi-attack web method

How to do it...

Infectious media generator

How to do it...

How it works...

Working with Modules for Penetration Testing

Introduction

Working with auxiliary modules

Getting ready

How to do it...

DoS attack modules

How to do it...

HTTP

SMB

Post-exploitation modules

Getting ready

How to do it...

Understanding the basics of module building

How to do it...

Analyzing an existing module

Getting ready

How to do it...

Building your own post-exploitation module

Getting ready

How to do it...

Building your own auxiliary module

Getting ready

How to do it...

Exploring Exploits

Introduction

Common exploit mixins

How to do it...

Exploiting the module structure

Getting ready

How to do it...

How it works...

Using MSFvenom to generate shellcode

Getting ready

How to do it...

Converting an exploit to a Metasploit module

Getting ready

How to do it...

Porting and testing the new exploit module

Getting ready

How to do it...

Fuzzing with Metasploit

Getting ready

How to do it...

Writing a simple fuzzer

How to do it...

How it works...

Wireless Network Penetration Testing

Introduction

Getting ready

Metasploit and wireless

How to do it...

Understanding an evil twin attack

Getting ready

How to do it...

Configuring Karmetasploit

Getting ready

How to do it...

Wireless MITM attacks

Getting ready

How to do it...

SMB relay attacks

How to do it...

There's more...

Cloud Penetration Testing

Introduction

Metasploit in the cloud

Getting ready

How to do it...

There's more...

Metasploit PHP Hop

Getting ready

How to do it...

Phishing from the cloud

Getting ready

How to do it...

Setting up a cloud penetration testing lab

How to do it...

There's more...

Best Practices

Introduction

Best practices

How to do it...

Guided partitioning with encrypted LVM

Using Metasploit over the Tor network

Getting ready

How to do it...

Metasploit logging

How to do it...

There's more...

Documentation

How to do it...

Cleaning up

How to do it...

Other Books You May Enjoy

Leave a review - let other readers know what you think