Mastering metasploit : write and implement sophisticated attack vectors in Metasploit using a completely hands-on approach / Nipun Jaswal ; cover image by Aniket Sawant.

Format:

Book

Author/Creator:

Jaswal, Nipun, author.

Contributor:

Sawant, Aniket, cover designer.

Series:

Community experience distilled.

Community Experience Distilled

Language:

English

Subjects (All):

Metasploit (Electronic resource).

Computers--Access control.

Computers.

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (378 p.)

Edition:

1st edition

Place of Publication:

Birmingham, England : Packt Publishing Ltd, 2014.

Language Note:

English

System Details:

text file

Biography/History:

Jaswal Nipun: Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

Summary:

A comprehensive and detailed, step by step tutorial guide that takes you through important aspects of the Metasploit framework. If you are a penetration tester, security engineer, or someone who is looking to extend their penetration testing skills with Metasploit, then this book is ideal for you. The readers of this book must have a basic knowledge of using Metasploit. They are also expected to have knowledge of exploitation and an indepth understanding of object-oriented programming languages.

Contents:

Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Approaching a Penetration Test Using Metasploit; Setting up the environment; Preinteractions; Intelligence gathering / reconnaissance phase; Presensing the test grounds; Modeling threats; Vulnerability analysis; Exploitation and post-exploitation; Reporting; Mounting the environment; Setting up the penetration test lab; The fundamentals of Metasploit; Configuring Metasploit on different environments; Configuring Metasploit on Windows XP/7; Configuring Metasploit on Ubuntu

Dealing with error statesErrors in the Windows-based installation; Errors in the Linux-based installation; Conducting a penetration test with Metasploit; Recalling the basics of Metasploit; Penetration testing Windows XP; Assumptions; Gathering intelligence; Modeling threats; Vulnerability analysis; The attack procedure with respect to the NETAPI vulnerability; The concept of attack; The procedure of exploiting a vulnerability; Exploitation and post-exploitation; Maintaining access; Clearing tracks; Penetration testing Windows Server 2003; Penetration testing Windows 7; Gathering intelligence

Modeling threatsVulnerability analysis; The exploitation procedure; Exploitation and post exploitation; Using the database to store and fetch results; Generating reports; The dominance of Metasploit; Open source; Support for testing large networks and easy naming conventions; Smart payload generation and switching mechanism; Cleaner exits; The GUI environment; Summary; Chapter 2: Reinventing Metasploit; Ruby - the heart of Metasploit; Creating your first Ruby program; Interacting with the Ruby shell; Defining methods in the shell; Variables and data types in Ruby; Working with strings

The split functionThe squeeze function; Numbers and conversions in Ruby; Ranges in Ruby; Arrays in Ruby; Methods in Ruby; Decision-making operators; Loops in Ruby; Regular expressions; Wrapping up with Ruby basics; Developing custom modules; Building a module in a nutshell; The architecture of the Metasploit framework; Understanding the libraries' layout; Understanding the existing modules; Writing out a custom FTP scanner module; Writing out a custom HTTP server scanner; Writing out post-exploitation modules; Breakthrough meterpreter scripting; Essentials of meterpreter scripting

Pivoting the target networkSetting up persistent access; API calls and mixins; Fabricating custom meterpreter scripts; Working with RailGun; Interactive Ruby shell basics; Understanding RailGun and its scripting; Manipulating Windows API calls; Fabricating sophisticated RailGun scripts; Summary; Chapter 3: The Exploit Formulation Process; The elemental assembly primer; The basics; Architectures; System organization basics; Registers; Gravity of EIP; Gravity of ESP; Relevance of NOPs and JMP; Variables and declaration; Fabricating example assembly programs; The joy of fuzzing

Crashing the application

Notes:

Includes index.

Description based on online resource; title from PDF title page (ebrary, viewed June 4, 2014).

ISBN:

9781782162230

1782162232

OCLC:

881035194