Metasploit for beginners : create a threat-free environment with the best-in-class tool / Sagar Rahalkar.

Format:

Book

Author/Creator:

Rahalkar, Sagar, author.

Language:

English

Subjects (All):

Metasploit (Electronic resource).

Penetration testing (Computer security).

Physical Description:

1 online resource (1 volume) : illustrations

Edition:

1st edition

Place of Publication:

Birmingham, England ; Mumbai, [India] : Packt Publishing, 2017.

System Details:

text file

Biography/History:

Rahalkar Sagar: Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

Summary:

An easy to digest practical guide to Metasploit covering all aspects of the framework from installation, configuration, and vulnerability hunting to advanced client side attacks and anti-forensics. About This Book Carry out penetration testing in highly-secured environments with Metasploit Learn to bypass different defenses to gain access into different systems. A step-by-step guide that will quickly enhance your penetration testing skills. Who This Book Is For If you are a penetration tester, ethical hacker, or security consultant who wants to quickly learn the Metasploit framework to carry out elementary penetration testing in highly secured environments then, this book is for you. What You Will Learn Get to know the absolute basics of the Metasploit framework so you have a strong foundation for advanced attacks Integrate and use various supporting tools to make Metasploit even more powerful and precise Set up the Metasploit environment along with your own virtual testing lab Use Metasploit for information gathering and enumeration before planning the blueprint for the attack on the target system Get your hands dirty by firing up Metasploit in your own virtual lab and hunt down real vulnerabilities Discover the clever features of the Metasploit framework for launching sophisticated and deceptive client-side attacks that bypass the perimeter security Leverage Metasploit capabilities to perform Web application security scanning In Detail This book will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further on in the book, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post compromise. This book will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this book, you'll get the hang of bypassing different defenses, after which you'll learn how hackers use the network to gain access into different systems. Style and approach Th...

Contents:

Cover

Copyright

Credits

About the Author

About the Reviewer

www.PacktPub.com

Customer Feedback

Table of Contents

Preface

Chapter 1: Introduction to Metasploit and Supporting Tools

The importance of penetration testing

Vulnerability assessment versus penetration testing

The need for a penetration testing framework

Introduction to Metasploit

When to use Metasploit?

Making Metasploit effective and powerful using supplementary tools

Nessus

NMAP

w3af

Armitage

Summary

Exercises

Chapter 2: Setting up Your Environment

Using the Kali Linux virtual machine - the easiest way

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up exploitable targets in a virtual environment

Chapter 3: Metasploit Components and Environment Configuration

Anatomy and structure of Metasploit

Metasploit components

Auxiliaries

Exploits

Encoders

Payloads

Post

Playing around with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Chapter 4: Information Gathering with Metasploit

Information gathering and enumeration

Transmission Control Protocol

User Datagram Protocol

File Transfer Protocol

Server Message Block

Hypertext Transfer Protocol

Simple Mail Transfer Protocol

Secure Shell

Domain Name System

Remote Desktop Protocol

Password sniffing

Advanced search with shodan

Chapter 5: Vulnerability Hunting with Metasploit

Managing the database

Work spaces

Importing scans

Backing up the database

NMAP scanning approach

Scanning using Nessus from msfconsole

Vulnerability detection with Metasploit auxiliaries

Auto exploitation with db_autopwn

Post exploitation

What is meterpreter?.

Searching for content

Screen capture

Keystroke logging

Dumping the hashes and cracking with JTR

Shell command

Privilege escalation

Chapter 6: Client-side Attacks with Metasploit

Need of client-side attacks

What are client-side attacks?

What is a Shellcode?

What is a reverse shell?

What is a bind shell?

What is an encoder?

The msfvenom utility

Generating a payload with msfvenom

Social Engineering with Metasploit

Generating malicious PDF

Creating infectious media drives

Browser Autopwn

Chapter 7: Web Application Scanning with Metasploit

Setting up a vulnerable application

Web application scanning using WMAP

Metasploit Auxiliaries for Web Application enumeration and scanning

Chapter 8: Antivirus Evasion and Anti-Forensics

Using encoders to avoid AV detection

Using packagers and encrypters

What is a sandbox?

Anti-forensics

Timestomp

clearev

Chapter 9: Cyber Attack Management with Armitage

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Find and launch attacks

Chapter 10: Extending Metasploit and Exploit Development

Exploit development concepts

What is a buffer overflow?

What are fuzzers?

Exploit templates and mixins

What are Metasploit mixins?

Adding external exploits to Metasploit

Index.

Notes:

Includes index.

Description based on online resource; title from PDF title page (ebrary, viewed August 16, 2017).

ISBN:

9781788299862

1788299868

OCLC:

1026400880