Download Metasploit: The Penetration Tester's Guide PDF

TitleMetasploit: The Penetration Tester's Guide
File Size6.9 MB
Total Pages332
Table of Contents
	Special Thanks
	Why Do a Penetration Test?
	Why Metasploit?
	A Brief History of Metasploit
	About This Book
	What’s in the Book?
	A Note on Ethics
1: The Absolute Basics of Penetration Testing
	The Phases of the PTES
		Pre-engagement Interactions
		Intelligence Gathering
		Threat Modeling
		Vulnerability Analysis
		Post Exploitation
	Types of Penetration Tests
		Overt Penetration Testing
		Covert Penetration Testing
	Vulnerability Scanners
	Pulling It All Together
2: Metasploit Basics
	Metasploit Interfaces
	Metasploit Utilities
		Nasm Shell
	Metasploit Express and Metasploit Pro
	Wrapping Up
3: Intelligence Gathering
	Passive Information Gathering
		whois Lookups
	Active Information Gathering
		Port Scanning with Nmap
		Working with Databases in Metasploit
		Port Scanning with Metasploit
	Targeted Scanning
		Server Message Block Scanning
		Hunting for Poorly Configured Microsoft SQL Servers
		SSH Server Scanning
		FTP Scanning
		Simple Network Management Protocol Sweeping
	Writing a Custom Scanner
	Looking Ahead
4: Vulnerability Scanning
	The Basic Vulnerability Scan
	Scanning with NeXpose
		Importing Your Report into the Metasploit Framework
		Running NeXpose Within MSFconsole
	Scanning with Nessus
		Nessus Configuration
		Creating a Nessus Scan Policy
		Running a Nessus Scan
		Nessus Reports
		Importing Results into the Metasploit Framework
		Scanning with Nessus from Within Metasploit
	Specialty Vulnerability Scanners
		Validating SMB Logins
		Scanning for Open VNC Authentication
		Scanning for Open X11 Servers
	Using Scan Results for Autopwning
5: The Joy of Exploitation
	Basic Exploitation
		msf> show exploits
		msf> show auxiliary
		msf> show options
		msf> show payloads
		msf> show targets
		set and unset
		setg and unsetg
	Exploiting Your First Machine
	Exploiting an Ubuntu Machine
	All-Ports Payloads: Brute Forcing Ports
	Resource Files
	Wrapping Up
6: Meterpreter
	Compromising a Windows XP Virtual Machine
		Scanning for Ports with Nmap
		Attacking MS SQL
		Brute Forcing MS SQL Server
		The xp_cmdshell
		Basic Meterpreter Commands
		Capturing Keystrokes
	Dumping Usernames and Passwords
		Extracting the Password Hashes
		Dumping the Password Hash
	Pass the Hash
	Privilege Escalation
	Token Impersonation
	Using ps
	Pivoting onto Other Systems
	Using Meterpreter Scripts
		Migrating a Process
		Killing Antivirus Software
		Obtaining System Password Hashes
		Viewing All Traffic on a Target Machine
		Scraping a System
		Using Persistence
	Leveraging Post Exploitation Modules
	Upgrading Your Command Shell to Meterpreter
	Manipulating Windows APIs with the Railgun Add-On
	Wrapping Up
7: Avoiding Detection
	Creating Stand-Alone Binaries with MSFpayload
	Evading Antivirus Detection
		Encoding with MSFencode
	Custom Executable Templates
	Launching a Payload Stealthily
	A Final Note on Antivirus Software Evasion
8: Exploitation Using Client-Side Attacks
	Browser-Based Exploits
		How Browser-Based Exploits Work
		Looking at NOPs
	Using Immunity Debugger to Decipher NOP Shellcode
	Exploring the Internet Explorer Aurora Exploit
	File Format Exploits
	Sending the Payload
	Wrapping Up
9: Metasploit Auxiliary Modules
	Auxiliary Modules in Use
	Anatomy of an Auxiliary Module
	Going Forward
10: The Social-Engineer Toolkit
	Configuring the Social-Engineer Toolkit
	Spear-Phishing Attack Vector
	Web Attack Vectors
		Java Applet
		Client-Side Web Exploits
		Username and Password Harvesting
		Web Jacking
		Putting It All Together with a Multipronged Attack
	Infectious Media Generator
	Teensy USB HID Attack Vector
	Additional SET Features
	Looking Ahead
11: Fast-Track
	Microsoft SQL Injection
		SQL Injector-Query String Attack
		SQL Injector-POST Parameter Attack
		Manual Injection
		MSSQL Bruter
	Binary-to-Hex Generator
	Mass Client-Side Attack
	A Few Words About Automation
12: Karmetasploit
	Launching the Attack
	Credential Harvesting
	Getting a Shell
	Wrapping Up
13: Building Your Own Module
	Getting Command Execution on Microsoft SQL
	Exploring an Existing Metasploit Module
	Creating a New Module
		Running the Shell Exploit
		Creating powershell_upload_exec
		Conversion from Hex to Binary
		Running the Exploit
	The Power of Code Reuse
14: Creating Your Own Exploits
	The Art of Fuzzing
	Controlling the Structured Exception Handler
	Hopping Around SEH Restrictions
	Getting a Return Address
	Bad Characters and Remote Code Execution
	Wrapping Up
15: Porting Exploits to the Metasploit Framework
	Assembly Language Basics
		EIP and ESP Registers
		The JMP Instruction Set
		NOPs and NOP Slides
	Porting a Buffer Overflow
		Stripping the Existing Exploit
		Configuring the Exploit Definition
		Testing Our Base Exploit
		Implementing Features of the Framework
		Adding Randomization
		Removing the NOP Slide
		Removing the Dummy Shellcode
		Our Completed Module
	SEH Overwrite Exploit
	Wrapping Up
16: Meterpreter Scripting
	Meterpreter Scripting Basics
	Meterpreter API
		Printing Output
		Base API Calls
		Meterpreter Mixins
	Rules for Writing Meterpreter Scripts
	Creating Your Own Meterpreter Script
	Wrapping Up
17: Simulated Penetration Test
	Simulated Penetration Test
		Pre-engagement Interactions
		Intelligence Gathering
		Threat Modeling
		Customizing MSFconsole
		Post Exploitation
			Scanning the Metasploitable System
			Identifying Vulnerable Services
		Attacking Apache Tomcat
		Attacking Obscure Services
		Covering Your Tracks
		Wrapping Up
A: Configuring Your Target Machines
	Installing and Setting Up the System
	Booting Up the Linux Virtual Machines
	Setting Up a Vulnerable Windows XP Installation
		Configuring Your Web Server on Windows XP
		Building a SQL Server
		Creating a Vulnerable Web Application
		Updating Back|Track
B: Cheat Sheet
	MSFconsole Commands
	Meterpreter Commands
	MSFpayload Commands
	MSFencode Commands
	MSFcli Commands
	MSF, Ninja, Fu
	Meterpreter Post Exploitation Commands

Similer Documents