What this book covers
Chapter 1, Metasploit Quick Tips for Security Professionals, is the first step into the world of Metasploit and penetration testing. The chapter deals with a basic introduction to the framework, its architecture and libraries. In order to begin with penetration testing, we need a setup, so the chapter will guide you through setting up your own dummy penetration testing environment using virtual machines. Later, the chapter discusses about installing the framework on different operating systems. The chapter ends with giving the first taste of Metasploit and an introduction about its interfaces.
Chapter 2, Information Gathering and Scanning, is the first step to penetration testing. It starts with the most traditional way of information gathering and later on advances to scanning with Nmap. The chapter also covers some additional tools such as Nessus and NeXpose which covers the limitations of Nmap by providing additional information. At the end, the chapter discusses about the Dradis framework which is widely used by pen-testers to share their test results and reports with other remote testers.
Chapter 3, Operating System-based Vulnerability Assessment and Exploitation, talks about finding vulnerabilities in unpatched operating systems running on the target system. Operating system-based vulnerabilities have a good success rate and they can be exploited easily. The chapter discusses about penetrating several popular operating systems such as Windows XP, Windows 7, and Ubuntu. The chapter covers some of the popular, and known, exploits of these operating systems and how they can be used in Metasploit to break into a target machine.
Chapter 4, Client-side Exploitation and Antivirus Bypass, carries our discussion to the next step where we will discuss how Metasploit can be used to perform client-side exploitation. The chapter covers some of the popular client-side software such as Microsoft Office, Adobe Reader, and Internet Explorer. Later on, the chapter covers an extensive discussion about killing the client-side antivirus protection in order to prevent raising the alarm in the target system.
Chapter 5, Using Meterpreter to Explore the Compromised Target, discusses about the next step after exploitation. Meterpreter is a post-exploitation tool that has several functionalities, which can be helpful in penetrating the compromised target and gaining more information. The chapter covers some of the useful penetration testing techniques such as privilege escalation, accessing the file system, and keystroke sniffing.
Chapter 6, Advance Meterpreter Scripting, takes our Metasploit knowledge to the next level by covering some advance topics, such as building our own meterpreter script and working with API mixins. This chapter will provide flexibility to the readers as they can implement their own scripts into the framework according to the scenario. The chapter also covers some advance post exploitation concepts like pivoting, pass the hash and persistent connection.
Chapter 7, Working with Modules for Penetration Testing, shifts our focus to another important aspect of Metasploit; its modules. Metasploit has a decent collection of specific modules that can be used under particular scenarios. The chapter covers some important auxiliary modules and later on advances to building our own Metasploit modules. The chapter requires some basic knowledge of Ruby scripting.
Chapter 8, Working with Exploits, adds the final weapon into the arsenal by discussing how we can convert any exploit into a Metasploit module. This is an advanced chapter that will enable the readers to build their own Metasploit exploit modules and import it into the framework. As all the exploits are not covered under the framework, this chapter can be handy in case we want to test an exploit that is not there in the Metasploit repository. The chapter also discusses about fuzzing modules that can be useful in building your own proof of concepts for any vulnerability. Finally, the chapter ends with a complete example on how we can fuzz an application to find the overflow conditions and then build a Metasploit module for it.
Chapter 9, Working with Armitage, is a brief discussion about one of the popular Metasploit extensions, Armitage. It provides a graphical interface to the framework and enhances its functionalities by providing point and click exploitation options. The chapter focuses on important aspects of Armitage, such as quickly finding vulnerabilities, handling multiple targets, shifting among tabs, and dealing with post exploitation.
Chapter 10, Social Engineer Toolkit, is the final discussion of this book which covers yet another important extension of framework. Social Engineer Toolkit (SET) is used to generate test cases that rely on human negligence in order to compromise the target. The chapter covers basic attack vectors related to SET that includes spear phishing, website attack vector, generating infectious media such as a USB.