This is not the document you are looking for? Use the search form below to find more!
Metasploit
0.00 (0 votes)
Document Description
By Anas Meta Meta
File Details- Added: October, 30th 2011
- Reads: 247
- Downloads: 10
- File size: 7.24mb
- Pages: 332
- content preview
- Name: anas
- Homepage: http://anas.com
We are unable to create an online viewer for this document. Please download the document instead.
Related Documents
Content Preview
M
"The best guide to the
e
t
Metasploit Framework." -- HD Moore,
a
s
Metasploit
Founder of the Metasploit Project
pl
o
i
t
The Penetration Tester's Guide
The Metasploit Framework makes discovering,
Bypass antivirus technologies and circumvent
exploiting, and sharing vulnerabilities quick and
security controls
relatively painless. But while Metasploit is used by
Integrate Nmap, NeXpose, and Nessus with
security professionals everywhere, the tool can be
T
Metasploit to automate discovery
he
hard to grasp for first-time users. Metasploit: The
Penetration Tester's Guide fil s this gap by teaching you Use the Meterpreter shell to launch further
P
how to harness the Framework and interact with the
attacks from inside the network
e
ne
vibrant community of Metasploit contributors.
Harness stand-alone Metasploit utilities, third-
t
Once you've built your foundation for penetration
party tools, and plug-ins
r
a
testing, you'l learn the Framework's conventions,
t
Learn how to write your own Meterpreter post-
i
interfaces, and module system as you launch simulated
o
exploitation modules and scripts
n
attacks. You'll move on to advanced penetration testing
T
techniques, including network reconnaissance and
You'l even touch on exploit discovery for zero-day
e
enumeration, client-side attacks, wireless attacks, and research, write a fuzzer, port existing exploits into the
s
t
targeted social-engineering attacks.
Framework, and learn how to cover your tracks. Whether
e
r
your goal is to secure your own networks or to put
'
Learn how to:
s
someone else's to the test, Metasploit: The Penetration
G
Find and exploit unmaintained, misconfigured, and Tester's Guide will take you there and beyond.
u
unpatched systems
i
de
Perform reconnaissance and find valuable
information about your target
Kennedy
O'Gorman
TH E FI N EST I N G E E K E NTE RTAI N M E NTTM
www.nostarch.com
"I LAY FLAT." This book uses RepKover -- a durable binding that won't snap shut.
Kearns
$49.95
Aharoni
($57.95 CDN)
Shelve In: CoMPuTerS/INTerNeT/SeCurITy
David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni
Foreword by HD Moore
METASPLOIT
METASPLOIT
T h e P e n e t r a t i o n
T e s t e r ' s G u i d e
by David Kennedy,
Jim O'Gorman, Devon Kearns,
and Mati Aharoni
San Francisco
METASPLOIT. Copyright (c) 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior
written permission of the copyright owner and the publisher.
15 14 13 12 11
1 2 3 4 5 6 7 8 9
ISBN-10: 1-59327-288-X
ISBN-13: 978-1-59327-288-3
Publisher: William Pollock
Production Editor: Alison Law
Cover Illustration: Hugh D'Andrade
Interior Design: Octopod Studios
Developmental Editors: William Pollock and Tyler Ortman
Technical Reviewer: Scott White
Copyeditor: Lisa Theobald
Compositors: Susan Glinert Stevens
Proofreader: Ward Webber
Indexer: BIM Indexing & Proofreading Services
For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
38 Ringold Street, San Francisco, CA 94103
phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com
Library of Congress Cataloging-in-Publication Data
A catalog record of this book is available from the Library of Congress.
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and
company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark
symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the
benefit of the trademark owner, with no intention of infringement of the trademark.
The information in this book is distributed on an "As Is" basis, without warranty. While every precaution has been
taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any
person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the
information contained in it.
B R I E F C O N T E N T S
Foreword by HD Moore ................................................................................................ xiii
Preface .......................................................................................................................xvii
Acknowledgments .........................................................................................................xix
Introduction .................................................................................................................xxi
Chapter 1: The Absolute Basics of Penetration Testing .........................................................1
Chapter 2: Metasploit Basics ............................................................................................7
Chapter 3: Intelligence Gathering ...................................................................................15
Chapter 4: Vulnerability Scanning...................................................................................35
Chapter 5: The Joy of Exploitation...................................................................................57
Chapter 6: Meterpreter ..................................................................................................75
Chapter 7: Avoiding Detection .......................................................................................99
Chapter 8: Exploitation Using Client-Side Attacks............................................................109
Chapter 9: Metasploit Auxiliary Modules .......................................................................123
Chapter 10: The Social-Engineer Toolkit.........................................................................135
Chapter 11: Fast-Track.................................................................................................163
Chapter 12: Karmetasploit ...........................................................................................177
Chapter 13: Building Your Own Module........................................................................185
Chapter 14: Creating Your Own Exploits .......................................................................197
Chapter 15: Porting Exploits to the Metasploit Framework................................................215
Chapter 16: Meterpreter Scripting.................................................................................235
Chapter 17: Simulated Penetration Test..........................................................................251
Appendix A: Configuring Your Target Machines .............................................................267
Appendix B: Cheat Sheet .............................................................................................275
Index .........................................................................................................................285
vi
Brief Contents
C O N T E N T S I N D E T A I L
FOREWORD by HD Moore
xiii
PREFACE
xvii
ACKNOWLEDGMENTS
xix
Special Thanks ........................................................................................................ xx
INTRODUCTION xxi
Why Do A Penetration Test? ................................................................................... xxii
Why Metasploit? .................................................................................................. xxii
A Brief History of Metasploit ................................................................................... xxii
About this Book .....................................................................................................xxiii
What's in the Book? ..............................................................................................xxiii
A Note on Ethics ..................................................................................................xxiv
1
THE ABSOLUTE BASICS OF PENETRATION TESTING
1
The Phases of the PTES .............................................................................................. 2
Pre-engagement Interactions ......................................................................... 2
Intelligence Gathering .................................................................................. 2
Threat Modeling ......................................................................................... 2
Vulnerability Analysis .................................................................................. 3
Exploitation ................................................................................................ 3
Post Exploitation .......................................................................................... 3
Reporting ................................................................................................... 4
Types of Penetration Tests .......................................................................................... 4
Overt Penetration Testing ............................................................................. 5
Covert Penetration Testing ............................................................................ 5
Vulnerability Scanners .............................................................................................. 5
Pulling It All Together ................................................................................................ 6
2
METASPLOIT BASICS
7
Terminology ............................................................................................................ 7
Exploit ....................................................................................................... 8
Payload ..................................................................................................... 8
Shellcode ................................................................................................... 8
Module ...................................................................................................... 8
Listener ...................................................................................................... 8
Metasploit Interfaces ................................................................................................. 8
MSFconsole ................................................................................................ 9
MSFcli ....................................................................................................... 9
Armitage .................................................................................................. 11
Metasploit Utilities .................................................................................................. 12
MSFpayload ............................................................................................. 12
MSFencode .............................................................................................. 13
Nasm Shell ............................................................................................... 13
Metasploit Express and Metasploit Pro ...................................................................... 14
Wrapping Up ........................................................................................................ 14
3
INTELLIGENCE GATHERING
15
Passive Information Gathering ................................................................................. 16
whois Lookups .......................................................................................... 16
Netcraft ................................................................................................... 17
NSLookup ................................................................................................ 18
Active Information Gathering ................................................................................... 18
Port Scanning with Nmap .......................................................................... 18
Working with Databases in Metasploit ........................................................ 20
Port Scanning with Metasploit ..................................................................... 25
Targeted Scanning ................................................................................................. 26
Server Message Block Scanning .................................................................. 26
Hunting for Poorly Configured Microsoft SQL Servers .................................... 27
SSH Server Scanning ................................................................................. 28
FTP Scanning ............................................................................................ 29
Simple Network Management Protocol Sweeping ......................................... 30
Writing a Custom Scanner ...................................................................................... 31
Looking Ahead ...................................................................................................... 33
4
VULNERABILITY SCANNING
35
The Basic Vulnerability Scan .................................................................................... 36
Scanning with NeXpose .......................................................................................... 37
Configuration ........................................................................................... 37
Importing Your Report into the Metasploit Framework .................................... 42
Running NeXpose Within MSFconsole ......................................................... 43
Scanning with Nessus ............................................................................................. 44
Nessus Configuration ................................................................................ 44
Creating a Nessus Scan Policy ................................................................... 45
Running a Nessus Scan .............................................................................. 47
Nessus Reports ......................................................................................... 47
Importing Results into the Metasploit Framework ............................................ 48
Scanning with Nessus from Within Metasploit .............................................. 49
Specialty Vulnerability Scanners ............................................................................... 51
Validating SMB Logins ............................................................................... 51
Scanning for Open VNC Authentication ....................................................... 52
Scanning for Open X11 Servers .................................................................. 54
Using Scan Results for Autopwning ........................................................................... 56
5
THE JOY OF EXPLOITATION
57
Basic Exploitation ................................................................................................... 58
msf> show exploits .................................................................................... 58
msf> show auxiliary .................................................................................. 58
viii
Contents in Detail
"The best guide to the
e
t
Metasploit Framework." -- HD Moore,
a
s
Metasploit
Founder of the Metasploit Project
pl
o
i
t
The Penetration Tester's Guide
The Metasploit Framework makes discovering,
Bypass antivirus technologies and circumvent
exploiting, and sharing vulnerabilities quick and
security controls
relatively painless. But while Metasploit is used by
Integrate Nmap, NeXpose, and Nessus with
security professionals everywhere, the tool can be
T
Metasploit to automate discovery
he
hard to grasp for first-time users. Metasploit: The
Penetration Tester's Guide fil s this gap by teaching you Use the Meterpreter shell to launch further
P
how to harness the Framework and interact with the
attacks from inside the network
e
ne
vibrant community of Metasploit contributors.
Harness stand-alone Metasploit utilities, third-
t
Once you've built your foundation for penetration
party tools, and plug-ins
r
a
testing, you'l learn the Framework's conventions,
t
Learn how to write your own Meterpreter post-
i
interfaces, and module system as you launch simulated
o
exploitation modules and scripts
n
attacks. You'll move on to advanced penetration testing
T
techniques, including network reconnaissance and
You'l even touch on exploit discovery for zero-day
e
enumeration, client-side attacks, wireless attacks, and research, write a fuzzer, port existing exploits into the
s
t
targeted social-engineering attacks.
Framework, and learn how to cover your tracks. Whether
e
r
your goal is to secure your own networks or to put
'
Learn how to:
s
someone else's to the test, Metasploit: The Penetration
G
Find and exploit unmaintained, misconfigured, and Tester's Guide will take you there and beyond.
u
unpatched systems
i
de
Perform reconnaissance and find valuable
information about your target
Kennedy
O'Gorman
TH E FI N EST I N G E E K E NTE RTAI N M E NTTM
www.nostarch.com
"I LAY FLAT." This book uses RepKover -- a durable binding that won't snap shut.
Kearns
$49.95
Aharoni
($57.95 CDN)
Shelve In: CoMPuTerS/INTerNeT/SeCurITy
David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni
Foreword by HD Moore
METASPLOIT
METASPLOIT
T h e P e n e t r a t i o n
T e s t e r ' s G u i d e
by David Kennedy,
Jim O'Gorman, Devon Kearns,
and Mati Aharoni
San Francisco
METASPLOIT. Copyright (c) 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior
written permission of the copyright owner and the publisher.
15 14 13 12 11
1 2 3 4 5 6 7 8 9
ISBN-10: 1-59327-288-X
ISBN-13: 978-1-59327-288-3
Publisher: William Pollock
Production Editor: Alison Law
Cover Illustration: Hugh D'Andrade
Interior Design: Octopod Studios
Developmental Editors: William Pollock and Tyler Ortman
Technical Reviewer: Scott White
Copyeditor: Lisa Theobald
Compositors: Susan Glinert Stevens
Proofreader: Ward Webber
Indexer: BIM Indexing & Proofreading Services
For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
38 Ringold Street, San Francisco, CA 94103
phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com
Library of Congress Cataloging-in-Publication Data
A catalog record of this book is available from the Library of Congress.
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and
company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark
symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the
benefit of the trademark owner, with no intention of infringement of the trademark.
The information in this book is distributed on an "As Is" basis, without warranty. While every precaution has been
taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any
person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the
information contained in it.
B R I E F C O N T E N T S
Foreword by HD Moore ................................................................................................ xiii
Preface .......................................................................................................................xvii
Acknowledgments .........................................................................................................xix
Introduction .................................................................................................................xxi
Chapter 1: The Absolute Basics of Penetration Testing .........................................................1
Chapter 2: Metasploit Basics ............................................................................................7
Chapter 3: Intelligence Gathering ...................................................................................15
Chapter 4: Vulnerability Scanning...................................................................................35
Chapter 5: The Joy of Exploitation...................................................................................57
Chapter 6: Meterpreter ..................................................................................................75
Chapter 7: Avoiding Detection .......................................................................................99
Chapter 8: Exploitation Using Client-Side Attacks............................................................109
Chapter 9: Metasploit Auxiliary Modules .......................................................................123
Chapter 10: The Social-Engineer Toolkit.........................................................................135
Chapter 11: Fast-Track.................................................................................................163
Chapter 12: Karmetasploit ...........................................................................................177
Chapter 13: Building Your Own Module........................................................................185
Chapter 14: Creating Your Own Exploits .......................................................................197
Chapter 15: Porting Exploits to the Metasploit Framework................................................215
Chapter 16: Meterpreter Scripting.................................................................................235
Chapter 17: Simulated Penetration Test..........................................................................251
Appendix A: Configuring Your Target Machines .............................................................267
Appendix B: Cheat Sheet .............................................................................................275
Index .........................................................................................................................285
vi
Brief Contents
C O N T E N T S I N D E T A I L
FOREWORD by HD Moore
xiii
PREFACE
xvii
ACKNOWLEDGMENTS
xix
Special Thanks ........................................................................................................ xx
INTRODUCTION xxi
Why Do A Penetration Test? ................................................................................... xxii
Why Metasploit? .................................................................................................. xxii
A Brief History of Metasploit ................................................................................... xxii
About this Book .....................................................................................................xxiii
What's in the Book? ..............................................................................................xxiii
A Note on Ethics ..................................................................................................xxiv
1
THE ABSOLUTE BASICS OF PENETRATION TESTING
1
The Phases of the PTES .............................................................................................. 2
Pre-engagement Interactions ......................................................................... 2
Intelligence Gathering .................................................................................. 2
Threat Modeling ......................................................................................... 2
Vulnerability Analysis .................................................................................. 3
Exploitation ................................................................................................ 3
Post Exploitation .......................................................................................... 3
Reporting ................................................................................................... 4
Types of Penetration Tests .......................................................................................... 4
Overt Penetration Testing ............................................................................. 5
Covert Penetration Testing ............................................................................ 5
Vulnerability Scanners .............................................................................................. 5
Pulling It All Together ................................................................................................ 6
2
METASPLOIT BASICS
7
Terminology ............................................................................................................ 7
Exploit ....................................................................................................... 8
Payload ..................................................................................................... 8
Shellcode ................................................................................................... 8
Module ...................................................................................................... 8
Listener ...................................................................................................... 8
Metasploit Interfaces ................................................................................................. 8
MSFconsole ................................................................................................ 9
MSFcli ....................................................................................................... 9
Armitage .................................................................................................. 11
Metasploit Utilities .................................................................................................. 12
MSFpayload ............................................................................................. 12
MSFencode .............................................................................................. 13
Nasm Shell ............................................................................................... 13
Metasploit Express and Metasploit Pro ...................................................................... 14
Wrapping Up ........................................................................................................ 14
3
INTELLIGENCE GATHERING
15
Passive Information Gathering ................................................................................. 16
whois Lookups .......................................................................................... 16
Netcraft ................................................................................................... 17
NSLookup ................................................................................................ 18
Active Information Gathering ................................................................................... 18
Port Scanning with Nmap .......................................................................... 18
Working with Databases in Metasploit ........................................................ 20
Port Scanning with Metasploit ..................................................................... 25
Targeted Scanning ................................................................................................. 26
Server Message Block Scanning .................................................................. 26
Hunting for Poorly Configured Microsoft SQL Servers .................................... 27
SSH Server Scanning ................................................................................. 28
FTP Scanning ............................................................................................ 29
Simple Network Management Protocol Sweeping ......................................... 30
Writing a Custom Scanner ...................................................................................... 31
Looking Ahead ...................................................................................................... 33
4
VULNERABILITY SCANNING
35
The Basic Vulnerability Scan .................................................................................... 36
Scanning with NeXpose .......................................................................................... 37
Configuration ........................................................................................... 37
Importing Your Report into the Metasploit Framework .................................... 42
Running NeXpose Within MSFconsole ......................................................... 43
Scanning with Nessus ............................................................................................. 44
Nessus Configuration ................................................................................ 44
Creating a Nessus Scan Policy ................................................................... 45
Running a Nessus Scan .............................................................................. 47
Nessus Reports ......................................................................................... 47
Importing Results into the Metasploit Framework ............................................ 48
Scanning with Nessus from Within Metasploit .............................................. 49
Specialty Vulnerability Scanners ............................................................................... 51
Validating SMB Logins ............................................................................... 51
Scanning for Open VNC Authentication ....................................................... 52
Scanning for Open X11 Servers .................................................................. 54
Using Scan Results for Autopwning ........................................................................... 56
5
THE JOY OF EXPLOITATION
57
Basic Exploitation ................................................................................................... 58
msf> show exploits .................................................................................... 58
msf> show auxiliary .................................................................................. 58
viii
Contents in Detail
Document Outline
- Foreword
- Preface
- Acknowledgments
- Special Thanks
- Introduction
- Why Do a Penetration Test?
- Why Metasploit?
- A Brief History of Metasploit
- About This Book
- Whats in the Book?
- A Note on Ethics
- 1: The Absolute Basics of Penetration Testing
- The Phases of the PTES
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- Types of Penetration Tests
- Overt Penetration Testing
- Covert Penetration Testing
- Vulnerability Scanners
- Pulling It All Together
- The Phases of the PTES
- 2: Metasploit Basics
- Terminology
- Exploit
- Payload
- Shellcode
- Module
- Listener
- Metasploit Interfaces
- MSFconsole
- MSFcli
- Armitage
- Metasploit Utilities
- MSFpayload
- MSFencode
- Nasm Shell
- Metasploit Express and Metasploit Pro
- Wrapping Up
- Terminology
- 3: Intelligence Gathering
- Passive Information Gathering
- whois Lookups
- Netcraft
- NSLookup
- Active Information Gathering
- Port Scanning with Nmap
- Working with Databases in Metasploit
- Port Scanning with Metasploit
- Targeted Scanning
- Server Message Block Scanning
- Hunting for Poorly Configured Microsoft SQL Servers
- SSH Server Scanning
- FTP Scanning
- Simple Network Management Protocol Sweeping
- Writing a Custom Scanner
- Looking Ahead
- Passive Information Gathering
- 4: Vulnerability Scanning
- The Basic Vulnerability Scan
- Scanning with NeXpose
- Configuration
- Importing Your Report into the Metasploit Framework
- Running NeXpose Within MSFconsole
- Scanning with Nessus
- Nessus Configuration
- Creating a Nessus Scan Policy
- Running a Nessus Scan
- Nessus Reports
- Importing Results into the Metasploit Framework
- Scanning with Nessus from Within Metasploit
- Specialty Vulnerability Scanners
- Validating SMB Logins
- Scanning for Open VNC Authentication
- Scanning for Open X11 Servers
- Using Scan Results for Autopwning
- 5: The Joy of Exploitation
- Basic Exploitation
- msf> show exploits
- msf> show auxiliary
- msf> show options
- msf> show payloads
- msf> show targets
- info
- set and unset
- setg and unsetg
- save
- Exploiting Your First Machine
- Exploiting an Ubuntu Machine
- All-Ports Payloads: Brute Forcing Ports
- Resource Files
- Wrapping Up
- Basic Exploitation
- 6: Meterpreter
- Compromising a Windows XP Virtual Machine
- Scanning for Ports with Nmap
- Attacking MS SQL
- Brute Forcing MS SQL Server
- The xp_cmdshell
- Basic Meterpreter Commands
- Capturing Keystrokes
- Dumping Usernames and Passwords
- Extracting the Password Hashes
- Dumping the Password Hash
- Pass the Hash
- Privilege Escalation
- Token Impersonation
- Using ps
- Pivoting onto Other Systems
- Using Meterpreter Scripts
- Migrating a Process
- Killing Antivirus Software
- Obtaining System Password Hashes
- Viewing All Traffic on a Target Machine
- Scraping a System
- Using Persistence
- Leveraging Post Exploitation Modules
- Upgrading Your Command Shell to Meterpreter
- Manipulating Windows APIs with the Railgun Add-On
- Wrapping Up
- Compromising a Windows XP Virtual Machine
- 7: Avoiding Detection
- Creating Stand-Alone Binaries with MSFpayload
- Evading Antivirus Detection
- Encoding with MSFencode
- Multi-encoding
- Custom Executable Templates
- Launching a Payload Stealthily
- Packers
- A Final Note on Antivirus Software Evasion
- 8: Exploitation Using Client-Side Attacks
- Browser-Based Exploits
- How Browser-Based Exploits Work
- Looking at NOPs
- Using Immunity Debugger to Decipher NOP Shellcode
- Exploring the Internet Explorer Aurora Exploit
- File Format Exploits
- Sending the Payload
- Wrapping Up
- Browser-Based Exploits
- 9: Metasploit Auxiliary Modules
- Auxiliary Modules in Use
- Anatomy of an Auxiliary Module
- Going Forward
- 10: The Social-Engineer Toolkit
- Configuring the Social-Engineer Toolkit
- Spear-Phishing Attack Vector
- Web Attack Vectors
- Java Applet
- Client-Side Web Exploits
- Username and Password Harvesting
- Tabnabbing
- Man-Left-in-the-Middle
- Web Jacking
- Putting It All Together with a Multipronged Attack
- Infectious Media Generator
- Teensy USB HID Attack Vector
- Additional SET Features
- Looking Ahead
- 11: Fast-Track
- Microsoft SQL Injection
- SQL Injector-Query String Attack
- SQL Injector-POST Parameter Attack
- Manual Injection
- MSSQL Bruter
- SQLPwnage
- Binary-to-Hex Generator
- Mass Client-Side Attack
- A Few Words About Automation
- Microsoft SQL Injection
- 12: Karmetasploit
- Configuration
- Launching the Attack
- Credential Harvesting
- Getting a Shell
- Wrapping Up
- 13: Building Your Own Module
- Getting Command Execution on Microsoft SQL
- Exploring an Existing Metasploit Module
- Creating a New Module
- PowerShell
- Running the Shell Exploit
- Creating powershell_upload_exec
- Conversion from Hex to Binary
- Counters
- Running the Exploit
- The Power of Code Reuse
- 14: Creating Your Own Exploits
- The Art of Fuzzing
- Controlling the Structured Exception Handler
- Hopping Around SEH Restrictions
- Getting a Return Address
- Bad Characters and Remote Code Execution
- Wrapping Up
- 15: Porting Exploits to the Metasploit Framework
- Assembly Language Basics
- EIP and ESP Registers
- The JMP Instruction Set
- NOPs and NOP Slides
- Porting a Buffer Overflow
- Stripping the Existing Exploit
- Configuring the Exploit Definition
- Testing Our Base Exploit
- Implementing Features of the Framework
- Adding Randomization
- Removing the NOP Slide
- Removing the Dummy Shellcode
- Our Completed Module
- SEH Overwrite Exploit
- Wrapping Up
- Assembly Language Basics
- 16: Meterpreter Scripting
- Meterpreter Scripting Basics
- Meterpreter API
- Printing Output
- Base API Calls
- Meterpreter Mixins
- Rules for Writing Meterpreter Scripts
- Creating Your Own Meterpreter Script
- Wrapping Up
- 17: Simulated Penetration Test
- Simulated Penetration Test
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Exploitation
- Customizing MSFconsole
- Post Exploitation
- Scanning the Metasploitable System
- Identifying Vulnerable Services
- Attacking Apache Tomcat
- Attacking Obscure Services
- Covering Your Tracks
- Wrapping Up
- Simulated Penetration Test
- A: Configuring Your Target Machines
- Installing and Setting Up the System
- Booting Up the Linux Virtual Machines
- Setting Up a Vulnerable Windows XP Installation
- Configuring Your Web Server on Windows XP
- Building a SQL Server
- Creating a Vulnerable Web Application
- Updating Back|Track
- B: Cheat Sheet
- MSFconsole Commands
- Meterpreter Commands
- MSFpayload Commands
- MSFencode Commands
- MSFcli Commands
- MSF, Ninja, Fu
- MSFvenom
- Meterpreter Post Exploitation Commands
- Index
Add New Comment