Penetration Testing With the Metasploit Framework

Penetration Testing With the Metasploit Framework

by Ric Messier
Released October 2016
Publisher(s): Infinite Skills
ISBN: 9781491972038

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

An essential requirement for protecting any organization's computer and network systems from adversarial attack is finding the vulnerabilities in those systems before the bad guys do. In this course, cybersecurity expert Ric Messier shows you how to use Metasploit, the open source, multi-platform (Linux, Windows, Mac OS) exploit framework deployed by systems administrators and security engineers everywhere to spot those vulnerabilities.

You'll learn how to download, install, and configure the software; how to extend Metasploit; how to perform system reconnaissance and vulnerability identification missions; how to use exploits; and the basics of social engineering attacks, such as phishing and site cloning.

  • Learn to perform basic network and system security scans using Metasploit
  • Understand Metasploit's command line, graphical, and web interfaces
  • Survey reconnaissance techniques like Nmap scanning, SYN scanning, and service scanning
  • Explore vulnerability identification practices like SMB and VNC open service scanning
  • Learn to use the exploits in Metasploit to attack systems and identify system vulnerability
  • See how to develop custom security functions using Ruby scripts
  • Explore phishing attacks, site cloning, and more
Ric Messier (GCIH, GSEC, CEH, CISSP) directs the Cybersecurity & Digital Forensic Programs at Champlain College in Burlington, Vermont. He also runs the private security firm WasHere Consulting and is a Senior Consultant with the security firm IP Architects, LLC. He holds a Masters of Digital Forensic Science from Champlain College and a Ph.D. in Information Assurance and Security from Capella University. Ric is the author of 16 O'Reilly titles, including "Introduction to Penetration Testing", "Learning Linux Security", and "Introduction to Wireshark".

Table of contents

  1. Introduction
    1. Welcome 00:01:07
    2. About The Author 00:00:50
    3. What Will Be Covered 00:03:30
    4. Vulnerable Systems 00:02:58
    5. Ethics 00:03:08
  2. Getting Started
    1. Metasploit Overview 00:02:47
    2. Obtaining Metasploit 00:03:24
    3. Installing Metasploit 00:02:50
    4. Metasploit On Kali Linux 00:02:26
    5. Taking A Spin Around The Web Interface 00:03:34
    6. A Quick Look At Armitage 00:02:28
    7. Integration With Nexpose 00:02:14
    8. Checking Database Connection 00:01:52
    9. Configuring Database On Kali Linux 00:03:03
    10. MSFconsole 00:01:54
    11. Exploits, Auxiliaries And Options 00:03:11
    12. MSFCLI 00:03:23
    13. Locating Metasploit Files 00:03:14
  3. Performing Reconnaissance
    1. Nmap Scanning 00:02:24
    2. Using Nmap In Metasploit 00:03:21
    3. Using Nmap Scripts 00:03:01
    4. Importing Nmap Scans 00:02:37
    5. Identifying Hosts And Services In Database 00:02:17
    6. Idle Scanning With Metasploit 00:04:26
    7. SYN Scanning With Metasploit 00:03:22
    8. Auxiliary Scanning Modules 00:02:36
    9. Service Scanning (SMB) 00:03:31
    10. Service Scanning (MSSQL) 00:03:48
    11. Service Scanning (SSH) 00:03:38
    12. Scanning From The Web Interface 00:02:16
  4. Vulnerability Identification
    1. Importing From Nexpose 00:02:06
    2. Importing From Nessus 00:01:53
    3. Open Service Scanning (SMB) 00:03:46
    4. Open Service Scanning (VNC) 00:02:38
    5. Other Scanning Modules 00:03:47
    6. Using The Database For Identification 00:02:53
    7. Vulnerabilities With The Web 00:03:39
  5. Exploitation
    1. Using An Exploit 00:02:37
    2. Payloads 00:03:40
    3. Exploiting The Target 00:04:35
    4. Using Meterpreter 00:03:36
    5. Pivoting 00:05:05
    6. Collecting Data From The Target 00:02:50
    7. Adding Users 00:01:04
    8. Screenshots And Keystrokes 00:02:36
    9. Passing The Hash 00:03:41
    10. Client-Side Exploitation 00:02:33
    11. Fun With Browsers 00:05:27
    12. Standalone Attacks And Handlers 00:03:37
    13. Anti-Virus Evasion - Using Encoding 00:02:20
    14. File Formatting Attacks 00:02:32
    15. Fuzzing Attacks 00:02:17
    16. Attacks From Armitage 00:03:57
  6. Extending Metasploit
    1. A Bit About Ruby 00:02:45
    2. Investigating Existing Scripts 00:03:56
    3. Using The Framework 00:02:59
    4. Creating An Auxiliary Module 00:02:42
    5. Creating An Exploit Module 00:04:03
    6. Locating Your Module In Metasploit 00:01:11
    7. Your Module In Action 00:01:44
  7. Social Engineering With Metasploit
    1. The Social Engineer's Toolkit 00:02:27
    2. Creating Phishing Attacks 00:04:51
    3. Investigating The Phishing Attack 00:02:29
    4. Site Cloning 00:03:20
    5. Investing The Site Clone Attack 00:03:21
    6. Payloads And Handlers 00:02:52
  8. Conclusion
    1. What We Covered 00:03:21
    2. Wrapping Up 00:01:19

Product information

  • Title: Penetration Testing With the Metasploit Framework
  • Author(s): Ric Messier
  • Release date: October 2016
  • Publisher(s): Infinite Skills
  • ISBN: 9781491972038