Metasploit for Beginners E-Book

BIRMINGHAM - MUMBAI

Metasploit for Beginners

Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: July 2017 Production reference: 1140717

Published by Packt Publishing Ltd.

ISBN 978-1-78829-597-0

www.packtpub.com

Credits

Author

Sagar Rahalkar

Copy Editor

Ulka Manjrekar

Reviewers

Adrian Pruteanu

Project Coordinator

Kinjal Bari

Commissioning Editor

Vijin Boricha

Proofreader

Safis Editing

Acquisition Editor

Prachi Bisht;

Indexer

Rekha Nair

ContentDevelopmentEditor

Eisha Dsouza

Graphics

Kirk D'Penha

Technical Editor

Naveenkumar Jain

Production Coordinator

Shantanu N. Zagade

About the Author

Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a master's degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist- Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

About the Reviewer

Adrian Pruteanu is a senior consultant who specializes in penetration testing and reverse engineering. With over 10 years of experience in the security industry, Adrian has provided services to all major financial institutions in Canada, as well as countless other companies around the world. You can find him on Twitter as @waydrian.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1788295978.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Introduction to Metasploit and Supporting Tools

The importance of penetration testing

Vulnerability assessment versus penetration testing

The need for a penetration testing framework

Introduction to Metasploit

When to use Metasploit?

Making Metasploit effective and powerful using supplementary tools

Nessus

NMAP

w3af

Armitage

Summary

Exercises

Setting up Your Environment

Using the Kali Linux virtual machine - the easiest way

Installing Metasploit on Windows

Installing Metasploit on Linux

Setting up exploitable targets in a virtual environment

Summary

Exercises

Metasploit Components and Environment Configuration

Anatomy and structure of Metasploit

Metasploit components

Auxiliaries

Exploits

Encoders

Payloads

Post

Playing around with msfconsole

Variables in Metasploit

Updating the Metasploit Framework

Summary

Exercises

Information Gathering with Metasploit

Information gathering and enumeration

Transmission Control Protocol

User Datagram Protocol

File Transfer Protocol

Server Message Block

Hypertext Transfer Protocol

Simple Mail Transfer Protocol

Secure Shell

Domain Name System

Remote Desktop Protocol

Password sniffing

Advanced search with shodan

Summary

Exercises

Vulnerability Hunting with Metasploit

Managing the database

Work spaces

Importing scans

Backing up the database

NMAP

NMAP scanning approach

Nessus

Scanning using Nessus from msfconsole

Vulnerability detection with Metasploit auxiliaries

Auto exploitation with db_autopwn

Post exploitation

What is meterpreter?

Searching for content

Screen capture

Keystroke logging

Dumping the hashes and cracking with JTR

Shell command

Privilege escalation

Summary

Exercises

Client-side Attacks with Metasploit

Need of client-side attacks

What are client-side attacks?

What is a Shellcode?

What is a reverse shell?

What is a bind shell?

What is an encoder?

The msfvenom utility

Generating a payload with msfvenom

Social Engineering with Metasploit

Generating malicious PDF

Creating infectious media drives

Browser Autopwn

Summary

Exercises

Web Application Scanning with Metasploit

Setting up a vulnerable application

Web application scanning using WMAP

Metasploit Auxiliaries for Web Application enumeration and scanning

Summary

Exercises

Antivirus Evasion and Anti-Forensics

Using encoders to avoid AV detection

Using packagers and encrypters

What is a sandbox?

Anti-forensics

Timestomp

clearev

Summary

Exercises

Cyber Attack Management with Armitage

What is Armitage?

Starting the Armitage console

Scanning and enumeration

Find and launch attacks

Summary

Exercises

Extending Metasploit and Exploit Development

Exploit development concepts

What is a buffer overflow?

What are fuzzers?

Exploit templates and mixins

What are Metasploit mixins?

Adding external exploits to Metasploit

Summary

Exercises

Preface

For more than a decade or so, the use of technology has been rising exponentially. Almost all of the businesses are partially or completely dependent on the use of technology. From bitcoins to cloud to Internet-of-Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring along threats with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern to thousands of organizations and businesses around the world. Organizations worldwide are deeply concerned about keeping their data safe. Protecting data is certainly important, however, testing whether adequate protection mechanisms have been put to work is also equally important. Protection mechanisms can fail, hence testing them before someone exploits them for real is a challenging task. Having said this, vulnerability assessment and penetration testing have gained high importance and is now trivially included in all compliance programs. With the vulnerability assessment and penetration testing done in a right way, organizations can ensure that they have put in the right security controls, and they are functioning as expected! For many, the process of vulnerability assessment and penetration testing may look easy just by running an automated scanner and generating a long report with false positives. However, in reality, this process is not just about running tools but a complete lifecycle. Fortunately, the Metasploit Framework can be plugged-in in almost each phase of the penetration testing lifecycle making complex tasks easier. This book will take you through some of the absolute basics of the Metasploit Framework to the advanced and sophisticated features that the framework has to offer!

What this book covers

Chapter 1,Introduction to Metasploit and Supporting Tools, introduces the reader to concepts such as vulnerability assessment and penetration testing. Then, the reader would understand the need for a penetration testing framework along with a brief introduction to the Metasploit Framework. Moving ahead, the chapter explains how the Metasploit Framework can be effectively used across all stages of the penetration testing lifecycle along with some supporting tools that extend the Metasploit Framework's capability.

Chapter 2, Setting up Your Environment, essentially guides on setting up the environment for the Metasploit Framework. This includes setting up the Kali Linux virtual machine, independently installing the Metasploit Framework on various platforms, such as Windows and Linux, and setting up exploitable or vulnerable targets in the virtual environment.

Chapter 3, Metasploit Components and Environment Configuration, covers the structure and anatomy of the Metasploit Framework followed by the introduction to various Metasploit components. This chapter also covers the local and global variable configuration along with procedure to keep the Metasploit Framework updated.

Chapter 4,Information Gathering with Metasploit,lays the foundation for information gathering and enumeration with the Metasploit Framework. It covers information gathering and enumeration for various protocols such as TCP, UDP, FTP, SMB, HTTP, SSH, DNS, and RDP. It also covers extended usage of the Metasploit Framework for password sniffing along with the advanced search for vulnerable systems using Shodan integration.

Chapter 5, Vulnerability Hunting with Metasploit, starts with instructions on setting up the Metasploit database. Then, it provides insights on vulnerability scanning and exploiting using NMAP, Nessus and the Metasploit Framework concluding with post-exploitation capabilities of the Metasploit Framework.

Chapter 6, Client-side Attacks with Metasploit, introduces key terminology related to client-side attacks. It then covers the usage of the msfvenom utility to generate custom payloads along with the Social Engineering Toolkit. The chapter concludes with advanced browser-based attacks using the browser_autopwn auxiliary module.

Chapter 7, Web Application Scanning with Metasploit, covers the procedure of setting up a vulnerable web application. It then covers the wmap module within the Metasploit Framework for web application vulnerability scanning and concludes with some additional Metasploit auxiliary modules that can be useful in web application security assessment.

Chapter 8, Antivirus Evasion and Anti-Forensics, covers the various techniques to avoid payload getting detected by various antivirus programs. These techniques include the use of encoders, binary packages, and encryptors. The chapter also introduces various concepts for testing the payloads and then concludes with various anti-forensic features of the Metasploit Framework.

Chapter 9, Cyber Attack Management with Armitage, introduces a cyberattack management tool “Armitage” that can be effectively used along with the Metasploit framework for performing complex penetration testing tasks. This chapter covers the various aspects of the Armitage tool, including opening the console, performing scanning and enumeration, finding suitable attacks, and exploiting the target.

Chapter 10, Extending Metasploit & Exploit Development, introduces the various exploit development concepts followed by how the Metasploit Framework could be extended by adding external exploits. The chapter concludes by briefing about the Metasploit exploit templates and mixins that can be readily utilized for custom exploit development.

What you need for this book

In order to run the exercises in this book, the following software is recommended:

Metasploit Framework

PostgreSQL

VMWare or Virtual Box

Kali Linux

Nessus

7-Zip

NMAP

W3af

Armitage

Windows XP

Adobe Acrobat Reader

Who this book is for

This book is for all those who have a keen interest in computer security especially in the area of vulnerability assessment and penetration testing and specifically want to develop practical skills in using the Metasploit Framework.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: Code words in text are shown as follows: "Type msfconsole and hit Enter. "

A block of code is set as follows:

#include <stdio.h>

void

Admin

Function

()

{

printf

(

"Congratulations!

\n

"

);

printf

(

"You have entered in the Admin function!

\n

"

);

}

Any command-line input or output is written as follows:

wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes, for example, appear in the text like this: "Click on Forward to proceed with the installation."

Reader feedback