Mastering Metasploit - Second Edition

Cover
 Credits
 Foreword
 About the Author
 About the Reviewer
 www.PacktPub.com
 Table of Contents
 Preface
 Chapter 1: Approaching a Penetration Test Using Metasploit
 Organizing a penetration test
 Preinteractions
 Intelligence gathering/reconnaissance phase
 Predicting the test grounds
 Modeling threats
 Vulnerability analysis
 Exploitation and post-exploitation
 Reporting
 Mounting the environment
 Setting up Kali Linux in virtual environment
 The fundamentals of Metasploit
 Conducting a penetration test with Metasploit
 Recalling the basics of Metasploit. Benefits of penetration testing using MetasploitOpen source
 Support for testing large networks and easy naming conventions
 Smart payload generation and switching mechanism
 Cleaner exits
 The GUI environment
 Penetration testing an unknown network
 Assumptions
 Gathering intelligence
 Using databases in Metasploit
 Modeling threats
 Vulnerability analysis of VSFTPD 2.3.4 backdoor
 The attack procedure
 The procedure of exploiting the vulnerability
 Exploitation and post exploitation
 Vulnerability analysis of PHP-CGI query string parameter vulnerability
 Exploitation and post exploitation. Vulnerability analysis of HFS 2.3Exploitation and post exploitation
 Maintaining access
 Clearing tracks
 Revising the approach
 Summary
 Chapter 2: Reinventing Metasploit
 Ruby --
the heart of Metasploit
 Creating your first Ruby program
 Interacting with the Ruby shell
 Defining methods in the shell
 Variables and data types in Ruby
 Working with strings
 Concatenating strings
 The substring function
 The split function
 Numbers and conversions in Ruby
 Conversions in Ruby
 Ranges in Ruby
 Arrays in Ruby
 Methods in Ruby
 Decision-making operators
 Loops in Ruby
 Regular expressions. Wrapping up with Ruby basicsDeveloping custom modules
 Building a module in a nutshell
 The architecture of the Metasploit framework
 Understanding the file structure
 The libraries layout
 Understanding the existing modules
 The format of a Metasploit module
 Disassembling existing HTTP server scanner module
 Libraries and the function
 Writing out a custom FTP scanner module
 Libraries and the function
 Using msftidy
 Writing out a custom SSH authentication brute forcer
 Rephrasing the equation
 Writing a drive disabler post exploitation module. Writing a credential harvester post exploitation moduleBreakthrough meterpreter scripting
 Essentials of meterpreter scripting
 Pivoting the target network
 Setting up persistent access
 API calls and mixins
 Fabricating custom meterpreter scripts
 Working with RailGun
 Interactive Ruby shell basics
 Understanding RailGun and its scripting
 Manipulating Windows API calls
 Fabricating sophisticated RailGun scripts
 Summary
 Chapter 3: The Exploit Formulation Process
 The absolute basics of exploitation
 The basics
 The architecture
 System organization basics
 Registers.