Metasploit Penetration Testing Cookbook, 2nd Edition

Over 80 recipes to master the most widely used penetration testing framework

Overview

• Special focus on the latest operating systems, exploits, and penetration testing techniques for wireless, VOIP, and cloud
• This book covers a detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience
• Detailed penetration testing techniques for different specializations like wireless networks, VOIP systems with a brief introduction to penetration testing in the cloud

In Detail

Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

This book will help readers to think from a hacker’s perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

What you will learn from this book

• Set up a complete penetration testing environment using Metasploit and virtual machines
• Discover how to penetration test popular operating systems such as Windows 8
• Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
• Build and analyze meterpreter scripts in Ruby
• Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
• Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
• Work with BBQSQL to analyze the stored results of the database

Approach

This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.

Table of Contents

Chapter 1: Metasploit Quick Tips for Security Professionals
Chapter 2: Information Gathering and Scanning
Chapter 3: Operating-System-based Vulnerability Assessment
Chapter 4: Client-side Exploitation and Antivirus Bypass
Chapter 5: Working with Modules for Penetration Testing
Chapter 6: Exploring Exploits
Chapter 7: VoIP Penetration Testing
Chapter 8: Wireless Network Penetration Testing
Chapter 9: Social-Engineer Toolkit
Chapter 10: Working with Meterpreter
Appendix: Pentesting in the Cloud