Fork me on GitHub

Project Notes

Metasploit Penetration Testing Cookbook

Book notes - Metasploit Penetration Testing Cookbook, Second Edition by Monika Agarwal, Abhinav Singh


The Metasploit Penetration Testing Cookbook is a bit old now (published 2013). It gives a good general overview, but actually commands and tools are a bit outdated.

Table of Contents - Highlights

Metasploit Quick Tips for Security Professionals - Introduction

Covers installing and configuring on Windows, Ubuntu, BackTrack 5 R3 and VMware. This is quite out of date now.

Information Gathering and Scanning

  • Passive information gathering - Nmap, DNmap
  • Using keimpx – an SMB credentials scanner
  • Detecting SSH versions with the SSH version scanner
  • FTP scanning
  • SNMP sweeping
  • Vulnerability scanning with Nessus
  • Scanning with NeXpose
  • Working with OpenVAS – a vulnerability scanner

Operating-System-based Vulnerability Assessment

  • Penetration testing: Windows XP SP2, Windows 8, Linux (Ubuntu)
  • Understanding the Windows DLL injection flaws

Client-side Exploitation and Antivirus Bypass

  • Exploiting Internet Explorer execCommand Use-After-Free vulnerability
  • Understanding Adobe Flash Player “new function” invalid pointer use
  • Understanding Microsoft Word RTF stack buffer overflow
  • Working with Adobe Reader U3D Memory Corruption
  • Generating binary and shell code from msfpayload
  • Msfencoding schemes with the detection ratio
  • Using the killav.rb script to disable the antivirus programs
  • Killing the antiviruses’ services from the command line
  • Working with the syringe utility

Working with Modules for Penetration Testing

  • Working with scanner auxiliary modules
  • Working with auxiliary admin modules
  • SQL injection and DoS attack module
  • Post-exploitation modules
  • Understanding the basics of module building
  • Analyzing an existing module
  • Building your own post-exploitation module

Exploring Exploits

  • Exploiting the module structure
  • Working with msfvenom
  • Converting an exploit to a Metasploit module
  • Porting and testing the new exploit module
  • Fuzzing with Metasploit
  • Writing a simple FileZilla FTP fuzzer

VoIP Penetration Testing

  • Scanning and enumeration phase
  • Yielding passwords
  • VLAN hopping
  • VoIP MAC spoofing
  • Impersonation attack
  • DoS attack

Wireless Network Penetration Testing

  • Setting up and running Fern WiFi Cracker
  • Sniffing interfaces with tcpdump
  • Cracking WEP and WPA with Fern WiFi Cracker
  • Session hijacking via a MAC address
  • Locating a target’s geolocation
  • Understanding an evil twin attack
  • Configuring Karmetasploit

Social-Engineer Toolkit

  • Getting started with the Social-Engineer Toolkit (SET)
  • Working with the SET config file
  • Working with the spear-phishing attack vector
  • Website attack vectors
  • Working with the multi-attack web method
  • Infectious media generator

Working with Meterpreter

  • Understanding the Meterpreter system, filesystem, networking commands
  • Privilege escalation and process migration
  • Setting up multiple communication channels with the target
  • Meterpreter anti-forensics – timestomp
  • The getdesktop and keystroke sniffing
  • Using a scraper Meterpreter script
  • Passing the hash
  • Setting up a persistent connection with backdoors
  • Pivoting with Meterpreter
  • Port forwarding with Meterpreter
  • Meterpreter API and mixins
  • Railgun – converting Ruby into a weapon
  • Adding DLL and function definition to Railgun
  • Building a “Windows Firewall De-activator” Meterpreter script
  • Analyzing an existing Meterpreter script
  • Injecting the VNC server remotely
  • Exploiting a vulnerable PHP application
  • Incognito attack with Meterpreter

Pentesting in the Cloud

Running and targeting pentesting in the cloud. Some general ideas still valid, but particulars quite different now.

Credits and References

About LCK#92 securitybook
Project Source on GitHub Return to the Project Catalog

This page is a web-friendly rendering of my project notes shared in the LittleCodingKata GitHub repository.

LittleCodingKata is my collection of programming exercises, research and code toys broadly spanning things that relate to programming and software development (languages, frameworks and tools).

These range from the trivial to the complex and serious. Many are inspired by existing work and I'll note credits and references where applicable. The focus is quite scattered, as I variously work on things new and important in the moment, or go back to revisit things from the past.

This is primarily a personal collection for my own edification and learning, but anyone who stumbles by is welcome to borrow, steal or reference the work here. And if you spot errors or issues I'd really appreciate some feedback - create an issue, send me an email or even send a pull-request.