Metasploit: Hands-on Guide to Pentesting with Metasploit
- 8.5 hours on-demand video
- 1 downloadable resource
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Get to know the absolute basics of the Metasploit framework
- Set up the Metasploit environment along with your own virtual testing lab.
- Deep dive into Metasploit for information gathering and enumeration before planning the blueprint for the attack on the target system.
- Leverage Metasploit capabilities to perform Web application security scanning.
- Find and exploit vulnerabilities in networks and web applications effectively.
- Perform Vulnerability assessment and Penetration testing with Metasploit
- Attack on a remote machine using group of exploits.
- No knowledge about Metasploit is assumed as you will go from a beginner to an expert in Metasploit in no time!
Metasploit is a popular penetration testing framework and has one of the largest exploit databases around. It is also called as playground for hackers where they demonstrate their skill by protecting or damaging the target. So if you wish to to carry out elementary penetration testing in highly secured environments then, this course is for you!
With this easy to digest practical guide to Metasploit, you will first learn how to correctly configure Metasploit & how to troubleshoot potential errors, as well as scan the different services to identify vulnerabilities. Then you will learn to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Along with this, learn how hackers use the network to gain access to different systems. Moving on, you will gain deep knowledge about web application security scanning and bypassing anti-virus and clearing traces on the target system post-compromise. Finally, you'll explore how exploits and payloads work together to gain access to systems.
By end of this course you will be able to use Metasploit to quickly assess the security structure of systems and networks to reduce risk.
Contents and Overview
This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Beginning Metasploit teaches you the practical implementation of Metasploit. Each section will get you started with Metasploit by enumerating available services, identifying potential weaknesses, and testing vulnerabilities through exploitation. The course will show you how to correctly configure Metasploit and how to troubleshoot potential errors. You will scan the different services to identify vulnerabilities. Finally, you will explore sophisticated, real-world scenarios where performing penetration tests is a challenge.
The second course, Learning Metasploit will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further, in the video, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post-compromise. This video will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this course, you'll get the hang of bypassing different defences, after which you'll learn how hackers use the network to gain access to different systems.
The third course, Hands-On Penetration Testing with Metasploit will help you explore several supporting tools on Kali Linux. Next, you'll explore how exploits and payloads work together to gain access to systems. Finally, you'll learn how Metasploit Framework works. By the end of this course, you'll have a better understanding of how to use Metasploit to quickly assess the security posture of systems and networks to reduce the risk of attack.
About the Authors:
Alexis Ahmed is an experienced Ethical Hacker and Cyber Security Expert with over 6 years' experience, He also develops Android apps and games in his free time. In addition, he is also a Web Developer with over 4 years' experience and he loves creating beautiful and functional websites for clients all over the world. He also has a YouTube channel with over 60,000 subscribers (and more than 2 million views!) where he makes videos on Ethical Hacking, Linux, and programming.
Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cybercrime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a master’s degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciation from senior officials of the police and defence organizations in India. Sagar has also been a reviewer and author for various books and online publications
Sunil Gupta;He is a Certified Ethical Hacker. Currently he teaches 50,000+ students online in 150+ countries. He is a specialist in the Ethical Hacking and Cyber Security areas. Author strengths – Vulnerability Assessment, Penetration Testing, Intrusion Detection, Risk Identification, Data Analysis, Report and Briefing.
- This course is aimed at penetration tester, ethical hacker, or security consultant who wants to understand the Metasploit framework and carry out penetration testing in highly secured environments.
Metasploit is essentially a robust and versatile penetration testing framework. It can literally perform all tasks that are involved in a penetration testing life cycle. Also, since it's a complete framework and not just an application, it can be customized and extended as per our requirements.
See phases of penetration testing life cycle
Kali Linux requires no installation. Metasploit comes pre-installed with the Kali Virtual machine. All the supporting tools also come pre-installed with the Kali Virtual Machine. Save time and effort in setting up Metasploit and other supporting tools individually.
Download the Kali Linux virtual machine
Extract it from zip file
Open the terminal and type msfconsole
Metasploit Framework can be easily installed on a Windows based operating system. However, Windows is usually not the platform of choice for deploying Metasploit Framework, the reason being, that many of the supporting tools and utilities are not available for Windows platform. Hence it's strongly recommended to install the Metasploit Framework on Linux platform.
Download the latest Metasploit Windows installer
Type msfconsole and hit Enter
Open a terminal window and type
Metasploit is a powerful penetration testing framework which, if not used in a controlled manner, can cause potential damage to the target system. For the sake of learning and practicing Metasploit, we can certainly not use it on any live production system for which we don't have any authorized permission.
Extract Metasploitable virtual machine from the zip file to any location
Select the amount of memory allocated to the Virtual machine
Select the view tab and choose full screen mode
The best way to learn the structure of Metasploit is to browse through its directory. When using a Kali Linux. The Metasploit Framework has a very clear and well-defined structure, and the tools/utilities within the framework are organized based on their relevance in various phases of the penetration testing life cycle. The Metasploit Framework has various component categories based on their role in the penetration testing phases.
Look at the anatomy of Metasploit
The msfconsole is nothing but a simple command-line interface of the Metasploit Framework. Though msfconsole may appear a bit complex initially, it is the easiest and most flexible way to interact with the Metasploit Framework.
Look at the banner command
See version command
Explore route command
For most exploits that we use within the Metasploit Framework, we need to set values to some of the variables. The Metasploit Framework is commercially backed by Rapid 7 and has a very active development community.
Look at the get command
Understand getg command
Explore msfupdate utility
In this section, we'll explore various auxiliary modules within the Metasploit Framework that can be effectively used for information gathering and enumeration of various protocols such as TCP, UDP, FTP, SMB, SMTP, HTTP, SSH, DNS, and RDP. For each of these protocols, you will learn multiple auxiliary modules along with the necessary variable configurations.
Use its auxiliary module for various protocols
Set the parameters
Run the command
Password sniffing is a special type of auxiliary module that listens on the network interface and looks for passwords sent over various protocols such as FTP, IMAP, POP3, and SMB. Shodan is an advanced search engine that is used to search for internet connected devices such as webcams and SCADA systems.
Use its auxiliary module
Run the module
Type username and password
While performing such tasks, a lot of data is generated in some form or the other. From the framework perspective, it is essential to store all data safely so that it can be reused efficiently whenever required. By default, the Metasploit Framework uses PostgreSQL database at the backend to store and retrieve all the required information.
Look at the usage of the workspace
Execute hosts and services commands
Nessus is a popular vulnerability assessment tool. Now, there are two alternatives of using Nessus with Metasploit, as follows: Perform a Nessus scan on the target system, save the report, and then import it into the Metasploit Framework using the db_import command.
Next is to Load, initiate, and trigger a Nessus scan on the target system directly through msfconsole.
Scan using Nessus from msfconsole
Launch the scan
Get list of hosts from a report
Previously, we used the MS08_067net api vulnerability in our target system and got complete administrator-level access to the system. Now, the exploit was successful only because the attacker's system and the target system both were on the same network. What if the network of attacker’s system and victim’s system were different?
Learn how to exploit the target system
Earlier, the Metasploit Framework offered two different utilities, namely, msfpayload and msfencode. The msfpayload was used to generate a payload in a specified format and the msfencode was used to encode and obfuscate the payload using various algorithms. However, the newer and the latest version of the Metasploit Framework has combined both of these utilities into a single utility called msfvenom.
Explore various lists
Set up the listener
Look at the VBA
Social engineering is an art of manipulating human behavior in order to bypass the security controls of the target system. Let's take the example of an organization, which follows very stringent security practices. All the systems are hardened and patched. The latest security software is deployed. Technically, it's very difficult for an attacker to find and exploit any vulnerability. However, the attacker somehow manages to befriend the network administrator of that organization and then tricks him to reveal the admin credentials. This is a classic example where humans are always the weakest link in the security chain.
Generate malicious PDF
Infect the media drives
We need to set up a test application environment in which we can fire our tests. As we know that metasploitable2 is a Linux distribution that is deliberately made vulnerable. It also contains web applications that are intentionally made vulnerable, and we can leverage this to practice using Metasploit's web scanning modules.
Configure the IP
Access it remotely from any web browser
We have already seen how to use the msfvenom utility to generate various payloads. However, these payloads if used as-is are most likely to be detected by antivirus programs. In order to avoid antivirus detection of our payload, we need to use encoders offered by the msfvenom utility.
Use Shikata_ga_nai encoder
Explore opt_sub encoder
Execute 7-zip compression utility
Armitage is nothing but a GUI tool for performing and managing all the tasks that otherwise could have been performed through msfconsole. Armitage helps visualize the targets, automatically recommends suitable exploits, and exposes the advanced post-exploitation features in the framework.
Start the Armitage console
Previously, we added a host to the Armitage console and performed a port scan and enumeration on it using NMAP. Now, we know that it's running a Debian-based Linux system. The next step is to find all possible attacks matching our target host.
Select the Attacks menu and click on find Attacks
See the list of applicable exploits by right-clicking on the host
Select the attack type as PostgreSQL for Linux Payload Execution
Let's consider that you have written an exploit code for a new zero-day vulnerability. Now, to include the exploit code officially into the Metasploit Framework, it has to be in a particular format. Fortunately, you just need to concentrate on the actual exploit code, and then simply use a template to insert it in the required format.
Understand exploit module skeleton
Look at Metasploit mixins in detail
New vulnerabilities across various applications and products are found on a daily basis. For most newly found vulnerabilities, an exploit code is also made public. Now, the exploit code is quite often in a raw format and not readily usable. Also, it might take some time before the exploit is officially made available as a module within the Metasploit Framework. However, we can manually add an external exploit module in the Metasploit Framework and use it like any other existing exploit module.
Download the MS17-010 module
Start msfconsole and issue a reload_all command
Use the use exploit command