Jaswal - Mastering Metasploit: Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha
Acquisition Editor: Rohit Rajkumar
Content Development Editor: Abhishek Jadhav
Technical Editor: Aditya Khadye
Copy Editor: Safis Editing, Dipti Mankame
Project Coordinator: Judie Jose
Proofreader: Safis Editing
Indexer: Priyanka Dhadke
Graphics: Tom Scaria
Production Coordinator: Deepika Naik

First published: May 2014
Second edition: September 2016
Third edition: May 2018

Production reference: 1240518

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78899-061-5

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Nipun Jaswal is an International Cyber Security Author and an award-winning IT security researcher with a decade of experience in penetration testing, vulnerability assessments, surveillance and monitoring solutions, and RF and wireless hacking.

He has authored Metasploit Bootcamp, Mastering Metasploit, and Mastering MetasploitSecond Edition, and coauthored the Metasploit Revealed set of books. He has authored numerous articles and exploits that can be found on popular security databases, such as packet storm and exploit-db. Please feel free to contact him at @nipunjaswal.

Sagar Rahalkar, is a seasoned InfoSec professional with more than 11 years of experience in various verticals of IS. His domain expertise is mainly in Digital Forensics, AppSec, VAPT, and IT GRC. He holds a master's degree in computer science and several industry-recognized certifications, such as Certified Cyber Crime Investigator, CEH, ECSA, ISO 27001 Lead Auditor, IBM AppScan, CISM, and PRINCE2. He has independently authored two books and reviewed several publications as well.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Penetration testing is required everywhere in business today. With the rise of cyber and computer-based crime over the past few years, penetration testing has become one of the core aspects of network security and helps keep a business secure from internal and external threats. The reason that penetration testing is a necessity is that it helps uncover potential flaws in a network, a system, or an application. Moreover, it helps identify weaknesses and threats from an attacker's perspective. Various inherent weaknesses in a system are exploited to find out the impact it can have on an organization and the risk to the assets that exist as well. However, the success rate of a penetration test depends mostly on knowledge of the target under test. Therefore, we generally approach a penetration test using two different methods: black box testing and white box testing. Black box testing refers to testing where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. However, in the case of a white box penetration test, a penetration tester has knowledge about the target under test and starts off by identifying weaknesses of the target. In general, a penetration test is divided into seven different phases, which are as follows:

• Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions, basically, everything you need to discuss with the client before the testing starts.
• Intelligence gathering: This phase is all about collecting information about the target under test, by connecting to the target directly and passively, and without connecting to the target at all.