Jaswal - Metasploit bootcamp: a fast-paced guide to enhance your pentesting skills

BIRMINGHAM - MUMBAI

This book was downloaded from AvaxHome!

Visit my blog with more new books:

https://avxhm.se/blogs/AlenMiler

Copyright 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: May 2017

Production reference: 1220517

ISBN 978-1-78829-713-4

www.packtpub.com

This book was downloaded from AvaxHome!

Visit my blog with more new books:

https://avxhm.se/blogs/AlenMiler

Nipun Jaswal is an IT security business executive and a passionate IT security researcher with more than seven years of professional experience, who possesses knowledge in all aspects of IT security testing and implementation, with expertise in managing cross-cultural teams and planning the execution of security needs beyond national boundaries.

He is an M.tech in Computer Sciences and a thought leader who has contributed to raising the bar of understanding on cyber safety and ethical hacking among students of many colleges and universities in India. He is a voracious public speaker and talks about improving IT security, insider threats, social engineering, wireless forensics, and exploit writing. He is the author of numerous IT security articles with modern security magazines such as Eforensics, Hakin9, Security Kaizen, and many more. Many famous companies, such as Apple, Microsoft, AT&T, Offensive Security, Rapid7, Blackberry, Nokia, www.zynga.com, and many others have thanked him for finding vulnerabilities in their systems. He has also been acknowledged with the Award of Excellence from the National Cyber Defense and Research Center (NCDRC) for his tremendous contributions to the IT security industry.

In his current profile, he leads a team of super specialists in cyber security to protect various clients from cyber security threats and network intrusion by providing permanent solutions and services. Please feel free to contact him via e-mail at mail@nipunjaswal.info .

At the very first, I would like to thank everyone who read the Mastering Metasploit first and second edition. I would like to thank my mother for being a source of inspiration throughout my life. I would like to thank my team of superheroes including Adhokshaj Mishra for carrying out smooth operations and helping me out while I was working on this. I am thankful to Shivam, Deepankar, and Tajinder for not letting me feel stressed out by planning amazing trips. I would like to thank Mr. Adrian Pruteanu for reviewing my work and suggesting all the changes. I would like to thank everyone at Packt including Prachi, Namrata, and especially Trusha for being incredibly supportive, patient and responsive even on weekends. Last but not the least; I would like to thank the almighty for providing me with the immense power to work on this project.

Adrian Pruteanu is a senior consultant who specializes in penetration testing and reverse engineering. With over 10 years of experience in the security industry, Adrian has provided services to all major financial institutions in Canada, as well as countless other companies around the world. You can find him on Twitter as @waydrian, or on his seldom updated blog, bittherapy.net.

For support files and downloads related to your book, please visit www.PacktPub.com .

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/178829713X.

If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Penetration testing is the one necessity required everywhere in business today. With the rise of cyber and computer-based crime in the past few years, penetration testing has become one of the core aspects of network security and helps in keeping a business secure from internal as well as external threats. The reason that makes penetration testing a necessity is that it helps in uncovering the potential flaws in a network, a system, or application. Moreover, it helps in identifying weaknesses and threats from an attacker's perspective. Various potential flaws in a system are exploited to find out the impact they can cause to an organization, and the risk factors to the assets as well. However, the success rate of a penetration test depends primarily on the knowledge of the target under test. Therefore, we approach a penetration test using two different methods: black box testing and white box testing. Black box testing refers to testing where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. Whereas, in the case of a white box penetration test, a penetration tester has enough knowledge about the target under test and he starts off by identifying the known and unknown weaknesses of the target. A penetration test is divided into seven different phases, which are as follows: