What this book covers

Chapter 1, Getting Started with Metasploit, takes us through the absolute basics of doing a penetration test with Metasploit. It helps in establishing a plan and setting up the environment for testing. Moreover, it takes us through the various stages of a penetration test systematically, while covering some cutting edge post-exploitation modules. It further discusses the advantages of using Metasploit over traditional and manual testing.

Chapter 2, Identifying and Scanning Targets, covers intelligence gathering and scanning using Metasploit. The chapter focuses on scanning a variety of different services such as FTP, MSSQL, SNMP, HTTP, SSL, NetBIOS, and so on. The chapter also dismantles the format, the inner working of scanning modules, and sheds light on libraries used for building modules.

Chapter 3, Exploitation and Gaining Access, moves our discussion to exploiting real-world software. The chapter mixes up a combination of critical and med/low entropy vulnerabilities, and presents them together as a challenge. The chapter also discusses escalation and better quality of access, while discussing challenging topics such as Android and browser exploitation. At the end, the chapter discusses techniques to convert a non-Metasploit exploit to a Metasploit-compatible exploit module.

Chapter 4, Post-Exploitation with Metasploit, talks about the basic and advanced post-exploitation features of Metasploit. The chapter discusses the essential post-exploitation features available on the meterpreter payload and advanced and hardcore post-exploitation, while storming through privilege escalation for both Windows and Linux operating systems.

Chapter 5, Testing Services with Metasploit, moves the discussion on to performing a penetration test with various services. This chapter covers some important modules in Metasploit that help in testing SCADA, MySQL databases, and VOIP services.

Chapter 6, Fast-Paced Exploitation with Metasploit, moves the discussion on to building strategies and scripts that expedite the penetration testing process. Not only does this chapter help with vital know-how about improving the penetration testing process, it also uncovers many features of Metasploit that save time while scripting exploits. At the end, the chapter also discusses automating the post-exploitation process.

Chapter 7, Exploiting Real-World Challenges with Metasploit, moves the action to an environment simulating real-world problems. This chapter focuses on techniques used in the day-to-day life of a penetration tester, which also means where the exploitation is not just a piece of cake; you will have to earn the means to exploit the scenarios. Techniques such as brute-force, identifying applications, pivoting to internal networks, cracking hashes, finding passwords in clear text, evading antivirus detection, forming complex SQL queries, and enumerating data from DBs are a few of the techniques that you will learn in this chapter.