Packt+ | Advance your knowledge in tech

You're reading from Learn Ethical Hacking from Scratch Your stepping stone to penetration testing

Product type Paperback

Published in Jul 2018

Publisher Packt

ISBN-13 9781788622059

Length 564 pages

Edition 1st Edition

Languages

Scratch

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Sabih

View More author details

Table of Contents (29) Chapters

Title Page

Packt Upsell

Contributors

Preface

1. Introduction FREE CHAPTER

2. Setting Up a Lab

3. Linux Basics

4. Network Penetration Testing

5. Pre-Connection Attacks

6. Network Penetration Testing - Gaining Access

7. Post-Connection Attacks

8. Man-in-the-Middle Attacks

9. Network Penetration Testing, Detection, and Security

10. Gaining Access to Computer Devices

11. Scanning Vulnerabilities Using Tools

12. Client-Side Attacks

13. Client-Side Attacks - Social Engineering

14. Attack and Detect Trojans with BeEF

15. Attacks Outside the Local Network

16. Post Exploitation

17. Website Penetration Testing

18. Website Pentesting - Information Gathering

19. File Upload, Code Execution, and File Inclusion Vulnerabilities

20. SQL Injection Vulnerabilities

21. Cross-Site Scripting Vulnerabilities

22. Discovering Vulnerabilities Automatically Using OWASP ZAP

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Server-side attacks – Metasploit basics

In this section, we're going to look at an example of a very simple thing: a backdoor. Some programs or services are shipped with backdoors embedded in them. We're going to exploit this, and we are choosing this very simple exploit because we are going to look at a framework called Metasploit. We will be using this framework a lot. We are going to start with something simple and then we're going to go deeper into the framework. First, let's look at how we can find that exploit. Again, using the same method that we've always been using, we have an Nmap scan; as we know, we're going to go on each port and Google them, looking for exploits. We are going to Google the service name vsftpd 2.3.4 exploit. It's the service name followed by exploit. We can see that the first result comes in from a website called Rapid7. Rapid7 is a company that makes the Metasploit framework, so that's why we chose this particular exploit. We're going to exploit this service...