Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Mastering Metasploit

You're reading from Mastering Metasploit Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit

Product type Paperback

Published in May 2018

Publisher Packt

ISBN-13 9781788990615

Length 492 pages

Edition 3rd Edition

Languages

Python

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Nipun Jaswal

View More author details

Table of Contents (20) Chapters

Title Page

Copyright and Credits

Dedication

Packt Upsell

Contributors

Preface

1. Approaching a Penetration Test Using Metasploit FREE CHAPTER

2. Reinventing Metasploit

3. The Exploit Formulation Process

4. Porting Exploits

5. Testing Services with Metasploit

6. Virtual Test Grounds and Staging

7. Client-Side Exploitation

8. Metasploit Extended

9. Evasion with Metasploit

10. Metasploit for Secret Agents

11. Visualizing with Armitage

12. Tips and Tricks

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Maintaining access using vulnerabilities in common software

The DLL search order hijacking/DLL planting technique is one of my favorite persistence-gaining methods in achieving long-time access while evading the eyes of the administrators. Let's talk about this technique in the next section.

DLL search order hijacking

As the name suggests, the DLL search order hijacking vulnerability allows an attacker to hijack the search order of DLLs loaded by a program and will enable them to insert a malicious DLL instead of a legit one.

Mostly, software, once executed, will look for DLL files in its current folder and System32 folder. However, sometimes the DLLs, which are not found in its current directory, are then searched in the System32 folder instead of directly loading them from System32 first-hand. This situation can be exploited by an attacker where they can put a malicious DLL file in the current folder and hijack the flow which would have otherwise loaded the DLL from the System32 folder. Let...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at £13.99/month. Cancel anytime

Authors (1)

Nipun Jaswal

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal

Other recommended products

Related to this chapter

Mastering Metasploit

Mastering Metasploit

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself for the attacks you will face every day by simulating real-world possibilities.

Jun 2020 16h 44m

Metasploit Bootcamp

Metasploit Bootcamp

Metasploit Bootcamp will enable readers to gain hands-on knowledge on Penetration testing with Metasploit in various environments using a boot camp style approach. The readers will learn about Scanning, fingerprinting and exploiting different software. They will also learn about testing on services like Databases, VOIP and other known and unknown services. Attacking client side and scripting attacks would be made easy with this book. Overall the readers would learn how to test various devices and learn how to integrate Metasploit with industry's leading tools.

May 2017 7h 40m

Metasploit for Beginners

Metasploit for Beginners

Metasploit for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. This book would help the reader absorb the essential concepts on using Metasploit framework for comprehensive penetration testing. By the end of the book, the reader would feel confident on having gained sufficient hands-on knowledge on effectively utilizing the framework in real world scenarios.

Jul 2017 6h 20m

Metasploit 5.0 for Beginners

Metasploit 5.0 for Beginners

Metasploit 5.x for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. You will be able to analyze, identify, and exploit threats and vulnerabilities to secure your IT environment.

Apr 2020 8h 12m

Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.

Feb 2018 14h 12m

Penetration Testing with Shellcode

Penetration Testing with Shellcode

Security has always been a major concern for your application, your system, or your environment. This book's main goal is to build your skills for low-level security exploits, finding vulnerabilities and covering loopholes with shellcode, assembly, and Metasploit.

Feb 2018 11h 32m

Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book will be packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) as per your requirements and move on to core functionalities.

Oct 2017 12h 32m

Hands-On Web Penetration Testing with Metasploit

Hands-On Web Penetration Testing with Metasploit

Metasploit is one of the best frameworks used for enumeration and exploitation of vulnerabilities. This book will not only give you a practical understanding of Metasploit but will also cover some less known modules and auxiliaries for pentesting Web Applications.

May 2020 18h 8m

Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4/2019) as per your requirements and help you move on to core functionalities.

Mar 2019 15h 44m

Hands-On Red Team Tactics

Hands-On Red Team Tactics

Red teaming is a process in which you use an attacker-like approach to secure your system, data, and network from getting breached. The main goal of the book is to equip the readers with the means to a smooth transition from a pen tester to a red teamer by focusing on the uncommon yet effective methods in a red teaming activity.

Sep 2018 16h 0m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Learn Penetration Testing

Learn Penetration Testing

A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). This book teaches you various penetration testing techniques in order to become a proficient Penetration tester.

May 2019 14h 8m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m