Metasploit Penetration Testing Cookbook : Over 80 Recipes to Master the Most Widely Used Penetration Testing Framework /
This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick. This book targets both professional penetration testers as well as new users o...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Otros Autores: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham, UK :
Packt Publishing,
2013.
|
Edición: | Second edition. |
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Cover; Preface; Chapter 1: Metasploit Quick Tips for Security Professionals; Introduction; Configuring Metasploit on Windows; Configuring Metasploit on Ubuntu; Installing Metasploit with BackTrack 5 R3; Setting up penetration testing using VMware; Setting up Metasploit on a virtual machine with SSH connectivity; Installing and configuring PostgreSQL in BackTrack 5 R3; Using the database to store the penetration testing results; Working with BBQSQL; Chapter 2: Information Gathering and Scanning.
- IntroductionPassive information gathering; Port scanning
- the Nmap way; Port scanning
- the DNmap way; Using keimpx
- an SMB credentials scanner; Detecting SSH versions with the SSH version scanner; FTP scanning; SNMP sweeping; Vulnerability scanning with Nessus; Scanning with NeXpose; Working with OpenVAS
- a vulnerability scanner; Chapter 3: Operating-System-based Vulnerability Assessment; Introduction; Penetration testing on a Windows XP SP2 machine; Binding a shell to the target for remote access; Penetration testing on Windows 8; Exploiting a Linux (Ubuntu) machine.
- Understanding the Windows DLL injection flawsChapter 4: Client-side Exploitation and Antivirus Bypass; Introduction; Exploiting Internet Explorer execCommand Use-After-Free vulnerability; Understanding Adobe Flash Player ""new function"" invalid pointer use; Understanding Microsoft Word RTF stack buffer overflow; Working with Adobe Reader U3D Memory Corruption; Generating binary and shell code from msfpayload; Msfencoding schemes with the detection ratio; Using the killav.rb script to disable the antivirus programs; Killing the antiviruses' services from the command line.
- Working with the syringe utilityChapter 5: Working with Modules for Penetration Testing; Introduction; Working with scanner auxiliary modules; Working with auxiliary admin modules; SQL injection and DoS attack module; Post-exploitation modules; Understanding the basics of module building; Analyzing an existing module; Building your own post-exploitation module; Chapter 6: Exploring Exploits; Introduction; Exploiting the module structure; Working with msfvenom; Converting an exploit to a Metasploit module; Porting and testing the new exploit module; Fuzzing with Metasploit.
- Writing a simple FileZilla FTP fuzzerChapter 7: VoIP Penetration Testing; Introduction; Scanning and enumeration phase; Yielding passwords; VLAN hopping; VoIP MAC spoofing; Impersonation attack; DoS attack; Chapter 8: Wireless Network Penetration Testing; Introduction; Setting up and running Fern WiFi Cracker; Sniffing interfaces with tcpdump; Cracking WEP and WPA with Fern WiFi Cracker; Session hijacking via a MAC address; Locating a target's geolocation; Understanding an evil twin attack; Configuring Karmetasploit; Chapter 9: Social-Engineer Toolkit; Introduction.