Cargando…
Metasploit : the penetration tester's guide /
"The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, documentation is lacking and the tool can be hard to grasp for first-time users. Metasploit: A Penetration Teste...
| Clasificación: | Libro Electrónico |
|---|---|
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
San Francisco, CA :
No Starch Press,
2011.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Foreword; Preface; Acknowledgments; Special Thanks; Introduction; Why Do a Penetration Test?; Why Metasploit?; A Brief History of Metasploit; About This Book; What's in the Book?; A Note on Ethics; 1: The Absolute Basics of Penetration Testing; The Phases of the PTES; Pre-engagement Interactions; Intelligence Gathering; Threat Modeling; Vulnerability Analysis; Exploitation; Post Exploitation; Reporting; Types of Penetration Tests; Overt Penetration Testing; Covert Penetration Testing; Vulnerability Scanners; Pulling It All Together; 2: Metasploit Basics; Terminology; Exploit; Payload.
- ShellcodeModule; Listener; Metasploit Interfaces; MSFconsole; MSFcli; Armitage; Metasploit Utilities; MSFpayload; MSFencode; Nasm Shell; Metasploit Express and Metasploit Pro; Wrapping Up; 3: Intelligence Gathering; Passive Information Gathering; whois Lookups; Netcraft; NSLookup; Active Information Gathering; Port Scanning with Nmap; Working with Databases in Metasploit; Port Scanning with Metasploit; Targeted Scanning; Server Message Block Scanning; Hunting for Poorly Configured Microsoft SQL Servers; SSH Server Scanning; FTP Scanning; Simple Network Management Protocol Sweeping.
- Writing a Custom ScannerLooking Ahead; 4: Vulnerability Scanning; The Basic Vulnerability Scan; Scanning with NeXpose; Configuration; Importing Your Report into the Metasploit Framework; Running NeXpose Within MSFconsole; Scanning with Nessus; Nessus Configuration; Creating a Nessus Scan Policy; Running a Nessus Scan; Nessus Reports; Importing Results into the Metasploit Framework; Scanning with Nessus from Within Metasploit; Specialty Vulnerability Scanners; Validating SMB Logins; Scanning for Open VNC Authentication; Scanning for Open X11 Servers; Using Scan Results for Autopwning.
- 5: The Joy of ExploitationBasic Exploitation; msf> show exploits; msf> show auxiliary; msf> show options; msf> show payloads; msf> show targets; info; set and unset; setg and unsetg; save; Exploiting Your First Machine; Exploiting an Ubuntu Machine; All-Ports Payloads: Brute Forcing Ports; Resource Files; Wrapping Up; 6: Meterpreter; Compromising a Windows XP Virtual Machine; Scanning for Ports with Nmap; Attacking MS SQL; Brute Forcing MS SQL Server; The xp_cmdshell; Basic Meterpreter Commands; Capturing Keystrokes; Dumping Usernames and Passwords; Extracting the Password Hashes.
- Dumping the Password HashPass the Hash; Privilege Escalation; Token Impersonation; Using ps; Pivoting onto Other Systems; Using Meterpreter Scripts; Migrating a Process; Killing Antivirus Software; Obtaining System Password Hashes; Viewing All Traffic on a Target Machine; Scraping a System; Using Persistence; Leveraging Post Exploitation Modules; Upgrading Your Command Shell to Meterpreter; Manipulating Windows APIs with the Railgun Add-On; Wrapping Up; 7: Avoiding Detection; Creating Stand-Alone Binaries with MSFpayload; Evading Antivirus Detection; Encoding with MSFencode; Multi-encoding.