Metasploit : The Penetration Tester's Guide
David. Kennedy
Bok Engelsk 2011 · Electronic books.
| Utgitt | San Francisco : : No Starch Press, , 2011.
|
|---|---|
| Omfang | 1 online resource (332 p.)
|
| Utgave | 1. utg.
|
| Opplysninger | Description based upon print version of record.. - Foreword; Preface; Acknowledgments; Special Thanks; Introduction; Why Do a Penetration Test?; Why Metasploit?; A Brief History of Metasploit; About This Book; What's in the Book?; A Note on Ethics; 1: The Absolute Basics of Penetration Testing; The Phases of the PTES; Pre-engagement Interactions; Intelligence Gathering; Threat Modeling; Vulnerability Analysis; Exploitation; Post Exploitation; Reporting; Types of Penetration Tests; Overt Penetration Testing; Covert Penetration Testing; Vulnerability Scanners; Pulling It All Together; 2: Metasploit Basics; Terminology; Exploit; Payload. - 5: The Joy of ExploitationBasic Exploitation; msf> show exploits; msf> show auxiliary; msf> show options; msf> show payloads; msf> show targets; info; set and unset; setg and unsetg; save; Exploiting Your First Machine; Exploiting an Ubuntu Machine; All-Ports Payloads: Brute Forcing Ports; Resource Files; Wrapping Up; 6: Meterpreter; Compromising a Windows XP Virtual Machine; Scanning for Ports with Nmap; Attacking MS SQL; Brute Forcing MS SQL Server; The xp_cmdshell; Basic Meterpreter Commands; Capturing Keystrokes; Dumping Usernames and Passwords; Extracting the Password Hashes. - Custom Executable Templates. - Dumping the Password HashPass the Hash; Privilege Escalation; Token Impersonation; Using ps; Pivoting onto Other Systems; Using Meterpreter Scripts; Migrating a Process; Killing Antivirus Software; Obtaining System Password Hashes; Viewing All Traffic on a Target Machine; Scraping a System; Using Persistence; Leveraging Post Exploitation Modules; Upgrading Your Command Shell to Meterpreter; Manipulating Windows APIs with the Railgun Add-On; Wrapping Up; 7: Avoiding Detection; Creating Stand-Alone Binaries with MSFpayload; Evading Antivirus Detection; Encoding with MSFencode; Multi-encoding. - ShellcodeModule; Listener; Metasploit Interfaces; MSFconsole; MSFcli; Armitage; Metasploit Utilities; MSFpayload; MSFencode; Nasm Shell; Metasploit Express and Metasploit Pro; Wrapping Up; 3: Intelligence Gathering; Passive Information Gathering; whois Lookups; Netcraft; NSLookup; Active Information Gathering; Port Scanning with Nmap; Working with Databases in Metasploit; Port Scanning with Metasploit; Targeted Scanning; Server Message Block Scanning; Hunting for Poorly Configured Microsoft SQL Servers; SSH Server Scanning; FTP Scanning; Simple Network Management Protocol Sweeping. - Writing a Custom ScannerLooking Ahead; 4: Vulnerability Scanning; The Basic Vulnerability Scan; Scanning with NeXpose; Configuration; Importing Your Report into the Metasploit Framework; Running NeXpose Within MSFconsole; Scanning with Nessus; Nessus Configuration; Creating a Nessus Scan Policy; Running a Nessus Scan; Nessus Reports; Importing Results into the Metasploit Framework; Scanning with Nessus from Within Metasploit; Specialty Vulnerability Scanners; Validating SMB Logins; Scanning for Open VNC Authentication; Scanning for Open X11 Servers; Using Scan Results for Autopwning. - The Metasploit Framework is a powerful suite of tools that hackers and security researchers use to investigate, exploit, and repair potential software vulnerabilities. It is the de facto solution for offensive security research and penetration testing worldwide. Metasploit: The Penetration Tester's Guide is the definitive manual for using the Metasploit Framework to evaluate network security by launching malicious attacks. It takes readers from the basics of information security to advanced techniques for penetration testing, including network reconnaissance and enumeration, server- and client
|
| Emner | |
| Sjanger | |
| Dewey | |
| ISBN | 9781593272883
|
