万本电子书0元读

万本电子书0元读

顶部广告

Metasploit Bootcamp电子书

售       价:¥

6人正在读 | 0人评论 9.8

作       者:Nipun Jaswal

出  版  社:Packt Publishing

出版时间:2017-05-25

字       数:16.8万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Master the art of penetration testing with Metasploit Framework in 7 days About This Book ? A fast-paced guide that will quickly enhance your penetration testing skills in just 7 days ? Carry out penetration testing in complex and highly-secured environments. ? Learn techniques to Integrate Metasploit with industry’s leading tools Who This Book Is For If you are a penetration tester, ethical hacker, or security consultant who quickly wants to master the Metasploit framework and carry out advanced penetration testing in highly secured environments then, this book is for you. What You Will Learn ? Get hands-on knowledge of Metasploit ? Perform penetration testing on services like Databases, VOIP and much more ? Understand how to Customize Metasploit modules and modify existing exploits ? Write simple yet powerful Metasploit automation *s ? Explore steps involved in post-exploitation on Android and mobile platforms. In Detail The book starts with a hands-on Day 1 chapter, covering the basics of the Metasploit framework and preparing the readers for a self-completion exercise at the end of every chapter. The Day 2 chapter dives deep into the use of scanning and fingerprinting services with Metasploit while helping the readers to modify existing modules according to their needs. Following on from the previous chapter, Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick *s that helps with gathering the required information from the exploited systems. The Day 5 chapter presents the reader with the techniques involved in scanning and exploiting various services, such as databases, mobile devices, and VOIP. The Day 6 chapter prepares the reader to speed up and integrate Metasploit with leading industry tools for penetration testing. Finally, Day 7 brings in sophisticated attack vectors and challenges based on the user’s preparation over the past six days and ends with a Metasploit challenge to solve. Style and approach This book is all about fast and intensive learning. That means we don’t waste time in helping readers get started. The new content is basically about filling in with highly-effective examples to build new things, show solving problems in newer and unseen ways, and solve real-world examples.
目录展开

Title Page

Copyright

Credits

About the Author

About the Reviewer

www.PacktPub.com

Customer Feedback

Dedication

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

Getting Started with Metasploit

Setting up Kali Linux in a virtual environment

The fundamentals of Metasploit

Basics of Metasploit Framework

Architecture of Metasploit

Metasploit Framework console and commands

Benefits of using Metasploit

Penetration testing with Metasploit

Assumptions and testing setup

Phase-I: footprinting and scanning

Phase-II: gaining access to the target

Phase-III: maintaining access / post-exploitation / covering tracks

Summary and exercises

Identifying and Scanning Targets

Working with FTP servers using Metasploit

Scanning FTP services

Modifying scanner modules for fun and profit

Scanning MSSQL servers with Metasploit

Using the mssql_ping module

Brute-forcing MSSQL passwords

Scanning SNMP services with Metasploit

Scanning NetBIOS services with Metasploit

Scanning HTTP services with Metasploit

Scanning HTTPS/SSL with Metasploit

Module building essentials

The format of a Metasploit module

Disassembling existing HTTP server scanner modules

Libraries and the function

Summary and exercises

Exploitation and Gaining Access

Setting up the practice environment

Exploiting applications with Metasploit

Using db_nmap in Metasploit

Exploiting Desktop Central 9 with Metasploit

Testing the security of a GlassFish web server with Metasploit

Exploiting FTP services with Metasploit

Exploiting browsers for fun and profit

The browser autopwn attack

The technology behind a browser autopwn attack

Attacking browsers with Metasploit browser_autopwn

Attacking Android with Metasploit

Converting exploits to Metasploit

Gathering the essentials

Generating a Metasploit module

Exploiting the target application with Metasploit

Summary and exercises

Post-Exploitation with Metasploit

Extended post-exploitation with Metasploit

Basic post-exploitation commands

The help menu

Background command

Machine ID and the UUID command

Networking commands

File operation commands

Desktop commands

Screenshots and camera enumeration

Advanced post-exploitation with Metasploit

Migrating to safer processes

Obtaining system privileges

Changing access, modification, and creation time with timestomp

Obtaining password hashes using hashdump

Metasploit and privilege escalation

Escalating privileges on Windows Server 2008

Privilege escalation on Linux with Metasploit

Gaining persistent access with Metasploit

Gaining persistent access on Windows-based systems

Gaining persistent access on Linux systems

Summary

Testing Services with Metasploit

Testing MySQL with Metasploit

Using Metasploit's mysql_version module

Brute-forcing MySQL with Metasploit

Finding MySQL users with Metasploit

Dumping the MySQL schema with Metasploit

Using file enumeration in MySQL using Metasploit

Checking for writable directories

Enumerating MySQL with Metasploit

Running MySQL commands through Metasploit

Gaining system access through MySQL

The fundamentals of SCADA

Analyzing security in SCADA systems

The fundamentals of testing SCADA

SCADA-based exploits

Implementing secure SCADA

Restricting networks

Testing Voice over Internet Protocol services

VoIP fundamentals

Fingerprinting VoIP services

Scanning VoIP services

Spoofing a VoIP call

Exploiting VoIP

About the vulnerability

Exploiting the application

Summary and exercises

Fast-Paced Exploitation with Metasploit

Using pushm and popm commands

Making use of resource scripts

Using AutoRunScript in Metasploit

Using the multiscript module in the AutoRunScript option

Global variables in Metasploit

Wrapping up and generating manual reports

The format of the report

The executive summary

Methodology/network admin-level report

Additional sections

Summary and preparation for real-world scenarios

Exploiting Real-World Challenges with Metasploit

Scenario 1: Mirror environment

Understanding the environment

Fingerprinting the target with DB_NMAP

Gaining access to vulnerable web applications

Migrating from a PHP meterpreter to a Windows meterpreter

Pivoting to internal networks

Scanning internal networks through a meterpreter pivot

Using the socks server module in Metasploit

Dumping passwords in clear text

Sniffing a network with Metasploit

Summary of the attack

Scenario 2: You can't see my meterpreter

Using shellcode for fun and profit

Encrypting the shellcode

Creating a decoder executable

Further roadmap and summary

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部