售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Penetration Testing with Raspberry Pi - Second Edition
Penetration Testing with Raspberry Pi - Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Choosing a Pen Test Platform
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and the Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2. Preparing for Battle
The Command and Control server
Preparing for a penetration test
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
SSL tunnelling
stunnel
Server
Client
ncat
ptunnel and other techniques
Using the GUI
Transporting X via SSH
VNC and RDP
Overclocking
Setting up the wireless interface
Setting up the Bluetooth interface
Setting up a 3G or 4G modem
Wrapping it up with an example
3. Planning the Attack
Understanding the Cyber or Intrusion Kill Chain
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions
Preparing for the penetration test
Common tools for web, wired, and wireless attacks
Mapping our tools to the Penetration test Kill Chain
Addition of non-standard tools to arsenal
Positioning the Pi
Summary
4. Explore the Target - Recon and Weaponize
Prospecting the target
Network scanning
Seeing and cracking Wi-Fi
Obtaining the key
Cracking the key
Capturing and cracking passwords
Online cracking
Offline cracking
Getting data to the Pi
Physically inline option
Software based approach
arpspoof (Part of dsniff)
Ettercap
Wireshark
dsniff
Firewalk
Tuning our network capture
Scripting tcpdump for future access
Web application hacks
DotDotPwn
Driftnet
W3af
Summary
5. Taking Action - Intrude and Exploit
Using the Metasploit framework to exploit targets
Getting Recon data into Metasploit
Scoping vectors and launching attacks
Rolling our own exploits
Wrapping payloads
Social engineering
The Social-Engineer Toolkit
Phishing with BeEF
Executing man-in-the-middle attacks
SSLstrip
parasite6
Manipulating data
Sniffing the network in Scapy
Writing/reading PCAP files
Creating/sending/receiving of packets
Creating and sending malformed packets
TCP SYN scan
Rogue Access honeypot (revising and re-shooting)
Easy-creds
Bluetooth testing
Bluelog
Blueranger
Btscanner
Connecting to Bluetooth device using bluetoothctl
Summary
6. Finishing the Attack - Report and Withdraw
Covering our tracks
Wiping logs
Masking our network footprint
Using ProxyChains
Clearing the data off the Raspberry Pi
Developing reports
Collecting and correlating testing data
Creating screenshots
Using ImageMagick
GIMP, Screenshot, and Shutter
Moving data
Compressing files with Zip/Unzip
Using File Roller
Using split
Summary
7. Alternative Pi Projects
Diving into PwnPi
Discovering Raspberry Pwn
Investigating PwnBerry Pi
Defending your network
Intrusion detection and prevention
Exploring Snort
Content filtering
GateSentry as a content filtering option
Remote access with OpenVPN
Server installation
Server Certificate Authority setup
Server configuration and startup
Client-Configuration and Startup
Tor networking
Raspberry Tor
Tor Exit node or router
Running Raspberry Pi on your PC with QEMU emulator
Running Windows 10 on Raspberry Pi 3
Other popular use cases for the Raspberry Pi
Raspberry Weather
PiAware
PiPlay
PrivateEyePi
Summary
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜