万本电子书0元读

万本电子书0元读

顶部广告

Improving your Penetration Testing Skills电子书

售       价:¥

2人正在读 | 0人评论 9.8

作       者:Gilberto Najera-Gutierrez

出  版  社:Packt Publishing

出版时间:2019-07-18

字       数:67.4万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Evade antiviruses and bypass firewalls with the most widely used penetration testing frameworks Key Features * Gain insights into the latest antivirus evasion techniques * Set up a complete pentesting environment using Metasploit and virtual machines * Discover a variety of tools and techniques that can be used with Kali Linux Book Description Penetration testing or ethical hacking is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats. This Learning Path starts with an in-depth explanation of what hacking and penetration testing is. You’ll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it’s exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to improve your defense against online attacks. By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities. This Learning Path includes content from the following Packt products: * Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez * Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh , Monika Agarwal, et al What you will learn * Build and analyze Metasploit modules in Ruby * Integrate Metasploit with other penetration testing tools * Use server-side attacks to detect vulnerabilities in web servers and their applications * Explore automated attacks such as fuzzing web applications * Identify the difference between hacking a web application and network hacking * Deploy Metasploit with the Penetration Testing Execution Standard (PTES) * Use MSFvenom to generate payloads and backdoor files, and create shellcode Who this book is for This Learning Path is designed for security professionals, web programmers, and pentesters who want to learn vulnerability exploitation and make the most of the Metasploit framework. Some understanding of penetration testing and Metasploit is required, but basic system administration skills and the ability to read code are a must.
目录展开

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Introduction to Penetration Testing and Web Applications

Proactive security testing

Different testing methodologies

Ethical hacking

Penetration testing

Vulnerability assessment

Security audits

Considerations when performing penetration testing

Rules of Engagement

The type and scope of testing

Client contact details

Client IT team notifications

Sensitive data handling

Status meeting and reports

The limitations of penetration testing

The need for testing web applications

Reasons to guard against attacks on web applications

Kali Linux

A web application overview for penetration testers

HTTP protocol

Knowing an HTTP request and response

The request header

The response header

HTTP methods

The GET method

The POST method

The HEAD method

The TRACE method

The PUT and DELETE methods

The OPTIONS method

Keeping sessions in HTTP

Cookies

Cookie flow between server and client

Persistent and nonpersistent cookies

Cookie parameters

HTML data in HTTP response

The server-side code

Multilayer web application

Three-layer web application design

Web services

Introducing SOAP and REST web services

HTTP methods in web services

XML and JSON

AJAX

Building blocks of AJAX

The AJAX workflow

HTML5

WebSockets

Setting Up Your Lab with Kali Linux

Kali Linux

Latest improvements in Kali Linux

Installing Kali Linux

Virtualizing Kali Linux versus installing it on physical hardware

Installing on VirtualBox

Creating the virtual machine

Installing the system

Important tools in Kali Linux

CMS & Framework Identification

WPScan

JoomScan

CMSmap

Web Application Proxies

Burp Proxy

Customizing client interception

Modifying requests on the fly

Burp Proxy with HTTPS websites

Zed Attack Proxy

ProxyStrike

Web Crawlers and Directory Bruteforce

DIRB

DirBuster

Uniscan

Web Vulnerability Scanners

Nikto

w3af

Skipfish

Other tools

OpenVAS

Database exploitation

Web application fuzzers

Using Tor for penetration testing

Vulnerable applications and servers to practice on

OWASP Broken Web Applications

Hackazon

Web Security Dojo

Other resources

Reconnaissance and Profiling the Web Server

Reconnaissance

Passive reconnaissance versus active reconnaissance

Information gathering

Domain registration details

Whois – extracting domain information

Identifying related hosts using DNS

Zone transfer using dig

DNS enumeration

DNSEnum

Fierce

DNSRecon

Brute force DNS records using Nmap

Using search engines and public sites to gather information

Google dorks

Shodan

theHarvester

Maltego

Recon-ng – a framework for information gathering

Domain enumeration using Recon-ng

Sub-level and top-level domain enumeration

Reporting modules

Scanning – probing the target

Port scanning using Nmap

Different options for port scan

Evading firewalls and IPS using Nmap

Identifying the operating system

Profiling the server

Identifying virtual hosts

Locating virtual hosts using search engines

Identifying load balancers

Cookie-based load balancer

Other ways of identifying load balancers

Application version fingerprinting

The Nmap version scan

The Amap version scan

Fingerprinting the web application framework

The HTTP header

The WhatWeb scanner

Scanning web servers for vulnerabilities and misconfigurations

Identifying HTTP methods using Nmap

Testing web servers using auxiliary modules in Metasploit

Identifying HTTPS configuration and issues

OpenSSL client

Scanning TLS/SSL configuration with SSLScan

Scanning TLS/SSL configuration with SSLyze

Testing TLS/SSL configuration using Nmap

Spidering web applications

Burp Spider

Application login

Directory brute forcing

DIRB

ZAP's forced browse

Authentication and Session Management Flaws

Authentication schemes in web applications

Platform authentication

Basic

Digest

NTLM

Kerberos

HTTP Negotiate

Drawbacks of platform authentication

Form-based authentication

Two-factor Authentication

OAuth

Session management mechanisms

Sessions based on platform authentication

Session identifiers

Common authentication flaws in web applications

Lack of authentication or incorrect authorization verification

Username enumeration

Discovering passwords by brute force and dictionary attacks

Attacking basic authentication with THC Hydra

Attacking form-based authentication

Using Burp Suite Intruder

Using THC Hydra

The password reset functionality

Recovery instead of reset

Common password reset flaws

Vulnerabilities in 2FA implementations

Detecting and exploiting improper session management

Using Burp Sequencer to evaluate the quality of session IDs

Predicting session IDs

Session Fixation

Preventing authentication and session attacks

Authentication guidelines

Session management guidelines

Detecting and Exploiting Injection-Based Flaws

Command injection

Identifying parameters to inject data

Error-based and blind command injection

Metacharacters for command separator

Exploiting shellshock

Getting a reverse shell

Exploitation using Metasploit

SQL injection

An SQL primer

The SELECT statement

Vulnerable code

SQL injection testing methodology

Extracting data with SQL injection

Getting basic environment information

Blind SQL injection

Automating exploitation

sqlninja

BBQSQL

sqlmap

Attack potential of the SQL injection flaw

XML injection

XPath injection

XPath injection with XCat

The XML External Entity injection

The Entity Expansion attack

NoSQL injection

Testing for NoSQL injection

Exploiting NoSQL injection

Mitigation and prevention of injection vulnerabilities

Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

An overview of Cross-Site Scripting

Persistent XSS

Reflected XSS

DOM-based XSS

XSS using the POST method

Exploiting Cross-Site Scripting

Cookie stealing

Website defacing

Key loggers

Taking control of the user's browser with BeEF-XSS

Scanning for XSS flaws

XSSer

XSS-Sniper

Preventing and mitigating Cross-Site Scripting

Cross-Site Request Forgery, Identification, and Exploitation

Testing for CSRF flaws

Exploiting a CSRF flaw

Exploiting CSRF in a POST request

CSRF on web services

Using Cross-Site Scripting to bypass CSRF protections

Preventing CSRF

Attacking Flaws in Cryptographic Implementations

A cryptography primer

Algorithms and modes

Asymmetric encryption versus symmetric encryption

Symmetric encryption algorithm

Stream and block ciphers

Initialization Vectors

Block cipher modes

Hashing functions

Salt values

Secure communication over SSL/TLS

Secure communication in web applications

TLS encryption process

Identifying weak implementations of SSL/TLS

The OpenSSL command-line tool

SSLScan

SSLyze

Testing SSL configuration using Nmap

Exploiting Heartbleed

POODLE

Custom encryption protocols

Identifying encrypted and hashed information

Hashing algorithms

hash-identifier

Frequency analysis

Entropy analysis

Identifying the encryption algorithm

Common flaws in sensitive data storage and transmission

Using offline cracking tools

Using John the Ripper

Using Hashcat

Preventing flaws in cryptographic implementations

Using Automated Scanners on Web Applications

Considerations before using an automated scanner

Web application vulnerability scanners in Kali Linux

Nikto

Skipfish

Wapiti

OWASP-ZAP scanner

Content Management Systems scanners

WPScan

JoomScan

CMSmap

Fuzzing web applications

Using the OWASP-ZAP fuzzer

Burp Intruder

Post-scanning actions

Metasploit Quick Tips for Security Professionals

Introduction

Installing Metasploit on Windows

Getting ready

How to do it...

Installing Linux and macOS

How to do it...

Installing Metasploit on macOS

How to do it...

Using Metasploit in Kali Linux

Getting ready

How to do it...

There's more...

Upgrading Kali Linux

Setting up a penetration-testing lab

Getting ready

How to do it...

How it works...

Setting up SSH connectivity

Getting ready

How to do it...

Connecting to Kali using SSH

How to do it...

Configuring PostgreSQL

Getting ready

How to do it...

There's more...

Creating workspaces

How to do it...

Using the database

Getting ready

How to do it...

Using the hosts command

How to do it...

Understanding the services command

How to do it...

Information Gathering and Scanning

Introduction

Passive information gathering with Metasploit

Getting ready

How to do it...

DNS Record Scanner and Enumerator

There's more...

CorpWatch Company Name Information Search

Search Engine Subdomains Collector

Censys Search

Shodan Search

Shodan Honeyscore Client

Search Engine Domain Email Address Collector

Active information gathering with Metasploit

How to do it...

TCP Port Scanner

TCP SYN Port Scanner

Port scanning—the Nmap way

Getting ready

How to do it...

How it works...

There's more...

Operating system and version detection

Increasing anonymity

Port scanning—the db_nmap way

Getting ready

How to do it...

Nmap Scripting Engine

Host discovery with ARP Sweep

Getting ready

How to do it...

UDP Service Sweeper

How to do it...

SMB scanning and enumeration

How to do it...

Detecting SSH versions with the SSH Version Scanner

Getting ready

How to do it...

FTP scanning

Getting ready

How to do it...

SMTP enumeration

Getting ready

How to do it...

SNMP enumeration

Getting ready

How to do it...

HTTP scanning

Getting ready

How to do it...

WinRM scanning and brute forcing

Getting ready

How to do it...

Integrating with Nessus

Getting ready

How to do it...

Integrating with NeXpose

Getting ready

How to do it...

Integrating with OpenVAS

How to do it...

Server-Side Exploitation

Introduction

Getting to know MSFconsole

MSFconsole commands

Exploiting a Linux server

Getting ready

How to do it...

How it works...

What about the payload?

SQL injection

Getting ready

How to do it...

Types of shell

Getting ready

How to do it...

Exploiting a Windows Server machine

Getting ready

How to do it...

Exploiting common services

Getting ready

How to do it

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

Getting ready

How to do it...

MS17-010 EternalRomance/EternalSynergy/EternalChampion

How to do it...

Installing backdoors

Getting ready

How to do it...

Denial of Service

Getting ready

How to do it...

How to do it...

Meterpreter

Introduction

Understanding the Meterpreter core commands

Getting ready

How to do it...

How it works...

Understanding the Meterpreter filesystem commands

How to do it...

How it works...

Understanding Meterpreter networking commands

Getting ready

How to do it...

How it works...

Understanding the Meterpreter system commands

How to do it...

Setting up multiple communication channels with the target

Getting ready

How to do it...

How it works...

Meterpreter anti-forensics

Getting ready

How to do it...

How it works...

There's more...

The getdesktop and keystroke sniffing

Getting ready

How to do it...

There's more...

Using a scraper Meterpreter script

Getting ready

How to do it...

How it works...

Scraping the system using winenum

How to do it...

Automation with AutoRunScript

How to do it...

Meterpreter resource scripts

How to do it...

Meterpreter timeout control

How to do it...

Meterpreter sleep control

How to do it...

Meterpreter transports

How to do it...

Interacting with the registry

Getting ready

How to do it...

Loading framework plugins

How to do it...

Meterpreter API and mixins

Getting ready

How to do it...

How it works...

Railgun—converting Ruby into a weapon

Getting ready

How to do it...

How it works...

There's more...

Adding DLL and function definitions to Railgun

How to do it...

How it works...

Injecting the VNC server remotely

Getting ready

How to do it...

Enabling Remote Desktop

How to do it...

How it works...

Post-Exploitation

Introduction

Post-exploitation modules

Getting ready

How to do it...

How it works...

How to do it...

How it works...

Bypassing UAC

Getting ready

How to do it...

Dumping the contents of the SAM database

Getting ready

How to do it...

Passing the hash

How to do it...

Incognito attacks with Meterpreter

How to do it...

Using Mimikatz

Getting ready

How to do it...

There's more...

Setting up a persistence with backdoors

Getting ready

How to do it...

Becoming TrustedInstaller

How to do it...

Backdooring Windows binaries

How to do it...

Pivoting with Meterpreter

Getting ready

How to do it...

How it works...

Port forwarding with Meterpreter

Getting ready

How to do it...

Credential harvesting

How to do it...

Enumeration modules

How to do it...

Autoroute and socks proxy server

How to do it...

Analyzing an existing post-exploitation module

Getting ready

How to do it...

How it works...

Writing a post-exploitation module

Getting ready

How to do it...

Using MSFvenom

Introduction

Payloads and payload options

Getting ready

How to do it...

Encoders

How to do it...

There's more...

Output formats

How to do it...

Templates

Getting ready

How to do it...

Meterpreter payloads with trusted certificates

Getting ready

How to do it...

There's more...

Client-Side Exploitation and Antivirus Bypass

Introduction

Exploiting a Windows 10 machine

Getting ready

How to do it...

Bypassing antivirus and IDS/IPS

How to do it...

Metasploit macro exploits

How to do it...

There's more...

Human Interface Device attacks

Getting ready

How to do it...

HTA attack

How to do it...

Backdooring executables using a MITM attack

Getting ready

How to do it...

Creating a Linux trojan

How to do it...

Creating an Android backdoor

Getting ready

How to do it...

There's more...

Social-Engineer Toolkit

Introduction

Getting started with the Social-Engineer Toolkit

Getting ready

How to do it...

How it works...

Working with the spear-phishing attack vector

How to do it...

Website attack vectors

How to do it...

Working with the multi-attack web method

How to do it...

Infectious media generator

How to do it...

How it works...

Working with Modules for Penetration Testing

Introduction

Working with auxiliary modules

Getting ready

How to do it...

DoS attack modules

How to do it...

HTTP

SMB

Post-exploitation modules

Getting ready

How to do it...

Understanding the basics of module building

How to do it...

Analyzing an existing module

Getting ready

How to do it...

Building your own post-exploitation module

Getting ready

How to do it...

Building your own auxiliary module

Getting ready

How to do it...

Other Books You May Enjoy

Leave a review - let other readers know what you think

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部