Metasploit penetration testing cookbook over 70 recipes to master the most widely used penetration testing framework
Over 80 recipes to master the most widely used penetration testing framework
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Pub
2012.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628486306719 |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Metasploit Quick Tips for Security Professionals; Introduction; Configuring Metasploit on Windows; Configuring Metasploit on Ubuntu; Metasploit with BackTrack 5 - the ultimate combination; Setting up the penetration testing lab on a single machine; Setting up Metasploit on a virtual machine with SSH connectivity; Beginning with the interfaces - the ""Hello World"" of Metasploit; Setting up the database in Metasploit; Using the database to store penetration testing results
- Analyzing the stored results of the databaseChapter 2: Information Gathering and Scanning; Introduction; Passive information gathering 1.0 - the traditional way; Passive information gathering 2.0 - the next level; Port scanning - the Nmap way; Exploring auxiliary modules for scanning; Target service scanning with auxiliary modules; Vulnerability scanning with Nessus; Scanning with NeXpose; Sharing information with the Dradis framework; Chapter 3: Operating System-based Vulnerability Assessment and Exploitation; Introduction; Exploit usage quick tips
- Penetration testing on a Windows XP SP2 machineBinding a shell to the target for remote access; Penetration testing on the Windows 2003 Server; Windows 7/Server 2008 R2 SMB client infinite loop; Exploiting a Linux (Ubuntu) machine; Understanding the Windows DLL injection flaws; Chapter 4: Client-side Exploitation and Antivirus Bypass; Introduction; Internet Explorer unsafe scripting misconfiguration vulnerability; Internet Explorer CSS recursive call memory corruption; Microsoft Word RTF stack buffer overflow; Adobe Reader util.printf() buffer overflow
- Generating binary and a shellcode from msfpayloadBypassing client-side antivirus protection using msfencode; Using the killav.rb script to disable antivirus programs; A Deeper look into the killav.rb script; Killing antivirus services from the command line; Chapter 5: Using Meterpreter to Explore the Compromised Target; Introduction; Analyzing meterpreter system commands; Privilege escalation and process migration; Setting multiple communication channels with the target; Meterpreter filesystem commands; Changing file attributes using timestomp; Using meterpreter networking commands
- The getdesktop and keystroke sniffingUsing a scraper meterpreter script; Chapter 6: Advanced Meterpreter Scripting; Introduction; Passing the hash; Setting up a persistent connection with backdoors; Pivoting with meterpreter; Port forwarding with meterpreter; Meterpreter API and mixins; Railgun
- converting Ruby into a weapon; Adding a DLL and function definition to Railgun; Building a ""Windows Firewall De-activator"" meterpreter script; Analyzing an existing meterpreter script; Chapter 7: Working with Modules for Penetration Testing; Introduction; Working with scanner auxiliary modules
- Working with auxiliary admin modules
