دانلود کتاب Metasploit: The Penetration Tester's Guide

عنوان فارسی :

دانلود کتاب Metasploit: راهنمای تست نفوذ

عنوان انگلیسی :

Metasploit: The Penetration Tester's Guide

زبان : English

موضوع : Computers->Security

نویسندگان : David Kennedy Jim O'Gorman Devon Kearns Mati Aharoni

ناشر : No Starch Press

ISBN (شابک) : 159327288X, 9781593272883

تعداد صفحات : 332\332

سال نشر : 2011     ویرایش : 1

حجم : 7 MB       فرمت : pdf

قیمت : 4000 تومان

فهرست :



Table of contents :
Foreword......Page 15
Preface......Page 19
Acknowledgments......Page 21
Special Thanks......Page 22
Introduction......Page 23
A Brief History of Metasploit......Page 24
What’s in the Book?......Page 25
A Note on Ethics......Page 26
1: The Absolute Basics of Penetration Testing......Page 27
Threat Modeling......Page 28
Post Exploitation......Page 29
Types of Penetration Tests......Page 30
Vulnerability Scanners......Page 31
Pulling It All Together......Page 32
Terminology......Page 33
Metasploit Interfaces......Page 34
MSFcli......Page 35
Armitage......Page 37
MSFpayload......Page 38
Nasm Shell......Page 39
Wrapping Up......Page 40
3: Intelligence Gathering......Page 41
whois Lookups......Page 42
Netcraft......Page 43
Port Scanning with Nmap......Page 44
Working with Databases in Metasploit......Page 46
Port Scanning with Metasploit......Page 51
Server Message Block Scanning......Page 52
Hunting for Poorly Configured Microsoft SQL Servers......Page 53
SSH Server Scanning......Page 54
FTP Scanning......Page 55
Simple Network Management Protocol Sweeping......Page 56
Writing a Custom Scanner......Page 57
Looking Ahead......Page 59
4: Vulnerability Scanning......Page 61
The Basic Vulnerability Scan......Page 62
Configuration......Page 63
Importing Your Report into the Metasploit Framework......Page 68
Running NeXpose Within MSFconsole......Page 69
Nessus Configuration......Page 70
Creating a Nessus Scan Policy......Page 71
Nessus Reports......Page 73
Importing Results into the Metasploit Framework......Page 74
Scanning with Nessus from Within Metasploit......Page 75
Validating SMB Logins......Page 77
Scanning for Open VNC Authentication......Page 78
Scanning for Open X11 Servers......Page 80
Using Scan Results for Autopwning......Page 82
5: The Joy of Exploitation......Page 83
msf> show options......Page 84
msf> show payloads......Page 86
msf> show targets......Page 88
set and unset......Page 89
Exploiting Your First Machine......Page 90
Exploiting an Ubuntu Machine......Page 94
All-Ports Payloads: Brute Forcing Ports......Page 97
Resource Files......Page 98
Wrapping Up......Page 99
6: Meterpreter......Page 101
Attacking MS SQL......Page 102
Brute Forcing MS SQL Server......Page 104
The xp_cmdshell......Page 105
Basic Meterpreter Commands......Page 106
Capturing Keystrokes......Page 107
Extracting the Password Hashes......Page 108
Dumping the Password Hash......Page 109
Pass the Hash......Page 110
Privilege Escalation......Page 111
Using ps......Page 113
Pivoting onto Other Systems......Page 115
Migrating a Process......Page 118
Scraping a System......Page 119
Using Persistence......Page 120
Upgrading Your Command Shell to Meterpreter......Page 121
Wrapping Up......Page 123
7: Avoiding Detection......Page 125
Creating Stand-Alone Binaries with MSFpayload......Page 126
Evading Antivirus Detection......Page 127
Encoding with MSFencode......Page 128
Multi-encoding......Page 129
Custom Executable Templates......Page 131
Launching a Payload Stealthily......Page 132
Packers......Page 133
A Final Note on Antivirus Software Evasion......Page 134
8: Exploitation Using Client-Side Attacks......Page 135
Browser-Based Exploits......Page 136
How Browser-Based Exploits Work......Page 137
Using Immunity Debugger to Decipher NOP Shellcode......Page 138
Exploring the Internet Explorer Aurora Exploit......Page 142
File Format Exploits......Page 145
Sending the Payload......Page 146
Wrapping Up......Page 147
9: Metasploit Auxiliary Modules......Page 149
Auxiliary Modules in Use......Page 152
Anatomy of an Auxiliary Module......Page 154
Going Forward......Page 159
10: The Social-Engineer Toolkit......Page 161
Configuring the Social-Engineer Toolkit......Page 162
Spear-Phishing Attack Vector......Page 163
Java Applet......Page 168
Client-Side Web Exploits......Page 172
Username and Password Harvesting......Page 174
Man-Left-in-the-Middle......Page 176
Web Jacking......Page 177
Putting It All Together with a Multipronged Attack......Page 179
Teensy USB HID Attack Vector......Page 183
Additional SET Features......Page 186
Looking Ahead......Page 187
11: Fast-Track......Page 189
Microsoft SQL Injection......Page 190
SQL Injector-Query String Attack......Page 191
SQL Injector-POST Parameter Attack......Page 192
Manual Injection......Page 193
MSSQL Bruter......Page 194
SQLPwnage......Page 198
Binary-to-Hex Generator......Page 200
Mass Client-Side Attack......Page 201
A Few Words About Automation......Page 202
12: Karmetasploit......Page 203
Configuration......Page 204
Launching the Attack......Page 205
Credential Harvesting......Page 207
Getting a Shell......Page 208
Wrapping Up......Page 210
13: Building Your Own Module......Page 211
Getting Command Execution on Microsoft SQL......Page 212
Exploring an Existing Metasploit Module......Page 213
PowerShell......Page 215
Running the Shell Exploit......Page 216
Conversion from Hex to Binary......Page 218
Counters......Page 220
Running the Exploit......Page 221
The Power of Code Reuse......Page 222
14: Creating Your Own Exploits......Page 223
The Art of Fuzzing......Page 224
Controlling the Structured Exception Handler......Page 227
Hopping Around SEH Restrictions......Page 230
Getting a Return Address......Page 232
Bad Characters and Remote Code Execution......Page 236
Wrapping Up......Page 239
15: Porting Exploits to the Metasploit Framework......Page 241
Porting a Buffer Overflow......Page 242
Stripping the Existing Exploit......Page 244
Configuring the Exploit Definition......Page 245
Testing Our Base Exploit......Page 246
Implementing Features of the Framework......Page 247
Adding Randomization......Page 248
Removing the Dummy Shellcode......Page 249
Our Completed Module......Page 250
SEH Overwrite Exploit......Page 252
Wrapping Up......Page 259
Meterpreter Scripting Basics......Page 261
Printing Output......Page 267
Meterpreter Mixins......Page 268
Creating Your Own Meterpreter Script......Page 270
Wrapping Up......Page 276
Simulated Penetration Test......Page 277
Intelligence Gathering......Page 278
Threat Modeling......Page 279
Customizing MSFconsole......Page 281
Post Exploitation......Page 283
Scanning the Metasploitable System......Page 284
Identifying Vulnerable Services......Page 285
Attacking Apache Tomcat......Page 286
Attacking Obscure Services......Page 288
Covering Your Tracks......Page 290
Wrapping Up......Page 292
Installing and Setting Up the System......Page 293
Booting Up the Linux Virtual Machines......Page 294
Building a SQL Server......Page 295
Creating a Vulnerable Web Application......Page 298
Updating Back|Track......Page 299
MSFconsole Commands......Page 301
Meterpreter Commands......Page 303
MSFencode Commands......Page 306
MSFvenom......Page 307
Meterpreter Post Exploitation Commands......Page 308
Index......Page 311




کتاب های پزشکی

دانلود کتاب Anatomy of Hatha Yoga: A Manual for Students, Teachers, and Practitioners

دانلود کتاب Röntgenanatomie. Radiological Anatomy. Anatomie Radiologique: Prufungsfragen Fur Die Facharztprufung / Multiple Choice Questions /Qcm

دانلود کتاب Repetitorium Schmerztherapie: Zur Vorbereitung auf die Prüfung "Spezielle Schmerztherapie"

دانلود کتاب Casarett and Doull's toxicology: the basic science of poisons Sixth Edition

دانلود کتاب Fundamentals of Body CT (3rd Edition)

کتاب های کامپیوتر

دانلود کتاب Programming Social Applications: Building Viral Experiences with OpenSocial, OAuth, OpenID, and Distributed Web Frameworks

دانلود کتاب Smalltalk, Objects and Design

دانلود کتاب Problem Solving with C++, 7th Edition

دانلود کتاب Build Your Own Web Site The Right Way Using HTML & CSS, 2nd Edition

دانلود کتاب Metasploit: The Penetration Tester's Guide

کتاب های ریاضی

دانلود کتاب Mathematics and the Laws of Nature: Developing the Language of Science (The History of Mathematics)

دانلود کتاب Prealgebra , Fourth Edition (Available 2011 Titles Enhanced Web Assign)

دانلود کتاب Some Problems on Nonlinear Hyperbolic Equations and Applications (Series in Contemporary Applied Mathematics)

دانلود کتاب A Path to Combinatorics for Undergraduates: Counting Strategies

دانلود کتاب Introductory Algebra: A Real-World Approach (3rd Edition)

کتاب های تکنولوژی

دانلود کتاب Silicon Devices and Process Integration: Deep Submicron and Nano-Scale Technologies

دانلود کتاب Beds: outstanding projects from one of America's best craftsmen : with plans and complete instructions for building 9 classic beds

دانلود کتاب Gear Motor Handbook

دانلود کتاب Ordered Polymeric Nanostructures at Surfaces

دانلود کتاب Outdoor Furniture (Art of Woodworking)

کتاب های مذهبی

دانلود کتاب Old Testament Theology: 1 (Old Testament Library)

دانلود کتاب Thematic Guide to Biblical Literature

دانلود کتاب Revelation [With CDROM] (Smyth & Helwys Bible Commentary)

دانلود کتاب True Christianity

دانلود کتاب The World's Great Philosophers

کتاب های فیزیولوژی

دانلود کتاب The concept of being in Hegel and Heidegger (Abhandlungen zur Philosophie, Psychologie, und Padagogik ; Bd. 116)

دانلود کتاب Thinking, Fast and Slow

دانلود کتاب Bilingual Youth: Spanish in English-speaking societies

دانلود کتاب Mathematics for Teachers: An Interactive Approach for Grade K-8 , Fourth Edition

دانلود کتاب Coole Sex Tipps

کتاب های تاریخی

دانلود کتاب The Confederate Army 1861-65 (6) Missouri, Kentucky, Maryland

دانلود کتاب Thompson Submachune Gun

دانلود کتاب US Army Infantry Divisions 1944-45

دانلود کتاب Vintage Aircraft Nose Art Card Set

دانلود کتاب Pfalz D.IIIA (Windsock Datafile 21)

کتاب های زیست شناسی

دانلود کتاب Reviews of Physiology, Biochemistry and Pharmacology

دانلود کتاب Mechanobiology Handbook

دانلود کتاب Monsters and Animals

دانلود کتاب Great Fruit & Vegetable Guide

دانلود کتاب Discovery and Explanation in Biology and Medicine (Science and Its Conceptual Foundations series)

کتاب های اقتصاد

دانلود کتاب Making an Impact Online

دانلود کتاب Accounting: Tools for Business Decision Makers

دانلود کتاب The Handbook of Microfinance

دانلود کتاب BSAVA Manual of Canine and Feline Wound Management and Reconstruction

دانلود کتاب Inside Marketing: Practices, Ideologies, Devices

کتاب های آموزشی

دانلود کتاب The Cognitive Brain

دانلود کتاب Teach Yourself Visually Knitting Design: Working from a Master Pattern to Fashion Your Own Knits

دانلود کتاب I Want to be a Gymnast (DK Readers, Level 2)

دانلود کتاب Animals and Me

دانلود کتاب How To Be A Lady Killer - Forbidden Secrets For Guys

کتاب های حقوق

دانلود کتاب Crime And Punishment In England: An Introductory History

دانلود کتاب Denial of justice in international law

دانلود کتاب Smith and Keenan's Company Law, 14th Edition

دانلود کتاب Law and Society in Vietnam: The Transition from Socialism in Comparative Perspective

دانلود کتاب Lawrence and the Arab Revolts

کتاب های علوم انسانی

دانلود کتاب The Democracy Deficit: Taming Globalization Through Law Reform

دانلود کتاب Culture, Class, Distinction

دانلود کتاب European Security Culture

دانلود کتاب Geopolitics: A Guide to the Issues (Contemporary Military, Strategic, and Security Issues)

دانلود کتاب Art And Social Change: Contemporary Art In Asia And The Pacific