دانلود کتاب Metasploit: The Penetration Tester's Guide

عنوان فارسی :

دانلود کتاب Metasploit: راهنمای تست نفوذ

عنوان انگلیسی :

Metasploit: The Penetration Tester's Guide

زبان : English

موضوع : Computers->Security

نویسندگان : David Kennedy Jim O'Gorman Devon Kearns Mati Aharoni

ناشر : No Starch Press

ISBN (شابک) : 159327288X, 9781593272883

تعداد صفحات : 332\332

سال نشر : 2011     ویرایش : 1

حجم : 7 MB       فرمت : pdf

قیمت : 4000 تومان

خلاصه کتاب به فارسی (ترجمه خودکار و سیستمی) و خارجی:
تولد اولین معجزه زندگی است که در هیبت و رمز و راز پوشیده شده است. با این حال ، مرگ ، فیل ضرب المثل در اتاق است - واقعی و گنگ ، اما نادیده گرفته شده است. مرگ سزاوار اعتبار بیشتری از آن است که دریافت می کند. همراه با تولد ، مرگ ظرفی را تشکیل می دهد که زندگی ما را شکل می دهد. اگر تصدیق کنیم ، مرگ چارچوبی برای بررسی زندگی و زندگی آگاهانه ، معنادار و با محبت تر ارائه می دهد.

خلاصه کتاب به زبان اصلی :

The best guide to the Metasploit Framework. —HD Moore, Founder of the Metasploit ProjectThe Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to: Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

فهرست :



Table of contents :
Foreword......Page 15
Preface......Page 19
Acknowledgments......Page 21
Special Thanks......Page 22
Introduction......Page 23
A Brief History of Metasploit......Page 24
What’s in the Book?......Page 25
A Note on Ethics......Page 26
1: The Absolute Basics of Penetration Testing......Page 27
Threat Modeling......Page 28
Post Exploitation......Page 29
Types of Penetration Tests......Page 30
Vulnerability Scanners......Page 31
Pulling It All Together......Page 32
Terminology......Page 33
Metasploit Interfaces......Page 34
MSFcli......Page 35
Armitage......Page 37
MSFpayload......Page 38
Nasm Shell......Page 39
Wrapping Up......Page 40
3: Intelligence Gathering......Page 41
whois Lookups......Page 42
Netcraft......Page 43
Port Scanning with Nmap......Page 44
Working with Databases in Metasploit......Page 46
Port Scanning with Metasploit......Page 51
Server Message Block Scanning......Page 52
Hunting for Poorly Configured Microsoft SQL Servers......Page 53
SSH Server Scanning......Page 54
FTP Scanning......Page 55
Simple Network Management Protocol Sweeping......Page 56
Writing a Custom Scanner......Page 57
Looking Ahead......Page 59
4: Vulnerability Scanning......Page 61
The Basic Vulnerability Scan......Page 62
Configuration......Page 63
Importing Your Report into the Metasploit Framework......Page 68
Running NeXpose Within MSFconsole......Page 69
Nessus Configuration......Page 70
Creating a Nessus Scan Policy......Page 71
Nessus Reports......Page 73
Importing Results into the Metasploit Framework......Page 74
Scanning with Nessus from Within Metasploit......Page 75
Validating SMB Logins......Page 77
Scanning for Open VNC Authentication......Page 78
Scanning for Open X11 Servers......Page 80
Using Scan Results for Autopwning......Page 82
5: The Joy of Exploitation......Page 83
msf> show options......Page 84
msf> show payloads......Page 86
msf> show targets......Page 88
set and unset......Page 89
Exploiting Your First Machine......Page 90
Exploiting an Ubuntu Machine......Page 94
All-Ports Payloads: Brute Forcing Ports......Page 97
Resource Files......Page 98
Wrapping Up......Page 99
6: Meterpreter......Page 101
Attacking MS SQL......Page 102
Brute Forcing MS SQL Server......Page 104
The xp_cmdshell......Page 105
Basic Meterpreter Commands......Page 106
Capturing Keystrokes......Page 107
Extracting the Password Hashes......Page 108
Dumping the Password Hash......Page 109
Pass the Hash......Page 110
Privilege Escalation......Page 111
Using ps......Page 113
Pivoting onto Other Systems......Page 115
Migrating a Process......Page 118
Scraping a System......Page 119
Using Persistence......Page 120
Upgrading Your Command Shell to Meterpreter......Page 121
Wrapping Up......Page 123
7: Avoiding Detection......Page 125
Creating Stand-Alone Binaries with MSFpayload......Page 126
Evading Antivirus Detection......Page 127
Encoding with MSFencode......Page 128
Multi-encoding......Page 129
Custom Executable Templates......Page 131
Launching a Payload Stealthily......Page 132
Packers......Page 133
A Final Note on Antivirus Software Evasion......Page 134
8: Exploitation Using Client-Side Attacks......Page 135
Browser-Based Exploits......Page 136
How Browser-Based Exploits Work......Page 137
Using Immunity Debugger to Decipher NOP Shellcode......Page 138
Exploring the Internet Explorer Aurora Exploit......Page 142
File Format Exploits......Page 145
Sending the Payload......Page 146
Wrapping Up......Page 147
9: Metasploit Auxiliary Modules......Page 149
Auxiliary Modules in Use......Page 152
Anatomy of an Auxiliary Module......Page 154
Going Forward......Page 159
10: The Social-Engineer Toolkit......Page 161
Configuring the Social-Engineer Toolkit......Page 162
Spear-Phishing Attack Vector......Page 163
Java Applet......Page 168
Client-Side Web Exploits......Page 172
Username and Password Harvesting......Page 174
Man-Left-in-the-Middle......Page 176
Web Jacking......Page 177
Putting It All Together with a Multipronged Attack......Page 179
Teensy USB HID Attack Vector......Page 183
Additional SET Features......Page 186
Looking Ahead......Page 187
11: Fast-Track......Page 189
Microsoft SQL Injection......Page 190
SQL Injector-Query String Attack......Page 191
SQL Injector-POST Parameter Attack......Page 192
Manual Injection......Page 193
MSSQL Bruter......Page 194
SQLPwnage......Page 198
Binary-to-Hex Generator......Page 200
Mass Client-Side Attack......Page 201
A Few Words About Automation......Page 202
12: Karmetasploit......Page 203
Configuration......Page 204
Launching the Attack......Page 205
Credential Harvesting......Page 207
Getting a Shell......Page 208
Wrapping Up......Page 210
13: Building Your Own Module......Page 211
Getting Command Execution on Microsoft SQL......Page 212
Exploring an Existing Metasploit Module......Page 213
PowerShell......Page 215
Running the Shell Exploit......Page 216
Conversion from Hex to Binary......Page 218
Counters......Page 220
Running the Exploit......Page 221
The Power of Code Reuse......Page 222
14: Creating Your Own Exploits......Page 223
The Art of Fuzzing......Page 224
Controlling the Structured Exception Handler......Page 227
Hopping Around SEH Restrictions......Page 230
Getting a Return Address......Page 232
Bad Characters and Remote Code Execution......Page 236
Wrapping Up......Page 239
15: Porting Exploits to the Metasploit Framework......Page 241
Porting a Buffer Overflow......Page 242
Stripping the Existing Exploit......Page 244
Configuring the Exploit Definition......Page 245
Testing Our Base Exploit......Page 246
Implementing Features of the Framework......Page 247
Adding Randomization......Page 248
Removing the Dummy Shellcode......Page 249
Our Completed Module......Page 250
SEH Overwrite Exploit......Page 252
Wrapping Up......Page 259
Meterpreter Scripting Basics......Page 261
Printing Output......Page 267
Meterpreter Mixins......Page 268
Creating Your Own Meterpreter Script......Page 270
Wrapping Up......Page 276
Simulated Penetration Test......Page 277
Intelligence Gathering......Page 278
Threat Modeling......Page 279
Customizing MSFconsole......Page 281
Post Exploitation......Page 283
Scanning the Metasploitable System......Page 284
Identifying Vulnerable Services......Page 285
Attacking Apache Tomcat......Page 286
Attacking Obscure Services......Page 288
Covering Your Tracks......Page 290
Wrapping Up......Page 292
Installing and Setting Up the System......Page 293
Booting Up the Linux Virtual Machines......Page 294
Building a SQL Server......Page 295
Creating a Vulnerable Web Application......Page 298
Updating Back|Track......Page 299
MSFconsole Commands......Page 301
Meterpreter Commands......Page 303
MSFencode Commands......Page 306
MSFvenom......Page 307
Meterpreter Post Exploitation Commands......Page 308
Index......Page 311




کتاب های پزشکی

دانلود کتاب Basic clinical neuroscience

دانلود کتاب 5-Factor Fitness: The Diet and Fitness Secret of Hollywood's A-List

دانلود کتاب Anatomy of the Ship - Essex

دانلود کتاب Leistungsphysiologie. Grundlagen für Trainer, Physiotherapeuten und Masseure: Grundlagen Fur Trainer, Physiotherapeuten Und Masseure

دانلود کتاب Pichlmayrs Chirurgische Therapie. Mit DVD-Video: Allgemein-,Viszeral- und Transplantationschirurgie

کتاب های کامپیوتر

دانلود کتاب Programming Reactive Extensions and Linq

دانلود کتاب HTML5 Guidelines for Web Developers

دانلود کتاب ASP.NET 3.5 For Dummies

دانلود کتاب PHP 5 CMS Framework Development, 2nd Edition

دانلود کتاب C# Programming: From Problem Analysis to Program Design, 3rd Edition

کتاب های ریاضی

دانلود کتاب Signal Analysis: Wavelets, Filter Banks, Time-Frequency Transforms and Applications

دانلود کتاب Advances in Boundary Element Techniques

دانلود کتاب Viewpoints: Mathematical Perspective and Fractal Geometry in Art

دانلود کتاب Computation Structures

دانلود کتاب Mathematics for the Trades: A Guided Approach

کتاب های تکنولوژی

دانلود کتاب Gear Motor Handbook

دانلود کتاب Beds: outstanding projects from one of America's best craftsmen : with plans and complete instructions for building 9 classic beds

دانلود کتاب Industrial Sprays and Atomization: Design, Analysis and Applications

دانلود کتاب Advanced Topics in Materials Science and Engineering

دانلود کتاب Piping Hot Curves: Accent Curves in Quilts with Piping

کتاب های مذهبی

دانلود کتاب The Jacobite Rebellions 1689-1745 (Men-at-Arms)

دانلود کتاب A Popular Dictionary of Buddhism (Popular dictionaries of religion)

دانلود کتاب New Testament Introduction

دانلود کتاب Heart of Islam, The: Enduring Values for Humanity

دانلود کتاب Christ and Culture (Challenges in Contemporary Theology)

کتاب های فیزیولوژی

دانلود کتاب Therapielexikon Psychiatrie, Psychosomatik, Psychotherapie

دانلود کتاب Psychiatrie: einschließlich Psychotherapie (Springer-Lehrbuch)

دانلود کتاب Identity, Motivation and Autonomy in Language Learning (Second Language Acquisition)

دانلود کتاب Introduction to Psychology , Eighth Edition

دانلود کتاب Effective Language Learning: Positive Strategies for Advanced Level Language Learning

کتاب های تاریخی

دانلود کتاب Rumpler C.I

دانلود کتاب Wehrmacht auxiliary forces

دانلود کتاب Vintage Aircraft Nose Art Card Set

دانلود کتاب Konoe Fumimaro: a political biography

دانلود کتاب Pfalz D.IIIA (Windsock Datafile 21)

کتاب های زیست شناسی

دانلود کتاب Taifun

دانلود کتاب Tiny Yarn Animals: Amigurumi Friends to Make and Enjoy

دانلود کتاب Elite Cultures: Anthropological Perspectives

دانلود کتاب Evolution

دانلود کتاب Microbial Ecology

کتاب های اقتصاد

دانلود کتاب Business Result Elementary (incl. Class Audio CD)

دانلود کتاب What Investors Really Want: Know What Drives Investor Behavior and Make Smarter Financial Decisions

دانلود کتاب BSAVA Manual of Canine and Feline Wound Management and Reconstruction

دانلود کتاب Just-in-Time Logistics

دانلود کتاب The Economist - 19 May 2001

کتاب های آموزشی

دانلود کتاب Research Design and Methods: A Process Approach, 8th Edition

دانلود کتاب Teach Yourself Visually Sock Knitting

دانلود کتاب Towards a New Architecture

دانلود کتاب The Cognitive Brain

دانلود کتاب Effective Teaching with Internet Technologies: Pedagogy and Practice

کتاب های حقوق

دانلود کتاب The Killer Book of True Crime: Incredible Stories, Facts and Trivia from the World of Murder and Mayhem

دانلود کتاب The Encyclopedia Of International Organized Crime (Facts on File Crime Library)

دانلود کتاب Hyperbolic Conservation Laws and the Compensated Compactness Method

دانلود کتاب Atiyah's accidents, compensation and the law

دانلود کتاب Lawrence and the Arab Revolts

کتاب های علوم انسانی

دانلود کتاب Angeli. Esseri di luce

دانلود کتاب The Fragility of Goodness: Luck and Ethics in Greek Tragedy and Philosophy

دانلود کتاب Manufacturing Consent: The Political Economy of the Mass Media

دانلود کتاب The Future of Power

دانلود کتاب European Security Culture