舉報 
會員
Metasploit Bootcamp
Ifyouareapenetrationtester,ethicalhacker,orsecurityconsultantwhoquicklywantstomastertheMetasploitframeworkandcarryoutadvancedpenetrationtestinginhighlysecuredenvironmentsthen,thisbookisforyou.
目錄(142章)
倒序
- coverpage
- Title Page
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Dedication
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Getting Started with Metasploit
- Setting up Kali Linux in a virtual environment
- The fundamentals of Metasploit
- Basics of Metasploit Framework
- Architecture of Metasploit
- Metasploit Framework console and commands
- Benefits of using Metasploit
- Penetration testing with Metasploit
- Assumptions and testing setup
- Phase-I: footprinting and scanning
- Phase-II: gaining access to the target
- Phase-III: maintaining access / post-exploitation / covering tracks
- Summary and exercises
- Identifying and Scanning Targets
- Working with FTP servers using Metasploit
- Scanning FTP services
- Modifying scanner modules for fun and profit
- Scanning MSSQL servers with Metasploit
- Using the mssql_ping module
- Brute-forcing MSSQL passwords
- Scanning SNMP services with Metasploit
- Scanning NetBIOS services with Metasploit
- Scanning HTTP services with Metasploit
- Scanning HTTPS/SSL with Metasploit
- Module building essentials
- The format of a Metasploit module
- Disassembling existing HTTP server scanner modules
- Libraries and the function
- Summary and exercises
- Exploitation and Gaining Access
- Setting up the practice environment
- Exploiting applications with Metasploit
- Using db_nmap in Metasploit
- Exploiting Desktop Central 9 with Metasploit
- Testing the security of a GlassFish web server with Metasploit
- Exploiting FTP services with Metasploit
- Exploiting browsers for fun and profit
- The browser autopwn attack
- The technology behind a browser autopwn attack
- Attacking browsers with Metasploit browser_autopwn
- Attacking Android with Metasploit
- Converting exploits to Metasploit
- Gathering the essentials
- Generating a Metasploit module
- Exploiting the target application with Metasploit
- Summary and exercises
- Post-Exploitation with Metasploit
- Extended post-exploitation with Metasploit
- Basic post-exploitation commands
- The help menu
- Background command
- Machine ID and the UUID command
- Networking commands
- File operation commands
- Desktop commands
- Screenshots and camera enumeration
- Advanced post-exploitation with Metasploit
- Migrating to safer processes
- Obtaining system privileges
- Changing access modification and creation time with timestomp
- Obtaining password hashes using hashdump
- Metasploit and privilege escalation
- Escalating privileges on Windows Server 2008
- Privilege escalation on Linux with Metasploit
- Gaining persistent access with Metasploit
- Gaining persistent access on Windows-based systems
- Gaining persistent access on Linux systems
- Summary
- Testing Services with Metasploit
- Testing MySQL with Metasploit
- Using Metasploit's mysql_version module
- Brute-forcing MySQL with Metasploit
- Finding MySQL users with Metasploit
- Dumping the MySQL schema with Metasploit
- Using file enumeration in MySQL using Metasploit
- Checking for writable directories
- Enumerating MySQL with Metasploit
- Running MySQL commands through Metasploit
- Gaining system access through MySQL
- The fundamentals of SCADA
- Analyzing security in SCADA systems
- The fundamentals of testing SCADA
- SCADA-based exploits
- Implementing secure SCADA
- Restricting networks
- Testing Voice over Internet Protocol services
- VoIP fundamentals
- Fingerprinting VoIP services
- Scanning VoIP services
- Spoofing a VoIP call
- Exploiting VoIP
- About the vulnerability
- Exploiting the application
- Summary and exercises
- Fast-Paced Exploitation with Metasploit
- Using pushm and popm commands
- Making use of resource scripts
- Using AutoRunScript in Metasploit
- Using the multiscript module in the AutoRunScript option
- Global variables in Metasploit
- Wrapping up and generating manual reports
- The format of the report
- The executive summary
- Methodology/network admin-level report
- Additional sections
- Summary and preparation for real-world scenarios
- Exploiting Real-World Challenges with Metasploit
- Scenario 1: Mirror environment
- Understanding the environment
- Fingerprinting the target with DB_NMAP
- Gaining access to vulnerable web applications
- Migrating from a PHP meterpreter to a Windows meterpreter
- Pivoting to internal networks
- Scanning internal networks through a meterpreter pivot
- Using the socks server module in Metasploit
- Dumping passwords in clear text
- Sniffing a network with Metasploit
- Summary of the attack
- Scenario 2: You can't see my meterpreter
- Using shellcode for fun and profit
- Encrypting the shellcode
- Creating a decoder executable
- Further roadmap and summary 更新時間:2021-07-09 21:00:32
推薦閱讀
- 科技安全:戰略實踐與展望
- 工業互聯網安全防護與展望
- 零信任網絡:在不可信網絡中構建安全系統
- INSTANT Windows PowerShell
- 軟件開發安全之道:概念、設計與實施
- 防火墻技術與應用(第2版)
- 網絡安全與攻防入門很輕松(實戰超值版)
- 情報驅動應急響應
- 網絡用戶行為的安全可信分析與控制
- Cybersecurity Threats,Malware Trends,and Strategies
- CTF快速上手:PicoCTF真題解析(Web篇)
- 黑客攻防與電腦安全從新手到高手(超值版)
- 黑客攻防從入門到精通:絕招版(第2版)
- Learning Metasploit Exploitation and Development
- 云安全實用指南
- 互聯網金融法律與風險控制(第2版)
- 2018—2019年中國網絡安全發展藍皮書
- 應用軟件安全代碼審查指南(新型網絡安全人才培養叢書)
- 漏洞
- 社會工程:安全體系中的人性漏洞
- 網絡安全之機器學習
- 美國網絡安全戰略與政策二十年
- 黑客攻防從入門到精通(Web技術實戰篇)
- 計算機網絡安全原理
- Hands-On Penetration Testing on Windows
- 網絡安全治理新格局
- 響應式安全:構建企業信息安全體系
- DevSecOps原理、核心技術與實戰
- Mastering Azure Security
- 零信任安全:技術詳解與應用實踐
