目錄(111章)
倒序
- coverpage
- Metasploit Penetration Testing Cookbook
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Support files eBooks discount offers and more
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Chapter 1. Metasploit Quick Tips for Security Professionals
- Introduction
- Configuring Metasploit on Windows
- Configuring Metasploit on Ubuntu
- Metasploit with BackTrack 5 the ultimate combination
- Setting up the penetration testing lab on a single machine
- Setting up Metasploit on a virtual machine with SSH connectivity
- Beginning with the interfaces the "Hello World" of Metasploit
- Setting up the database in Metasploit
- Using the database to store penetration testing results
- Analyzing the stored results of the database
- Chapter 2. Information Gathering and Scanning
- Introduction
- Passive information gathering 1.0 - the traditional way
- Passive information gathering 2.0 - the next level
- Port scanning - the Nmap way
- Exploring auxiliary modules for scanning
- Target service scanning with auxiliary modules
- Vulnerability scanning with Nessus
- Scanning with NeXpose
- Sharing information with the Dradis framework
- Chapter 3. Operating System-based Vulnerability Assessment and Exploitation
- Introduction
- Exploit usage quick tips
- Penetration testing on a Windows XP SP2 machine
- Binding a shell to the target for remote access
- Penetration testing on the Windows 2003 Server
- Windows 7/Server 2008 R2 SMB client infinite loop
- Exploiting a Linux (Ubuntu) machine
- Understanding the Windows DLL injection flaws
- Chapter 4. Client-side Exploitation and Antivirus Bypass
- Introduction
- Internet Explorer unsafe scripting misconfiguration vulnerability
- Internet Explorer CSS recursive call memory corruption
- Microsoft Word RTF stack buffer overflow
- Adobe Reader util.printf() buffer overflow
- Generating binary and shellcode from msfpayload
- Bypassing client-side antivirus protection using msfencode
- Using the killav.rb script to disable antivirus programs
- A deeper look into the killav.rb script
- Killing antivirus services from the command line
- Chapter 5. Using Meterpreter to Explore the Compromised Target
- Introduction
- Analyzing meterpreter system commands
- Privilege escalation and process migration
- Setting up multiple communication channels with the target
- Meterpreter filesystem commands
- Changing file attributes using timestomp
- Using meterpreter networking commands
- The getdesktop and keystroke sniffing
- Using a scraper meterpreter script
- Chapter 6. Advanced Meterpreter Scripting
- Introduction
- Passing the hash
- Setting up a persistent connection with backdoors
- Pivoting with meterpreter
- Port forwarding with meterpreter
- Meterpreter API and mixins
- Railgun - converting Ruby into a weapon
- Adding DLL and function definition to Railgun
- Building a "Windows Firewall De-activator" meterpreter script
- Analyzing an existing meterpreter script
- Chapter 7. Working with Modules for Penetration Testing
- Introduction
- Working with scanner auxiliary modules
- Working with auxiliary admin modules
- SQL injection and DOS attack modules
- Post-exploitation modules
- Understanding the basics of module building
- Analyzing an existing module
- Building your own post-exploitation module
- Chapter 8. Working with Exploits
- Introduction
- Exploiting the module structure
- Common exploit mixins
- Working with msfvenom
- Converting exploit to a Metasploit module
- Porting and testing the new exploit module
- Fuzzing with Metasploit
- Writing a simple FileZilla FTP fuzzer
- Chapter 9. Working with Armitage
- Introduction
- Getting started with Armitage
- Scanning and information gathering
- Finding vulnerabilities and attacking targets
- Handling multiple targets using the tab switch
- Post-exploitation with Armitage
- Client-side exploitation with Armitage
- Chapter 10. Social Engineer Toolkit
- Introduction
- Getting started with Social Engineer Toolkit (SET)
- Working with the SET config file
- Spear-phishing attack vector
- Website attack vectors
- Multi-attack web method
- Infectious media generator
- Index 更新時間:2021-08-13 18:21:31
推薦閱讀
- 物聯網標準化指南
- 物聯網安全與深度學習技術
- Force.com Development Blueprints
- 物聯網時代
- 網管員必讀:網絡管理(第2版)
- Windows Server 2012 Hyper-V虛擬化管理實踐
- React Cookbook
- 人人都該都懂的互聯網思維
- 網絡綜合布線(第2版)
- 大型企業微服務架構實踐與運營
- 網絡空間全球治理觀察
- 路由與交換技術
- 互聯網心理學:新心理與行為研究的興起
- 國外物聯網透視
- 天下一家:網絡聯通世界(科學新導向叢書)
- 物聯網工程應用技術
- 網絡信息編輯項目化實操教程(第2版)
- 網絡攻防技術與實踐
- 新編 中文版CorelDRAW入門與提高
- 中小型局域網搭建與管理實訓教程
- Exchange Server 2010 SP1/SP2管理實踐
- Mastering Angular Components
- 氣體傳感器理論:團簇的氣敏性能研究
- Using CiviCRM(Second Edition)
- 物聯網之芯:傳感器件與通信芯片設計
- SpamAssassin: A practical guide to integration and configuration
- 移動社會網絡中信息傳播與控制
- pytest Quick Start Guide
- 網絡工程師紅寶書:思科華為華三實戰案例薈萃
- 局域網組網技術
