舉報 
會員
Metasploit Bootcamp
Ifyouareapenetrationtester,ethicalhacker,orsecurityconsultantwhoquicklywantstomastertheMetasploitframeworkandcarryoutadvancedpenetrationtestinginhighlysecuredenvironmentsthen,thisbookisforyou.
目錄(142章)
倒序
- coverpage
- Title Page
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Dedication
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Getting Started with Metasploit
- Setting up Kali Linux in a virtual environment
- The fundamentals of Metasploit
- Basics of Metasploit Framework
- Architecture of Metasploit
- Metasploit Framework console and commands
- Benefits of using Metasploit
- Penetration testing with Metasploit
- Assumptions and testing setup
- Phase-I: footprinting and scanning
- Phase-II: gaining access to the target
- Phase-III: maintaining access / post-exploitation / covering tracks
- Summary and exercises
- Identifying and Scanning Targets
- Working with FTP servers using Metasploit
- Scanning FTP services
- Modifying scanner modules for fun and profit
- Scanning MSSQL servers with Metasploit
- Using the mssql_ping module
- Brute-forcing MSSQL passwords
- Scanning SNMP services with Metasploit
- Scanning NetBIOS services with Metasploit
- Scanning HTTP services with Metasploit
- Scanning HTTPS/SSL with Metasploit
- Module building essentials
- The format of a Metasploit module
- Disassembling existing HTTP server scanner modules
- Libraries and the function
- Summary and exercises
- Exploitation and Gaining Access
- Setting up the practice environment
- Exploiting applications with Metasploit
- Using db_nmap in Metasploit
- Exploiting Desktop Central 9 with Metasploit
- Testing the security of a GlassFish web server with Metasploit
- Exploiting FTP services with Metasploit
- Exploiting browsers for fun and profit
- The browser autopwn attack
- The technology behind a browser autopwn attack
- Attacking browsers with Metasploit browser_autopwn
- Attacking Android with Metasploit
- Converting exploits to Metasploit
- Gathering the essentials
- Generating a Metasploit module
- Exploiting the target application with Metasploit
- Summary and exercises
- Post-Exploitation with Metasploit
- Extended post-exploitation with Metasploit
- Basic post-exploitation commands
- The help menu
- Background command
- Machine ID and the UUID command
- Networking commands
- File operation commands
- Desktop commands
- Screenshots and camera enumeration
- Advanced post-exploitation with Metasploit
- Migrating to safer processes
- Obtaining system privileges
- Changing access modification and creation time with timestomp
- Obtaining password hashes using hashdump
- Metasploit and privilege escalation
- Escalating privileges on Windows Server 2008
- Privilege escalation on Linux with Metasploit
- Gaining persistent access with Metasploit
- Gaining persistent access on Windows-based systems
- Gaining persistent access on Linux systems
- Summary
- Testing Services with Metasploit
- Testing MySQL with Metasploit
- Using Metasploit's mysql_version module
- Brute-forcing MySQL with Metasploit
- Finding MySQL users with Metasploit
- Dumping the MySQL schema with Metasploit
- Using file enumeration in MySQL using Metasploit
- Checking for writable directories
- Enumerating MySQL with Metasploit
- Running MySQL commands through Metasploit
- Gaining system access through MySQL
- The fundamentals of SCADA
- Analyzing security in SCADA systems
- The fundamentals of testing SCADA
- SCADA-based exploits
- Implementing secure SCADA
- Restricting networks
- Testing Voice over Internet Protocol services
- VoIP fundamentals
- Fingerprinting VoIP services
- Scanning VoIP services
- Spoofing a VoIP call
- Exploiting VoIP
- About the vulnerability
- Exploiting the application
- Summary and exercises
- Fast-Paced Exploitation with Metasploit
- Using pushm and popm commands
- Making use of resource scripts
- Using AutoRunScript in Metasploit
- Using the multiscript module in the AutoRunScript option
- Global variables in Metasploit
- Wrapping up and generating manual reports
- The format of the report
- The executive summary
- Methodology/network admin-level report
- Additional sections
- Summary and preparation for real-world scenarios
- Exploiting Real-World Challenges with Metasploit
- Scenario 1: Mirror environment
- Understanding the environment
- Fingerprinting the target with DB_NMAP
- Gaining access to vulnerable web applications
- Migrating from a PHP meterpreter to a Windows meterpreter
- Pivoting to internal networks
- Scanning internal networks through a meterpreter pivot
- Using the socks server module in Metasploit
- Dumping passwords in clear text
- Sniffing a network with Metasploit
- Summary of the attack
- Scenario 2: You can't see my meterpreter
- Using shellcode for fun and profit
- Encrypting the shellcode
- Creating a decoder executable
- Further roadmap and summary 更新時間:2021-07-09 21:00:32
推薦閱讀
- Web漏洞分析與防范實戰:卷1
- 科技安全:戰略實踐與展望
- Learning Python for Forensics
- 黑客攻防技巧
- Preventing Digital Extortion
- 反黑命令與攻防從新手到高手(微課超值版)
- 黑客攻防與網絡安全從新手到高手(絕招篇)
- 解密數據恢復
- Learning Pentesting for Android Devices
- 網絡安全大數據分析與實戰
- VMware vCloud Security
- 云計算安全:關鍵技術、原理及應用
- 數字銀行安全體系構建
- 信息系統安全等級化保護原理與實踐
- Kali Linux無線網絡滲透測試詳解
- 云安全深度剖析:技術原理及應用實踐
- Cisco Firepower威脅防御(FTD)設備的高級排錯與配置
- 基于數據科學的惡意軟件分析
- 從實踐中學習TCP/IP協議
- Mastering Windows Security and Hardening
- INSTANT Citrix Security How-to
- 網絡空間安全防御與態勢感知
- 威脅建模:安全設計中的風險識別和規避
- 內生安全:新一代網絡安全框架體系與實踐
- 信息安全技術專業基于工作過程支撐平臺課程體系開發實踐
- 網絡空間安全通識教程
- Hands-On Penetration Testing on Windows
- DevSecOps原理、核心技術與實戰
- 維護網絡空間安全:中國網絡安全法解讀
- 物聯網設備安全
