舉報 
會員
Kali Linux Intrusion and Exploitation Cookbook
最新章節:
Conclusion
Thisbookisintendedforthosewhowanttoknowmoreaboutinformationsecurity.Inparticular,it'sidealforsystemadministratorsandsystemarchitectswhowanttoensurethattheinfrastructureandsystemstheyarecreatingandmanagingaresecure.Thisbookhelpsbothbeginnersandintermediatesbyallowingthemtouseitasareferencebookandtogainin-depthknowledge.
最新章節
- Conclusion
- General penetration testing phases
- What is the goal here?
- Who should be doing penetration testing?
- Types of penetration testing
- Objectives of penetration testing
品牌:中圖公司
上架時間:2021-07-09 18:04:42
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Conclusion 更新時間:2021-07-09 18:27:09
- General penetration testing phases
- What is the goal here?
- Who should be doing penetration testing?
- Types of penetration testing
- Objectives of penetration testing
- Penetration testing versus vulnerability assessment
- What is vulnerability assessment
- What is penetration testing?
- Introduction
- Appendix A. Pen Testing 101 Basics
- Denial-of-service attacks
- Cracking WPS
- Cracking WPA/WPA2 encryption
- Cracking WEP encryption
- Sniffing network traffic
- Bypassing MAC address filtering
- Setting up a wireless network
- Introduction
- Chapter 10. Wireless Exploitation
- Linux privilege escalation
- Misconfigured software installations/insecure file permissions
- Service permission issues
- Unquoted service-path exploitation
- Sensitive-information gathering
- Using WMIC to find privilege-escalation vulnerabilities
- Introduction
- Chapter 9. Privilege Escalation and Exploitation
- Cracking NTLM hashes using rainbow tables
- Using BeEF for browser exploitation
- Using Social-Engineering Toolkit
- Cracking password hashes
- Using local password-attack tools
- Introduction
- Chapter 8. System and Password Exploitation
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
- Using Metasploit to exploit Heartbleed
- Exploiting Shellshock using Burp
- Using Weevely for file upload vulnerability
- Exploiting SQL Injection on URL parameters using SQL Injection
- Using sqlmap to find SQL Injection on the login page
- Using Burp for active/passive scanning
- Introduction
- Chapter 7. Web Application Exploitation
- Using Burp Sequencer to test the session randomness
- Using Burp Intruder for customized attack automation
- Using Burp Proxy to intercept HTTP traffic
- Using Skipfish for vulnerability assessment
- Using Nikto for web server assessment
- Using W3af for vulnerability assessment
- Running vulnerable web applications in Docker
- Introduction
- Chapter 6. Web Application Vulnerability Assessment
- Finding SSL cipher vulnerabilities
- CMS and plugins detection using WhatWeb and p0f
- Discovering hidden files/directories using DirBuster
- HTTP and DNS load balancer detection
- Web application firewall detection
- Using DNS protocol for information gathering
- Gathering information using theharvester
- Using recon-ng for reconnaissance
- Setting up API keys for recon-ng
- Introduction
- Chapter 5. Web Application Information Gathering
- Exploiting services using exploit-db scripts
- Exploiting vulnerable services (Windows)
- Exploiting vulnerable services (Unix)
- Cracking Cisco login using custom wordlist
- Cracking MySql and PostgreSQL login using custom wordlist
- Cracking HTTP logins using custom wordlist
- Cracking SSH login using custom wordlist
- Cracking FTP login using custom wordlist
- Gathering information for credential cracking
- Introduction
- Chapter 4. Network Exploitation
- Vulnerability assessment with OpenVAS framework
- Walkthrough of Metasploitable assessment with Metasploit
- Integrating nmap with Metasploit
- Using nmap for manual vulnerability assessment
- Introduction
- Chapter 3. Network Vulnerability Assessment
- Open-source information gathering
- Service enumeration
- Determining the OS using nmap and xprobe2
- Service fingerprinting
- Using unicornscan for faster port scanning
- Discovering ports over the network
- Bypassing IDS/IPS/firewall
- Discovering live servers over the network
- Introduction
- Chapter 2. Network Information Gathering
- Installing Docker on Kali Linux
- Configuring third-party tools
- Configuring Nessus and Metasploit
- Configuring remote connectivity services - HTTP TFTP and SSH
- Customizing Kali Linux for faster operations
- Customizing Kali Linux for faster package updates
- Installing Kali Linux on a virtual machine
- Installing NetHunter on OnePlus One
- Installing Kali Linux on Docker
- Installing Kali Linux on Cloud - Amazon AWS
- Introduction
- Chapter 1. Getting Started - Setting Up an Environment
- Preface
- Customer Feedback
- www.PacktPub.com
- About the Reviewers
- About the Authors
- Credits
- 版權信息
- 封面
- 封面
- 版權信息
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Preface
- Chapter 1. Getting Started - Setting Up an Environment
- Introduction
- Installing Kali Linux on Cloud - Amazon AWS
- Installing Kali Linux on Docker
- Installing NetHunter on OnePlus One
- Installing Kali Linux on a virtual machine
- Customizing Kali Linux for faster package updates
- Customizing Kali Linux for faster operations
- Configuring remote connectivity services - HTTP TFTP and SSH
- Configuring Nessus and Metasploit
- Configuring third-party tools
- Installing Docker on Kali Linux
- Chapter 2. Network Information Gathering
- Introduction
- Discovering live servers over the network
- Bypassing IDS/IPS/firewall
- Discovering ports over the network
- Using unicornscan for faster port scanning
- Service fingerprinting
- Determining the OS using nmap and xprobe2
- Service enumeration
- Open-source information gathering
- Chapter 3. Network Vulnerability Assessment
- Introduction
- Using nmap for manual vulnerability assessment
- Integrating nmap with Metasploit
- Walkthrough of Metasploitable assessment with Metasploit
- Vulnerability assessment with OpenVAS framework
- Chapter 4. Network Exploitation
- Introduction
- Gathering information for credential cracking
- Cracking FTP login using custom wordlist
- Cracking SSH login using custom wordlist
- Cracking HTTP logins using custom wordlist
- Cracking MySql and PostgreSQL login using custom wordlist
- Cracking Cisco login using custom wordlist
- Exploiting vulnerable services (Unix)
- Exploiting vulnerable services (Windows)
- Exploiting services using exploit-db scripts
- Chapter 5. Web Application Information Gathering
- Introduction
- Setting up API keys for recon-ng
- Using recon-ng for reconnaissance
- Gathering information using theharvester
- Using DNS protocol for information gathering
- Web application firewall detection
- HTTP and DNS load balancer detection
- Discovering hidden files/directories using DirBuster
- CMS and plugins detection using WhatWeb and p0f
- Finding SSL cipher vulnerabilities
- Chapter 6. Web Application Vulnerability Assessment
- Introduction
- Running vulnerable web applications in Docker
- Using W3af for vulnerability assessment
- Using Nikto for web server assessment
- Using Skipfish for vulnerability assessment
- Using Burp Proxy to intercept HTTP traffic
- Using Burp Intruder for customized attack automation
- Using Burp Sequencer to test the session randomness
- Chapter 7. Web Application Exploitation
- Introduction
- Using Burp for active/passive scanning
- Using sqlmap to find SQL Injection on the login page
- Exploiting SQL Injection on URL parameters using SQL Injection
- Using Weevely for file upload vulnerability
- Exploiting Shellshock using Burp
- Using Metasploit to exploit Heartbleed
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
- Chapter 8. System and Password Exploitation
- Introduction
- Using local password-attack tools
- Cracking password hashes
- Using Social-Engineering Toolkit
- Using BeEF for browser exploitation
- Cracking NTLM hashes using rainbow tables
- Chapter 9. Privilege Escalation and Exploitation
- Introduction
- Using WMIC to find privilege-escalation vulnerabilities
- Sensitive-information gathering
- Unquoted service-path exploitation
- Service permission issues
- Misconfigured software installations/insecure file permissions
- Linux privilege escalation
- Chapter 10. Wireless Exploitation
- Introduction
- Setting up a wireless network
- Bypassing MAC address filtering
- Sniffing network traffic
- Cracking WEP encryption
- Cracking WPA/WPA2 encryption
- Cracking WPS
- Denial-of-service attacks
- Appendix A. Pen Testing 101 Basics
- Introduction
- What is penetration testing?
- What is vulnerability assessment
- Penetration testing versus vulnerability assessment
- Objectives of penetration testing
- Types of penetration testing
- Who should be doing penetration testing?
- What is the goal here?
- General penetration testing phases
- Conclusion 更新時間:2021-07-09 18:27:09
