最新章節
- Index
- Infectious media generator
- Multi-attack web method
- Website attack vectors
- Spear-phishing attack vector
- Working with the SET config file
品牌:中圖公司
上架時間:2021-08-13 16:50:01
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Index 更新時間:2021-08-13 18:21:31
- Infectious media generator
- Multi-attack web method
- Website attack vectors
- Spear-phishing attack vector
- Working with the SET config file
- Getting started with Social Engineer Toolkit (SET)
- Introduction
- Chapter 10. Social Engineer Toolkit
- Client-side exploitation with Armitage
- Post-exploitation with Armitage
- Handling multiple targets using the tab switch
- Finding vulnerabilities and attacking targets
- Scanning and information gathering
- Getting started with Armitage
- Introduction
- Chapter 9. Working with Armitage
- Writing a simple FileZilla FTP fuzzer
- Fuzzing with Metasploit
- Porting and testing the new exploit module
- Converting exploit to a Metasploit module
- Working with msfvenom
- Common exploit mixins
- Exploiting the module structure
- Introduction
- Chapter 8. Working with Exploits
- Building your own post-exploitation module
- Analyzing an existing module
- Understanding the basics of module building
- Post-exploitation modules
- SQL injection and DOS attack modules
- Working with auxiliary admin modules
- Working with scanner auxiliary modules
- Introduction
- Chapter 7. Working with Modules for Penetration Testing
- Analyzing an existing meterpreter script
- Building a "Windows Firewall De-activator" meterpreter script
- Adding DLL and function definition to Railgun
- Railgun - converting Ruby into a weapon
- Meterpreter API and mixins
- Port forwarding with meterpreter
- Pivoting with meterpreter
- Setting up a persistent connection with backdoors
- Passing the hash
- Introduction
- Chapter 6. Advanced Meterpreter Scripting
- Using a scraper meterpreter script
- The getdesktop and keystroke sniffing
- Using meterpreter networking commands
- Changing file attributes using timestomp
- Meterpreter filesystem commands
- Setting up multiple communication channels with the target
- Privilege escalation and process migration
- Analyzing meterpreter system commands
- Introduction
- Chapter 5. Using Meterpreter to Explore the Compromised Target
- Killing antivirus services from the command line
- A deeper look into the killav.rb script
- Using the killav.rb script to disable antivirus programs
- Bypassing client-side antivirus protection using msfencode
- Generating binary and shellcode from msfpayload
- Adobe Reader util.printf() buffer overflow
- Microsoft Word RTF stack buffer overflow
- Internet Explorer CSS recursive call memory corruption
- Internet Explorer unsafe scripting misconfiguration vulnerability
- Introduction
- Chapter 4. Client-side Exploitation and Antivirus Bypass
- Understanding the Windows DLL injection flaws
- Exploiting a Linux (Ubuntu) machine
- Windows 7/Server 2008 R2 SMB client infinite loop
- Penetration testing on the Windows 2003 Server
- Binding a shell to the target for remote access
- Penetration testing on a Windows XP SP2 machine
- Exploit usage quick tips
- Introduction
- Chapter 3. Operating System-based Vulnerability Assessment and Exploitation
- Sharing information with the Dradis framework
- Scanning with NeXpose
- Vulnerability scanning with Nessus
- Target service scanning with auxiliary modules
- Exploring auxiliary modules for scanning
- Port scanning - the Nmap way
- Passive information gathering 2.0 - the next level
- Passive information gathering 1.0 - the traditional way
- Introduction
- Chapter 2. Information Gathering and Scanning
- Analyzing the stored results of the database
- Using the database to store penetration testing results
- Setting up the database in Metasploit
- Beginning with the interfaces the "Hello World" of Metasploit
- Setting up Metasploit on a virtual machine with SSH connectivity
- Setting up the penetration testing lab on a single machine
- Metasploit with BackTrack 5 the ultimate combination
- Configuring Metasploit on Ubuntu
- Configuring Metasploit on Windows
- Introduction
- Chapter 1. Metasploit Quick Tips for Security Professionals
- Customer support
- Reader feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Support files eBooks discount offers and more
- www.PacktPub.com
- About the Reviewers
- About the Author
- Credits
- Metasploit Penetration Testing Cookbook
- coverpage
- coverpage
- Metasploit Penetration Testing Cookbook
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Support files eBooks discount offers and more
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Chapter 1. Metasploit Quick Tips for Security Professionals
- Introduction
- Configuring Metasploit on Windows
- Configuring Metasploit on Ubuntu
- Metasploit with BackTrack 5 the ultimate combination
- Setting up the penetration testing lab on a single machine
- Setting up Metasploit on a virtual machine with SSH connectivity
- Beginning with the interfaces the "Hello World" of Metasploit
- Setting up the database in Metasploit
- Using the database to store penetration testing results
- Analyzing the stored results of the database
- Chapter 2. Information Gathering and Scanning
- Introduction
- Passive information gathering 1.0 - the traditional way
- Passive information gathering 2.0 - the next level
- Port scanning - the Nmap way
- Exploring auxiliary modules for scanning
- Target service scanning with auxiliary modules
- Vulnerability scanning with Nessus
- Scanning with NeXpose
- Sharing information with the Dradis framework
- Chapter 3. Operating System-based Vulnerability Assessment and Exploitation
- Introduction
- Exploit usage quick tips
- Penetration testing on a Windows XP SP2 machine
- Binding a shell to the target for remote access
- Penetration testing on the Windows 2003 Server
- Windows 7/Server 2008 R2 SMB client infinite loop
- Exploiting a Linux (Ubuntu) machine
- Understanding the Windows DLL injection flaws
- Chapter 4. Client-side Exploitation and Antivirus Bypass
- Introduction
- Internet Explorer unsafe scripting misconfiguration vulnerability
- Internet Explorer CSS recursive call memory corruption
- Microsoft Word RTF stack buffer overflow
- Adobe Reader util.printf() buffer overflow
- Generating binary and shellcode from msfpayload
- Bypassing client-side antivirus protection using msfencode
- Using the killav.rb script to disable antivirus programs
- A deeper look into the killav.rb script
- Killing antivirus services from the command line
- Chapter 5. Using Meterpreter to Explore the Compromised Target
- Introduction
- Analyzing meterpreter system commands
- Privilege escalation and process migration
- Setting up multiple communication channels with the target
- Meterpreter filesystem commands
- Changing file attributes using timestomp
- Using meterpreter networking commands
- The getdesktop and keystroke sniffing
- Using a scraper meterpreter script
- Chapter 6. Advanced Meterpreter Scripting
- Introduction
- Passing the hash
- Setting up a persistent connection with backdoors
- Pivoting with meterpreter
- Port forwarding with meterpreter
- Meterpreter API and mixins
- Railgun - converting Ruby into a weapon
- Adding DLL and function definition to Railgun
- Building a "Windows Firewall De-activator" meterpreter script
- Analyzing an existing meterpreter script
- Chapter 7. Working with Modules for Penetration Testing
- Introduction
- Working with scanner auxiliary modules
- Working with auxiliary admin modules
- SQL injection and DOS attack modules
- Post-exploitation modules
- Understanding the basics of module building
- Analyzing an existing module
- Building your own post-exploitation module
- Chapter 8. Working with Exploits
- Introduction
- Exploiting the module structure
- Common exploit mixins
- Working with msfvenom
- Converting exploit to a Metasploit module
- Porting and testing the new exploit module
- Fuzzing with Metasploit
- Writing a simple FileZilla FTP fuzzer
- Chapter 9. Working with Armitage
- Introduction
- Getting started with Armitage
- Scanning and information gathering
- Finding vulnerabilities and attacking targets
- Handling multiple targets using the tab switch
- Post-exploitation with Armitage
- Client-side exploitation with Armitage
- Chapter 10. Social Engineer Toolkit
- Introduction
- Getting started with Social Engineer Toolkit (SET)
- Working with the SET config file
- Spear-phishing attack vector
- Website attack vectors
- Multi-attack web method
- Infectious media generator
- Index 更新時間:2021-08-13 18:21:31
