Metasploit : (Record no. 849397)
[ view plain ]
| 000 -LEADER | |
|---|---|
| campo de control de longitud fija | 07684nam a2200289 a 4500 |
| 003 - IDENTIFICADOR DE NÚMERO DE CONTROL | |
| campo de control | AR-LpUFIB |
| 005 - FECHA Y HORA DE LA ÚLTIMA TRANSACCIÓN | |
| campo de control | 20240131171235.0 |
| 007 - CAMPO FIJO DE DESCRIPCIÓN FÍSICA--INFORMACIÓN GENERAL | |
| campo de control de longitud fija | ta |
| 008 - DATOS DE LONGITUD FIJA--INFORMACIÓN GENERAL | |
| campo de control de longitud fija | 230201s2011 xxua dr 000 0 eng d |
| 020 ## - NÚMERO INTERNACIONAL ESTÁNDAR DEL LIBRO | |
| Número Internacional Estándar del Libro | 9781593272883 |
| 024 8# - IDENTIFICADOR DE OTROS ESTÁNDARES | |
| Número estándar o código | DIF007385 |
| 040 ## - FUENTE DE CATALOGACIÓN | |
| Centro catalogador/agencia de origen | AR-LpUFIB |
| Lengua de catalogación | spa |
| Centro/agencia transcriptor | AR-LpUFIB |
| 100 1# - ENTRADA PRINCIPAL--NOMBRE DE PERSONA | |
| Nombre de persona | Kennedy, David |
| 9 (RLIN) | 258393 |
| 245 10 - MENCIÓN DEL TÍTULO | |
| Título | Metasploit : |
| Resto del título | the penetration tester's guide |
| 260 ## - PUBLICACIÓN, DISTRIBUCIÓN, ETC. | |
| Lugar de publicación, distribución, etc. | San Francisco : |
| Nombre del editor, distribuidor, etc. | No Starch Press, |
| Fecha de publicación, distribución, etc. | 2011 |
| 300 ## - DESCRIPCIÓN FÍSICA | |
| Extensión | xxiv, 299 p. : |
| Otras características físicas | il. |
| 500 ## - NOTA GENERAL | |
| Nota general | Incluye índice. |
| 505 0# - NOTA DE CONTENIDO CON FORMATO | |
| Nota de contenido con formato | FOREWORD by HD Moore -- PREFACE -- ACKNOWLEDGMENTS -- Special Thanks INTRODUCTION -- Why Do A Penetration Test? -- Why Metasploit? -- A Brief History of Metasploit -- About this Book -- What’s in the Book? -- A Note on Ethics -- 1 THE ABSOLUTE BASICS OF PENETRATION TESTING -- The Phases of the PTES -- Pre-engagement Interactions -- Intelligence Gathering -- Threat Modeling -- Vulnerability Analysis -- Exploitation -- Post Exploitation -- Reporting -- Types of Penetration Tests -- Overt Penetration Testing -- Covert Penetration Testing -- Vulnerability Scanners -- Pulling It All Together -- 2 METASPLOIT BASICS -- Terminology -- Exploit -- Payload -- Shellcode -- Module -- Listener -- Metasploit Interfaces -- MSFconsole -- MSFcli -- Armitage -- Metasploit Utilities -- MSFpayload -- MSFencode -- Nasm Shell -- Metasploit Express and Metasploit Pro -- Wrapping Up -- 3 INTELL IGENCE GATHER ING -- Passive Information Gathering -- whois Lookups Netcraft NSLookup -- Active Information Gathering -- Port Scanning with Nmap -- Working with Databases in Metasploit -- Port Scanning with Metasploit -- Targeted Scanning -- Server Message Block Scanning -- Hunting for Poorly Configured Microsoft SQL Servers -- SSH Server Scanning -- FTP Scanning -- Simple Network Management Protocol Sweeping -- Writing a Custom Scanner -- Looking Ahead -- 4 VULNERAB IL ITY SCANN ING -- The Basic Vulnerability Scan -- Scanning with NeXpose -- Configuration -- Importing Your Report into the Metasploit Framework -- Running NeXpose Within MSFconsole -- Scanning with Nessus -- Nessus Configuration -- Creating a Nessus Scan Policy -- Running a Nessus Scan -- Nessus Reports -- Importing Results into the Metasploit Framework -- Scanning with Nessus from Within Metasploit -- Specialty Vulnerability Scanners -- Validating SMB Logins -- Scanning for Open VNC Authentication -- Scanning for Open X11 Servers -- Using Scan Results for Autopwning -- 5 THE JOY OF EXPLO ITAT ION -- Basic Exploitation -- msf> show exploits -- msf> show auxiliary -- msf> show options -- msf> show payloads msf> show targets -- info -- set and unset -- setg and unsetg -- save -- Exploiting Your First Machine -- Exploiting an Ubuntu Machine -- All-Ports Payloads: Brute Forcing Ports -- Resource Files -- Wrapping Up -- 6 METERPRETER -- Compromising a Windows XP Virtual Machine -- Scanning for Ports with Nmap -- Attacking MS SQL -- Brute Forcing MS SQL Server -- The xp_cmdshell -- Basic Meterpreter Commands -- Capturing Keystrokes -- Dumping Usernames and Passwords -- Extracting the Password Hashes -- Dumping the Password Hash -- Pass the Hash -- Privilege Escalation -- Token Impersonation -- Using ps -- Pivoting onto Other Systems -- Using Meterpreter Scripts -- Migrating a Process -- Killing Antivirus Software -- Obtaining System Password Hashes -- Viewing All Traffic on a Target Machine -- Scraping a System -- Using Persistence -- Leveraging Post Exploitation Modules -- Upgrading Your Command Shell to Meterpreter -- Manipulating Windows APIs with the Railgun Add-On -- Wrapping Up -- 7 AVOIDING DETECT ION -- Creating Stand-Alone Binaries with MSFpayload -- Evading Antivirus Detection -- Encoding with MSFencode -- Multi-encoding -- Custom Executable Templates -- Launching a Payload Stealthily -- A Final Note on Antivirus Software Evasion -- 8 EXPLOITATION USING CLIENT-SIDE ATTACKS -- Browser-Based Exploits -- How Browser-Based Exploits Work -- Looking at NOPs -- Using Immunity Debugger to Decipher NOP Shellcode -- Exploring the Internet Explorer Aurora Exploit -- File Format Exploits -- Sending the Payload -- Wrapping Up -- 9 METASPLOIT AUXILIARY MODULES -- Auxiliary Modules in Use -- Anatomy of an Auxiliary Module -- Going Forward -- 10 THE SOCIAL-ENGINEER TOOLKIT -- Configuring the Social-Engineer Toolkit -- Spear-Phishing Attack Vector -- Web Attack Vectors -- Java Applet -- Client-Side Web Exploits -- Username and Password Harvesting -- Tabnabbing -- Man-Left-in-the-Middle -- Web Jacking -- Putting It All Together with a Multipronged Attack -- Infectious Media Generator -- Teensy USB HID Attack Vector -- Additional SET Features -- Looking Ahead -- 11 FAST-TRACK -- Microsoft SQL Injection -- SQL Injector—Query String Attack -- SQL Injector—POST Parameter Attack -- Manual Injection -- MSSQL Bruter -- SQLPwnage -- Binary-to-Hex Generator -- Mass Client-Side Attack -- A Few Words About Automation -- 12 KARMETASPLOIT -- Configuration -- Launching the Attack -- Credential Harvesting -- Getting a Shell -- Wrapping Up -- 13 BUILDING YOUR OWN MODULE -- Getting Command Execution on Microsoft SQL -- Exploring an Existing Metasploit Module -- Creating a New Module -- PowerShell -- Running the Shell Exploit -- Creating powershell_upload_exec -- Conversion from Hex to Binary -- Counters -- Running the Exploit -- The Power of Code Reuse -- 14 CREATING YOUR OWN EXPLOITS -- The Art of Fuzzing -- Controlling the Structured Exception Handler -- Hopping Around SEH Restrictions -- Getting a Return Address -- Bad Characters and Remote Code Execution -- Wrapping Up -- 15 PORTING EXPLOITS TO THE METASPLOIT FRAMEWORK -- Assembly Language Basics -- EIP and ESP Registers -- The JMP Instruction Set -- NOPs and NOP Slides -- Porting a Buffer Overflow -- Stripping the Existing Exploit -- Configuring the Exploit Definition -- Testing Our Base Exploit -- Implementing Features of the Framework -- Adding Randomization -- Removing the NOP Slide -- Removing the Dummy Shellcode -- Our Completed Module -- SEH Overwrite Exploit -- Wrapping Up -- 16 METERPRETER SCRIPTING -- Meterpreter Scripting Basics -- Meterpreter API -- Printing Output -- Base API Calls -- Meterpreter Mixins -- Rules for Writing Meterpreter Scripts -- Creating Your Own Meterpreter Script -- Wrapping Up -- 17 SIMULATED PENETRATION TEST -- Pre-engagement Interactions -- Intelligence Gathering -- Threat Modeling -- Exploitation -- Customizing MSFconsole -- Post Exploitation -- Scanning the Metasploitable System -- Identifying Vulnerable Services -- Attacking Apache Tomcat -- Attacking Obscure Services -- Covering Your Tracks -- Wrapping Up -- A CONFIGURING YOUR TARGET MACHINES -- Installing and Setting Up the System -- Booting Up the Linux Virtual Machines -- Setting Up a Vulnerable Windows XP Installation -- Configuring Your Web Server on Windows XP -- Building a SQL Server -- Creating a Vulnerable Web Application -- Updating Back|Track -- B CHEAT SHEET -- MSFconsole Commands -- Meterpreter Commands -- MSFpayload Commands -- MSFencode Commands -- MSFcli Commands -- MSF, Ninja, Fu -- MSFvenom -- Meterpreter Post Exploitation Commands -- INDEX |
| 650 #4 - PUNTO DE ACCESO ADICIONAL DE MATERIA--TÉRMINO DE MATERIA | |
| Término de materia o nombre geográfico como elemento de entrada | SEGURIDAD INFORMÁTICA |
| 9 (RLIN) | 247559 |
| 650 #4 - PUNTO DE ACCESO ADICIONAL DE MATERIA--TÉRMINO DE MATERIA | |
| Término de materia o nombre geográfico como elemento de entrada | SOFTWARE DE CÓDIGO ABIERTO |
| 9 (RLIN) | 254609 |
| 650 #4 - PUNTO DE ACCESO ADICIONAL DE MATERIA--TÉRMINO DE MATERIA | |
| Término de materia o nombre geográfico como elemento de entrada | TEST DE PENETRACIÓN |
| 9 (RLIN) | 256516 |
| 653 ## - TÉRMINO DE INDIZACIÓN--NO CONTROLADO | |
| Término no controlado | Metasploit |
| 700 1# - ENTRADA AGREGADA--NOMBRE PERSONAL | |
| Nombre de persona | O'Gorman, Jim |
| 9 (RLIN) | 258394 |
| 700 1# - ENTRADA AGREGADA--NOMBRE PERSONAL | |
| Nombre de persona | Kearns, Devon |
| 9 (RLIN) | 258395 |
| 700 1# - ENTRADA AGREGADA--NOMBRE PERSONAL | |
| Nombre de persona | Aharoni, Mati |
| 9 (RLIN) | 258396 |
| 942 ## - ELEMENTOS DE ENTRADA SECUNDARIOS (KOHA) | |
| Tipo de ítem Koha | Libros |
| Estado retirado | Estado de pérdida | Estado de daño | No para préstamo | Biblioteca de origen | Biblioteca actual | Fecha de adquisición | Número de inventario | Total de préstamos | Signatura topográfica completa | Código de barras | Visto por última vez | Precio de reemplazo | Tipo de ítem Koha |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Disponible para préstamo | Biblioteca Fac.Informática | Biblioteca Fac.Informática | 31/01/2024 | DIF-04830 | K.6.5 MET | DIF-04830 | 31/01/2024 | 31/01/2024 | Libros |