Metasploit : the penetration tester's guide
- San Francisco : No Starch Press, 2011
- xxiv, 299 p. : il.
Incluye índice.
FOREWORD by HD Moore -- PREFACE -- ACKNOWLEDGMENTS -- Special Thanks INTRODUCTION -- Why Do A Penetration Test? -- Why Metasploit? -- A Brief History of Metasploit -- About this Book -- What’s in the Book? -- A Note on Ethics -- 1 THE ABSOLUTE BASICS OF PENETRATION TESTING -- The Phases of the PTES -- Pre-engagement Interactions -- Intelligence Gathering -- Threat Modeling -- Vulnerability Analysis -- Exploitation -- Post Exploitation -- Reporting -- Types of Penetration Tests -- Overt Penetration Testing -- Covert Penetration Testing -- Vulnerability Scanners -- Pulling It All Together -- 2 METASPLOIT BASICS -- Terminology -- Exploit -- Payload -- Shellcode -- Module -- Listener -- Metasploit Interfaces -- MSFconsole -- MSFcli -- Armitage -- Metasploit Utilities -- MSFpayload -- MSFencode -- Nasm Shell -- Metasploit Express and Metasploit Pro -- Wrapping Up -- 3 INTELL IGENCE GATHER ING -- Passive Information Gathering -- whois Lookups Netcraft NSLookup -- Active Information Gathering -- Port Scanning with Nmap -- Working with Databases in Metasploit -- Port Scanning with Metasploit -- Targeted Scanning -- Server Message Block Scanning -- Hunting for Poorly Configured Microsoft SQL Servers -- SSH Server Scanning -- FTP Scanning -- Simple Network Management Protocol Sweeping -- Writing a Custom Scanner -- Looking Ahead -- 4 VULNERAB IL ITY SCANN ING -- The Basic Vulnerability Scan -- Scanning with NeXpose -- Configuration -- Importing Your Report into the Metasploit Framework -- Running NeXpose Within MSFconsole -- Scanning with Nessus -- Nessus Configuration -- Creating a Nessus Scan Policy -- Running a Nessus Scan -- Nessus Reports -- Importing Results into the Metasploit Framework -- Scanning with Nessus from Within Metasploit -- Specialty Vulnerability Scanners -- Validating SMB Logins -- Scanning for Open VNC Authentication -- Scanning for Open X11 Servers -- Using Scan Results for Autopwning -- 5 THE JOY OF EXPLO ITAT ION -- Basic Exploitation -- msf> show exploits -- msf> show auxiliary -- msf> show options -- msf> show payloads msf> show targets -- info -- set and unset -- setg and unsetg -- save -- Exploiting Your First Machine -- Exploiting an Ubuntu Machine -- All-Ports Payloads: Brute Forcing Ports -- Resource Files -- Wrapping Up -- 6 METERPRETER -- Compromising a Windows XP Virtual Machine -- Scanning for Ports with Nmap -- Attacking MS SQL -- Brute Forcing MS SQL Server -- The xp_cmdshell -- Basic Meterpreter Commands -- Capturing Keystrokes -- Dumping Usernames and Passwords -- Extracting the Password Hashes -- Dumping the Password Hash -- Pass the Hash -- Privilege Escalation -- Token Impersonation -- Using ps -- Pivoting onto Other Systems -- Using Meterpreter Scripts -- Migrating a Process -- Killing Antivirus Software -- Obtaining System Password Hashes -- Viewing All Traffic on a Target Machine -- Scraping a System -- Using Persistence -- Leveraging Post Exploitation Modules -- Upgrading Your Command Shell to Meterpreter -- Manipulating Windows APIs with the Railgun Add-On -- Wrapping Up -- 7 AVOIDING DETECT ION -- Creating Stand-Alone Binaries with MSFpayload -- Evading Antivirus Detection -- Encoding with MSFencode -- Multi-encoding -- Custom Executable Templates -- Launching a Payload Stealthily -- A Final Note on Antivirus Software Evasion -- 8 EXPLOITATION USING CLIENT-SIDE ATTACKS -- Browser-Based Exploits -- How Browser-Based Exploits Work -- Looking at NOPs -- Using Immunity Debugger to Decipher NOP Shellcode -- Exploring the Internet Explorer Aurora Exploit -- File Format Exploits -- Sending the Payload -- Wrapping Up -- 9 METASPLOIT AUXILIARY MODULES -- Auxiliary Modules in Use -- Anatomy of an Auxiliary Module -- Going Forward -- 10 THE SOCIAL-ENGINEER TOOLKIT -- Configuring the Social-Engineer Toolkit -- Spear-Phishing Attack Vector -- Web Attack Vectors -- Java Applet -- Client-Side Web Exploits -- Username and Password Harvesting -- Tabnabbing -- Man-Left-in-the-Middle -- Web Jacking -- Putting It All Together with a Multipronged Attack -- Infectious Media Generator -- Teensy USB HID Attack Vector -- Additional SET Features -- Looking Ahead -- 11 FAST-TRACK -- Microsoft SQL Injection -- SQL Injector—Query String Attack -- SQL Injector—POST Parameter Attack -- Manual Injection -- MSSQL Bruter -- SQLPwnage -- Binary-to-Hex Generator -- Mass Client-Side Attack -- A Few Words About Automation -- 12 KARMETASPLOIT -- Configuration -- Launching the Attack -- Credential Harvesting -- Getting a Shell -- Wrapping Up -- 13 BUILDING YOUR OWN MODULE -- Getting Command Execution on Microsoft SQL -- Exploring an Existing Metasploit Module -- Creating a New Module -- PowerShell -- Running the Shell Exploit -- Creating powershell_upload_exec -- Conversion from Hex to Binary -- Counters -- Running the Exploit -- The Power of Code Reuse -- 14 CREATING YOUR OWN EXPLOITS -- The Art of Fuzzing -- Controlling the Structured Exception Handler -- Hopping Around SEH Restrictions -- Getting a Return Address -- Bad Characters and Remote Code Execution -- Wrapping Up -- 15 PORTING EXPLOITS TO THE METASPLOIT FRAMEWORK -- Assembly Language Basics -- EIP and ESP Registers -- The JMP Instruction Set -- NOPs and NOP Slides -- Porting a Buffer Overflow -- Stripping the Existing Exploit -- Configuring the Exploit Definition -- Testing Our Base Exploit -- Implementing Features of the Framework -- Adding Randomization -- Removing the NOP Slide -- Removing the Dummy Shellcode -- Our Completed Module -- SEH Overwrite Exploit -- Wrapping Up -- 16 METERPRETER SCRIPTING -- Meterpreter Scripting Basics -- Meterpreter API -- Printing Output -- Base API Calls -- Meterpreter Mixins -- Rules for Writing Meterpreter Scripts -- Creating Your Own Meterpreter Script -- Wrapping Up -- 17 SIMULATED PENETRATION TEST -- Pre-engagement Interactions -- Intelligence Gathering -- Threat Modeling -- Exploitation -- Customizing MSFconsole -- Post Exploitation -- Scanning the Metasploitable System -- Identifying Vulnerable Services -- Attacking Apache Tomcat -- Attacking Obscure Services -- Covering Your Tracks -- Wrapping Up -- A CONFIGURING YOUR TARGET MACHINES -- Installing and Setting Up the System -- Booting Up the Linux Virtual Machines -- Setting Up a Vulnerable Windows XP Installation -- Configuring Your Web Server on Windows XP -- Building a SQL Server -- Creating a Vulnerable Web Application -- Updating Back|Track -- B CHEAT SHEET -- MSFconsole Commands -- Meterpreter Commands -- MSFpayload Commands -- MSFencode Commands -- MSFcli Commands -- MSF, Ninja, Fu -- MSFvenom -- Meterpreter Post Exploitation Commands -- INDEX
9781593272883
DIF007385
SEGURIDAD INFORMÁTICA SOFTWARE DE CÓDIGO ABIERTO TEST DE PENETRACIÓN