| Description |
1 online resource (iii, 250 pages) |
| Contents |
1. Metasploit Quick Tips for Security Professionals -- 2. Information Gathering and Scanning -- 3. Operating System-based Vulnerability Assessment and Exploitation -- 4. Client-side Exploitation and Antivirus Bypass -- 5. Using Meterpreter to Explore the Compromised Target -- 6. Advanced Meterpreter Scripting -- 7. Working with Modules for Penetration Testing -- 8. Working with Exploits -- 9. Working with Armitage -- 10. Social Engineer Toolkit |
|
1. Metasploit Quick Tips for Security Professionals -- Introduction -- Configuring Metasploit on Windows -- Configuring Metasploit on Ubuntu -- Metasploit with BackTrack 5 -- the ultimate combination -- Setting up the penetration testing lab on a single machine -- Setting up Metasploit on a virtual machine with SSH connectivity -- Beginning with the interfaces -- the "Hello World" of Metasploit -- Setting up the database in Metasploit -- Using the database to store penetration testing results -- Analyzing the stored results of the database -- 2. Information Gathering and Scanning -- Introduction -- Passive information gathering 1.0 -- the traditional way -- Passive information gathering 2.0 -- the next level -- Port scanning -- the Nmap way -- Exploring auxiliary modules for scanning -- Target service scanning with auxiliary modules -- Vulnerability scanning with Nessus -- Scanning with NeXpose -- Sharing information with the Dradis framework -- 3. Operating System-based Vulnerability Assessment and Exploitation -- Introduction -- Exploit usage quick tips -- Penetration testing on a Windows XP SP2 machine -- Binding a shell to the target for remote access -- Penetration testing on the Windows 2003 Server -- Windows 7/Server 2008 R2 SMB client infinite loop -- Exploiting a Linux (Ubuntu) machine -- Understanding the Windows DLL injection flaws -- 4. Client-side Exploitation and Antivirus Bypass -- Introduction -- Internet Explorer unsafe scripting misconfiguration vulnerability -- Internet Explorer CSS recursive call memory corruption -- Microsoft Word RTF stack buffer overflow -- Adobe Reader util.printf() buffer overflow -- Generating binary and a shellcode from msfpayload -- Bypassing client-side antivirus protection using msfencode -- Using the killav.rb script to disable antivirus programs -- A Deeper look into the killav.rb script -- Killing antivirus services from the command line -- 5. Using Meterpreter to Explore the Compromised Target -- Introduction -- Analyzing meterpreter system commands -- Privilege escalation and process migration -- Setting multiple communication channels with the target -- Meterpreter filesystem commands -- Changing file attributes using timestomp -- Using meterpreter networking commands -- The getdesktop and keystroke sniffing -- Using a scraper meterpreter script -- 6. Advanced Meterpreter Scripting -- Introduction -- Passing the hash -- Setting up a persistent connection with backdoors -- Pivoting with meterpreter -- Port forwarding with meterpreter -- Meterpreter API and mixins -- Railgun -- converting Ruby into a weapon -- Adding a DLL and function definition to Railgun -- Building a "Windows Firewall De-activator" meterpreter script -- Analyzing an existing meterpreter script -- 7. Working with Modules for Penetration Testing -- Introduction -- Working with scanner auxiliary modules -- Working with auxiliary admin modules -- SQL injection and DOS attack modules -- Post exploitation modules -- Understanding the basics of module building -- Analyzing an existing module -- Building your own post exploitation module -- 8. Working with Exploits -- Introduction -- Exploiting the module structure -- Common exploit mixins -- Working with msfvenom -- Converting exploit to a Metasploit module -- Porting and testing the new exploit module -- Fuzzing with Metasploit -- Writing a simple FileZilla FTP fuzzer -- 9. Working with Armitage -- Introduction -- Getting started with Armitage -- Scanning and information gathering -- Finding vulnerabilities and attacking targets -- Handling multiple targets using the tab switch -- Post-exploitation with Armitage -- Client-side exploitation with Armitage -- 10. Social Engineer Toolkit -- Introduction -- Getting started with Social Engineer Toolkit (SET) -- Working with the SET config file -- Spear-phishing attack vector -- Website attack vectors -- Multi-attack web method -- Infectious media generator |
| Summary |
"This is a Cookbook which follows a practical task-based style. There are plenty of code and commands used for illustration which make your learning curve easy and quick. This book targets both professional penetration testers as well as new users of Metasploit who wish to gain expertise over the framework. The book requires basic knowledge of scanning, exploitation, and Ruby language"--EBL |
| Notes |
"Quick answers to common problems." |
|
Includes index |
|
English |
|
Print version record |
| SUBJECT |
Metasploit (Electronic resource) http://id.loc.gov/authorities/names/n2011043654
|
|
Metasploit (Electronic resource) fast |
| Subject |
Computers -- Access control.
|
|
Penetration testing (Computer security)
|
|
Computer networks -- Security measures -- Testing
|
|
COMPUTERS -- Internet -- Security.
|
|
COMPUTERS -- Networking -- Security.
|
|
COMPUTERS -- Security -- General.
|
|
Computers -- Access control
|
|
Penetration testing (Computer security)
|
| Form |
Electronic book
|
| ISBN |
9781849517430 |
|
1849517436 |
|
9781621989042 |
|
1621989046 |
|
1281090131 |
|
9781281090133 |
|
9786613775498 |
|
6613775495 |
|
