Osoby które kupowaÅ‚y "Mastering Metasploit. With this tutorial you can improve your Metasploit skills and learn to put your network’s defenses to the ultimate test. The step-by-step approach teaches you the techniques and languages needed to become an expert", wybieraÅ‚y także:

• Windows Media Center. Domowe centrum rozrywki 66,67 zÅ‚, (8,00 zÅ‚ -88%)
• Ruby on Rails. Ćwiczenia 18,75 zÅ‚, (3,00 zÅ‚ -84%)
• Przywództwo w Å›wiecie VUCA. Jak być skutecznym liderem w niepewnym Å›rodowisku 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Scrum. O zwinnym zarzÄ…dzaniu projektami. Wydanie II rozszerzone 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Od hierarchii do turkusu, czyli jak zarzÄ…dzać w XXI wieku 58,64 zÅ‚, (12,90 zÅ‚ -78%)

Spis treści

Mastering Metasploit. With this tutorial you can improve your Metasploit skills and learn to put your network’s defenses to the ultimate test. The step-by-step approach teaches you the techniques and languages needed to become an expert eBook -- spis treÅ›ci

• Mastering Metasploit
  • Table of Contents
  • Mastering Metasploit
  • Credits
  • About the Author
  • About the Reviewers
  • www.PacktPub.com
    • Support files, eBooks, discount offers, and more
      • Why subscribe?
      • Free access for Packt account holders
  • Preface
    • What this book covers
    • What you need for this book
    • Who this book is for
    • Conventions
    • Reader feedback
    • Customer support
      • Errata
      • Piracy
      • Questions
  • 1. Approaching a Penetration Test Using Metasploit
    • Setting up the environment
      • Preinteractions
      • Intelligence gathering / reconnaissance phase
        • Presensing the test grounds
      • Modeling threats
      • Vulnerability analysis
      • Exploitation and post-exploitation
      • Reporting
    • Mounting the environment
      • Setting up the penetration test lab
      • The fundamentals of Metasploit
      • Configuring Metasploit on different environments
        • Configuring Metasploit on Windows XP/7
        • Configuring Metasploit on Ubuntu
      • Dealing with error states
        • Errors in the Windows-based installation
        • Errors in the Linux-based installation
    • Conducting a penetration test with Metasploit
      • Recalling the basics of Metasploit
      • Penetration testing Windows XP
        • Assumptions
        • Gathering intelligence
        • Modeling threats
        • Vulnerability analysis
        • The attack procedure with respect to the NETAPI vulnerability
        • The concept of attack
        • The procedure of exploiting a vulnerability
        • Exploitation and post-exploitation
        • Maintaining access
        • Clearing tracks
      • Penetration testing Windows Server 2003
      • Penetration testing Windows 7
        • Gathering intelligence
        • Modeling threats
        • Vulnerability analysis
        • The exploitation procedure
        • Exploitation and post-exploitation
      • Using the database to store and fetch results
        • Generating reports
    • The dominance of Metasploit
      • Open source
      • Support for testing large networks and easy naming conventions
      • Smart payload generation and switching mechanism
      • Cleaner exits
      • The GUI environment
    • Summary
  • 2. Reinventing Metasploit
    • Ruby the heart of Metasploit
      • Creating your first Ruby program
        • Interacting with the Ruby shell
        • Defining methods in the shell
      • Variables and data types in Ruby
        • Working with strings
        • The split function
        • The squeeze function
        • Numbers and conversions in Ruby
        • Ranges in Ruby
        • Arrays in Ruby
      • Methods in Ruby
      • Decision-making operators
      • Loops in Ruby
      • Regular expressions
      • Wrapping up with Ruby basics
    • Developing custom modules
      • Building a module in a nutshell
        • The architecture of the Metasploit framework
        • Understanding the libraries layout
      • Understanding the existing modules
      • Writing out a custom FTP scanner module
      • Writing out a custom HTTP server scanner
      • Writing out post-exploitation modules
    • Breakthrough meterpreter scripting
      • Essentials of meterpreter scripting
      • Pivoting the target network
      • Setting up persistent access
      • API calls and mixins
      • Fabricating custom meterpreter scripts
    • Working with RailGun
      • Interactive Ruby shell basics
      • Understanding RailGun and its scripting
      • Manipulating Windows API calls
      • Fabricating sophisticated RailGun scripts
    • Summary
  • 3. The Exploit Formulation Process
    • The elemental assembly primer
      • The basics
      • Architectures
        • System organization basics
      • Registers
      • Gravity of EIP
      • Gravity of ESP
      • Relevance of NOPs and JMP
      • Variables and declaration
      • Fabricating example assembly programs
    • The joy of fuzzing
      • Crashing the application
      • Variable input supplies
      • Generating junk
      • An introduction to Immunity Debugger
      • An introduction to GDB
    • Building up the exploit base
      • Calculating the buffer size
      • Calculating the JMP address
      • Examining the EIP
        • The script
      • Stuffing applications for fun and profit
      • Examining ESP
      • Stuffing the space
    • Finalizing the exploit
      • Determining bad characters
      • Determining space limitations
      • Fabricating under Metasploit
      • Automation functions in Metasploit
    • The fundamentals of a structured exception handler
      • Controlling SEH
      • Bypassing SEH
      • SEH-based exploits
    • Summary
  • 4. Porting Exploits
    • Porting a Perl-based exploit
      • Dismantling the existing exploit
        • Understanding the logic of exploitation
        • Gathering the essentials
      • Generating a skeleton for the exploit
      • Generating a skeleton using Immunity Debugger
      • Stuffing the values
      • Precluding the ShellCode
      • Experimenting with the exploit
    • Porting a Python-based exploit
      • Dismantling the existing exploit
      • Gathering the essentials
      • Generating a skeleton
      • Stuffing the values
      • Experimenting with the exploit
    • Porting a web-based exploit
      • Dismantling the existing exploit
      • Gathering the essentials
      • Grasping the important web functions
      • The essentials of the GET/POST method
      • Fabricating an auxiliary-based exploit
        • Working and explanation
      • Experimenting with the auxiliary exploit
    • Summary
  • 5. Offstage Access to Testing Services
    • The fundamentals of SCADA
      • The fundamentals of ICS and its components
      • The seriousness of ICS-SCADA
    • SCADA torn apart
      • The fundamentals of testing SCADA
      • SCADA-based exploits
    • Securing SCADA
      • Implementing secure SCADA
      • Restricting networks
    • Database exploitation
      • SQL server
      • FootPrinting SQL server with Nmap
      • Scanning with Metasploit modules
      • Brute forcing passwords
      • Locating/capturing server passwords
      • Browsing SQL server
      • Post-exploiting/executing system commands
        • Reloading the xp_cmdshell functionality
        • Running SQL-based queries
    • VOIP exploitation
      • VOIP fundamentals
        • An introduction to PBX
        • Types of VOIP services
        • Self-hosted network
        • Hosted services
        • SIP service providers
      • FootPrinting VOIP services
      • Scanning VOIP services
      • Spoofing a VOIP call
      • Exploiting VOIP
        • About the vulnerability
        • Exploiting the application
    • Post-exploitation on Apple iDevices
      • Exploiting iOS with Metasploit
    • Summary
  • 6. Virtual Test Grounds and Staging
    • Performing a white box penetration test
      • Interaction with the employees and end users
      • Gathering intelligence
        • Explaining the fundamentals of the OpenVAS vulnerability scanner
        • Setting up OpenVAS
        • Greenbone interfaces for OpenVAS
      • Modeling the threat areas
      • Targeting suspected vulnerability prone systems
      • Gaining access
      • Covering tracks
      • Introducing MagicTree
      • Other reporting services
    • Generating manual reports
      • The format of the report
        • The executive summary
        • Methodology / network admin level report
        • Additional sections
    • Performing a black box penetration test
      • FootPrinting
        • Using Dmitry for FootPrinting
          • WHOIS details and information
          • Finding out subdomains
          • E-mail harvesting
          • DNS enumeration with Metasploit
      • Conducting a black box test with Metasploit
        • Pivoting to the target
        • Scanning the hidden target using proxychains and db_nmap
        • Conducting vulnerability scanning using Nessus
        • Exploiting the hidden target
        • Elevating privileges
    • Summary
  • 7. Sophisticated Client-side Attacks
    • Exploiting browsers
      • The workings of the browser autopwn attack
        • The technology behind the attack
        • Attacking browsers with Metasploit browser autopwn
    • File format-based exploitation
      • PDF-based exploits
      • Word-based exploits
      • Media-based exploits
    • Compromising XAMPP servers
      • The PHP meterpreter
      • Escalating to system-level privileges
    • Compromising the clients of a website
      • Injecting the malicious web scripts
      • Hacking the users of a website
    • Bypassing AV detections
      • msfencode
      • msfvenom
      • Cautions while using encoders
    • Conjunction with DNS spoofing
      • Tricking victims with DNS hijacking
    • Attacking Linux with malicious packages
    • Summary
  • 8. The Social Engineering Toolkit
    • Explaining the fundamentals of the social engineering toolkit
      • The attack types
    • Attacking with SET
      • Creating a Payload and Listener
      • Infectious Media Generator
      • Website Attack Vectors
        • The Java applet attack
        • The tabnabbing attack
        • The web jacking attack
      • Third-party attacks with SET
    • Providing additional features and further readings
      • The SET web interface
      • Automating SET attacks
    • Summary
  • 9. Speeding Up Penetration Testing
    • Introducing automated tools
    • Fast Track MS SQL attack vectors
      • A brief about Fast Track
        • Carrying out the MS SQL brute force attack
      • The depreciation of Fast Track
      • Renewed Fast Track in SET
    • Automated exploitation in Metasploit
      • Re-enabling db_autopwn
      • Scanning the target
      • Attacking the database
    • Fake updates with the DNS-spoofing attack
      • Introducing WebSploit
      • Fixing up WebSploit
        • Fixing path issues
        • Fixing payload generation
        • Fixing the file copy issue
      • Attacking a LAN with WebSploit
    • Summary
  • 10. Visualizing with Armitage
    • The fundamentals of Armitage
      • Getting started
      • Touring the user interface
      • Managing the workspace
    • Scanning networks and host management
      • Modeling out vulnerabilities
      • Finding the match
    • Exploitation with Armitage
    • Post-exploitation with Armitage
    • Attacking on the client side with Armitage
    • Scripting Armitage
      • The fundamentals of Cortana
      • Controlling Metasploit
      • Post-exploitation with Cortana
      • Building a custom menu in Cortana
      • Working with interfaces
    • Summary
    • Further reading
  • Index