Metasploit Penetration Testing Guide

Metasploit Penetration Testing Guide for editing and recommendation

This book was well received by the metasploit Development Team. The author of The metasploit project, HD Moore, commented: "The best metasploit framework software reference guide today ".

 

Basic Information

• Original Title:Metasploit: The Penetration Tester's Guide
• Original Press: No starch Press

• Author:(US) David KennedyJim O 'GORMANDevon KearnsMati Aharoni
• Translator: Zhuge Jianwei Wang Heng sun songbai
• Series Name:Security Technology Department
• Press: Electronic Industry Press
• ISBN:9787121154874
• Mounting time:
• Published on: February 1, January 2012

Http://product.china-pub.com/198995

 

 

IntroductionMetasploit penetration testing guide introduces metasploit, the most powerful, popular, and promising open-source penetration testing platform software in recent years, technologies, processes, and methods for network penetration testing and Security Vulnerability Research and Analysis Based on metasploit.
The metasploit penetration test guide consists of 17 chapters covering information collection, Threat modeling, vulnerability analysis, penetration attacks, and post-penetration attacks, it also includes advanced technology topics such as kill-free technology, client penetration attacks, social engineering, automated penetration testing, and wireless network attacks, and how to expand the practical methods of metasploit intelligence collection, penetration attacks, and post-penetration attacks. This book helps beginners to build basic skills as penetration testers from scratch step by step, it also provides a reference book for professional penetration testing engineers. This book was well received by the metasploit Development Team. The author of The metasploit project, HD Moore, commented: "The best metasploit framework software reference guide today ".
Metasploit Penetration Testing Guide is suitable for technical enthusiasts and students in the network and system security fields, as well as for security practitioners in penetration testing and vulnerability analysis. DirectoryMetasploit penetration test Guide
Chapter 1 penetration testing technical foundation 1
1.1 penetration test phase 2 in the PTES Standard
1.1.1 Early Stage 2
1.1.2 intelligence collection phase 2
1.1.3 Threat modeling Phase 2
1.1.4 vulnerability analysis stage 3
1.1.5 penetration attack phase 3
Stage 3 of penetration attack after 1.1.6
1.1.7 report phase 4
1.2 penetration test Type 4
1.2.1 white box test 5
1.2.2 black box test 5
1.3 vulnerability scanner 5
1.4 summary 6
Chapter 7 metasploit Basics
2.1 terminology 7
2.1.1 penetration attack (exploit) 8
2.1.2 payload 8
2.1.3 shellcode 8. 2.1.4 module 8
2.1.5 listener (listener) 8
2.2 metasploit User Interface 8
2.2.1 MSF Terminal 9
2.2.2 MSF command line 9
2.2.3 Armitage 11
2.3 metasploit function program 12
2.3.1 MSF attack load generator 12
2.3.2 MSF encoder 13
2.3.3 NASM shell 13
2.4 metasploit express and metasploit pro 14
2.5 Conclusion 14
Chapter 1 intelligence collection 15
3.1 passive information collection 16
3.1.1 whois query 16
3.1.2 Netcraft 17
3.1.3 NSLookup 18
3.2 active information collection 18
3.2.1 use NMAP for port scanning 18
3.2.2 use database 20 in metasploit
3.2.3 use metasploit for Port Scan 25
3.3 targeted scan 26
3.3.1 Server Message Block protocol scan 26
3.3.2 search for improperly configured Microsoft SQL Server 27
3.3.3 SSH server scan 28
3.3.4 FTP scan 29
3.3.5 Simple Network Management Protocol scan 30
3.4 write your own scanner 31
3.5 summary 33
Chapter 1 vulnerability scan 35
4.1 basic vulnerability scan 36
4.2 Use nexpose for scanning 37
4.2.1 configuration 37
4.2.2 import the scan report to metasploit 42
4.2.3 run nexpose 43 on the MSF Console
4.3 Use Nessus for scanning 44
4.3.1 configure Nessus 44
4.3.2 create a Nessus scan policy 45
4.3.3 run Nessus scan 47
4.3.4 Nessus Report 47
4.3.5 import scan results to metasploit framework 48
4.3.6 use Nessus for scanning within metasploit 49
4.4 dedicated vulnerability scanner 51
4.4.1 verify SMB Logon 51
4.4.2 scan open VNC null password 52
4.4.3 scan for open X11 server 54
4.5 automated attacks using scan results 56
Chapter 4 penetration attack journey 57
5.1 penetration attack base 58
5.1.1 MSF] Show exploits 58
5.1.2 MSF] Show auxiliary 58
5.1.3 MSF] Show Options 58
5.1.4 MSF] Show payloads 60
5.1.5 MSF] Show targets 62
5.1.6 info 63
5.1.7 set and unset 63
5.1.8 setg and unsetg 64
5.1.9 save 64
5.2 your first penetration attack 64
5.3 attack a Ubuntu host 68
5.4 Full port attack load: brute-force cracking attack on the target port 71
5.5 Resource file 72
5.6 summary 73
Chapter 2 meterpreter 75
6.1 Windows XP Virtual Machine 76
6.1.1 use NMAP to scan port 76
6.1.2 attack ms SQL 76
6.1.3 brute force cracking ms SQL Server 78
6.1.4 xp_mongoshell 79
6.1.5 meterpreter basic command 80
6.1.6 obtain the key record 81
6.2 mining username and password 82
6.2.1 extract password hash value 82
6.2.2 use the meterpreter command to obtain the password hash value 83
6.3 pass hash value 84
6.4 permission improvement: 85
6.5 token counterfeiting 87
6.6 use PS 87
6.7 attack other machines through springboard 89
6.8 use the meterpreter script 92
6.8.1 migration process 92
6.8.2 disable anti-virus software 93
6.8.3 obtain the hash value of the system password 93
6.8.4 view all traffic on the target machine 93
6.8.5 obtain system information 93
6.8.6 control persistence 94
6.9 backward penetration Attack Module Transformation 95
6.10 upgrade the command line shell to meterpreter 95
6.11 use the railgun component to operate Windows API 97
6.12 conclusion 97
Chapter 2 kill-free technology 99
7.1 use MSF attack load generator to create binary files that can run independently 100
7.2 Dodge antivirus software Detection 101
7.2.1 use an MSF encoder 102
7.2.2 multi-encoding 103
7.3 custom executable file template 105
7.4 secretly launch an attack load of 106
7.5 shelling software 107
7.6 Summary: last piece of advice on kill-free processing 108
Chapter 4 client penetration attacks 8th
8.1 browser-based penetration attacks 110
8.1.1 principles of browser-based penetration attacks 111
8.1.2 empty command 112
8.2 use the immunity debugger to reveal the empty command machine code 112
8.3 penetration of the Aurora vulnerability in IE browser 116
8.4 File Format Vulnerability penetration attack 119
8.5 send attack load 120
8.6 conclusion 121
Chapter 2 metasploit auxiliary module 9th
9.1 auxiliary modules 126
9.2 auxiliary module analysis 128
9.3 conclusion 133
Chapter 2 social engineering toolkit 10th
10.1 configure the set toolkit 136
10.2 targeted phishing attack vector 137
10.3 web attack vector 142
10.3.1 Java applets 142
10.3.2 client web attack 146
10.3.3 get the username and password 148
10.3.4 tab hijacking attack 150
10.3.5 man-in-the-middle attack 150
10.3.6 web page hijacking 151
10.3.7 comprehensive multi-attack method 153
10.4 infectious media generator 157
10.5 teensy USB hid attack vector 157
10.6 other features of set 160
10.7 conclusion 161
Chapter 2 fast-track 11th
11.1 Microsoft SQL Injection 164
11.1.1 SQL Injection-query statement attack 165
11.1.2 SQL Injection-post parameter attack 166
11.1.3 manual injection 167
11.1.4 ms SQL cracking 168
11.1.5 automatic control via SQL (sqlpwnage) 172
11.2 binary to hex converter 174
11.3 large-scale client attacks 175
11.4 conclusion: One Point of View on automated penetration 176
Chapter 2 karmetasploit wireless attack suite 12th
12.1 configure 178
12.2 start attack 179
12.3 obtain the credential 181
12.4 get shell 182
12.5 conclusion 184
Chapter 4 writing your own modules 13th
13.1 execute commands on ms SQL 186
13.2 explore an existing metasploit module 187
13.3 compile a new module 189
13.3.1 powershell 189
13.3.2 run shell penetration attacks 190
13.3.3 compile the powershell_upload_exec function 192
13.3.4 convert from hexadecimal to binary 192
13.3.5, counter 194
13.3.6 run penetration Attack Module 195
13.4 conclusion: code reuse energy: 196
Chapter 4 Create your own penetration Attack Module 14th
14.1 art of fuzz testing 198
14.2 control structured exception handling chain 201
14.3 seh bypass limit 204
14.4 obtain the return address 206
14.5 bad characters and remote code execution 210
14.6 conclusion 213
Chapter 2 porting penetration code to the metasploit framework 15th
15.1 assembly language basics 216
15.1.1 The EIP and ESP register 216
15.1.2 JMP Instruction Set 216
15.1.3 empty command and empty command taxi zone 216
15.2 port a buffer overflow attack code 216
15.2.1 crop an existing penetration attack code 218
15.2.2 construct penetration Attack Process 219
15.2.3 test our basic penetration Code 220
15.2.4 implementation framework features 221
15.2.5 increase randomization 222
15.2.6 eliminate empty command taxi zone 223
15.2.7 remove forged shellcode 223
15.2.8 our complete module code 224
15.3 seh coverage penetration code 226
15.4 conclusion 233
Chapter 2 meterpreter Script Programming 16th
16.1 meterpreter Script Programming basics 235
16.2 meterpreter API 241
16.2.1 Print Output 241
16.2.2 basic API call 242
16.2.3 meterpreter mixins 242
16.3 rules for compiling the meterpreter script 244
16.4 create your own meterpreter script 244
16.5 conclusion 250
Chapter 1 a simulated penetration test process 17th
17.1 early interaction 252
17.2 intelligence collection 252
17.3 Threat modeling 253
17.4 penetration attacks 255
17.5 MSF terminal penetration Attack Process 255
17.6 post-penetration attack 257
17.6.1 scan metasploitable target 258
17.6.2 identifying vulnerable services 259
17.7 attack Apache Tomcat 260
17.8 attack a partial service 262
17.9 hide your trace 264
17.10 conclusion 266
Appendix A configure target machine 267
Appendix B command reference list 275