更新时间:2021-06-25 21:36:48
封面
版权信息
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Approaching a Penetration Test Using Metasploit
Organizing a penetration test
Preinteractions
Intelligence gathering/reconnaissance phase
Threat modeling
Vulnerability analysis
Exploitation and post-exploitation
Reporting
Mounting the environment
Setting up Kali Linux in a virtual environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Recalling the basics of Metasploit
Benefits of penetration testing using Metasploit
Open source
Support for testing large networks and natural naming conventions
Smart payload generation and switching mechanism
Cleaner exits
The GUI environment
Case study - diving deep into an unknown network
Gathering intelligence
Using databases in Metasploit
Modeling threats
Vulnerability analysis - arbitrary file upload (unauthenticated)
Attacking mechanism on the PhpCollab 2.5.1 application
Exploitation and gaining access
Escalating privileges with local root exploits
Maintaining access with Metasploit
Post-exploitation and pivoting
Vulnerability analysis - SEH based buffer overflow
Exploiting human errors by compromising Password Managers
Revisiting the case study
Revising the approach
Summary and exercises
Reinventing Metasploit
Ruby - the heart of Metasploit
Creating your first Ruby program
Interacting with the Ruby shell
Defining methods in the shell
Variables and data types in Ruby
Working with strings
Concatenating strings
The substring function
The split function
Numbers and conversions in Ruby
Conversions in Ruby
Ranges in Ruby
Arrays in Ruby
Methods in Ruby
Decision-making operators
Loops in Ruby
Regular expressions
Wrapping up with Ruby basics
Developing custom modules
Building a module in a nutshell
The architecture of the Metasploit framework
Understanding the file structure
The libraries layout
Understanding the existing modules
The format of a Metasploit module
Disassembling the existing HTTP server scanner module
Libraries and the function
Writing out a custom FTP scanner module
Libraries and functions
Using msftidy
Writing out a custom SSH-authentication with a brute force attack
Rephrasing the equation
Writing a drive-disabler post-exploitation module
Writing a credential harvester post-exploitation module
Breakthrough Meterpreter scripting
Essentials of Meterpreter scripting
Setting up persistent access
API calls and mixins
Fabricating custom Meterpreter scripts
Working with RailGun
Interactive Ruby shell basics
Understanding RailGun and its scripting
Manipulating Windows API calls
Fabricating sophisticated RailGun scripts
