更新时间:2021-07-09 18:27:09
封面
版权信息
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface
Chapter 1. Getting Started - Setting Up an Environment
Introduction
Installing Kali Linux on Cloud - Amazon AWS
Installing Kali Linux on Docker
Installing NetHunter on OnePlus One
Installing Kali Linux on a virtual machine
Customizing Kali Linux for faster package updates
Customizing Kali Linux for faster operations
Configuring remote connectivity services - HTTP TFTP and SSH
Configuring Nessus and Metasploit
Configuring third-party tools
Installing Docker on Kali Linux
Chapter 2. Network Information Gathering
Discovering live servers over the network
Bypassing IDS/IPS/firewall
Discovering ports over the network
Using unicornscan for faster port scanning
Service fingerprinting
Determining the OS using nmap and xprobe2
Service enumeration
Open-source information gathering
Chapter 3. Network Vulnerability Assessment
Using nmap for manual vulnerability assessment
Integrating nmap with Metasploit
Walkthrough of Metasploitable assessment with Metasploit
Vulnerability assessment with OpenVAS framework
Chapter 4. Network Exploitation
Gathering information for credential cracking
Cracking FTP login using custom wordlist
Cracking SSH login using custom wordlist
Cracking HTTP logins using custom wordlist
Cracking MySql and PostgreSQL login using custom wordlist
Cracking Cisco login using custom wordlist
Exploiting vulnerable services (Unix)
Exploiting vulnerable services (Windows)
Exploiting services using exploit-db scripts
Chapter 5. Web Application Information Gathering
Setting up API keys for recon-ng
Using recon-ng for reconnaissance
Gathering information using theharvester
Using DNS protocol for information gathering
Web application firewall detection
HTTP and DNS load balancer detection
Discovering hidden files/directories using DirBuster
CMS and plugins detection using WhatWeb and p0f
Finding SSL cipher vulnerabilities
Chapter 6. Web Application Vulnerability Assessment
Running vulnerable web applications in Docker
Using W3af for vulnerability assessment
Using Nikto for web server assessment
Using Skipfish for vulnerability assessment
Using Burp Proxy to intercept HTTP traffic
Using Burp Intruder for customized attack automation
Using Burp Sequencer to test the session randomness
Chapter 7. Web Application Exploitation
Using Burp for active/passive scanning
Using sqlmap to find SQL Injection on the login page
Exploiting SQL Injection on URL parameters using SQL Injection
Using Weevely for file upload vulnerability
Exploiting Shellshock using Burp
Using Metasploit to exploit Heartbleed
Using the FIMAP tool for file inclusion attacks (RFI/LFI)
Chapter 8. System and Password Exploitation
Using local password-attack tools
Cracking password hashes
Using Social-Engineering Toolkit
Using BeEF for browser exploitation
Cracking NTLM hashes using rainbow tables
Chapter 9. Privilege Escalation and Exploitation
Using WMIC to find privilege-escalation vulnerabilities
Sensitive-information gathering
Unquoted service-path exploitation
Service permission issues
Misconfigured software installations/insecure file permissions
Linux privilege escalation
Chapter 10. Wireless Exploitation
Setting up a wireless network
Bypassing MAC address filtering
Sniffing network traffic
Cracking WEP encryption
Cracking WPA/WPA2 encryption
Cracking WPS
Denial-of-service attacks
