05071nam 2200709 a 450 991046239040332120200520144314.01-62198-904-61-281-09013-197866137754981-84951-743-6(CKB)2670000000210878(EBL)952079(OCoLC)798535898(SSID)ssj0000691416(PQKBManifestationID)12257510(PQKBTitleCode)TC0000691416(PQKBWorkID)10628797(PQKB)10370832(MiAaPQ)EBC952079(CaSebORM)9781849517423(PPN)228009332(Au-PeEL)EBL952079(CaPaEBR)ebr10576350(CaONFJC)MIL377549(EXLCZ)99267000000021087820120709d2012 uy 0engur|n|---|||||txtccrMetasploit penetration testing cookbook[electronic resource] over 70 recipes to master the most widely used penetration testing framework /Abhinav Singh1st editionBirmingham Packt Pub.20121 online resource (269 p.)"Quick answers to common problems."Includes index.1-84951-742-8 Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Metasploit Quick Tips for Security Professionals; Introduction; Configuring Metasploit on Windows; Configuring Metasploit on Ubuntu; Metasploit with BackTrack 5 - the ultimate combination; Setting up the penetration testing lab on a single machine; Setting up Metasploit on a virtual machine with SSH connectivity; Beginning with the interfaces - the ""Hello World"" of Metasploit; Setting up the database in Metasploit; Using the database to store penetration testing resultsAnalyzing the stored results of the databaseChapter 2: Information Gathering and Scanning; Introduction; Passive information gathering 1.0 - the traditional way; Passive information gathering 2.0 - the next level; Port scanning - the Nmap way; Exploring auxiliary modules for scanning; Target service scanning with auxiliary modules; Vulnerability scanning with Nessus; Scanning with NeXpose; Sharing information with the Dradis framework; Chapter 3: Operating System-based Vulnerability Assessment and Exploitation; Introduction; Exploit usage quick tipsPenetration testing on a Windows XP SP2 machineBinding a shell to the target for remote access; Penetration testing on the Windows 2003 Server; Windows 7/Server 2008 R2 SMB client infinite loop; Exploiting a Linux (Ubuntu) machine; Understanding the Windows DLL injection flaws; Chapter 4: Client-side Exploitation and Antivirus Bypass; Introduction; Internet Explorer unsafe scripting misconfiguration vulnerability; Internet Explorer CSS recursive call memory corruption; Microsoft Word RTF stack buffer overflow; Adobe Reader util.printf() buffer overflowGenerating binary and a shellcode from msfpayloadBypassing client-side antivirus protection using msfencode; Using the killav.rb script to disable antivirus programs; A Deeper look into the killav.rb script; Killing antivirus services from the command line; Chapter 5: Using Meterpreter to Explore the Compromised Target; Introduction; Analyzing meterpreter system commands; Privilege escalation and process migration; Setting multiple communication channels with the target; Meterpreter filesystem commands; Changing file attributes using timestomp; Using meterpreter networking commandsThe getdesktop and keystroke sniffingUsing a scraper meterpreter script; Chapter 6: Advanced Meterpreter Scripting; Introduction; Passing the hash; Setting up a persistent connection with backdoors; Pivoting with meterpreter; Port forwarding with meterpreter; Meterpreter API and mixins; Railgun -- converting Ruby into a weapon; Adding a DLL and function definition to Railgun; Building a ""Windows Firewall De-activator"" meterpreter script; Analyzing an existing meterpreter script; Chapter 7: Working with Modules for Penetration Testing; Introduction; Working with scanner auxiliary modulesWorking with auxiliary admin modulesOver 80 recipes to master the most widely used penetration testing frameworkComputersAccess controlPenetration testing (Computer security)Computer networksSecurity measuresTestingElectronic books.ComputersAccess control.Penetration testing (Computer security)Computer networksSecurity measuresTesting.005.8Singh Abhinav788951MiAaPQMiAaPQMiAaPQBOOK9910462390403321Metasploit penetration testing cookbook1909290UNINA