05406nam 2200673 450 991081215160332120200520144314.01-78216-223-2(CKB)3710000000117819(EBL)1593853(SSID)ssj0001294657(PQKBManifestationID)11698788(PQKBTitleCode)TC0001294657(PQKBWorkID)11336008(PQKB)10309101(Au-PeEL)EBL1593853(CaPaEBR)ebr10875447(CaONFJC)MIL613593(OCoLC)881035194(CaSebORM)9781782162223(MiAaPQ)EBC1593853(PPN)227995309(EXLCZ)99371000000011781920140603h20142014 uy 0engur|n|---|||||txtccrMastering metasploit write and implement sophisticated attack vectors in Metasploit using a completely hands-on approach /Nipun Jaswal ; cover image by Aniket Sawant1st editionBirmingham, England :Packt Publishing Ltd,2014.©20141 online resource (378 p.)Community Experience DistilledIncludes index.1-78216-222-4 Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Approaching a Penetration Test Using Metasploit; Setting up the environment; Preinteractions; Intelligence gathering / reconnaissance phase; Presensing the test grounds; Modeling threats; Vulnerability analysis; Exploitation and post-exploitation; Reporting; Mounting the environment; Setting up the penetration test lab; The fundamentals of Metasploit; Configuring Metasploit on different environments; Configuring Metasploit on Windows XP/7; Configuring Metasploit on UbuntuDealing with error statesErrors in the Windows-based installation; Errors in the Linux-based installation; Conducting a penetration test with Metasploit; Recalling the basics of Metasploit; Penetration testing Windows XP; Assumptions; Gathering intelligence; Modeling threats; Vulnerability analysis; The attack procedure with respect to the NETAPI vulnerability; The concept of attack; The procedure of exploiting a vulnerability; Exploitation and post-exploitation; Maintaining access; Clearing tracks; Penetration testing Windows Server 2003; Penetration testing Windows 7; Gathering intelligenceModeling threatsVulnerability analysis; The exploitation procedure; Exploitation and post exploitation; Using the database to store and fetch results; Generating reports; The dominance of Metasploit; Open source; Support for testing large networks and easy naming conventions; Smart payload generation and switching mechanism; Cleaner exits; The GUI environment; Summary; Chapter 2: Reinventing Metasploit; Ruby - the heart of Metasploit; Creating your first Ruby program; Interacting with the Ruby shell; Defining methods in the shell; Variables and data types in Ruby; Working with stringsThe split functionThe squeeze function; Numbers and conversions in Ruby; Ranges in Ruby; Arrays in Ruby; Methods in Ruby; Decision-making operators; Loops in Ruby; Regular expressions; Wrapping up with Ruby basics; Developing custom modules; Building a module in a nutshell; The architecture of the Metasploit framework; Understanding the libraries' layout; Understanding the existing modules; Writing out a custom FTP scanner module; Writing out a custom HTTP server scanner; Writing out post-exploitation modules; Breakthrough meterpreter scripting; Essentials of meterpreter scriptingPivoting the target networkSetting up persistent access; API calls and mixins; Fabricating custom meterpreter scripts; Working with RailGun; Interactive Ruby shell basics; Understanding RailGun and its scripting; Manipulating Windows API calls; Fabricating sophisticated RailGun scripts; Summary; Chapter 3: The Exploit Formulation Process; The elemental assembly primer; The basics; Architectures; System organization basics; Registers; Gravity of EIP; Gravity of ESP; Relevance of NOPs and JMP; Variables and declaration; Fabricating example assembly programs; The joy of fuzzingCrashing the applicationA comprehensive and detailed, step by step tutorial guide that takes you through important aspects of the Metasploit framework. If you are a penetration tester, security engineer, or someone who is looking to extend their penetration testing skills with Metasploit, then this book is ideal for you. The readers of this book must have a basic knowledge of using Metasploit. They are also expected to have knowledge of exploitation and an indepth understanding of object-oriented programming languages.Community experience distilled.ComputersAccess controlComputer networksSecurity measuresComputersAccess control.Computer networksSecurity measures.005.8Jaswal Nipun1619260Sawant AniketMiAaPQMiAaPQMiAaPQBOOK9910812151603321Mastering metasploit3951415UNINA