E-Book, Englisch, 350 Seiten
Maynor Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
1. Auflage 2011
ISBN: 978-0-08-054925-5
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 350 Seiten
ISBN: 978-0-08-054925-5
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.
This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
? A November 2004 survey conducted by CSO Magazine stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
? The Metasploit Framework is the most popular open source exploit platform, and there are no competing books
? The book's companion Web site offers all of the working code and exploits contained within the book
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Metasploit Toolkit: For Penetration Testing, Exploit Development, and Vulnerability Reasearch;2
3;Copyright Page;3
4;Contents;12
5;Chapter 1. Introduction to Metasploit;18
5.1;Introduction;19
5.2;Overview: Why Is Metasploit Here?;19
5.3;History of Metasploit;21
5.4;Metasploit Core Development;29
5.5;Technology Overview;31
5.6;Leveraging Metasploit on Penetration Tests;51
5.7;Understanding Metasploit Channels;54
5.8;Summary;76
5.9;Solutions Fast Track;77
5.10;Frequently Asked Questions;80
6;Chapter 2. Architecture, Environment, and Installation;82
6.1;Introduction;83
6.2;Understanding the Soft Architecture;83
6.3;Configuring and Locking Down Your System;84
6.4;Installation;88
6.5;Summary;92
6.6;Solutions Fast Track;92
6.7;Frequently Asked Questions;93
7;Chapter 3. Metasploit Framework and Advanced Environment Configurations;94
7.1;Introduction;95
7.2;Configuration High-Level Overview;95
7.3;Global Datastore;96
7.4;Module Datastore;97
7.5;Saved Environment;98
7.6;Summary;99
7.7;Solutions Fast Track;99
7.8;Frequently Asked Questions;100
8;Chapter 4. Advanced Payloads and Add-on Modules;102
8.1;Introduction;103
8.2;Meterpreter;103
8.3;VNC Inject;110
8.4;PassiveX;112
8.5;Auxiliary Modules;113
8.6;Automating the Pen-Test;116
8.7;Summary;118
8.8;Solutions Fast Track;118
8.9;Frequently Asked Questions;120
9;Chapter 5. Adding New Payloads;122
9.1;Introduction: Why ShouldYou Care about Metasploit?;123
9.2;Types of Payloads;123
9.3;Adding New Exploit Payloads;124
9.4;Adding New Auxiliary Payloads;135
9.5;Bonus: Finding 0day While Creating Different Types o f Payloads;144
9.6;Summary;145
10;Case Studies;146
10.1;Case Study 1. RaXnet Cacti Remote Command Execution;148
10.2;Case Study 2. Mercur Messaging 2005 SP3 IMAP Remote Buffer Overflow (CVE -2006-1255);160
10.3;Case Study 3. SlimFTPd String Concatenation Overflow;176
10.4;Case Study 4. WS-FTP Server 5.03 MKD Overflow;186
10.5;Case Study 5. MailEnable HTTP Authorization Header Buffer Overflow;216
11;Appendix A. Advantages of Network Vulnerability Testing with Metasploit 3.0;228
11.1;Introduction;229
11.2;Vulnerability Scanning;229
11.3;How Metasploit Gives Sys;230
11.4;Admins a Vulnerability-Testing Advantage;16
11.5;Summary;231
12;Appendix B. Building a Test Lab for Penetration Testing;232
12.1;Introduction;233
12.2;Some Background;233
12.3;Setting up a Penetration Test Lab;235
12.4;Types of Pentest Labs;242
12.5;Selecting the Right Hardware;245
12.6;Selecting the Right Software;247
12.7;Running Your Lab;249
12.8;Selecting a Pentest Framework;252
12.9;Targets in the Penetration Test Lab;255
12.10;Other Scenario Ideas;261
12.11;Summary;263
13;Appendix C. Glossary of Technology and Terminology;264
14;Index;280
