更新时间:2021-06-30 14:51:15
封面
Mastering Metasploit Fourth Edition
Why subscribe?
Contributors About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Section 1 – Preparation and Development
Chapter 1: Approaching a Penetration Test Using Metasploit
Technical requirements
Organizing a penetration test
Mounting the environment
The fundamentals of Metasploit
Conducting a penetration test with Metasploit
Benefits of penetration testing using Metasploit
Case study – reaching the domain controller
Revisiting the case study
Summary
Chapter 2: Reinventing Metasploit
Ruby – the heart of Metasploit
Understanding Metasploit modules
Developing an auxiliary – the FTP scanner module
Developing an auxiliary—the SSH brute force module
Developing post-exploitation modules
Post-exploitation with RailGun
Chapter 3: The Exploit Formulation Process
The absolute basics of exploitation
Exploiting a stack overflow vulnerability with Metasploit
Exploiting SEH-based buffer overflows with Metasploit
Bypassing DEP in Metasploit modules
Other protection mechanisms
Chapter 4: Porting Exploits
Importing a stack-based buffer overflow exploit
Importing a web-based RCE exploit into Metasploit
Importing TCP server/browser-based exploits into Metasploit
Section 2 – The Attack Phase
Chapter 5: Testing Services with Metasploit
The fundamentals of testing SCADA systems
Database exploitation
Testing VOIP services
Chapter 6: Virtual Test Grounds and Staging
Performing a penetration test with integrated Metasploit services
Generating manual reports
Chapter 7: Client-Side Exploitation
Exploiting browsers for fun and profit
Compromising the clients of a website
Metasploit and Arduino – the deadly combination
File format-based exploitation
Attacking Android with Metasploit
Section 3 – Post-Exploitation and Evasion
Chapter 8: Metasploit Extended
Basic Windows post-exploitation commands
Windows versus Linux basic post-exploitation commands
Advanced Windows post-exploitation modules
Advanced multi-OS extended features of Metasploit
Privilege escalation with Metasploit
Chapter 9: Evasion with Metasploit
Evading Meterpreter detection using C wrappers and custom encoders
Evading Meterpreter with Python
Evading intrusion detection systems with Metasploit
Bypassing Windows firewall blocked ports
Chapter 10: Metasploit for Secret Agents
Maintaining anonymity in Meterpreter sessions using proxy and HOP payloads
Maintaining access using search order hijacking in standard software
Harvesting files from target systems
Using Venom for obfuscation
Covering tracks with anti-forensics modules
Chapter 11: Visualizing Metasploit
Kage for Meterpreter sessions
Automated exploitation using Armitage
Red teaming with the Armitage team server
Scripting Armitage
