更新时间:2021-07-09 21:00:32
coverpage
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Dedication
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Getting Started with Metasploit
Setting up Kali Linux in a virtual environment
The fundamentals of Metasploit
Basics of Metasploit Framework
Architecture of Metasploit
Metasploit Framework console and commands
Benefits of using Metasploit
Penetration testing with Metasploit
Assumptions and testing setup
Phase-I: footprinting and scanning
Phase-II: gaining access to the target
Phase-III: maintaining access / post-exploitation / covering tracks
Summary and exercises
Identifying and Scanning Targets
Working with FTP servers using Metasploit
Scanning FTP services
Modifying scanner modules for fun and profit
Scanning MSSQL servers with Metasploit
Using the mssql_ping module
Brute-forcing MSSQL passwords
Scanning SNMP services with Metasploit
Scanning NetBIOS services with Metasploit
Scanning HTTP services with Metasploit
Scanning HTTPS/SSL with Metasploit
Module building essentials
The format of a Metasploit module
Disassembling existing HTTP server scanner modules
Libraries and the function
Exploitation and Gaining Access
Setting up the practice environment
Exploiting applications with Metasploit
Using db_nmap in Metasploit
Exploiting Desktop Central 9 with Metasploit
Testing the security of a GlassFish web server with Metasploit
Exploiting FTP services with Metasploit
Exploiting browsers for fun and profit
The browser autopwn attack
The technology behind a browser autopwn attack
Attacking browsers with Metasploit browser_autopwn
Attacking Android with Metasploit
Converting exploits to Metasploit
Gathering the essentials
Generating a Metasploit module
Exploiting the target application with Metasploit
Post-Exploitation with Metasploit
Extended post-exploitation with Metasploit
Basic post-exploitation commands
The help menu
Background command
Machine ID and the UUID command
Networking commands
File operation commands
Desktop commands
Screenshots and camera enumeration
Advanced post-exploitation with Metasploit
Migrating to safer processes
Obtaining system privileges
Changing access modification and creation time with timestomp
Obtaining password hashes using hashdump
Metasploit and privilege escalation
Escalating privileges on Windows Server 2008
Privilege escalation on Linux with Metasploit
Gaining persistent access with Metasploit
Gaining persistent access on Windows-based systems
Gaining persistent access on Linux systems
Summary
Testing Services with Metasploit
Testing MySQL with Metasploit
Using Metasploit's mysql_version module
Brute-forcing MySQL with Metasploit
Finding MySQL users with Metasploit
Dumping the MySQL schema with Metasploit
Using file enumeration in MySQL using Metasploit
Checking for writable directories
Enumerating MySQL with Metasploit
Running MySQL commands through Metasploit
Gaining system access through MySQL
The fundamentals of SCADA
Analyzing security in SCADA systems
