Metasploit Penetration Testing Cookbook - Third Edition: Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework

Daniel Teixeira, Abhinav Singh, Monika Agarwal

  • 出版商: Packt Publishing
  • 出版日期: 2018-02-23
  • 售價: $1,745
  • 貴賓價: 9.5$1,658
  • 語言: 英文
  • 頁數: 426
  • 裝訂: Paperback
  • ISBN: 1788623177
  • ISBN-13: 9781788623179
  • 相關分類: MetasploitPenetration-test
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Over 100 recipes for penetration testing using Metasploit and virtual machines

Key Features

  • Special focus on the latest operating systems, exploits, and penetration testing techniques
  • Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures
  • Automate post exploitation with AutoRunScript
  • Exploit Android devices, record audio and video, send and read SMS, read call logs, and much more
  • Build and analyze Metasploit modules in Ruby
  • Integrate Metasploit with other penetration testing tools

Book Description

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.

In this book, you will go through great recipes that will allow you to start using Metasploit effectively. With an ever increasing level of complexity, and covering everything from the fundamentals to more advanced features in Metasploit, this book is not just for beginners but also for professionals keen to master this awesome tool.

You will begin by building your lab environment, setting up Metasploit, and learning how to perform intelligence gathering, threat modeling, vulnerability analysis, exploitation, and post exploitation-all inside Metasploit. You will learn how to create and customize payloads to evade anti-virus software and bypass an organization's defenses, exploit server vulnerabilities, attack client systems, compromise mobile phones, automate post exploitation, install backdoors, run keyloggers, highjack webcams, port public exploits to the framework, create your own modules, and much more.

What you will learn

  • Set up a complete penetration testing environment using Metasploit and virtual machines
  • Master the world's leading penetration testing tool and use it in professional penetration testing
  • Make the most of Metasploit with PostgreSQL, importing scan results, using workspaces, hosts, loot, notes, services, vulnerabilities, and exploit results
  • Use Metasploit with the Penetration Testing Execution Standard methodology
  • Use MSFvenom efficiently to generate payloads and backdoor files, and create shellcode
  • Leverage Metasploit's advanced options, upgrade sessions, use proxies, use Meterpreter sleep control, and change timeouts to be stealthy

Who This Book Is For

If you are a Security professional or pentester and want to get into vulnerability exploitation and make the most of the Metasploit framework, then this book is for you. Some prior understanding of penetration testing and Metasploit is required.

Table of Contents

  1. Metasploit Quick Tips for Security Professionals
  2. Information Gathering and Scanning
  3. Server-Side Exploitation
  4. Meterpreter
  5. Post-Exploitation
  6. Using MSFvenom
  7. Client-Side Exploitation and Antivirus Bypass
  8. Social-Engineer Toolkit
  9. Working with Modules for Penetration Testing
  10. Exploring Exploits
  11. Wireless Network Penetration Testing
  12. Cloud Penetration Testing
  13. Best Practices

商品描述(中文翻譯)

《Metasploit 渗透测试食谱》是一本提供超过100个使用Metasploit和虚拟机进行渗透测试的食谱的书籍。

重点特色包括:
- 特别关注最新的操作系统、漏洞和渗透测试技术
- 学习新的反病毒逃避技术,并使用Metasploit逃避对策
- 使用AutoRunScript自动化后期渗透
- 利用Metasploit攻击Android设备,录制音频和视频,发送和阅读短信,读取通话记录等等
- 使用Ruby构建和分析Metasploit模块
- 将Metasploit与其他渗透测试工具集成

《Metasploit 渗透测试食谱》介绍了Metasploit作为全球领先的渗透测试工具,帮助安全和IT专业人员发现、利用和验证漏洞。Metasploit可以实现渗透测试自动化、密码审计、Web应用程序扫描、社会工程学、后期渗透、证据收集和报告。Metasploit与InsightVM(或Nexpose)、Nessus、OpenVas和其他漏洞扫描器的集成提供了一个验证解决方案,简化了漏洞优先级排序和修复报告。团队可以在Metasploit中协作,并以综合报告的形式呈现他们的发现。

本书将带您逐步学习如何有效地使用Metasploit。从构建实验室环境、设置Metasploit,到在Metasploit中执行情报收集、威胁建模、漏洞分析、利用和后期渗透,本书涵盖了从基础知识到更高级功能的所有内容。本书不仅适合初学者,也适合希望掌握这个强大工具的专业人士。

您将学习如何创建和自定义有效地逃避反病毒软件和绕过组织防御的载荷,利用服务器漏洞,攻击客户端系统,入侵移动电话,自动化后期渗透,安装后门,运行键盘记录器,劫持网络摄像头,将公共漏洞移植到框架中,创建自己的模块等等。

本书还介绍了以下内容:
- 设置完整的使用Metasploit和虚拟机进行渗透测试的环境
- 掌握全球领先的渗透测试工具,并在专业渗透测试中使用它
- 充分利用Metasploit的功能,包括使用PostgreSQL、导入扫描结果、使用工作区、主机、战利品、笔记、服务、漏洞和利用结果
- 使用Metasploit与渗透测试执行标准方法论
- 高效使用MSFvenom生成载荷和后门文件,并创建Shellcode
- 利用Metasploit的高级选项,升级会话,使用代理,使用Meterpreter睡眠控制,更改超时时间以保持隐蔽

本书适合安全专业人员或渗透测试人员,希望进行漏洞利用并充分利用Metasploit框架的读者。需要具备一定的渗透测试和Metasploit的基础知识。

目录包括:
1. 安全专业人员的Metasploit快速技巧
2. 信息收集和扫描
3. 服务器端漏洞利用
4. Meterpreter
5. 后期渗透
6. 使用MSFvenom
7. 客户端漏洞利用和反病毒绕过
8. 社会工程工具包
9. 渗透测试模块的使用
10. 探索漏洞利用
11. 无线网络渗透测试
12. 云渗透测试
13. 最佳实践