Unconfigured Ad Widget

Collapse

Anúncio

Collapse
No announcement yet.

Melhor guia do Metasploit para penetrations Tester

Collapse
X
 
  • Filter
  • Tempo
  • Show
Clear All
new posts

  • Font Size
    #1

    Download Melhor guia do Metasploit para penetrations Tester

    Livro que custa $ 300,00 totalmente de graça para todos aqui.
    Manual avançadíssimo. Com estas ferramentas podemos formar hackers altamente perigosos.
    Os maiores segredos do metasploit estão aqui. Não é possível encontrar nada como este livro amigos.

    Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

    Índice do livro da morte!!!

    INTRODUCTION xxi
    Why Do A Penetration Test? .................................................. ................................. xxii
    Why Metasploit? .................................................. ................................................ xxii
    A Brief History of Metasploit .................................................. ................................. xxii
    About this Book .................................................. .................................................. .xxiii
    What’s in the Book? .................................................. ............................................xxiii
    A Note on Ethics .................................................. ................................................xx iv


    THE ABSOLUTE BASICS OF PENETRATION TESTING 1
    The Phases of the PTES .................................................. ............................................

    Pre-engagement Interactions .................................................. ....................... 2
    Intelligence Gathering .................................................. ................................ 2
    Threat Modeling .................................................. ....................................... 2
    Vulnerability Analysis .................................................. ................................ 3
    Exploitation .................................................. .............................................. 3
    Post Exploitation .................................................. ........................................ 3
    Reporting .................................................. ................................................. 4
    Types of Penetration Tests .................................................. ........................................
    Overt Penetration Testing .................................................. ........................... 5
    Covert Penetration Testing .................................................. .......................... 5
    Vulnerability Scanners .................................................. ............................................ 5
    Pulling It All Together .................................................. .............................................. 6


    METASPLOIT BASICS 7
    Terminology .................................................. .................................................. ........ 7
    Exploit .................................................. .................................................. ... 8
    Payload .................................................. .................................................. . 8
    Shellcode .................................................. ................................................. 8
    Module .................................................. .................................................. .. 8
    Listener .................................................. .................................................. .. 8
    Metasploit Interfaces .................................................. ............................................... 8
    MSFconsole .................................................. .............................................. 9
    MSFcli .................................................. .................................................. ... 9
    Armitage .................................................. ................................................ 11
    viii Contents in Detail
    Metasploit Utilities .................................................. ................................................ 12
    MSFpayload .................................................. ........................................... 12
    MSFencode .................................................. ............................................ 13
    Nasm Shell .................................................. ............................................. 13
    Metasploit Express and Metasploit Pro .................................................. .................... 14
    Wrapping Up .................................................. .................................................. .... 14


    INTELLIGENCE GATHERING 15
    Passive Information Gathering .................................................. ............................... 16
    whois Lookups .................................................. ........................................ 16
    Netcraft .................................................. ................................................. 17
    NSLookup .................................................. .............................................. 18
    Active Information Gathering .................................................. ................................. 18
    Port Scanning with Nmap .................................................. ........................ 18
    Working with Databases in Metasploit .................................................. ...... 20
    Port Scanning with Metasploit .................................................. ................... 25
    Targeted Scanning .................................................. ............................................... 26
    Server Message Block Scanning .................................................. ................ 26
    Hunting for Poorly Configured Microsoft SQL Servers .................................... 27
    SSH Server Scanning .................................................. ............................... 28
    FTP Scanning .................................................. .......................................... 29
    Simple Network Management Protocol Sweeping ......................................... 30
    Writing a Custom Scanner .................................................. .................................... 31
    Looking Ahead .................................................. .................................................. .. 33


    VULNERABILITY SCANNING 35
    The Basic Vulnerability Scan .................................................. .................................. 36
    Scanning with NeXpose .................................................. ........................................ 37
    Configuration .................................................. ......................................... 37
    Importing Your Report into the Metasploit Framework .................................... 42
    Running NeXpose Within MSFconsole .................................................. ....... 43
    Scanning with Nessus .................................................. ........................................... 44
    Nessus Configuration .................................................. .............................. 44
    Creating a Nessus Scan Policy .................................................. ................. 45
    Running a Nessus Scan .................................................. ............................ 47
    Nessus Reports .................................................. ....................................... 47
    Importing Results into the Metasploit Framework ............................................ 48
    Scanning with Nessus from Within Metasploit .............................................. 49
    Specialty Vulnerability Scanners .................................................. ............................. 51
    Validating SMB Logins .................................................. ............................. 51
    Scanning for Open VNC Authentication .................................................. ..... 52
    Scanning for Open X11 Servers .................................................. ................ 54
    Using Scan Results for Autopwning .................................................. ......................... 56


    HE JOY OF EXPLOITATION 57
    Basic Exploitation .................................................. ................................................. 58
    msf> show exploits .................................................. .................................. 58
    msf> show auxiliary .................................................. ................................ 58
    Contents in Detail ix
    msf> show options .................................................. .................................. 58
    msf> show payloads .................................................. ................................ 60
    msf> show targets .................................................. ................................... 62
    info .................................................. .................................................. ..... 63
    set and unset .................................................. .......................................... 63
    setg and unsetg .................................................. ....................................... 64
    save .................................................. .................................................. .... 64
    Exploiting Your First Machine .................................................. ................................ 64
    Exploiting an Ubuntu Machine .................................................. ............................... 68
    All-Ports Payloads: Brute Forcing Ports .................................................. ..................... 71
    Resource Files .................................................. .................................................. .... 72
    Wrapping Up .................................................. .................................................. .... 73


    METERPRETER 75
    Compromising a Windows XP Virtual Machine .................................................. ........ 76
    Scanning for Ports with Nmap .................................................. .................. 76
    Attacking MS SQL .................................................. ................................... 76
    Brute Forcing MS SQL Server .................................................. .................... 78
    The xp_cmdshell .................................................. ...................................... 79
    Basic Meterpreter Commands .................................................. ................... 80
    Capturing Keystrokes .................................................. ............................... 81
    Dumping Usernames and Passwords .................................................. ...................... 82
    Extracting the Password Hashes .................................................. ................ 82
    Dumping the Password Hash .................................................. .................... 83
    Pass the Hash .................................................. .................................................. .... 84
    Privilege Escalation .................................................. .............................................. 85
    Token Impersonation .................................................. ............................................. 87
    Using ps .................................................. .................................................. ........... 87
    Pivoting onto Other Systems .................................................. .................................. 89
    Using Meterpreter Scripts .................................................. ...................................... 92
    Migrating a Process .................................................. ................................. 92
    Killing Antivirus Software .................................................. ......................... 93
    Obtaining System Password Hashes .................................................. .......... 93
    Viewing All Traffic on a Target Machine .................................................. .... 93
    Scraping a System .................................................. .................................. 93
    Using Persistence .................................................. .................................... 94
    Leveraging Post Exploitation Modules .................................................. ..................... 95
    Upgrading Your Command Shell to Meterpreter .................................................. ....... 95
    Manipulating Windows APIs with the Railgun Add-On ................................................ 97
    Wrapping Up .................................................. .................................................. .... 97
    7

    AVOIDING DETECTION 99
    Creating Stand-Alone Binaries with MSFpayload .................................................. .... 100
    Evading Antivirus Detection .................................................. ................................. 101
    Encoding with MSFencode .................................................. ..................... 102
    Multi-encoding .................................................. ...................................... 103
    Custom Executable Templates .................................................. .............................. 105
    Launching a Payload Stealthily........................................ ........................................ 106
    x Contents in Detail
    Packers .................................................. .................................................. ........... 107
    A Final Note on Antivirus Software Evasion .................................................. ........... 108


    EXPLOITATION USING CLIENT-SIDE ATTACKS 109
    Browser-Based Exploits .................................................. ....................................... 110
    How Browser-Based Exploits Work .................................................. .......... 111
    Looking at NOPs .................................................. ................................... 112
    Using Immunity Debugger to Decipher NOP Shellcode ............................................. 112
    Exploring the Internet Explorer Aurora Exploit .................................................. ........ 116
    File Format Exploits .................................................. ............................................ 119
    Sending the Payload .................................................. .......................................... 120
    Wrapping Up .................................................. .................................................. .. 121


    METASPLOIT AUXILIARY MODULES 123
    Auxiliary Modules in Use .................................................. .................................... 126
    Anatomy of an Auxiliary Module .................................................. .......................... 128
    Going Forward .................................................. .................................................. 133


    THE SOCIAL-ENGINEER TOOLKIT 135
    Configuring the Social-Engineer Toolkit .................................................. ................. 136
    Spear-Phishing Attack Vector .................................................. ............................... 137
    Web Attack Vectors .................................................. ............................................ 142
    Java Applet .................................................. .......................................... 142
    Client-Side Web Exploits .................................................. ........................ 146
    Username and Password Harvesting .................................................. ........ 148
    Tabnabbing .................................................. .......................................... 150
    Man-Left-in-the-Middle .................................................. ............................ 150
    Web Jacking .................................................. ........................................ 151
    Putting It All Together with a Multipronged Attack ........................................ 153
    Infectious Media Generator .................................................. ................................. 157
    Teensy USB HID Attack Vector .................................................. ............................. 157
    Additional SET Features .................................................. ...................................... 160
    Looking Ahead .................................................. .................................................. 161


    FAST-TRACK 163
    Microsoft SQL Injection .................................................. ....................................... 164
    SQL Injector—Query String Attack .................................................. ........... 165
    SQL Injector—POST Parameter Attack .................................................. ...... 166
    Manual Injection .................................................. ................................... 167
    MSSQL Bruter .................................................. ....................................... 168
    SQLPwnage .................................................. .......................................... 172
    Binary-to-Hex Generator .................................................. ...................................... 174
    Mass Client-Side Attack .................................................. ...................................... 175
    A Few Words About Automation .................................................. .......................... 176
    Contents in Detail xi


    KARMETASPLOIT 177
    Configuration .................................................. .................................................. .. 178
    Launching the Attack .................................................. ........................................... 179
    Credential Harvesting .................................................. ......................................... 181
    Getting a Shell .................................................. .................................................. . 182
    Wrapping Up .................................................. .................................................. .. 184


    BUILDING YOUR OWN MODULE 185
    Getting Command Execution on Microsoft SQL .................................................. ...... 186
    Exploring an Existing Metasploit Module .................................................. ............... 187
    Creating a New Module .................................................. ..................................... 189
    PowerShell .................................................. ........................................... 189
    Running the Shell Exploit .................................................. ........................ 190
    Creating powershell_upload_exec .................................................. ........... 192
    Conversion from Hex to Binary .................................................. ............... 192
    Counters .................................................. .............................................. 194
    Running the Exploit .................................................. ................................ 195
    The Power of Code Reuse .................................................. ................................... 196


    CREATING YOUR OWN EXPLOITS 197
    The Art of Fuzzing .................................................. .............................................. 198
    Controlling the Structured Exception Handler .................................................. ......... 201
    Hopping Around SEH Restrictions .................................................. ......................... 204
    Getting a Return Address .................................................. .................................... 206
    Bad Characters and Remote Code Execution .................................................. ......... 210
    Wrapping Up .................................................. .................................................. .. 213


    PORTING EXPLOITS TO THE METASPLOIT FRAMEWORK 215
    Assembly Language Basics .................................................. .................................. 216
    EIP and ESP Registers .................................................. ............................. 216
    The JMP Instruction Set .................................................. ........................... 216
    NOPs and NOP Slides .................................................. .......................... 216
    Porting a Buffer Overflow .................................................. .................................... 216
    Stripping the Existing Exploit .................................................. ................... 218
    Configuring the Exploit Definition .................................................. ............ 219
    Testing Our Base Exploit .................................................. ........................ 220
    Implementing Features of the Framework .................................................. .. 221
    Adding Randomization .................................................. .......................... 222
    Removing the NOP Slide .................................................. ........................ 223
    Removing the Dummy Shellcode .................................................. .............. 223
    Our Completed Module .................................................. ......................... 224
    SEH Overwrite Exploit .................................................. ........................................ 226
    Wrapping Up .................................................. .................................................. .. 233
    xii Contents in Detail


    METERPRETER SCRIPTING 235
    Meterpreter Scripting Basics .................................................. ................................ 235
    Meterpreter API .................................................. .................................................. 241
    Printing Output .................................................. ...................................... 241
    Base API Calls .................................................. ...................................... 242
    Meterpreter Mixins .................................................. ................................ 242
    Rules for Writing Meterpreter Scripts .................................................. .................... 244
    Creating Your Own Meterpreter Script .................................................. .................. 244
    Wrapping Up .................................................. .................................................. .. 250


    SIMULATED PENETRATION TEST 251
    Pre-engagement Interactions .................................................. ................................ 252
    Intelligence Gathering .................................................. ......................................... 252
    Threat Modeling .................................................. ................................................ 253
    Exploitation .................................................. .................................................. ..... 255
    Customizing MSFconsole .................................................. .................................... 255
    Post Exploitation .................................................. ................................................. 257
    Scanning the Metasploitable System .................................................. ........ 258
    Identifying Vulnerable Services .................................................. ............... 259
    Attacking Apache Tomcat .................................................. ................................... 260
    Attacking Obscure Services .................................................. ................................. 262
    Covering Your Tracks .................................................. ......................................... 264
    Wrapping Up .................................................. .................................................. .. 266


    CONFIGURING YOUR TARGET MACHINES 267
    Installing and Setting Up the System .................................................. ..................... 267
    Booting Up the Linux Virtual Machines .................................................. .................. 268
    Setting Up a Vulnerable Windows XP Installation .................................................. ... 269
    Configuring Your Web Server on Windows XP ........................................... 269
    Building a SQL Server .................................................. ............................ 269
    Creating a Vulnerable Web Application .................................................. .. 272
    Updating Back|Track .................................................. ............................ 273


    CHEAT SHEET 275
    MSFconsole Commands .................................................. ...................................... 275
    Meterpreter Commands .................................................. ...................................... 277
    MSFpayload Commands .................................................. ..................................... 280
    MSFencode Commands .................................................. ...................................... 280
    MSFcli Commands .................................................. ............................................. 281
    MSF, Ninja, Fu .................................................. .................................................. 281
    MSFvenom .................................................. .................................................. ...... 281
    Meterpreter Post Exploitation
    Last edited by V3nom; 07-04-2012, 20:50.
    Lord GrayHat
    Quieter you are more able you are to hear!
    Similar Threads

  • Font Size
    #2
    Posui Linquagem Em portuques Obrigado!

    Comment


    • Font Size
      #3
      Muito Bom, traduzindo para PT....

      Comment


      • Font Size
        #4
        Esse livro é muito bom !

        Comment


        • Font Size
          #5
          UUUUUUUUUUI
          mto bom o/
          sigpicToda verdade passa por três estágios. Primeiramente, é ridicularizada. Em segundo lugar, é violentamente confrontada. Por último, torna-se aceita como evidência

          Comment


          • Font Size
            #6
            Muito Bom, obrigado por compartilhar !!!

            Obs: os melhores livros estao em Inglês !!!

            Vlw man, continue assim !!!
            "Sou a única certeza que vocês terão em toda a VIDA de vocês, eu tardo mais não falho !!! Tenho a certeza que algum dia irei visitar todos vocês"



            Comment


            • Font Size
              #7
              Obrigado, por compartilhar.

              Comment


              • Font Size
                #8
                Obrigado .. Vai ajudar muito

                Comment


                • Font Size
                  #9
                  Nossa.. livro do inferno! Gostei \o.

                  Comment


                  • Font Size
                    #10
                    Obrigado cara, me parece ser um ótimo conteudo, galera muitos estão pedindo o conteudo em PT, sim é bem mais comodo, mas acho que para um bom aprovietamento de tudo o que há na internet comecem a se habituar com o inglês, eu mesmo não sou um grande interpretador mais estou cada vez mais entendendo esses livros didáticos.

                    Abraço a todos

                    Comment


                    • Font Size
                      #11
                      muito bom este livro, parebens por compartilhar, vlwww

                      Comment


                      • Font Size
                        #12
                        muy bueno.

                        Comment


                        • Font Size
                          #13
                          o link não dá :S

                          Comment


                          • Font Size
                            #14
                            o link já esta off mesmo ?
                            alguem pode ta upando denovo....
                            obrigado galera!

                            Comment


                            • Font Size
                              #15
                              Alguém tem o link reupado?

                              Comment

                              X
                              Working...
                              X