Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you’ve built your foundation for penetration testing, you’ll learn the Framework’s conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass antivirus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness stand-alone Metasploit utilities, third- party tools, and plug-ins Learn how to write your own Meterpreter post- exploitation modules and scripts You’ll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond. “The best guide to the Metasploit Framework.” — HD Moore, Founder of the Metasploit Project $49.95 ($57.95 CDN) Shelve In: COMPUTERS/INTERNET/SECURITY THE FINEST IN GEEK ENTERTAINMENT™ www.nostarch.com David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Foreword by HD Moore Kennedy O’Gorman Kearns Aharoni Metasploit Metasploit The Penetration Tester’s Guide The Penetration Tester’s Guide “I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut. METASPLOIT METASPLOIT The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni San Francisco METASPLOIT. Copyright © 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 15 14 13 12 11 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-288-X ISBN-13: 978-1-59327-288-3 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D’Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Scott White Copyeditor: Lisa Theobald Compositors: Susan Glinert Stevens Proofreader: Ward Webber Indexer: BIM Indexing & Proofreading Services For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. BRIEF CONTENTS Foreword by HD Moore xiii Preface xvii Acknowledgments xix Introduction xxi Chapter 1: The Absolute Basics of Penetration Testing 1 Chapter 2: Metasploit Basics 7 Chapter 3: Intelligence Gathering 15 Chapter 4: Vulnerability Scanning 35 Chapter 5: The Joy of Exploitation 57 Chapter 6: Meterpreter 75 Chapter 7: Avoiding Detection 99 Chapter 8: Exploitation Using Client-Side Attacks 109 Chapter 9: Metasploit Auxiliary Modules 123 Chapter 10: The Social-Engineer Toolkit 135 Chapter 11: Fast-Track 163 Chapter 12: Karmetasploit 177 Chapter 13: Building Your Own Module 185 vi Brief Contents Chapter 14: Creating Your Own Exploits 197 Chapter 15: Porting Exploits to the Metasploit Framework 215 Chapter 16: Meterpreter Scripting 235 Chapter 17: Simulated Penetration Test 251 Appendix A: Configuring Your Target Machines 267 Appendix B: Cheat Sheet 275 Index 285 CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks xx INTRODUCTION xxi Why Do A Penetration Test? xxii Why Metasploit? xxii A Brief History of Metasploit xxii About this Book xxiii What’s in the Book? xxiii A Note on Ethics xxiv 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 The Phases of the PTES 2 Pre-engagement Interactions 2 Intelligence Gathering 2 Threat Modeling 2 Vulnerability Analysis 3 Exploitation 3 Post Exploitation 3 Reporting 4 Types of Penetration Tests 4 Overt Penetration Testing 5 Covert Penetration Testing 5 Vulnerability Scanners 5 Pulling It All Together 6 2 METASPLOIT BASICS 7 Terminology 7 Exploit 8 Payload 8 Shellcode 8 Module 8 Listener 8 Metasploit Interfaces 8 MSFconsole 9 MSFcli 9 Armitage 11 viii Contents in Detail Metasploit Utilities 12 MSFpayload 12 MSFencode 13 Nasm Shell 13 Metasploit Express and Metasploit Pro 14 Wrapping Up 14 3 INTELLIGENCE GATHERING 15 Passive Information Gathering 16 whois Lookups 16 Netcraft 17 NSLookup 18 Active Information Gathering 18 Port Scanning with Nmap 18 Working with Databases in Metasploit 20 Port Scanning with Metasploit 25 Targeted Scanning 26 Server Message Block Scanning 26 Hunting for Poorly Configured Microsoft SQL Servers 27 SSH Server Scanning 28 FTP Scanning 29 Simple Network Management Protocol Sweeping 30 Writing a Custom Scanner 31 Looking Ahead 33 4 VULNERABILITY SCANNING 35 The Basic Vulnerability Scan 36 Scanning with NeXpose 37 Configuration 37 Importing Your Report into the Metasploit Framework 42 Running NeXpose Within MSFconsole 43 Scanning with Nessus 44 Nessus Configuration 44 Creating a Nessus Scan Policy 45 Running a Nessus Scan 47 Nessus Reports 47 Importing Results into the Metasploit Framework 48 Scanning with Nessus from Within Metasploit 49 Specialty Vulnerability Scanners 51 Validating SMB Logins 51 Scanning for Open VNC Authentication 52 Scanning for Open X11 Servers 54 Using Scan Results for Autopwning 56 5 THE JOY OF EXPLOITATION 57 Basic Exploitation 58 msf> show exploits 58 msf> show auxiliary 58 [...]... 133 10 THE SOCIAL-ENGINEER TOOLKIT 135 Configuring the Social-Engineer Toolkit 136 Spear-Phishing Attack Vector 137 Web Attack Vectors 142 Java Applet 142 Client-Side Web Exploits 146 Username and Password Harvesting 148 Tabnabbing 150 Man-Left-in -the- Middle 150 Web Jacking 151 Putting It All Together with... commercial products based on the Metasploit Framework: Metasploit Express and Metasploit Pro Metasploit Express is a lighter version of the Metasploit Framework with a GUI and additional functionality, including reporting, among other useful features Metasploit Pro is an expanded version of Metasploit Express that touts collaboration and group penetration testing and such features as a one-click virtual private... all their sensitive data Congratulations on a job well done—you’ve shown true business impact, and now it’s time to write the report Oddly enough, today’s penetration testers often find themselves in the role of a fictitious adversary like the one described above, performing legal attacks at the request of companies that need high levels of security Welcome to the world of penetration testing and the. .. how they play into the overall structure of a successful penetration testing process Experienced penetration testers will benefit from the discussion of the methodology, which is based on the recently codified Penetration Test Execution Standard Readers who are new to the field will be presented with a wealth of information not only about how to get started but also why those steps matter and what they... with updates to the Framework What’s in the Book? How can this book help you to get started or take your skills to the next level? Each chapter is designed to build on the previous one and to help you build your skills as a penetration tester from the ground up Chapter 1, The Absolute Basics of Penetration Testing,” establishes the methodologies around penetration testing Chapter 2, Metasploit Basics,”... restrictions regarding what can and will be tested during the engagement Intelligence Gathering In the intelligence gathering phase, you will gather any information you can about the organization you are attacking by using social-media networks, Google hacking, footprinting the target, and so on One of the most important skills a penetration tester can have is the ability to learn about a target, including how... scenarios as they present themselves 6 Chapter 1 METASPLOIT BASICS When you encounter the Metasploit Framework (MSF) for the first time, you might be overwhelmed by its many interfaces, options, utilities, variables, and modules In this chapter, we’ll focus on the basics that will help you make sense of the big picture We’ll review some basic penetration testing terminology and then briefly cover the various... appending the letter O to the end of the string at whichever point you are stuck For example, in the following listing, we use the O to see the options available for the ms08_067_netapi module: root@bt:/# msfcli windows/smb/ms08_067_netapi O [*] Please wait while we load the module tree Name -RHOST RPORT SMBPIPE Current Setting 0.0.0.0 445 BROWSER Required -yes yes yes Description The target... resulted in over 150,000 lines of new code With the 3.0 release, Metasploit saw widespread adoption in the security community and a big increase in user contributions In fall 2009, Metasploit was acquired by Rapid7, a leader in the vulnerability-scanning field, which allowed HD to build a team to focus solely on the development of the Metasploit Framework Since the acquisition, updates have occurred more... may already be out of date The authors took on the Herculean task of writing this book in such a way that the content will still be applicable by the time it reaches its readers The Metasploit team has been involved with this book to make sure that changes to the code are accurately reflected and that the final result is as close to zero-day coverage of the Metasploit Framework as is humanly possible . without the prior written permission of the copyright owner and the publisher. 15 14 13 12 11 1 2 3 4 5 6 7 8 9 ISBN-10: 1-5 932 7-2 88-X ISBN-13: 97 8-1 -5 932 7-2 8 8-3 Publisher:. put someone else’s to the test, Metasploit: The Penetration Tester’s Guide will take you there and beyond. The best guide to the Metasploit Framework.”