Metasploit Penetration Test Devil Training Camp Works Catalogue
Foreword Thanks to Chapter 65438 +0 Devil Training Camp-I first met Metasploit 11What is penetrant detection111kloc-0/65438? The origin and definition of penetrant detection/kloc. 65438 665438 438+01.3 penetrant detection method and process 4 638 1.3.4 application environment for integrated development of safety technology191.4 metaloit structural analysis 201.4 38+0.4.4 Attack Load Module 25 1.4.5 yuan Command Module 26 1.4.6 Encoder Module 26 1.4.7 Infiltration Attack Module 27 1.5 Install Metasploit Software 28 1.5.65438. Sploit29 1.5.2 Install Metasploit29 1.5.3 Install Metasploit30 1.6 on the Linux operating system to learn about the user interface of Metasploit31.61msfgui. Graphical interface tool 32 1.6.2 msfconsole console terminal 34 1.6.3 msfcli command line program 36 1.7 summary 38 1.8 devil training camp exercise homework 39 Chapter II Saining VS solid V- penetration test experimental environment 40 2. 1 solid V. Environmental topology 4 1 2. 1. 1 penetration test experimental environment topology 42 2. 1.2 attack aircraft environment 44 2. 1.3 target aircraft environment 45 2. 1.4 analysis environment 50 2.2 Construction of penetration test experimental environment 50. Virtual environment deployment 56 2.2 Network environment configuration 56 2.2.3 Virtual machine image configuration 55. 2 Collecting information through search engines 72 3. 1.3 Collecting peripheral information on Dingv company's network 79 3.2 Host detection and port scanning 80 3.2. 1 Active host scanning 80 3.2.2 Operating system identification 85 3.2.3 Port scanning and service type detection 86 3.2.4 Autosc 5. A function 90 3.2.5 Detection scanning result analysis 9 1 3.3 Service scanning and inspection 92 3.3. 1 Common network service scanning 93 3.3.2 password guessing and sniffing 96 3.4 network vulnerability scanning 98 3.4. 1 vulnerability scanning principle and vulnerability scanner 98 3.4.2 OpenVAS vulnerability scanner 99 3.4.3 finding specific service vulnerabilities 108 3.4.4 vulnerability scanning result analysis 655438+0/kl. 3.5.4 Nmap and penetration test database 1 13 3.5.5 OpenVAS and penetration test database 1 13 3.5.6 *** Enjoy your penetration test information database 1 1 4. 7 3.7 devil's training camp exercises 65438+5438+09 4.1.1why Web application penetration attacks120 4.1.2 development trend of web application attacks1.4. .3 OWASP Web Vulnerability Top 10 122 4. Typical cases of recent Web application attacks1264.10.5 Web application penetration technology based on Metasploit framework 128 4.2 Web application vulnerability scanning detection1304. Kloc-0/ Open Source Web Application Vulnerability Scanning Tool 13 1 4.2.2 Scanning Artifact W3. AF 133 4.2.3 SQL injection vulnerability detection 135 4.2.4 XSS vulnerability detection 144 4.2.5 Web application vulnerability detection 145 4.3 Web application penetration test147 4.3./kl SQL Injection Case Analysis 5008080806 3.2 Cross-site Attack Case Analysis 158 4 Entering Intranet-Network Service Penetration Attack 182 5. 1 Memory Attack and Defense Technology 182 5. 1 Buffer Overflow Vulnerability Mechanism1. 5. 1.4 Restriction condition of buffer overflow utilization 188 5. 1.5 Confrontation game between offensive and defensive ends 188 5.2 network service penetration attack surface 190 5.2. 1 network service penetration attack Windows system/kloc. Infiltration attack of Microsoft network service on Windows operating system 1 93 5.2.3 Infiltration attack of third-party network service on Windows operating system 194 Infiltration attack of industrial control system service software1 94 5.3 Infiltration attack of Windows service -MS08-067 security vulnerability 65438+ 096 5.3. 1 oversize vulnerability MS08-067 196 5 Oracle database "ant nest" 2 12 5.4.2 Oracle Infiltration module source code analysis 2/kloc-0. Security Vulnerability Utilization Mechanism 220 5.5 Actual Case of Service Penetration Attack of Industrial Control System —— SCADA software of China manufacturer Asia Control Technology Kingview 222 5.5. 1 was shadowed by foreign hackers 222 5.5.2 Kingview 6.53 HistorySvr Penetration Attack Code Analysis 224 5.5.3 Kingview 6.53 Vulnerability. Penetration attack testing process 225 5.5.4 Principle analysis of Kingview heap overflow security vulnerability 228 5.6 Actual combat case of Linux system service penetration attack-samba security vulnerability 232 5. 6. 1 The difference between Linux and Windows 232 5. 6. 2 Linux system service penetration attack principle 233 5.6.3 samba security vulnerability description and attack module analysis 234 5.6.4 Samba penetration attack process 235 5.6.5 Samba security vulnerability principle analysis 6 Set V network dominator-client penetration attack 246 6./ Kloc-0/ Basis of Client Penetration Attacks C2466.000000000016.10/2 Development and Trend of Client Penetration Attacks 247 6. 1 .3 Security Protection Mechanism 248 6.2 Penetration Attacks on Browsers 249 6.2. 545435435 Infiltration Attacks on Third-Party Plug-ins —— Re-exploring Subcontrol Technology Kingview 26 1 6.4. 1 Transplanting Kingview Infiltration Attack Code 26 1 6.4.2 kingview penetration attack flow 264 6.4.3 kingview security vulnerability mechanism analysis 265 6.5 application software penetration attack 269 6.5. 1 application software penetration attack mechanism 269 6.5.2 memory attack technology ROP implementation 6.6.2 MS 10-087 vulnerability penetration attack module source code analysis 278 6. Kloc-0/0-087 vulnerability principle analysis 279 6.6.4 MS 10-087 vulnerability utilization principle 282 6. Be actual case of reader penetration attack-emergency project progress report 286 6.7. 1 Adobe penetration testing process 287 6.7.2 Adobe penetration attack module analysis and mechanism analysis 289 6.7.3 Adobe exploitation principle 293 6.8 Summary 298 6.9 Devil training camp practice 299 Chapter 7 The danger behind sweet talk-social engineering 300 7. 1 past life of social engineering 300 7. 1 What is social engineering attack 3065438 frame 303 7.2. 1 information collection 303 7.2.2 inducement 306 7.2.3 excuse 308 7.2.4 psychological influence 309 7.3 social engineering attack case-main methods and transmission routes of disguised Trojan horse 3117.3 Camouflaged Trojan Horse 365438 Social Engineering Attack Planning 3 13 7.3.3 Trojan Fishing 335 7.4. 1 Social engineering attack toolkit SET325 7.4.2 Social engineering attack planning of phishing website 325 7.4.3 Production of phishing website 326 7.4.4 Social engineering implementation process of phishing website 330 7.4.5 Summary of social engineering attack cases of phishing website 33 1.7.5 Targeted social engineering attack cases-email phishing 331. Kloc-0/ e-mail phishing social engineering attack planning 339 7.6.2 U disk attack principle 340 7.6.3 Making hacksaw U disk 3417.6.4 The implementation process of U disk social engineering attack 345 7. 6. 5u disk social engineering attack case summary 345 7.7 Summary 346 7.8 The practice of devil training camp 346 Chapter 8 The knife is invisible. Sword without Shadow-Mobile Environment Penetration Test 348 8. 1 Mobile Metasploit Penetration Test Platform 348 8. 2 Wireless Network Penetration Test Skills 3518.2./Wireless Network Password Cracking 35 1 8.2.2 Cracking the management password of wireless AP 355 8.2.3. 8.3.2 Loading karma.rc resource file 367 8.3.3 Implementation process of mobile Internet notebook penetration attack 369 8.3.4 Summary of mobile Internet notebook penetration attack cases 37 1.8.4. 1 Characteristics of BYOD device 3728.4. S device penetration attack 372 8.4.3 Android smartphone penetration attack 377 8.4.4 Transplanting Metasploit. 1 Re-exploring Metasploit attack load module 393 9. 1. 1 typical attack load module 394 9./kloc-0. .2 Attack load module 395 9. 1.3 meterpreter command 398 9.2 Explain 400 9.2 in detail. . 1 basic command 40 1 9.2.2 file system command 402 9.2.3 network command 404 9.2.4 system command 406 9.3 attack module 408 9.3. 1 Why is the attack module after penetration 408 9.3.2 operating system platform distribution 409.3 How to use 409 9.4 meterpreter 416543838+09 9.4.5 intranet expansion 424 9.4.6 cover-up and disappearance 430 9.5 summary 43 1 9.6 devil training camp practice homework 43009.0000000000001 Chapter kloc-0/0 Wolves Out of the Mountain-Hacker Capturing the Flag Competition in Actual Combat 433 10. 10 The origin of the Hacker Capturing the Flag Competition 46010.606 Competition Scene Analysis of the Underground Industrial Chain "438 10.4 CTF Competition Results. Kloc-0/0.6 Practice of Devil Training Camp 46 1 Appendix A How to Write Penetration Test Report 462 Appendix B Reference and Further Reading 468