Showing posts with label Engineering. Show all posts

Christopher Hadnagy

Second Edition


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 362 p
 File Size
 7,200 KB
 File Type
 PDF format 
 ISBN             
 978-1-119-43375-0
 Copyright   
 2018 Christopher Hadnagy  

About the Author
CHRISTOPHER HADNAGY
is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.

FOREWORD
When I started Apple Computers in 1976 with Steve Jobs, I did not imagine
where that invention would take the world. I wanted to do something that was
unheard of: create a personal computer. One that any person could use, enjoy,
and benefit from. Jump forward only a short 40 or so years and that vision is a reality.

With billions of personal computers around the globe, smartphones, smart
devices, and technology being embedded into every aspect of our lives, it is
important to take a step back and look at how we maintain safety and security
while still innovating and growing and working with the next generation.
I love getting to work with youth today, inspiring them to innovate and grow. I
love seeing the ideas flow from them as they figure out new and creative ways to
use technology. And I truly love being able to see how this technology can
enhance people's lives.

With that said, we need to take a serious look at how we secure this future. In
2004 when I gave the keynote speech at HOPE Conference, I said that a lot of
hacking is playing with other people and getting them to do strange things. My
friend, Kevin Mitnick, has mastered this over the years in one area of security
called social engineering.

Chris’s book captures the very essence of social engineering, defining and
shaping it for all of us to understand. He has rewritten the book on it again,
defining the core principles of how we as humans make decisions and how those
very same processes can be manipulated.

Hacking has been around for a while, and human hacking has been around for as
long as humans have. This book can prepare you, protect you, and educate you
how to recognize, defend, and mitigate the risks that come from social engineering.
—Steve “Woz” Wozniak


Table of Contents
Cover
Foreword
Preface
1 A Look into the New World of Professional Social Engineering
What Has Changed?
Why Should You Read This Book?
An Overview of Social Engineering
The SE Pyramid
What's in This Book?
Summary
2 Do You See What I See?
A Real-World Example of Collecting OSINT
Nontechnical OSINT
Tools of the Trade
Summary
3 Profiling People Through Communication
The Approach
Enter the DISC
Summary
4 Becoming Anyone You Want to Be
The Principles of Pretexting
Summary
5 I Know How to Make You Like Me
The Tribe Mentality
Building Rapport as a Social Engineer
The Rapport Machine
Summary
6 Under the Influence
Principle One: Reciprocity
Principle Two: Obligation
Principle Three: Concession
Principle Four: Scarcity
Principle Five: Authority
Principle Six: Consistency and Commitment
Principle Seven: Liking
Principle Eight: Social Proof
Influence vs. Manipulation
Summary
7 Building Your Artwork
The Dynamic Rules of Framing
Elicitation
Summary
8 I Can See What You Didn't Say
Nonverbals Are Essential
All Your Baselines Belong to Us
Understand the Basics of Nonverbals
Comfort vs. Discomfort
Summary
9 Hacking the Humans
An Equal Opportunity Victimizer
The Principles of the Pentest
Phishing
Vishing
SMiShing
Impersonation
Reporting
Top Questions for the SE Pentester
Summary
10 Do You Have a M.A.P.P.?
Step 1: Learn to Identify Social Engineering Attacks
Step 2: Develop Actionable and Realistic Policies
Step 3: Perform Regular Real-World Checkups
Step 4: Implement Applicable Security-Awareness Programs
Tie It All Together
Gotta Keep 'Em Updated
Let the Mistakes of Your Peers Be Your Teacher
Create a Security Awareness Culture
Summary
11 Now What?
Soft Skills for Becoming an Social Engineer
Technical Skills
Education
Job Prospects
The Future of Social Engineering
Index
End User License Agreement


Bookscreen
e-books shop

PREFACE
Social engineering—I can remember when searching for that term led you to
videos on getting free burgers or dates with girls. Now it seems like it's almost a
household term. Just the other day I heard a friend of the family, who's not in
this industry at all, talking about an email scam. She said, “Well, that's just a
great example of social engineering!”
It threw me for a loop for a second, but here we are, eight years after my
decision to start a company solely focused on social engineering, and now it's a
full-blown industry and household term.
If you were to just start reading this book it would be easy to mistake my
intentions. You might think I am fully okay with arming the bad guys or
preparing them for nefarious acts. That cannot be further from the truth.

When I wrote my first book, there were many folks who, during interviews, got
very upset with me and said I was arming the malicious social engineers. I felt
the same then as I do now: you cannot really defend against social engineering
until you know all sides of its use. Social engineering is a tool like a hammer,
shovel, knife, or even a gun. Each has a purpose that can be used to build, save,
feed, or survive; each tool also can be used to maim, kill, destroy, and ruin. For
you to understand how to use social engineering to build, feed, survive, or save,
you need to understand both uses. This is especially true if your goal is to
defend. Defending yourself and others from malicious uses of social engineering
requires that you step over into the dark side of it to get a clear picture of how it is used.

I was recently chatting with AJ Cook about her work on Criminal Minds, and
she mentioned that she often has to meet with real federal agents who work
serial-killer cases to prepare herself for playing the role of JJ on the show. The
same idea applies directly to this book.

As you read this book, do it with an open mind. I tried my hardest to put the
knowledge, experience, and practical wisdom I have learned over the last decade
onto these pages. There will always be some mistakes or something you don't
like or something you might feel was not 100% clear. Let's discuss it; reach out
to me and let's talk. You can find me on Twitter: @humanhacker. Or you can
email me from one of the websites: 
When I teach my five-day courses, I always ask the students to not treat me like
some infallible instructor. If they have knowledge, thoughts, or even feelings
that contradict something I say, I want to discuss it with them. I love learning
and expanding my understanding on these topics. I extend the same request to you.

Finally, I want to thank you. Thank you for spending some of your valuable time
with me in the pages of this book. Thank you for helping me improve over the
years. Thank you for all your feedback, ideas, critiques, and advice.
I truly hope you enjoy this book.
—Christopher Hadnagy

The Penetration Tester’s Guide

by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni

The Absolute Basics of Penetration Testing
Metasploit Basics
Intelligence Gathering
Vulnerability Scanning
The Joy of Exploitation
Meterpreter
Avoiding Detection
Exploitation Using Client-Side Attacks
Metasploit Auxiliary Modules
The Social-Engineer Toolkit
Fast-Track
Karmetasploit 
Building Your Own Module
Creating Your Own Exploits
Porting Exploits to the Metasploit Framework
Meterpreter Scripting
Simulated Penetration Test

e-books shop
Metasploit
The Penetration Tester’s Guide


FOREWORD
Information technology is a complex field, littered
with the half-dead technology of the past and an
ever-increasing menagerie of new systems, software, and protocols. Securing today’s enterprise networks
involves more than simply patch management, firewalls,
and user education; it requires frequent realworld
validation of what works and what fails. 
This is what penetration testing is all about.
Penetration testing is a uniquely challenging job. You are paid to think
like a criminal, to use guerilla tactics to your advantage, and to find the weakest
links in a highly intricate net of defenses. The things you find can be both
surprising and disturbing; penetration tests have uncovered everything from
rogue pornography sites to large-scale fraud and criminal activity.
Penetration testing is about ignoring an organization’s perception of
its security and probing its systems for weaknesses. The data obtained from a
successful penetration test often uncovers issues that no architecture review
or vulnerability assessment would be able to identify. Typical findings include
shared passwords, cross-connected networks, and troves of sensitive data sitting
in the clear. The problems created by sloppy system administration and
rushed implementations often pose significant threats to an organization,
while the solutions languish under a dozen items on an administrator’s to-do
list. Penetration testing highlights these misplaced priorities and identifies
what an organization needs to do to defend itself from a real intrusion.
Penetration testers handle a company’s most sensitive resources; they
gain access to areas that can have dire real-world consequences if the wrong
action is taken. A single misplaced packet can bring a factory floor to a halt,
with a cost measured in millions of dollars per hour. Failure to notify the
appropriate personnel can result in an uncomfortable and embarrassing conversation
with the local police. Medical systems are one area that even the
most experienced security professionals may hesitate to test; nobody wants
to be responsible for mixing up a patient’s blood type in an OpenVMS mainframe
or corrupting the memory on an X-ray machine running Windows XP.
The most critical systems are often the most exposed, and few system administrators
want to risk an outage by bringing down a database server to apply a
security patch.
Balancing the use of available attack paths and the risk of causing damage
is a skill that all penetration testers must hone. This process depends not
only on a technical knowledge of the tools and the techniques but also on a
strong understanding of how the organization operates and where the path
of least resistance may lie.
In this book, you will see penetration testing through the eyes of four
security professionals with widely divergent backgrounds. The authors include
folks with experience at the top of the corporate security structure all the way
down to the Wild West world of underground exploit development and vulnerability
research. There are a number of books available on penetration testing
and security assessments, and there are many that focus entirely on tools.
This book, however, strives for a balance between the two, covering the fundamental
tools and techniques while also explaining how they play into the
overall structure of a successful penetration testing process. Experienced
penetration testers will benefit from the discussion of the methodology,
which is based on the recently codified Penetration Test Execution Standard.
Readers who are new to the field will be presented with a wealth of information
not only about how to get started but also why those steps matter and
what they mean in the bigger picture.
This book focuses on the Metasploit Framework. This open source
platform provides a consistent, reliable library of constantly updated exploits
and offers a complete development environment for building new tools and
automating every aspect of a penetration test. Metasploit Express and Metasploit
Pro, the commercial siblings of the Framework, are also represented in
this book. These products provide a different perspective on how to conduct

and automate large-scale penetration tests.

The Metasploit Framework is an infamously volatile project; the code
base is updated dozens of times every day by a core group of developers and
submissions from hundreds of community contributors. Writing a book about
the Framework is a masochistic endeavor; by the time that a given chapter
has been proofread, the content may already be out of date. The authors
took on the Herculean task of writing this book in such a way that the content
will still be applicable by the time it reaches its readers.
The Metasploit team has been involved with this book to make sure that
changes to the code are accurately reflected and that the final result is as close
to zero-day coverage of the Metasploit Framework as is humanly possible. We
can state with full confidence that it is the best guide to the Metasploit Framework
available today, and it will likely remain so for a long time. We hope you
find this book valuable in your work and an excellent reference in your trials ahead.
HD Moore

Founder, The Metasploit Project

PREFACE
The Metasploit Framework has long been one of the
tools most widely used by information security professionals,
but for a long time little documentation
existed aside from the source code itself or comments
on blogs. That situation changed significantly when
Offensive-Security developed its online course, Metasploit
Unleashed. Shortly after the course went live, No
Starch Press contacted us about the possibly of creating
a book to expand on our work with Metasploit Unleashed.
This book is designed to teach you the ins and outs of Metasploit and
how to use the Framework to its fullest. Our coverage is selective—we won’t
cover every single flag or exploit—but we give you the foundation you’ll need
to understand and use Metasploit now and in future versions.

Introduction
Imagine that sometime in the not-so-distant future an
attacker decides to attack a multinational company’s
digital assets, targeting hundreds of millions of dollars
worth of intellectual property buried behind millions
of dollars in infrastructure. Naturally, the attacker
begins by firing up the latest version of Metasploit.
After exploring the target’s perimeter, he finds a soft spot and begins a
methodical series of attacks, but even after he’s compromised nearly every
aspect of the network, the fun has only just begun. He maneuvers through
systems, identifying core, critical business components that keep the company
running. With a single keystroke, he could help himself to millions of
company dollars and compromise all their sensitive data.
Congratulations on a job well done—you’ve shown true business impact,
and now it’s time to write the report. Oddly enough, today’s penetration
testers often find themselves in the role of a fictitious adversary like the one
described above, performing legal attacks at the request of companies that
need high levels of security. Welcome to the world of penetration testing and
the future of security.

Why Do a Penetration Test?
Companies invest millions of dollars in security programs to protect critical
infrastructures, identify chinks in the armor, and prevent serious data breaches.
A penetration test is one of the most effective ways to identify systemic weaknesses
and deficiencies in these programs. By attempting to circumvent security
controls and bypass security mechanisms, a penetration tester is able to
identify ways in which a hacker might be able to compromise an organization’s
security and damage the organization as a whole.
As you read through this book, remember that you’re not necessarily
targeting one system or multiple systems. Your goal is to show, in a safe and
controlled manner, how an attacker might be able to cause serious harm to
an organization and impact its ability to, among other things, generate revenue,
maintain its reputation, and protect its customers.

Why Metasploit?
Metasploit isn’t just a tool; it’s an entire framework that provides the infrastructure
needed to automate mundane, routine, and complex tasks. This
allows you to concentrate on the unique or specialized aspects of penetration
testing and on identifying flaws within your information security program.
As you progress through the chapters in this book and establish a wellrounded
methodology, you will begin to see the many ways in which Metasploit
can be used in your penetration tests. Metasploit allows you to easily
build attack vectors to augment its exploits, payloads, encoders, and more
in order to create and execute more advanced attacks. At various points in
this book we explain several third-party tools—including some written by the
authors of this book—that build on the Metasploit Framework. Our goal is to
get you comfortable with the Framework, show you some advanced attacks,
and ensure that you can apply these techniques responsibly. We hope you
enjoy reading this book as much as we enjoyed creating it. Let the fun and
games begin.

A Brief History of Metasploit
Metasploit was originally developed and conceived by HD Moore while he
was employed by a security firm. When HD realized that he was spending
most of his time validating and sanitizing public exploit code, he began to
create a flexible and maintainable framework for the creation and development
of exploits. He released his first edition of the Perl-based Metasploit
in October 2003 with a total of 11 exploits.
With the help of Spoonm, HD released a total rewrite of the project,
Metasploit 2.0, in April 2004. This version included 19 exploits and over 27
payloads. Shortly after this release, Matt Miller (Skape) joined the Metasploit
development team, and as the project gained popularity, the Metasploit Framework
received heavy backing from the information security community and
quickly became a necessary tool for penetration testing and exploitation.
Following a complete rewrite in the Ruby programming language,
the Metasploit team released Metasploit 3.0 in 2007. The migration of the
Framework from Perl to Ruby took 18 months and resulted in over 150,000
lines of new code. With the 3.0 release, Metasploit saw widespread adoption
in the security community and a big increase in user contributions.
In fall 2009, Metasploit was acquired by Rapid7, a leader in the
vulnerability-scanning field, which allowed HD to build a team to focus
solely on the development of the Metasploit Framework. Since the acquisition,
updates have occurred more rapidly than anyone could have imagined.
Rapid7 released two commercial products based on the Metasploit Framework:
Metasploit Express and Metasploit Pro. Metasploit Express is a lighter
version of the Metasploit Framework with a GUI and additional functionality,
including reporting, among other useful features. Metasploit Pro is an expanded
version of Metasploit Express that touts collaboration and group penetration
testing and such features as a one-click virtual private network (VPN) tunnel
and much more.

About This Book
This book is designed to teach you everything from the fundamentals of
the Framework to advanced techniques in exploitation. Our goal is to provide
a useful tutorial for the beginner and a reference for practitioners. However,
we won’t always hold your hand. Programming knowledge is a definite
advantage in the penetration testing field, and many of the examples in this
book will use either the Ruby or Python programming language. Still, while
we suggest that you learn a language like Ruby or Python to aid in advanced
exploitation and customization of attacks, programming knowledge is not
required.
As you grow more comfortable with Metasploit, you will notice that the
Framework is frequently updated with new features, exploits, and attacks.
This book was developed with the knowledge that Metasploit is continually
changing and that no printed book is likely to be able to keep pace with this
rapid development. Therefore, we focus on the fundamentals, because once
you understand how Metasploit works you will be able to ramp up quickly
with updates to the Framework.

What’s in the Book?
How can this book help you to get started or take your skills to the next level?
Each chapter is designed to build on the previous one and to help you build
your skills as a penetration tester from the ground up.
􀁺 Chapter 1, “The Absolute Basics of Penetration Testing,” establishes the
methodologies around penetration testing.
􀁺 Chapter 2, “Metasploit Basics,” is your introduction to the various tools
within the Metasploit Framework.
􀁺 Chapter 3, “Intelligence Gathering,” shows you ways to leverage Metasploit
in the reconnaissance phase of a penetration test.
􀁺 Chapter 4, “Vulnerability Scanning,” walks you through identifying vulnerabilities
and leveraging vulnerability scanning technology.
􀁺 Chapter 5, “The Joy of Exploitation,” throws you into exploitation.
􀁺 Chapter 6, “Meterpreter,” walks you through the Swiss Army knife of
post exploitation: Meterpreter.
􀁺 Chapter 7, “Avoiding Detection,” focuses on the underlying concepts of
antivirus evasion techniques.
􀁺 Chapter 8, “Exploitation Using Client-Side Attacks,” covers client-side
exploitation and browser bugs.
􀁺 Chapter 9, “Metasploit Auxiliary Modules,” walks you through auxiliary
modules.
􀁺 Chapter 10, “The Social-Engineer Toolkit,” is your guide to leveraging
the Social-Engineer Toolkit in social-engineering attacks.
􀁺 Chapter 11, “Fast-Track,” offers a complete run down on Fast-Track, an
automated penetration testing framework.
􀁺 Chapter 12, “Karmetasploit,” shows you how to leverage Karmetasploit
for wireless attacks.
􀁺 Chapter 13, “Building Your Own Modules,” teaches you how to build
your own exploitation module.
􀁺 Chapter 14, “Creating Your Own Exploits,” covers fuzzing and creating
exploit modules out of buffer overflows.
􀁺 Chapter 15, “Porting Exploits to the Metasploit Framework,” is an indepth
look at how to port existing exploits into a Metasploit-based module.
􀁺 Chapter 16, “Meterpreter Scripting,” shows you how to create your own
Meterpreter scripts.
􀁺 Chapter 17, “Simulated Penetration Test,” pulls everything together as it
walks you through a simulated penetration test.


Table of Contents
FOREWORD by HD Moore xiii
PREFACE xvii
ACKNOWLEDGMENTS xix
Special Thanks ....... xx
INTRODUCTION xxi
Why Do A Penetration Test? ................................................................................... xxii
Why Metasploit? .................................................................................................. xxii
A Brief History of Metasploit ................................................................................... xxii
About this Book .....................................................................................................xxiii
What’s in the Book? ..............................................................................................xxiii
A Note on Ethics ..................................................................................................xxiv
THE ABSOLUTE BASICS OF PENETRATION TESTING
The Phases of the PTES .............................................................................................. 2
Pre-engagement Interactions ......................................................................... 2
Intelligence Gathering .................................................................................. 2
Threat Modeling ......................................................................................... 2
Vulnerability Analysis .................................................................................. 3
Exploitation ................................................................................................ 3
Post Exploitation .......................................................................................... 3
Reporting ................................................................................................... 4
Types of Penetration Tests .......................................................................................... 4
Overt Penetration Testing ............................................................................. 5
Covert Penetration Testing ............................................................................ 5
Vulnerability Scanners .............................................................................................. 5
Pulling It All Together ................................................................................................ 6
METASPLOIT BASICS
Terminology ............................................................................................................ 7
Exploit ....................................................................................................... 8
Payload ..................................................................................................... 8
Shellcode ................................................................................................... 8
Module ...................................................................................................... 8
Listener ...................................................................................................... 8
Metasploit Interfaces ................................................................................................. 8
MSFconsole ................................................................................................ 9
MSFcli ....................................................................................................... 9
Armitage .................................................................................................. 11
Metasploit Utilities .................................................................................................. 12
MSFpayload ............................................................................................. 12
MSFencode .............................................................................................. 13
Nasm Shell ............................................................................................... 13
Metasploit Express and Metasploit Pro ...................................................................... 14
Wrapping Up ........................................................................................................ 14
INTELLIGENCE GATHERING
Passive Information Gathering ................................................................................. 16
whois Lookups .......................................................................................... 16
Netcraft ................................................................................................... 17
NSLookup ................................................................................................ 18
Active Information Gathering ................................................................................... 18
Port Scanning with Nmap .......................................................................... 18
Working with Databases in Metasploit ........................................................ 20
Port Scanning with Metasploit ..................................................................... 25
Targeted Scanning ................................................................................................. 26
Server Message Block Scanning .................................................................. 26
Hunting for Poorly Configured Microsoft SQL Servers .................................... 27
SSH Server Scanning ................................................................................. 28
FTP Scanning ............................................................................................ 29
Simple Network Management Protocol Sweeping ......................................... 30
Writing a Custom Scanner ...................................................................................... 31
Looking Ahead ...................................................................................................... 33
VULNERABILITY SCANNING
The Basic Vulnerability Scan .................................................................................... 36
Scanning with NeXpose .......................................................................................... 37
Configuration ........................................................................................... 37
Importing Your Report into the Metasploit Framework .................................... 42
Running NeXpose Within MSFconsole ......................................................... 43
Scanning with Nessus ............................................................................................. 44
Nessus Configuration ................................................................................ 44
Creating a Nessus Scan Policy ................................................................... 45
Running a Nessus Scan .............................................................................. 47
Nessus Reports ......................................................................................... 47
Importing Results into the Metasploit Framework ............................................ 48
Scanning with Nessus from Within Metasploit .............................................. 49
Specialty Vulnerability Scanners ............................................................................... 51
Validating SMB Logins ............................................................................... 51
Scanning for Open VNC Authentication ....................................................... 52
Scanning for Open X11 Servers .................................................................. 54
Using Scan Results for Autopwning ........................................................................... 56
THE JOY OF EXPLOITATION
Basic Exploitation ................................................................................................... 58
msf> show exploits .................................................................................... 58
msf> show auxiliary .................................................................................. 58
msf> show options .................................................................................... 58
msf> show payloads .................................................................................. 60
msf> show targets ..................................................................................... 62
info ......................................................................................................... 63
set and unset ............................................................................................ 63
setg and unsetg ......................................................................................... 64
save ........................................................................................................ 64
Exploiting Your First Machine .................................................................................. 64
Exploiting an Ubuntu Machine ................................................................................. 68
All-Ports Payloads: Brute Forcing Ports ....................................................................... 71
Resource Files ........................................................................................................ 72
Wrapping Up ........................................................................................................ 73
METERPRETER
Compromising a Windows XP Virtual Machine .......................................................... 76
Scanning for Ports with Nmap .................................................................... 76
Attacking MS SQL ..................................................................................... 76
Brute Forcing MS SQL Server ...................................................................... 78
The xp_cmdshell ........................................................................................ 79
Basic Meterpreter Commands ..................................................................... 80
Capturing Keystrokes ................................................................................. 81
Dumping Usernames and Passwords ........................................................................ 82
Extracting the Password Hashes .................................................................. 82
Dumping the Password Hash ...................................................................... 83
Pass the Hash ........................................................................................................ 84
Privilege Escalation ................................................................................................ 85
Token Impersonation ............................................................................................... 87
Using ps ............................................................................................................... 87
Pivoting onto Other Systems .................................................................................... 89
Using Meterpreter Scripts ........................................................................................ 92
Migrating a Process ................................................................................... 92
Killing Antivirus Software ........................................................................... 93
Obtaining System Password Hashes ............................................................ 93
Viewing All Traffic on a Target Machine ...................................................... 93
Scraping a System .................................................................................... 93
Using Persistence ...................................................................................... 94
Leveraging Post Exploitation Modules ....................................................................... 95
Upgrading Your Command Shell to Meterpreter ......................................................... 95
Manipulating Windows APIs with the Railgun Add-On ................................................ 97
Wrapping Up ........................................................................................................ 97
AVOIDING DETECTION
Creating Stand-Alone Binaries with MSFpayload ...................................................... 100
Evading Antivirus Detection ................................................................................... 101
Encoding with MSFencode ....................................................................... 102
Multi-encoding ........................................................................................ 103
Custom Executable Templates ................................................................................ 105
Launching a Payload Stealthily................................................................................ 106
Packers ............................................................................................................... 107
A Final Note on Antivirus Software Evasion ............................................................. 108
EXPLOITATION USING CLIENT-SIDE ATTACKS
Browser-Based Exploits ......................................................................................... 110
How Browser-Based Exploits Work ............................................................ 111
Looking at NOPs ..................................................................................... 112
Using Immunity Debugger to Decipher NOP Shellcode ............................................. 112
Exploring the Internet Explorer Aurora Exploit .......................................................... 116
File Format Exploits .............................................................................................. 119
Sending the Payload ............................................................................................ 120
Wrapping Up ...................................................................................................... 121
METASPLOIT AUXILIARY MODULES
Auxiliary Modules in Use ...................................................................................... 126
Anatomy of an Auxiliary Module ............................................................................ 128
Going Forward .................................................................................................... 133
THE SOCIAL-ENGINEER TOOLKIT
Configuring the Social-Engineer Toolkit ................................................................... 136
Spear-Phishing Attack Vector ................................................................................. 137
Web Attack Vectors .............................................................................................. 142
Java Applet ............................................................................................ 142
Client-Side Web Exploits .......................................................................... 146
Username and Password Harvesting .......................................................... 148
Tabnabbing ............................................................................................ 150
Man-Left-in-the-Middle .............................................................................. 150
Web Jacking .......................................................................................... 151
Putting It All Together with a Multipronged Attack ........................................ 153
Infectious Media Generator ................................................................................... 157
Teensy USB HID Attack Vector ............................................................................... 157
Additional SET Features ........................................................................................ 160
Looking Ahead .................................................................................................... 161
FAST-TRACK
Microsoft SQL Injection ......................................................................................... 164
SQL Injector—Query String Attack ............................................................. 165
SQL Injector—POST Parameter Attack ........................................................ 166
Manual Injection ..................................................................................... 167
MSSQL Bruter ......................................................................................... 168
SQLPwnage ............................................................................................ 172
Binary-to-Hex Generator ........................................................................................ 174
Mass Client-Side Attack ........................................................................................ 175
A Few Words About Automation ............................................................................ 176
KARMETASPLOIT
Configuration ...................................................................................................... 178
Launching the Attack ............................................................................................. 179
Credential Harvesting ........................................................................................... 181
Getting a Shell ..................................................................................................... 182
Wrapping Up ...................................................................................................... 184
BUILDING YOUR OWN MODULE
Getting Command Execution on Microsoft SQL ........................................................ 186
Exploring an Existing Metasploit Module ................................................................. 187
Creating a New Module ....................................................................................... 189
PowerShell ............................................................................................. 189
Running the Shell Exploit .......................................................................... 190
Creating powershell_upload_exec ............................................................. 192
Conversion from Hex to Binary ................................................................. 192
Counters ................................................................................................ 194
Running the Exploit .................................................................................. 195
The Power of Code Reuse ..................................................................................... 196
CREATING YOUR OWN EXPLOITS
The Art of Fuzzing ................................................................................................ 198
Controlling the Structured Exception Handler ........................................................... 201
Hopping Around SEH Restrictions ........................................................................... 204
Getting a Return Address ...................................................................................... 206
Bad Characters and Remote Code Execution ........................................................... 210
Wrapping Up ...................................................................................................... 213
PORTING EXPLOITS TO THE METASPLOIT FRAMEWORK
Assembly Language Basics .................................................................................... 216
EIP and ESP Registers ............................................................................... 216
The JMP Instruction Set ............................................................................. 216
NOPs and NOP Slides ............................................................................ 216
Porting a Buffer Overflow ...................................................................................... 216
Stripping the Existing Exploit ..................................................................... 218
Configuring the Exploit Definition .............................................................. 219
Testing Our Base Exploit .......................................................................... 220
Implementing Features of the Framework .................................................... 221
Adding Randomization ............................................................................ 222
Removing the NOP Slide .......................................................................... 223
Removing the Dummy Shellcode ................................................................ 223
Our Completed Module ........................................................................... 224
SEH Overwrite Exploit .......................................................................................... 226
Wrapping Up ...................................................................................................... 233
METERPRETER SCRIPTING
Meterpreter API .................................................................................................... 241
Printing Output ........................................................................................ 241
Base API Calls ........................................................................................ 242
Meterpreter Mixins .................................................................................. 242
Rules for Writing Meterpreter Scripts ...................................................................... 244
Creating Your Own Meterpreter Script .................................................................... 244
Wrapping Up ...................................................................................................... 250
SIMULATED PENETRATION TEST
Pre-engagement Interactions .................................................................................. 252
Intelligence Gathering ........................................................................................... 252
Threat Modeling .................................................................................................. 253
Exploitation ......................................................................................................... 255
Customizing MSFconsole ...................................................................................... 255
Post Exploitation ................................................................................................... 257
Scanning the Metasploitable System .......................................................... 258
Identifying Vulnerable Services ................................................................. 259
Attacking Apache Tomcat ..................................................................................... 260
Attacking Obscure Services ................................................................................... 262
Covering Your Tracks ........................................................................................... 264
Wrapping Up ...................................................................................................... 266
CONFIGURING YOUR TARGET MACHINES
Installing and Setting Up the System ....................................................................... 267
Booting Up the Linux Virtual Machines .................................................................... 268
Setting Up a Vulnerable Windows XP Installation ..................................................... 269
Configuring Your Web Server on Windows XP ........................................... 269
Building a SQL Server .............................................................................. 269
Creating a Vulnerable Web Application .................................................... 272
Updating Back|Track .............................................................................. 273
CHEAT SHEETS
MSFconsole Commands ........................................................................................ 275
Meterpreter Commands ........................................................................................ 277
MSFpayload Commands ....................................................................................... 280
MSFencode Commands ........................................................................................ 280
MSFcli Commands ............................................................................................... 281
MSF, Ninja, Fu .................................................................................................... 281
MSFvenom .......................................................................................................... 281
Meterpreter Post Exploitation Commands ................................................................ 282
INDEX 285


Screenshot

e-books shop

Purchase Now !
Just with Paypal



Product details
 Price
 Pages
 332 p
 File Size
 7,091 KB
 File Type
 PDF format
 ISBN-10
 ISBN-13
 1-59327-288-X
 978-1-59327-288-3
 Copyright
 2011 by David Kennedy,
 Jim O'Gorman, Devon Kearns, 
 and Mati Aharoni
  ●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●

═════ ═════

Loading...
DMCA.com Protection Status