Synopses & Reviews
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker\'s perspective.
The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book\'s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
- Program computers using C, assembly language, and shell scripts
- Corrupt system memory to run arbitrary code using buffer overflows and format strings
- Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
- Outsmart common security measures like nonexecutable stacks and intrusion detection systems
- Gain access to a remote server using port-binding or connect-back shellcode, and alter a server\'s logging behavior to hide your presence
- Redirect network traffic, conceal open ports, and hijack TCP connections
- Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don\'t already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.'
The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities. Metasploit: The Penetration Tester's Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security. The book begins with the basics of information security and Metasploit, then proceeds to general and advanced techniques for penetration testing, including network reconnaissance and enumeration, server- and client-side attacks, devastating wireless attacks, and even targeted social engineering attacks. Whether readers are looking to secure their own networks or discover holes in others', Metasploit is the definitive guide to penetration testing with this dynamic and flexible framework.
In this second edition, author Erickson uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking, and cryptography. Readers can easily follow along with example code by booting the included live CD.
"The best guide to the Metasploit Framework."HD Moore, Founder of the Metasploit Project
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
- Find and exploit unmaintained, misconfigured, and unpatched systems
- Perform reconnaissance and find valuable information about your target
- Bypass anti-virus technologies and circumvent security controls
- Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
- Use the Meterpreter shell to launch further attacks from inside the network
- Harness standalone Metasploit utilities, third-party tools, and plug-ins
- Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
About the Author
David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.
Table of Contents
Foreword; Preface; Acknowledgments; Special Thanks; Introduction; Why Do a Penetration Test?; Why Metasploit?; A Brief History of Metasploit; About This Book; What's in the Book?; A Note on Ethics; Chapter 1: The Absolute Basics of Penetration Testing; 1.1 The Phases of the PTES; 1.2 Types of Penetration Tests; 1.3 Vulnerability Scanners; 1.4 Pulling It All Together; Chapter 2: Metasploit Basics; 2.1 Terminology; 2.2 Metasploit Interfaces; 2.3 Metasploit Utilities; 2.4 Metasploit Express and Metasploit Pro; 2.5 Wrapping Up; Chapter 3: Intelligence Gathering; 3.1 Passive Information Gathering; 3.2 Active Information Gathering; 3.3 Targeted Scanning; 3.4 Writing a Custom Scanner; 3.5 Looking Ahead; Chapter 4: Vulnerability Scanning; 4.1 The Basic Vulnerability Scan; 4.2 Scanning with NeXpose; 4.3 Scanning with Nessus; 4.4 Specialty Vulnerability Scanners; 4.5 Using Scan Results for Autopwning; Chapter 5: The Joy of Exploitation; 5.1 Basic Exploitation; 5.2 Exploiting Your First Machine; 5.3 Exploiting an Ubuntu Machine; 5.4 All-Ports Payloads: Brute Forcing Ports; 5.5 Resource Files; 5.6 Wrapping Up; Chapter 6: Meterpreter; 6.1 Compromising a Windows XP Virtual Machine; 6.2 Dumping Usernames and Passwords; 6.3 Pass the Hash; 6.4 Privilege Escalation; 6.5 Token Impersonation; 6.6 Using ps; 6.7 Pivoting onto Other Systems; 6.8 Using Meterpreter Scripts; 6.9 Leveraging Post Exploitation Modules; 6.10 Upgrading Your Command Shell to Meterpreter; 6.11 Manipulating Windows APIs with the Railgun Add-On; 6.12 Wrapping Up; Chapter 7: Avoiding Detection; 7.1 Creating Stand-Alone Binaries with MSFpayload; 7.2 Evading Antivirus Detection; 7.3 Custom Executable Templates; 7.4 Launching a Payload Stealthily; 7.5 Packers; 7.6 A Final Note on Antivirus Software Evasion; Chapter 8: Exploitation Using Client-Side Attacks; 8.1 Browser-Based Exploits; 8.2 Using Immunity Debugger to Decipher NOP Shellcode; 8.3 Exploring the Internet Explorer Aurora Exploit; 8.4 File Format Exploits; 8.5 Sending the Payload; 8.6 Wrapping Up; Chapter 9: Metasploit Auxiliary Modules; 9.1 Auxiliary Modules in Use; 9.2 Anatomy of an Auxiliary Module; 9.3 Going Forward; Chapter 10: The Social-Engineer Toolkit; 10.1 Configuring the Social-Engineer Toolkit; 10.2 Spear-Phishing Attack Vector; 10.3 Web Attack Vectors; 10.4 Infectious Media Generator; 10.5 Teensy USB HID Attack Vector; 10.6 Additional SET Features; 10.7 Looking Ahead; Chapter 11: Fast-Track; 11.1 Microsoft SQL Injection; 11.2 Binary-to-Hex Generator; 11.3 Mass Client-Side Attack; 11.4 A Few Words About Automation; Chapter 12: Karmetasploit; 12.1 Configuration; 12.2 Launching the Attack; 12.3 Credential Harvesting; 12.4 Getting a Shell; 12.5 Wrapping Up; Chapter 13: Building Your Own Module; 13.1 Getting Command Execution on Microsoft SQL; 13.2 Exploring an Existing Metasploit Module; 13.3 Creating a New Module; 13.4 The Power of Code Reuse; Chapter 14: Creating Your Own Exploits; 14.1 The Art of Fuzzing; 14.2 Controlling the Structured Exception Handler; 14.3 Hopping Around SEH Restrictions; 14.4 Getting a Return Address; 14.5 Bad Characters and Remote Code Execution; 14.6 Wrapping Up; Chapter 15: Porting Exploits to the Metasploit Framework; 15.1 Assembly Language Basics; 15.2 Porting a Buffer Overflow; 15.3 SEH Overwrite Exploit; 15.4 Wrapping Up; Chapter 16: Meterpreter Scripting; 16.1 Meterpreter Scripting Basics; 16.2 Meterpreter API; 16.3 Rules for Writing Meterpreter Scripts; 16.4 Creating Your Own Meterpreter Script; 16.5 Wrapping Up; Chapter 17: Simulated Penetration Test; 17.1 Pre-engagement Interactions; 17.2 Intelligence Gathering; 17.3 Threat Modeling; 17.4 Exploitation; 17.5 Customizing MSFconsole; 17.6 Post Exploitation; 17.7 Attacking Apache Tomcat; 17.8 Attacking Obscure Services; 17.9 Covering Your Tracks; 17.10 Wrapping Up; Configuring Your Target Machines; Installing and Setting Up the System; Booting Up the Linux Virtual Machines; Setting Up a Vulnerable Windows XP Installation; Cheat Sheet; MSFconsole Commands; Meterpreter Commands; MSFpayload Commands; MSFencode Commands; MSFcli Commands; MSF, Ninja, Fu; MSFvenom; Meterpreter Post Exploitation Commands; Colophon; Updates;