|
Looking for Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Bog'liq learningkalilinux4.
Looking for Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Understanding Vulnerabilities 116
Vulnerability Types 117
Buffer Overflow 117
Race Condition 119
Input Validation 120
Access Control 120
Local Vulnerabilities 121
Using lynis for Local Checks 122
iv | Table of Contents
OpenVAS Local Scanning 124
Root Kits 126
Remote Vulnerabilities 128
Quick Start with OpenVAS 129
Creating a Scan 132
OpenVAS Reports 135
Network Device Vulnerabilities 139
Auditing Devices 139
Database Vulnerabilities 142
Identifying New Vulnerabilities 143
Summary 146
Useful Resources 147
5.
Automated Exploits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
What Is an Exploit? 150
Cisco Attacks 151
Management Protocols 152
Other Devices 153
Exploit Database 155
Metasploit 157
Starting with Metasploit 158
Working with Metasploit Modules 159
Importing Data 161
Exploiting Systems 165
Armitage 168
Social Engineering 170
Summary 173
Useful Resources 173
6.
Owning Metasploit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Scanning for Targets 176
Port Scanning 176
SMB Scanning 180
Vulnerability Scans 181
Exploiting Your Target 182
Using Meterpreter 185
Meterpreter Basics 185
User Information 186
Process Manipulation 189
Privilege Escalation 192
Pivoting to Other Networks 196
Maintaining Access 199
Table of Contents | v
Summary 202
Useful Resources 203
|
|
Bosh sahifa
Aloqalar
Bosh sahifa
Looking for Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
|
