Penetration Testing with the Bash shell Ebook Jastrzębie-Zdrój

Spis treści: Penetration Testing with the Bash shell Table of Contents Penetration Testing with the Bash shell Credits Disclaimer About the Author About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Errata Piracy Questions 1. Getting to Know Bash Getting help from the man pages Navigating and searching the filesystem Navigating directories Listing directory contents Searching the filesystem Directory traversal options File testing options File action options Using I/O redirection Redirecting output Redirecting input Using pipes Getting to know grep Regular expression language a crash course Regular expression matcher selection options Regular expression matching control options Output control options File selection options Summary Further reading 2. Customizing Your Shell Formatting the terminal output The prompt string Prompt string customizations Aliases Customizing the command history Protecting sensitive information from leakage Customizing tab completion Summary Further reading 3. Network Reconnaissance Interrogating the Whois servers Interrogating the DNS servers Using Dig Using dnsmap Enumerating targets on the local network Host discovery with Arping Target enumeration with Nmap Summary Further reading 4. Exploitation and Reverse Engineering Using the Metasploit command-line interface Getting started with msfcli Using invocation modes with msfcli Bash hacks and msfcli Preparing payloads with Metasploit Creating and deploying a payload Disassembling binaries Disassembling with Objdump A note about the reverse engineering assembler code Debugging binaries for dynamic analysis Getting started with GDB Setting execution breakpoints and watch points Inspecting registers, memory values, and runtime information Summary Further reading 5. Network Exploitation and Monitoring MAC and ARP abuse Spoofing MAC addresses Abusing address resolution Man-in-the-middle attacks Ettercap DNS spoofing Interrogating servers SNMP interrogation SMTP server interrogation Brute-forcing authentication Using Medusa Traffic filtering with TCPDump Getting started with TCPDump Using the TCPDump packet filter Assessing SSL implementation security Using SSLyze Bash hacks and SSLyze Automated web application security assessment Scanning with SkipFish Scanning with Arachni Summary Further reading Index O autorze: contacted on 3rd may 16