在好例子网,分享、交流、成长!
您当前所在位置:首页Config 开发实例网络服务配置 → OSCP offSec penetration testing with kali

OSCP offSec penetration testing with kali

网络服务配置

下载此实例
  • 开发语言:Config
  • 实例大小:39.56M
  • 下载次数:4
  • 浏览次数:49
  • 发布时间:2022-06-08
  • 实例类别:网络服务配置
  • 发 布 人:IvanYF
  • 文件格式:.pdf
  • 所需积分:2
 相关标签: sc OS
网友评论 举报投诉 收藏该页

实例介绍

【实例简介】OSCP offSec penetration testing with kali

【实例截图】

【核心代码】

Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 3 of 375
0. - Penetration Testing: What You Should Know ....................................................................... 13
0.1 - About Kali Linux ..............................................................................................................................13
0.2 - About Penetration Testing ..............................................................................................................13
0.3 - Legal ...................................................................................................................................................15
0.4 - The megacorpone.com Domain ......................................................................................................15
0.5 - Offensive Security Labs ...................................................................................................................16
0.5.1 - General Information .....................................................................................................................16
0.5.2 - Kali ...............................................................................................................................................20
0.5.3 - Lab Behavior .................................................................................................................................21
0.5.4 - Lab Configuration ........................................................................................................................23
0.5.5 - Lab Control Panel ........................................................................................................................26
0.5.6 - Reporting ......................................................................................................................................28
1. - Getting Comfortable with Kali Linux .................................................................................... 34
1.1 - Finding Your Way Around Kali .....................................................................................................34
1.1.1 - Booting Up Kali Linux .................................................................................................................34
1.1.2 - The Kali Menu .............................................................................................................................35
1.1.3 - Find, Locate, and Which ..............................................................................................................35
1.1.4 - Exercises .......................................................................................................................................36
1.2 - Managing Kali Linux Services ........................................................................................................37
1.2.1 - Default root Password ..................................................................................................................37
1.2.2 - SSH Service ..................................................................................................................................38
1.2.3 - HTTP Service ...............................................................................................................................39
1.2.4 - Exercises .......................................................................................................................................41
1.3 - The Bash Environment .....................................................................................................................42
1.3.1 - Intro to Bash Scripting ..................................................................................................................42
1.3.1.1 - Practical Bash Usage – Example 1 ............................................................................................42
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 4 of 375
1.3.1.2 - Practical Bash Usage – Example 2 ............................................................................................46
1.3.1.3 - Exercises ....................................................................................................................................48
2. - The Essential Tools ................................................................................................................ 50
2.1 - Netcat ..................................................................................................................................................50
2.1.1 - Connecting to a TCP/UDP Port ..................................................................................................50
2.1.2 - Listening on a TCP/UDP Port ....................................................................................................52
2.1.3 - Transferring Files with Netcat .....................................................................................................54
2.1.4 - Remote Administration with Netcat ............................................................................................56
2.1.5 - Exercises .......................................................................................................................................62
2.2 - Ncat .....................................................................................................................................................62
2.2.1 - Exercises .......................................................................................................................................64
2.3 - Wireshark ...........................................................................................................................................65
2.3.1 - Wireshark Basics ..........................................................................................................................65
2.3.2 - Making Sense of Network Dumps ...............................................................................................67
2.3.3 - Capture and Display Filters .........................................................................................................68
2.3.4 - Following TCP Streams ...............................................................................................................69
2.3.5 - Exercises .......................................................................................................................................70
2.4 - Tcpdump ............................................................................................................................................71
2.4.1 - Filtering Traffic ............................................................................................................................71
2.4.2 - Advanced Header Filtering ..........................................................................................................73
2.4.3 - Exercises .......................................................................................................................................75
3. - Passive Information Gathering ............................................................................................... 76
A Note From the Author ..........................................................................................................................76
3.1 - Open Web Information Gathering .................................................................................................78
3.1.1 - Google ...........................................................................................................................................78
3.1.2 - Google Hacking ............................................................................................................................83
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 5 of 375
3.1.3 - Exercises .......................................................................................................................................86
3.2 - Email Harvesting ..............................................................................................................................87
3.2.1 - Exercise ........................................................................................................................................87
3.3 - Additional Resources .......................................................................................................................88
3.3.1 - Netcraft ........................................................................................................................................88
3.3.2 - Whois Enumeration .....................................................................................................................90
3.3.3 - Exercise ........................................................................................................................................92
3.4 - Recon-ng ............................................................................................................................................93
4. - Active Information Gathering ................................................................................................ 96
4.1 - DNS Enumeration ............................................................................................................................96
4.1.1 - Interacting with a DNS Server ....................................................................................................96
4.1.2 - Automating Lookups ....................................................................................................................97
4.1.3 - Forward Lookup Brute Force .......................................................................................................97
4.1.4 - Reverse Lookup Brute Force .........................................................................................................98
4.1.5 - DNS Zone Transfers ....................................................................................................................99
4.1.6 - Relevant Tools in Kali Linux .....................................................................................................103
4.1.7 - Exercises .....................................................................................................................................106
4.2 - Port Scanning ..................................................................................................................................107
A Note From the Author .......................................................................................................................107
4.2.1 - TCP CONNECT / SYN Scanning ............................................................................................107
4.2.2 - UDP Scanning ...........................................................................................................................109
4.2.3 - Common Port Scanning Pitfalls ................................................................................................110
4.2.4 - Port Scanning with Nmap .........................................................................................................111
4.2.5 - OS Fingerprinting .....................................................................................................................116
4.2.6 - Banner Grabbing/Service Enumeration .....................................................................................117
4.2.7 - Nmap Scripting Engine (NSE) ..................................................................................................118
4.2.8 - Exercises .....................................................................................................................................119
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 6 of 375
4.3 - SMB Enumeration ...........................................................................................................................120
4.3.1 - Scanning for the NetBIOS Service ............................................................................................120
4.3.2 - Null Session Enumeration. ........................................................................................................121
4.3.3 - Nmap SMB NSE Scripts ...........................................................................................................124
4.3.4 - Exercises .....................................................................................................................................127
4.4 - SMTP Enumeration ........................................................................................................................128
4.4.1 - Exercise ......................................................................................................................................129
4.5 - SNMP Enumeration .......................................................................................................................130
A Note From the Author .......................................................................................................................130
4.5.1 - MIB Tree ....................................................................................................................................131
4.5.2 - Scanning for SNMP ..................................................................................................................132
4.5.3 - Windows SNMP Enumeration Example ...................................................................................133
4.5.4 - Exercises .....................................................................................................................................133
5. - Vulnerability Scanning ......................................................................................................... 134
5.1 - Vulnerability Scanning with Nmap .............................................................................................134
5.2 - The OpenVAS Vulnerability Scanner ..........................................................................................139
5.2.1 - OpenVAS Initial Setup ..............................................................................................................139
5.2.2 - Exercises .....................................................................................................................................145
6. - Buffer Overflows .................................................................................................................. 146
6.1 - Fuzzing .............................................................................................................................................147
6.1.1 - Vulnerability History .................................................................................................................147
6.1.2 - A Word About DEP and ASLR .................................................................................................147
6.1.3 - Interacting with the POP3 Protocol ..........................................................................................148
6.1.4 - Exercises .....................................................................................................................................151
7. - Win32 Buffer Overflow Exploitation ................................................................................... 152
7.1 - Replicating the Crash .....................................................................................................................152
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 7 of 375
7.2 - Controlling EIP................................................................................................................................152
7.2.1 - Binary Tree Analysis .................................................................................................................153
7.2.2 - Sending a Unique String ...........................................................................................................153
7.2.3 - Exercises .....................................................................................................................................156
7.3 - Locating Space for Your Shellcode ...............................................................................................156
7.4 - Checking for Bad Characters ........................................................................................................158
7.4.1 - Exercises .....................................................................................................................................160
7.5 - Redirecting the Execution Flow ....................................................................................................161
7.5.1 - Finding a Return Address .........................................................................................................161
7.5.2 - Exercises .....................................................................................................................................165
7.6 - Generating Shellcode with Metasploit ........................................................................................166
7.7 - Getting a Shell .................................................................................................................................169
7.7.1 - Exercises .....................................................................................................................................171
7.8 - Improving the Exploit ....................................................................................................................172
7.8.1 - Exercises .....................................................................................................................................172
8. - Linux Buffer Overflow Exploitation .................................................................................... 173
8.1 - Setting Up the Environment .........................................................................................................173
8.2 - Crashing Crossfire ..........................................................................................................................174
8.2.1 - Exercise ......................................................................................................................................175
8.3 - Controlling EIP................................................................................................................................176
8.4 - Finding Space for Our Shellcode ..................................................................................................177
8.5 - Improving Exploit Reliability .......................................................................................................178
8.6 - Discovering Bad Characters ..........................................................................................................179
8.6.1 - Exercises .....................................................................................................................................179
8.7 - Finding a Return Address .............................................................................................................180
8.8 - Getting a Shell .................................................................................................................................182
8.8.1 - Exercise ......................................................................................................................................184
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 8 of 375
9. - Working with Exploits .......................................................................................................... 185
9.1 - Searching for Exploits ....................................................................................................................187
9.1.1 - Finding Exploits in Kali Linux ..................................................................................................187
9.1.2 - Finding Exploits on the Web ......................................................................................................187
9.2 - Customizing and Fixing Exploits .................................................................................................190
9.2.1 - Setting Up a Development Environment ..................................................................................190
9.2.2 - Dealing with Various Exploit Code Languages .........................................................................190
9.2.3 - Exercises .....................................................................................................................................194
10. - File Transfers ...................................................................................................................... 195
10.1 - A Word About Anti Virus Software ..........................................................................................195
10.2 - File Transfer Methods ..................................................................................................................196
10.2.1 - The Non-Interactive Shell ........................................................................................................196
10.2.2 - Uploading Files ........................................................................................................................197
10.2.3 - Exercises ...................................................................................................................................205
11. - Privilege Escalation ............................................................................................................ 206
11.1 - Privilege Escalation Exploits .......................................................................................................206
11.1.1 - Local Privilege Escalation Exploit in Linux Example .............................................................206
11.1.2 - Local Privilege Escalation Exploit in Windows Example ........................................................208
11.2 - Configuration Issues ....................................................................................................................210
11.2.1 - Incorrect File and Service Permissions ....................................................................................211
11.2.2 - Think Like a Network Administrator ......................................................................................213
11.2.3 - Exercises ...................................................................................................................................213
12. - Client Side Attacks ............................................................................................................. 214
12.1 - Know Your Target ........................................................................................................................214
12.1.1 - Passive Client Information Gathering .....................................................................................215
12.1.2 - Active Client Information Gathering .......................................................................................215
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 9 of 375
12.1.3 - Social Engineering and Client Side Attacks ............................................................................216
12.1.4 - Exercises ...................................................................................................................................217
12.2 - MS12-037- Internet Explorer 8 Fixed Col Span ID ...................................................................218
12.2.1 - Setting up the Client Side Exploit ...........................................................................................219
12.2.2 - Swapping Out the Shellcode ....................................................................................................220
12.2.3 - Exercises ...................................................................................................................................221
12.3 - Java Signed Applet Attack ..........................................................................................................222
12.3.1 - Exercises ...................................................................................................................................227
13. - Web Application Attacks .................................................................................................... 228
13.1 - Essential Firefox Add-ons ...........................................................................................................228
13.2 - Cross Site Scripting (XSS) ............................................................................................................228
13.2.1 - Browser Redirection and IFRAME Injection ..........................................................................232
13.2.2 - Stealing Cookies and Session Information ...............................................................................233
13.2.3 - Exercises ...................................................................................................................................235
13.3 - File Inclusion Vulnerabilities ......................................................................................................236
13.3.1 - Local File Inclusion ..................................................................................................................236
13.3.2 - Remote File Inclusion ...............................................................................................................243
13.4 - MySQL SQL Injection ...................................................................................................................245
13.4.1 - Authentication Bypass .............................................................................................................245
13.4.2 - Enumerating the Database .......................................................................................................250
13.4.3 - Column Number Enumeration ................................................................................................251
13.4.4 - Understanding the Layout of the Output ................................................................................252
13.4.5 - Extracting Data from the Database .........................................................................................253
13.4.6 - Leveraging SQL Injection for Code Execution ........................................................................256
13.5 - Web Application Proxies .............................................................................................................258
13.5.1 - Exercises ...................................................................................................................................259
13.6 - Automated SQL Injection Tools .................................................................................................260
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 10 of 375
13.6.1 - Exercises ...................................................................................................................................264
14. - Password Attacks ................................................................................................................ 265
14.1 - Preparing for Brute Force ............................................................................................................265
14.1.1 - Dictionary Files ........................................................................................................................265
14.1.2 - Key-space Brute Force ..............................................................................................................266
14.1.3 - Pwdump and Fgdump ..............................................................................................................268
14.1.4 - Windows Credential Editor (WCE) .........................................................................................270
14.1.5 - Exercises ...................................................................................................................................271
14.1.6 - Password Profiling ...................................................................................................................272
14.1.7 - Password Mutating .................................................................................................................272
14.2 - Online Password Attacks ............................................................................................................276
14.2.1 - Hydra, Medusa, and Ncrack ....................................................................................................276
14.2.2 - Choosing the Right Protocol: Speed vs. Reward ......................................................................279
14.2.3 - Exercises ...................................................................................................................................279
14.3 - Password Hash Attacks ...............................................................................................................280
14.3.1 - Password Hashes ......................................................................................................................280
14.3.2 - Password Cracking ...................................................................................................................280
14.3.3 - John the Ripper .........................................................................................................................283
14.3.4 - Rainbow Tables ........................................................................................................................285
14.3.5 - Passing the Hash in Windows .................................................................................................286
14.3.6 - Exercises ...................................................................................................................................287
15. - Port Redirection and Tunneling .......................................................................................... 288
15.1 - Port Forwarding/Redirection ......................................................................................................288
15.2 - SSH Tunneling ..............................................................................................................................291
15.2.1 - Local Port Forwarding .............................................................................................................291
15.2.2 - Remote Port Forwarding ..........................................................................................................293
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 11 of 375
15.2.3 - Dynamic Port Forwarding .......................................................................................................295
15.3 - Proxychains ...................................................................................................................................296
15.4 - HTTP Tunneling ...........................................................................................................................299
15.5 - Traffic Encapsulation ...................................................................................................................300
15.5.1 - Exercises ...................................................................................................................................301
16. - The Metasploit Framework ................................................................................................ 302
16.1 - Metasploit User Interfaces ...........................................................................................................303
16.2 - Setting up Metasploit Framework on Kali ................................................................................304
16.3 - Exploring the Metasploit Framework ........................................................................................304
16.4 - Auxiliary Modules ........................................................................................................................305
16.4.1 - Getting Familiar with MSF Syntax ........................................................................................305
16.4.2 - Metasploit Database Access .....................................................................................................310
16.4.3 - Exercises ...................................................................................................................................313
16.5 - Exploit Modules ............................................................................................................................314
16.5.1 - Exercises ...................................................................................................................................317
16.6 - Metasploit Payloads .....................................................................................................................317
16.6.1 - Staged vs. Non-Staged Payloads ..............................................................................................317
16.6.2 - Meterpreter Payloads ...............................................................................................................318
16.6.3 - Experimenting with Meterpreter .............................................................................................319
16.6.4 - Executable Payloads .................................................................................................................321
16.6.5 - Reverse HTTPS Meterpreter ...................................................................................................323
16.6.6 - Metasploit Exploit Multi Handler ...........................................................................................323
16.6.7 - Revisiting Client Side Attacks .................................................................................................326
16.6.8 - Exercises ...................................................................................................................................326
16.7 - Building Your Own MSF Module ..............................................................................................327
16.7.1 - Exercise ....................................................................................................................................329
16.8 - Post Exploitation with Metasploit ..............................................................................................330
 Penetration Testing with Kali Linux
PWK Copyright © 2016 Offensive Security Ltd. All rights reserved. Page 12 of 375
16.8.1 - Meterpreter Post Exploitation Features ...................................................................................330
16.8.2 - Post Exploitation Modules .......................................................................................................330
17. - Bypassing Antivirus Software ............................................................................................ 333
17.1 - Encoding Payloads with Metasploit ..........................................................................................334
17.2 - Crypting Known Malware with Software Protectors .............................................................336
17.3 - Using Custom/Uncommon Tools and Payloads ......................................................................338
17.4 - Exercise ...........................................................................................................................................340
18. - Assembling the Pieces: Penetration Test Breakdown ........................................................ 341
18.1 - Phase 0 – Scenario Description ...................................................................................................341
18.1.1 - Information Provided by the Client .........................................................................................342
18.2 - Phase 1 – Information Gathering ................................................................................................342
18.3 - Phase 2 – Vulnerability Identification and Prioritization .......................................................342
18.3.1 - Password Cracking ...................................................................................................................343
18.4 - Phase 3 – Research and Development .......................................................................................346
18.5 - Phase 4 – Exploitation ..................................................................................................................347
18.5.1 - Linux Local Privilege Escalation .............................................................................................347
18.6 - Phase 5 – Post-Exploitation .........................................................................................................350
18.6.1 - Expanding Influence ................................................................................................................350
18.6.2 - Client Side Attack Against Internal Network .........................................................................351
18.6.3 - Privilege Escalation Through AD Misconfigurations .............................................................355
18.6.4 - Port Tunneling .........................................................................................................................357
18.6.5 - SSH Tunneling with HTTP Encapsulation ............................................................................358
18.6.6 - Looking for High Value Targets ...............................................................................................365
18.6.7 - Domain Privilege Escalation ....................................................................................................371
18.6.8 - Going for the Kill .....................................................................................................................373

标签: sc OS

实例下载地址

OSCP offSec penetration testing with kali

不能下载?内容有错? 点击这里报错 + 投诉 + 提问

好例子网口号:伸出你的我的手 — 分享

相关软件

相关文章

网友评论

我要评论

发表评论

(您的评论需要经过审核才能显示)

查看所有0条评论>>

小贴士

感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。

  • 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
  • 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
  • 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
  • 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。

关于好例子网

本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明

;
报警