دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Black Hat Bash: Creative Scripting for Hackers and Pentesters
دانلود کتاب Black Hat Bash: اسکریپتنویسی خلاقانه برای هکرها و پنستورها
مشخصات کتاب
Black Hat Bash: Creative Scripting for Hackers and Pentesters
ویرایش: 1
نویسندگان: Dolev Farhi. Nick Aleks
سری:
ISBN (شابک) : 1718503741, 9781718503755
ناشر: No Starch Press
سال نشر: 2024
تعداد صفحات: 347
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 8 مگابایت
قیمت کتاب (تومان) : 63,000
در صورت تبدیل فایل کتاب Black Hat Bash: Creative Scripting for Hackers and Pentesters به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Black Hat Bash: اسکریپتنویسی خلاقانه برای هکرها و پنستورها نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Cover Title Page Copyright About the Authors About the Technical Reviewer Brief Contents Contents in Detail Acknowledgments Introduction What Is in This Book The Scripting Exercises How to Use This Book 1. Bash Basics Environmental Setup Accessing the Bash Shell Installing a Text Editor Exploring the Shell Checking Environment Variables Running Linux Commands Elements of a Bash Script The Shebang Line Comments Commands Execution Debugging Basic Syntax Variables Arithmetic Operators Arrays Streams Control Operators Redirection Operators Positional Arguments Input Prompting Exit Codes Exercise 1: Recording Your Name and the Date Summary 2. Flow Control and Text Processing Test Operators if Conditions Linking Conditions Testing Command Success Checking Subsequent Conditions Functions Returning Values Accepting Arguments Loops and Loop Controls while until for break and continue case Statements Text Processing and Parsing Filtering with grep Filtering with awk Editing Streams with sed Job Control Managing the Background and Foreground Keeping Jobs Running After Logout Bash Customizations for Penetration Testers Placing Scripts in Searchable Paths Shortening Commands with Aliases Customizing the ~/.bashrc Profile Importing Custom Scripts Capturing Terminal Session Activity Exercise 2: Pinging a Domain Summary 3. Setting Up a Hacking Lab Security Lab Precautions Installing Kali The Target Environment Installing Docker and Docker Compose Cloning the Book’s Repository Deploying Docker Containers Testing and Verifying the Containers The Network Architecture The Public Network The Corporate Network Kali Network Interfaces The Machines Managing the Lab Shutting Down Removing Rebuilding Accessing Individual Lab Machines Installing Additional Hacking Tools WhatWeb RustScan Nuclei dirsearch Linux Exploit Suggester 2 Gitjacker pwncat LinEnum unix-privesc-check Assigning Aliases to Hacking Tools Summary 4. Reconnaissance Creating Reusable Target Lists Consecutive IP Addresses Possible Subdomains Host Discovery ping Nmap arp-scan Exercise 3: Receiving Alerts About New Hosts Port Scanning Nmap RustScan Netcat Exercise 4: Organizing Scan Results Detecting New Open Ports Banner Grabbing Using Active Banner Grabbing Detecting HTTP Responses Using Nmap Scripts Detecting Operating Systems Analyzing Websites and JSON Summary 5. Vulnerability Scanning and Fuzzing Scanning Websites with Nikto Building a Directory Indexing Scanner Identifying Suspicious robots.txt Entries Exercise 5: Exploring Non-indexed Endpoints Brute-Forcing Directories with dirsearch Exploring Git Repositories Cloning the Repository Viewing Commits with git log Filtering git log Information Inspecting Repository Files Vulnerability Scanning with Nuclei Understanding Templates Writing a Custom Template Applying the Template Running a Full Scan Exercise 6: Parsing Nuclei’s Findings Fuzzing for Hidden Files Creating a Wordlist of Possible Filenames Fuzzing with ffuf Fuzzing with Wfuzz Assessing SSH Servers with Nmap’s Scripting Engine Exercise 7: Combining Tools to Find FTP Issues Summary 6. Gaining a Web Shell Arbitrary File Upload Vulnerabilities Fuzzing for Arbitrary File Uploads Bypassing File Upload Controls Uploading Files with Burp Suite Staging Web Shells Finding Directory Traversal Vulnerabilities Uploading Malicious Payloads Executing Web Shell Commands Exercise 8: Building a Web Shell Interface Limitations of Web Shells Lack of Persistence Lack of Real-Time Responses Limited Functionality OS Command Injection Exercise 9: Building a Command Injection Interface Bypassing Command Injection Restrictions Obfuscation and Encoding Globbing Summary 7. Reverse Shells How Reverse Shells Work Ingress vs. Egress Controls Shell Payloads and Listeners The Communication Sequence Executing a Connection Setting Up a Netcat Listener Crafting a Payload Delivering and Initializing the Payload Executing Commands Listening with pwncat Bypassing Security Controls Encrypting and Encapsulating Traffic Alternating Between Destination Ports Spawning TTY Shells with Pseudo-terminal Devices Python’s pty Module socat Post-exploitation Binary Staging Serving Netcat Uploading Files with pwncat Downloading Binaries from Trusted Sites Exercise 10: Maintaining a Continuous Reverse Shell Connection Initial Access with Brute Force Exercise 11: Brute-Forcing an SSH Server Summary 8. Local Information Gathering The Filesystem Hierarchy Standard The Shell Environment Environment Variables Sensitive Information in Bash Profiles Users and Groups Local Accounts Local Groups Home Folder Access Valid Shells Processes Viewing Process Files Running ps Examining Root Processes The Operating System Exercise 12: Writing a Linux Operating System Detection Script Login Sessions and User Activity Collecting User Sessions Investigating Executed Commands Networking Network Interfaces and Routes Connections and Neighbors Firewall Rules Network Interface Configuration Files Domain Resolvers Software Installations Storage Block Devices The Filesystem Tab File Logs System Logs Application Logs Exercise 13: Recursively Searching for Readable Logfiles Kernels and Bootloaders Configuration Files Scheduled Tasks Cron At Exercise 14: Writing a Cron Job Script to Find Credentials Hardware Virtualization Using Dedicated Tools Living Off the Land Automating Information Gathering with LinEnum Exercise 15: Adding Custom Functionality to LinEnum Summary 9. Privilege Escalation What Is Privilege Escalation? Linux File and Directory Permissions Viewing Permissions Setting Permissions Creating File Access Control Lists Viewing SetUID and SetGID Setting the Sticky Bit Finding Files Based on Permissions Exploiting a SetUID Misconfiguration Scavenging for Credentials Passwords and Secrets Private Keys Exercise 16: Brute-Forcing GnuPG Key Passphrases Examining the sudo Configuration Abusing Text Editor Tricks Downloading Malicious sudoers Files Hijacking Executables via PATH Misconfigurations Exercise 17: Maliciously Modifying a Cron Job Finding Kernel Exploits SearchSploit Linux Exploit Suggester 2 Attacking Adjacent Accounts Privilege Escalation with GTFOBins Exercise 18: Mapping GTFOBins Exploits to Local Binaries Automating Privilege Escalation LinEnum unix-privesc-check MimiPenguin Linuxprivchecker Bashark Summary 10. Persistence The Enemies of Persistent Access Modifying Service Configurations System V systemd Hooking into Pluggable Authentication Modules Exercise 19: Coding a Malicious pam_exec Bash Script Generating Rogue SSH Keys Repurposing Default System Accounts Poisoning Bash Environment Files Exercise 20: Intercepting Data via Profile Tampering Credential Theft Hooking a Text Editor Streaming Executed Commands Forging a Not-So-Innocent sudo Exercise 21: Hijacking Password Utilities Distributing Malicious Packages Understanding DEB Packages Packaging Innocent Software Converting Package Formats with alien Exercise 22: Writing a Malicious Package Installer Summary 11. Network Probing and Lateral Movement Probing the Corporate Network Service Mapping Port Frequencies Exercise 23: Scanning Ports Based on Frequencies Exploiting Cron Scripts on Shared Volumes Verifying Exploitability Checking the User Context Exercise 24: Gaining a Reverse Shell on the Backup Server Exploiting a Database Server Port Forwarding Brute-Forcing with Medusa Backdooring WordPress Running SQL Commands with Bash Exercise 25: Executing Shell Commands via WordPress Compromising a Redis Server Raw CLI Commands Metasploit Exposed Database Files Dumping Sensitive Information Uploading a Web Shell with SQL Summary 12. Defense Evasion and Exfiltration Defensive Controls Endpoint Security Application and API Security Network Security Honeypots Log Collection and Aggregation Exercise 26: Auditing Hosts for Landmines Concealing Malicious Processes Library Preloading Process Hiding Process Masquerading Exercise 27: Rotating Process Names Dropping Files in Shared Memory Disabling Runtime Security Controls Manipulating History Tampering with Session Metadata Concealing Data Encoding Encryption Exercise 28: Writing Substitution Cipher Functions Exfiltration Raw TCP DNS Text Storage Sites Slack Webhooks Sharding Files Number of Lines Size Chunks Exercise 29: Sharding and Scheduling Exfiltration Summary Index Back Cover
نظرات کاربران
کتاب های تصادفی
دانلود کتاب The Wars Against Napoleon: Debunking the Myth of the Napoleonic Wars
