دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Kali Linux Penetration Testing Bible
دانلود کتاب کتاب مقدس تست نفوذ لینوکس کالی
مشخصات کتاب
Kali Linux Penetration Testing Bible
ویرایش: 1
نویسندگان: Gus Khawaja
سری:
ISBN (شابک) : 1119719089, 9781119719083
ناشر: Wiley
سال نشر: 2021
تعداد صفحات: 515
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 30 مگابایت
قیمت کتاب (تومان) : 31,000
در صورت تبدیل فایل کتاب Kali Linux Penetration Testing Bible به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب کتاب مقدس تست نفوذ لینوکس کالی نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب کتاب مقدس تست نفوذ لینوکس کالی
راهنمای نهایی شما برای آزمایش پنالتی با Kali Linux
Kali یک توزیع محبوب و قدرتمند لینوکس است که توسط متخصصان امنیت سایبری در سراسر جهان استفاده میشود. تسترهای نفوذ باید به کتابخانه متنوع ابزارهای کالی تسلط داشته باشند تا در کار خود مؤثر باشند. کتاب مقدس تست نفوذ کالی لینوکس راهنمای عملی و روششناسی برای نفوذ با Kali است.
شما همه چیزهایی را که در مورد ابزارها و تکنیکهایی که هکرها برای استفاده از آن استفاده میکنند، کشف خواهید کرد. به سیستم هایی مانند سیستم خود دسترسی پیدا کنید تا بتوانید دفاعی قابل اعتماد برای دارایی های مجازی خود ایجاد کنید. فرقی نمیکند در این زمینه تازه کار باشید یا یک پنتستر معتبر، آنچه را که نیاز دارید در این راهنمای جامع پیدا خواهید کرد.
- یک محیط داکر شده مدرن بسازید
- اصول را کشف کنید. از زبان bash در لینوکس
- از انواع تکنیک های موثر برای یافتن آسیب پذیری ها استفاده کنید (OSINT، اسکن شبکه و موارد دیگر)
- یافته های خود را تجزیه و تحلیل کنید و موارد مثبت کاذب را شناسایی کنید و موضوعات پیشرفته را کشف کنید، مانند سرریز بافر، حرکت جانبی و تشدید امتیاز
- جریان کاری پنتستینگ عملی و کارآمد را اعمال کنید
- درباره SDLC ایمن امنیت برنامه های وب مدرن بیاموزید
- تست نفوذ خود را به صورت خودکار پایتون
توضیحاتی درمورد کتاب به خارجی
Your ultimate guide to pentesting with Kali Linux
Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali’s varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.
You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.
- Build a modern dockerized environment
- Discover the fundamentals of the bash language in Linux
- Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
- Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
- Apply practical and efficient pentesting workflows
- Learn about Modern Web Application Security Secure SDLC
- Automate your penetration testing with Python
فهرست مطالب
Cover Title Page Copyright Page About the Author About the Technical Editor Acknowledgments Contents at a Glance Contents Introduction What Does This Book Cover? Companion Download Files How to Contact the Publisher How to Contact the Author Chapter 1 Mastering the Terminal Window Kali Linux File System Terminal Window Basic Commands Tmux Terminal Window Starting Tmux Tmux Key Bindings Tmux Session Management Navigating Inside Tmux Tmux Commands Reference Managing Users and Groups in Kali Users Commands Groups Commands Managing Passwords in Kali Files and Folders Management in Kali Linux Displaying Files and Folders Permissions Manipulating Files in Kali Searching for Files Files Compression Manipulating Directories in Kali Mounting a Directory Managing Text Files in Kali Linux Vim vs. Nano Searching and Filtering Text Remote Connections in Kali Remote Desktop Protocol Secure Shell SSH with Credentials Passwordless SSH Kali Linux System Management Linux Host Information Linux OS Information Linux Hardware Information Managing Running Services Package Management Process Management Networking in Kali Linux Network Interface IPv4 Private Address Ranges Static IP Addressing DNS Established Connections File Transfers Summary Chapter 2 Bash Scripting Basic Bash Scripting Printing to the Screen in Bash Variables Commands Variable Script Parameters User Input Functions Conditions and Loops Conditions Loops File Iteration Summary Chapter 3 Network Hosts Scanning Basics of Networking Networking Protocols TCP UDP Other Networking Protocols IP Addressing IPv4 Subnets and CIDR IPv6 Port Numbers Network Scanning Identifying Live Hosts Ping ARP Nmap Port Scanning and Services Enumeration TCP Port SYN Scan UDP Basics of Using Nmap Scans Services Enumeration Operating System Fingerprinting Nmap Scripting Engine NSE Category Scan NSE Arguments DNS Enumeration DNS Brute-Force DNS Zone Transfer DNS Subdomains Tools Fierce Summary Chapter 4 Internet Information Gathering Passive Footprinting and Reconnaissance Internet Search Engines Shodan Google Queries Information Gathering Using Kali Linux Whois Database TheHarvester DMitry Maltego Summary Chapter 5 Social Engineering Attacks Spear Phishing Attacks Sending an E-mail The Social Engineer Toolkit Sending an E-mail Using Python Stealing Credentials Payloads and Listeners Bind Shell vs. Reverse Shell Bind Shell Reverse Shell Reverse Shell Using SET Social Engineering with the USB Rubber Ducky A Practical Reverse Shell Using USB Rubber Ducky and PowerShell Generating a PowerShell Script Starting a Listener Hosting the PowerShell Script Running PowerShell Download and Execute the PS Script Reverse Shell Replicating the Attack Using the USB Rubber Ducky Summary Chapter 6 Advanced Enumeration Phase Transfer Protocols FTP (Port 21) Exploitation Scenarios for an FTP Server Enumeration Workflow Service Scan Advanced Scripting Scan with Nmap More Brute-Forcing Techniques SSH (Port 22) Exploitation Scenarios for an SSH Server Advanced Scripting Scan with Nmap Brute-Forcing SSH with Hydra Advanced Brute-Forcing Techniques Telnet (Port 23) Exploitation Scenarios for Telnet Server Enumeration Workflow Service Scan Advanced Scripting Scan Brute-Forcing with Hydra E-mail Protocols SMTP (Port 25) Nmap Basic Enumeration Nmap Advanced Enumeration Enumerating Users POP3 (Port 110) and IMAP4 (Port 143) Brute-Forcing POP3 E-mail Accounts Database Protocols Microsoft SQL Server (Port 1433) Oracle Database Server (Port 1521) MySQL (Port 3306) CI/CD Protocols Docker (Port 2375) Jenkins (Port 8080/50000) Brute-Forcing a Web Portal Using Hydra Step 1: Enable a Proxy Step 2: Intercept the Form Request Step 3: Extracting Form Data and Brute-Forcing with Hydra Web Protocols 80/443 Graphical Remoting Protocols RDP (Port 3389) RDP Brute-Force VNC (Port 5900) File Sharing Protocols SMB (Port 445) Brute-Forcing SMB SNMP (Port UDP 161) SNMP Enumeration Summary Chapter 7 Exploitation Phase Vulnerabilities Assessment Vulnerability Assessment Workflow Vulnerability Scanning with OpenVAS Installing OpenVAS Scanning with OpenVAS Exploits Research SearchSploit Services Exploitation Exploiting FTP Service FTP Login Remote Code Execution Spawning a Shell Exploiting SSH Service SSH Login Telnet Service Exploitation Telnet Login Sniffing for Cleartext Information E-mail Server Exploitation Docker Exploitation Testing the Docker Connection Creating a New Remote Kali Container Getting a Shell into the Kali Container Docker Host Exploitation Exploiting Jenkins Reverse Shells Using Shells with Metasploit Exploiting the SMB Protocol Connecting to SMB Shares SMB Eternal Blue Exploit Summary Chapter 8 Web Application Vulnerabilities Web Application Vulnerabilities Mutillidae Installation Apache Web Server Installation Firewall Setup Installing PHP Database Installation and Setup Mutillidae Installation Cross-Site Scripting Reflected XSS Stored XSS Exploiting XSS Using the Header Bypassing JavaScript Validation SQL Injection Querying the Database Bypassing the Login Page Execute Database Commands Using SQLi SQL Injection Automation with SQLMap Testing for SQL Injection Command Injection File Inclusion Local File Inclusion Remote File Inclusion Cross-Site Request Forgery The Attacker Scenario The Victim Scenario File Upload Simple File Upload Bypassing Validation Encoding OWASP Top 10 Summary Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle Web Enumeration and Exploitation Burp Suite Pro Web Pentest Using Burp Suite More Enumeration Nmap Crawling Vulnerability Assessment Manual Web Penetration Testing Checklist Common Checklist Special Pages Checklist Secure Software Development Lifecycle Analysis/Architecture Phase Application Threat Modeling Assets Entry Points Third Parties Trust Levels Data Flow Diagram Development Phase Testing Phase Production Environment (Final Deployment) Summary Chapter 10 Linux Privilege Escalation Introduction to Kernel Exploits and Missing Configurations Kernel Exploits Kernel Exploit: Dirty Cow SUID Exploitation Overriding the Passwd Users File CRON Jobs Privilege Escalation CRON Basics Crontab Anacrontab Enumerating and Exploiting CRON sudoers sudo Privilege Escalation Exploiting the Find Command Editing the sudoers File Exploiting Running Services Automated Scripts Summary Chapter 11 Windows Privilege Escalation Windows System Enumeration System Information Windows Architecture Listing the Disk Drives Installed Patches Who Am I? List Users and Groups Networking Information Showing Weak Permissions Listing Installed Programs Listing Tasks and Processes File Transfers Windows Host Destination Linux Host Destination Windows System Exploitation Windows Kernel Exploits Getting the OS Version Find a Matching Exploit Executing the Payload and Getting a Root Shell The Metasploit PrivEsc Magic Exploiting Windows Applications Running As in Windows PSExec Tool Exploiting Services in Windows Interacting with Windows Services Misconfigured Service Permissions Overriding the Service Executable Unquoted Service Path Weak Registry Permissions Exploiting the Scheduled Tasks Windows PrivEsc Automated Tools PowerUp WinPEAS Summary Chapter 12 Pivoting and Lateral Movement Dumping Windows Hashes Windows NTLM Hashes SAM File and Hash Dump Using the Hash Mimikatz Dumping Active Directory Hashes Reusing Passwords and Hashes Pass the Hash Pivoting with Port Redirection Port Forwarding Concepts SSH Tunneling and Local Port Forwarding Remote Port Forwarding Using SSH Dynamic Port Forwarding Dynamic Port Forwarding Using SSH Summary Chapter 13 Cryptography and Hash Cracking Basics of Cryptography Hashing Basics One-Way Hash Function Hashing Scenarios Hashing Algorithms Message Digest 5 Secure Hash Algorithm Hashing Passwords Securing Passwords with Hash Hash-Based Message Authenticated Code Encryption Basics Symmetric Encryption Advanced Encryption Standard Asymmetric Encryption Rivest Shamir Adleman Cracking Secrets with Hashcat Benchmark Testing Cracking Hashes in Action Attack Modes Straight Mode Combinator Mask and Brute-Force Attacks Brute-Force Attack Hybrid Attacks Cracking Workflow Summary Chapter 14 Reporting Overview of Reports in Penetration Testing Scoring Severities Common Vulnerability Scoring System Version 3.1 Report Presentation Cover Page History Logs Report Summary Vulnerabilities Section Summary Chapter 15 Assembly Language and Reverse Engineering CPU Registers General CPU Registers Index Registers Pointer Registers Segment Registers Flag Registers Assembly Instructions Little Endian Data Types Memory Segments Addressing Modes Reverse Engineering Example Visual Studio Code for C/C++ Immunity Debugger for Reverse Engineering Summary Chapter 16 Buffer/Stack Overflow Basics of Stack Overflow Stack Overview PUSH Instruction POP Instruction C Program Example Buffer Analysis with Immunity Debugger Stack Overflow Stack Overflow Mechanism Stack Overflow Exploitation Lab Overview Vulnerable Application Phase 1: Testing Testing the Happy Path Testing the Crash Phase 2: Buffer Size Pattern Creation Offset Location Phase 3: Controlling EIP Adding the JMP Instruction Phase 4: Injecting the Payload and Getting a Remote Shell Payload Generation Bad Characters Shellcode Python Script Summary Chapter 17 Programming with Python Basics of Python Running Python Scripts Debugging Python Scripts Installing VS Code on Kali Practicing Python Python Basic Syntaxes Python Shebang Comments in Python Line Indentation and Importing Modules Input and Output Printing CLI Arguments Variables Numbers Arithmetic Operators Strings String Formatting String Functions Lists Reading Values in a List Updating List Items Removing a list item Tuples Dictionary More Techniques in Python Functions Returning Values Optional Arguments Global Variables Changing Global Variables Conditions if/else Statement Comparison Operators Loop Iterations while Loop for Loop Managing Files Exception Handling Text Escape Characters Custom Objects in Python Summary Chapter 18 Pentest Automation with Python Penetration Test Robot Application Workflow Python Packages Application Start Input Validation Code Refactoring Scanning for Live Hosts Ports and Services Scanning Attacking Credentials and Saving the Results Summary Appendix A Kali Linux Desktop at a Glance Downloading and Running a VM of Kali Linux Virtual Machine First Boot Kali Xfce Desktop Kali Xfce Menu Search Bar Favorites Menu Item Usual Applications Other Menu Items Kali Xfce Settings Manager Advanced Network Configuration Appearance Desktop Display File Manager Keyboard MIME Type Editor Mouse and Touchpad Panel Workspaces Window Manager Practical Example of Desktop Customization Edit the Top Panel Adding a New Bottom Panel Changing the Desktop Look Installing Kali Linux from Scratch Summary Appendix B Building a Lab Environment Using Docker Docker Technology Docker Basics Docker Installation Images and Registries Containers Dockerfile Volumes Networking Mutillidae Docker Container Summary Index EULA
