Verfügbarkeit: Coding for penetration testers

Coding for penetration testers: building better tools

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Andress, Jason (VerfasserIn), Linn, Ryan (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Amsterdam [u.a.] Elsevier/Syngress 2012
Schlagworte:	Penetration testing (Computer security) Computer networks > Security measures > Testing Softwarewerkzeug Penetrationstest
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	Erscheint: Oktober 2011
Beschreibung:	XXIV, 295 S. Ill.
ISBN:	9781597497299

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV039657660
003	DE-604
005	20111123
007	t
008	111025s2012 xxua\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2011029098
020			\|a 9781597497299 \|c pbk. \|9 978-1-597-49729-9
035			\|a (OCoLC)760143084
035			\|a (DE-599)BVBBV039657660
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-Aug4
082	0		\|a 005.8
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
100	1		\|a Andress, Jason \|e Verfasser \|4 aut
245	1	0	\|a Coding for penetration testers \|b building better tools \|c Jason Andress, Ryan Linn
264		1	\|a Amsterdam [u.a.] \|b Elsevier/Syngress \|c 2012
300			\|a XXIV, 295 S. \|b Ill.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Erscheint: Oktober 2011
650		4	\|a Penetration testing (Computer security)
650		4	\|a Computer networks \|x Security measures \|x Testing
650	0	7	\|a Softwarewerkzeug \|0 (DE-588)4116526-3 \|2 gnd \|9 rswk-swf
650	0	7	\|a Penetrationstest \|0 (DE-588)4825817-9 \|2 gnd \|9 rswk-swf
689	0	0	\|a Penetrationstest \|0 (DE-588)4825817-9 \|D s
689	0	1	\|a Softwarewerkzeug \|0 (DE-588)4116526-3 \|D s
689	0		\|5 DE-604
700	1		\|a Linn, Ryan \|e Verfasser \|0 (DE-588)1017300127 \|4 aut
856	4	2	\|m HBZ Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=024507164&sequence=000004&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-024507164

Datensatz im Suchindex

_version_	1804148519621099520
adam_text	Titel: Coding for penetration testers Autor: Andress, Jason Jahr: 2012 Contents Foreword...................................................................................................................xi About the Authors.................................................................................................xiii About the Technical Editor.....................................................................................xv Acknowledgments.................................................................................................xvii Chapter 0: Introduction..........................................................................................xix CHAPTER 1 Introduction to command shell scripting.................1 On Shell Scripting.........................................................................1 What is a shell?........................................................................2 What is a script?.......................................................................3 Shell scripts...............................................................................3 Where shell scripting is useful.................................................4 UNIX, Linux, and OS X shell scripting.......................................5 Shell availability and choices...................................................5 Working with shells..................................................................7 Bash basics....................................................................................8 Hello World..............................................................................8 Variables..................................................................................10 Arguments...............................................................................10 Control statements..................................................................11 Putting it all together with bash..................................................15 Adding /dev/tcp/ support to bash...........................................15 Building a port scanner with bash..........................................16 Improving the script...............................................................18 Windows scripting.......................................................................18 Shell availability and choices.................................................18 Command.com and CMD.exe................................................18 PowerShell..............................................................................19 Cygwin....................................................................................20 Other shells.............................................................................21 PowerShell basics........................................................................21 Hello World...........................................................................22 Variables..................................................................................23 Arguments...............................................................................25 Control statements..................................................................26 Conditionals............................................................................27 Looping...................................................................................28 Putting it all together with PowerShell.......................................29 Building a port scanner with PowerShell..............................30 Improving the script...............................................................32 Summary......................................................................................32 Endnotes......................................................................................33 CHAPTER 2 Introduction to Python..........................................35 What is Python?..........................................................................35 Where do we get Python?......................................................36 Where is Python useful?.............................................................36 Multiplatform scripting...........................................................36 Network scripting...................................................................36 Extensive modules..................................................................37 Reusable code that is easy to create......................................37 Python basics...............................................................................38 Getting started.........................................................................38 Variables..................................................................................39 Modules...................................................................................40 Arguments...............................................................................41 Lists.........................................................................................44 Dictionaries.............................................................................46 Control statements..................................................................51 Functions.................................................................................52 File manipulation.........................................................................54 Exception handling.................................................................55 Network communications............................................................57 Client communications...........................................................57 Server communications..........................................................59 Scapy.......................................................................................62 Summary......................................................................................68 Endnotes......................................................................................68 CHAPTER 3 Introduction to Perl..............................................69 Where Perl is useful....................................................................69 Handling text..........................................................................70 Gluing applications together..................................................70 Working with Perl.......................................................................71 Editing tools............................................................................71 Extending Perl scripts.............................................................72 GUIs in Perl............................................................................73 Perl basics....................................................................................73 Hello World............................................................................73 Variables..................................................................................75 Shell commands......................................................................76 Arguments...............................................................................79 Control statements..................................................................79 Regular expressions................................................................85 File input and output..............................................................87 Putting it all together...................................................................91 Building an SNMP scanner with Perl....................................91 Improving the script...............................................................97 Summary......................................................................................97 Endnotes......................................................................................98 CHAPTER 4 Introduction to Ruby.............................................99 Where Ruby is useful..................................................................99 Ruby basics.....................................;..........................................100 Variables................................................................................102 Arrays and hashes.................................................................103 Control statements................................................................106 Functions...............................................................................109 Building classes with Ruby.......................................................112 Building a class....................................................................112 Extending a class..................................................................114 Accessing class data.............................................................115 File manipulation.......................................................................117 Database basics..........................................................................118 Using DBI.............................................................................119 Using Active Record............................................................121 Network operations...................................................................124 Client communications.........................................................124 Server communications........................................................126 Putting it all together.................................................................129 Summary....................................................................................134 Endnotes....................................................................................135 CHAPTER 5 Introduction to Web scripting with PHP...............137 Where Web scripting is useful..................................................137 Getting started with PHP...........................................................138 Scope.....................................................................................138 PHP basics............................................................................138 Functions...............................................................................145 Handling forms with PHP.........................................................147 File handling and command execution.....................................150 File handling.........................................................................150 Command execution.............................................................154 Putting it all together.................................................................156 Summary....................................................................................159 CHAPTER 6 Manipulating Windows with PowerShell..............161 Dealing with execution policies in PowerShell........................161 Execution policies.................................................................161 Bypassing the policies..........................................................162 Getting in..............................................................................165 Penetration testing uses for PowerShell....................................166 Controlling processes and services......................................166 Interfacing with the event logs.............................................168 Getting and sending files over the network.........................169 Interfacing with the Registry................................................171 PowerShell and Metasploit........................................................176 PowerShell-oriented Metasploit modules............................177 PowerDump..........................................................................177 Windows gather PowerShell environment setting enumeration..........................................................................178 Making use of the modules..................................................178 Summary....................................................................................179 Endnotes....................................................................................180 CHAPTER 7 Scanner scripting...............................................181 Working with scanning tools.....................................................181 Netcat....................................................................................181 Nmap.....................................................................................182 Nessus/OpenVAS..................................................................182 Netcat.........................................................................................183 Implementations of Netcat...................................................183 Simple Netcat usage.............................................................184 Building a Web server with Netcat......................................185 Transferring files with Netcat...............................................187 Nmap..........................................................................................191 Working with service probes in Nmap................................191 The Nmap scripting engine..................................................194 Building Nmap NSE files.....................................................194 Nessus/OpenVAS.......................................................................196 NASL in Nessus and OpenVAS...........................................196 Nessus attack scripting language (NASL)...........................196 Summary....................................................................................199 Endnotes....................................................................................200 CHAPTER 8 Information gathering.........................................201 Information gathering for penetration testing...........................201 Sources of information.........................................................202 Patterns in information.........................................................202 Metadata................................................................................203 What can we do with the information?................................204 Talking to Google......................................................................205 Google hacking.....................................................................205 Advanced operators..............................................................206 Automating Google discovery..............................................207 Web automation with Perl.........................................................209 Pulling information from Web sites.....................................209 Working with metadata.............................................................212 Finding metadata..................................................................212 Document metadata..............................................................214 Metadata in media files........................................................214 Putting it all together.................................................................219 Summary....................................................................................221 Endnotes....................................................................................221 CHAPTER 9 Exploitation scripting.........................................223 Building exploits with Python...................................................223 Getting software...................................................................223 Setting up debugging............................................................224 Causing our first crash..........................................................225 Using pattern_offset..............................................................228 Controlling EIP.....................................................................230 Adding shellcode..................................................................232 Getting our shell...................................................................236 Creating Metasploit Exploits.....................................................237 Starting a template................................................................237 Porting the exploit code........................................................239 Executing the exploit............................................................240 Exploiting PHP scripts..............................................................242 Remote File Inclusion..........................................................242 Command execution vulnerabilities.....................................246 Cross-Site Scripting...................................................................248 WhatisXSS?........................................................................248 Exploiting XSS.....................................................................249 Summary....................................................................................253 CHAPTER 10 Post-exploitation scripting..................................255 Why post-exploitation is important..........................................255 Windows shell commands.........................................................255 User management.................................................................256 Gathering network information.................................................259 Windows network information gathering............................260 Linux network information gathering..................................261 Scripting Metasploit Meterpreter..............................................262 Getting a shell......................................................................262 Building a basic script..........................................................264 Executing the script..............................................................269 Database post-exploitation........................................................270 What is SQL injection?........................................................270 MySQL.................................................................................271 SQL injection on Microsoft SQL Server.............................278 Summary....................................................................................280 Appendix................................................................................................................283 Index......................................................................................................................285
any_adam_object	1
author	Andress, Jason Linn, Ryan
author_GND	(DE-588)1017300127
author_facet	Andress, Jason Linn, Ryan
author_role	aut aut
author_sort	Andress, Jason
author_variant	j a ja r l rl
building	Verbundindex
bvnumber	BV039657660
classification_rvk	ST 277
ctrlnum	(OCoLC)760143084 (DE-599)BVBBV039657660
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01601nam a2200421zc 4500</leader><controlfield tag="001">BV039657660</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20111123 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">111025s2012 xxua\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2011029098</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597497299</subfield><subfield code="c">pbk.</subfield><subfield code="9">978-1-597-49729-9</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)760143084</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV039657660</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-Aug4</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Andress, Jason</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Coding for penetration testers</subfield><subfield code="b">building better tools</subfield><subfield code="c">Jason Andress, Ryan Linn</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Amsterdam [u.a.]</subfield><subfield code="b">Elsevier/Syngress</subfield><subfield code="c">2012</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIV, 295 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Erscheint: Oktober 2011</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Penetration testing (Computer security)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="x">Testing</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwarewerkzeug</subfield><subfield code="0">(DE-588)4116526-3</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Penetrationstest</subfield><subfield code="0">(DE-588)4825817-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Penetrationstest</subfield><subfield code="0">(DE-588)4825817-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Softwarewerkzeug</subfield><subfield code="0">(DE-588)4116526-3</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Linn, Ryan</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1017300127</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=024507164&sequence=000004&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-024507164</subfield></datafield></record></collection>
id	DE-604.BV039657660
illustrated	Illustrated
indexdate	2024-07-10T00:08:26Z
institution	BVB
isbn	9781597497299
language	English
lccn	2011029098
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-024507164
oclc_num	760143084
open_access_boolean
owner	DE-Aug4
owner_facet	DE-Aug4
physical	XXIV, 295 S. Ill.
publishDate	2012
publishDateSearch	2012
publishDateSort	2012
publisher	Elsevier/Syngress
record_format	marc
spelling	Andress, Jason Verfasser aut Coding for penetration testers building better tools Jason Andress, Ryan Linn Amsterdam [u.a.] Elsevier/Syngress 2012 XXIV, 295 S. Ill. txt rdacontent n rdamedia nc rdacarrier Erscheint: Oktober 2011 Penetration testing (Computer security) Computer networks Security measures Testing Softwarewerkzeug (DE-588)4116526-3 gnd rswk-swf Penetrationstest (DE-588)4825817-9 gnd rswk-swf Penetrationstest (DE-588)4825817-9 s Softwarewerkzeug (DE-588)4116526-3 s DE-604 Linn, Ryan Verfasser (DE-588)1017300127 aut HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=024507164&sequence=000004&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Andress, Jason Linn, Ryan Coding for penetration testers building better tools Penetration testing (Computer security) Computer networks Security measures Testing Softwarewerkzeug (DE-588)4116526-3 gnd Penetrationstest (DE-588)4825817-9 gnd
subject_GND	(DE-588)4116526-3 (DE-588)4825817-9
title	Coding for penetration testers building better tools
title_auth	Coding for penetration testers building better tools
title_exact_search	Coding for penetration testers building better tools
title_full	Coding for penetration testers building better tools Jason Andress, Ryan Linn
title_fullStr	Coding for penetration testers building better tools Jason Andress, Ryan Linn
title_full_unstemmed	Coding for penetration testers building better tools Jason Andress, Ryan Linn
title_short	Coding for penetration testers
title_sort	coding for penetration testers building better tools
title_sub	building better tools
topic	Penetration testing (Computer security) Computer networks Security measures Testing Softwarewerkzeug (DE-588)4116526-3 gnd Penetrationstest (DE-588)4825817-9 gnd
topic_facet	Penetration testing (Computer security) Computer networks Security measures Testing Softwarewerkzeug Penetrationstest
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=024507164&sequence=000004&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT andressjason codingforpenetrationtestersbuildingbettertools AT linnryan codingforpenetrationtestersbuildingbettertools

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge