CompTIA PenTest+ Certification For Dummies. Glen E. Clarke
Чтение книги онлайн.

Читать онлайн книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke страница 4

СКАЧАТЬ 7-2: An XSS attack in action.FIGURE 7-3: A CSRF/XSRF attack in action.FIGURE 7-4: A CSRF/XSRF attack is prevented by checking for synchronization tok...FIGURE 7-5: Directory traversal attacks navigate the file system.FIGURE 7-6: Logging into the DVWA site.FIGURE 7-7: The URL for the change password page.FIGURE 7-8: Viewing all data with SQL injection attack.FIGURE 7-9: Using SQL injection to view column information.FIGURE 7-10: Retrieving the list of usernames and password hashes.FIGURE 7-11: Cracking password hashes with John the Ripper.

      8 Chapter 8FIGURE 8-1: Identifying vulnerabilities with Nessus.FIGURE 8-2: Searching Metasploit for an exploit.FIGURE 8-3: Exploiting a Windows system to get a meterpreter session.FIGURE 8-4: The core commands in a meterpreter session.FIGURE 8-5: Retrieving information about the current context.FIGURE 8-6: Using run winenum to enumerate the target system and network.FIGURE 8-7: Viewing the logs generated by the run winenum command.FIGURE 8-8: Gaining shell access from a meterpreter session.FIGURE 8-9: Retrieving the password hashes.FIGURE 8-10: Attaching to another process with the migrate command.FIGURE 8-11: Using VNC to view a victim’s activity.FIGURE 8-12: Capturing keystrokes from the compromised system.FIGURE 8-13: Lateral movement from a compromised system.FIGURE 8-14: Dumping the hashes to use in pass the hash.FIGURE 8-15: Locating other systems with arp_scanner.FIGURE 8-16: Lateral movement with telnet.FIGURE 8-17: Viewing user accounts on a laterally compromised system.FIGURE 8-18: Creating a backdoor user account.FIGURE 8-19: Covering your tracks with the clearev command.

      9 Chapter 9FIGURE 9-1: Using Nikto to do a web application vulnerability scan.FIGURE 9-2: Using w3af to perform different types of vulnerability checks on a ...FIGURE 9-3: Using SQLmap to automate SQL injection attacks.FIGURE 9-4: Inspecting the http post request.FIGURE 9-5: Using Hydra to crack credentials for the website.FIGURE 9-6: Using John the Ripper to crack password hashes.FIGURE 9-7: Using Wifite to automate wireless attacks.FIGURE 9-8: OWASP ZAP finds vulnerabilities in web applications.FIGURE 9-9: SET is a social engineering tool that makes it easy to create diffe...FIGURE 9-10: Using Nmap to locate systems (left) and then using Hydra to attemp...FIGURE 9-11: Using xHydra — the GUI version of Hydra.FIGURE 9-12: Cracking password hashes with John the Ripper.FIGURE 9-13: Dumping the hashes to use with a password cracker.FIGURE 9-14: Using Ncat (left) and Netcat (right) to create a bind shell.

      10 Chapter 11FIGURE 11-1: Risk rating scores for vulnerabilities.

      Guide

      1  Cover

      2  Title Page

      3  Copyright

      4 Table of Contents

      5  Pre-Assessment

      6  Begin Reading

      7  Index

      8  About the Author

      Pages

      1  i

      2  iii

      3  iv

      4  1

      5  2

      6  3

      7  4

      8  5

      9 6

      10  7

      11  8

      12 9

      13  10

      14  11

      15 12

      16  13

      17  14

      18  15

      19  16

      20  17

      21  18

      22  19

      23  20

      24  21

      25  22

      26 23

      27  24

      28  25

      29  26

      30  27

      31  28

      32  29

      33  СКАЧАТЬ