Cyber Operations : Building, Defending, and Attacking Modern Computer Networks
معرفی کتاب «Cyber Operations : Building, Defending, and Attacking Modern Computer Networks» نوشتهٔ Dan Gardner، Philip E. Tetlock، Santiago Foz (argentino) و O'Leary, Mike، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2019. این کتاب در 4 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.
Know how to set up, defend, and attack computer networks with this revised and expanded second edition. You will learn to configure your network from the ground up, beginning with developing your own private virtual test environment, then setting up your own DNS server and AD infrastructure. You will continue with more advanced network services, web servers, and database servers and you will end by building your own web applications servers, including WordPress and Joomla!. Systems from 2011 through 2017 are covered, including Windows 7, Windows 8, Windows 10, Windows Server 2012, and Windows Server 2016 as well as a range of Linux distributions, including Ubuntu, CentOS, Mint, and OpenSUSE. Key defensive techniques are integrated throughout and you will develop situational awareness of your network and build a complete defensive infrastructure, including log servers, network firewalls, web application firewalls, and intrusion detection systems. Of course, you cannot truly understand how to defend a network if you do not know how to attack it, so you will attack your test systems in a variety of ways. You will learn about Metasploit, browser attacks, privilege escalation, pass-the-hash attacks, malware, man-in-the-middle attacks, database attacks, and web application attacks. What You'll Learn Construct a testing laboratory to experiment with software and attack techniques Build realistic networks that include active directory, file servers, databases, web servers, and web applications such as WordPress and Joomla! Manage networks remotely with tools, including PowerShell, WMI, and WinRM Use offensive tools such as Metasploit, Mimikatz, Veil, Burp Suite, and John the Ripper Exploit networks starting from malware and initial intrusion to privilege escalation through password cracking and persistence mechanisms Defend networks by developing operational awareness using auditd and Sysmon to analyze logs, and deploying defensive tools such as the Snort intrusion detection system, IPFire firewalls, and ModSecurity web application firewalls Who This Book Is For This study guide is intended for everyone involved in or interested in cybersecurity operations (e.g., cybersecurity professionals, IT professionals, business professionals, and students) Table of Contents......Page 5 About the Author......Page 21 About the Technical Reviewer......Page 22 Acknowledgments......Page 23 Introduction......Page 24 Virtualization Tools......Page 29 Installing a VMWare Guest......Page 30 Managing VMWare Guests......Page 31 Networking in VMWare......Page 32 VMWare Tools......Page 33 Installing a VirtualBox Guest......Page 34 Managing VirtualBox Guests......Page 35 Networking in VirtualBox......Page 37 VirtualBox Guest Additions......Page 38 Networking in CentOS......Page 39 Networking in OpenSuSE......Page 42 Networking in Ubuntu......Page 44 Configuring Software Repositories......Page 46 Configuring yum in CentOS......Page 47 Configuring zypper in OpenSuSE......Page 49 Configuring apt in Ubuntu......Page 50 Services......Page 52 VirtualBox Guest Additions......Page 53 Installing VirtualBox Guest Additions on OpenSuSE......Page 54 Installing VirtualBox Guest Additions on Ubuntu, Mint, and Kali......Page 55 Installing Java on CentOS......Page 56 Installing Adobe Flash Player on CentOS......Page 58 Installing Java on OpenSuSE......Page 59 Installing Adobe Flash Player on OpenSuSE......Page 60 Installing Java on Ubuntu......Page 61 Installing Adobe Flash Player on Ubuntu......Page 62 Installing Java and Adobe Flash Player on Mint......Page 63 Building Windows Systems......Page 64 Installation......Page 65 Configuring Windows Update......Page 66 Configuring Windows Defender......Page 67 Networking on Windows......Page 68 Browsers on Windows......Page 71 Notes and References......Page 73 Building Linux Systems......Page 74 Building Windows Systems......Page 75 Ethics......Page 78 Vulnerabilities......Page 79 Configuring the Metasploit Internal Database......Page 80 Selecting the Exploit......Page 81 Choosing the Payload......Page 83 Launching the Exploit......Page 86 Interacting with Meterpreter......Page 87 Metasploit Sessions......Page 88 Metasploit Modules for Internet Explorer......Page 89 Starting the Exploit......Page 92 Choosing the Payload......Page 94 Interacting with the Shell......Page 96 Metasploit Modules for Firefox......Page 98 Attack: Firefox Proxy Prototype Privileged Javascript Injection......Page 99 Configuring the Exploit......Page 100 Configuring the Payload......Page 101 Launching the Exploit as a Background Job......Page 102 Interacting with the Shell......Page 103 Metasploit Modules for Adobe Flash Player......Page 104 Configuring the Exploit......Page 109 Configuring the Payload......Page 110 Launching the Exploit as a Background Job......Page 111 Interacting with the Shell......Page 112 Metasploit Modules for Java......Page 113 Configuring the Exploit......Page 115 Configuring the Payload......Page 117 Launching the Exploit as a Background Job......Page 118 Interacting with the Shell......Page 119 Configuring the Exploit and Payload......Page 120 Java Security Settings......Page 121 Configuring the Malware......Page 123 Generating the Malware......Page 124 Handlers......Page 125 Interacting with the Shell......Page 126 Malware Attack: Linux ELF......Page 127 Help......Page 128 Managing Sessions......Page 129 Commands......Page 130 Networking......Page 131 File System......Page 133 Processes......Page 134 Migrating Processes......Page 136 Creating Additional Sessions......Page 138 Channels......Page 140 Armitage......Page 142 Notes and References......Page 144 References......Page 146 Who......Page 148 Last......Page 149 Aureport......Page 150 GNU Accounting Tools......Page 151 Top......Page 153 Netstat......Page 154 Lsof......Page 155 The /proc Directory......Page 157 Detect: Java JAX-WS Remote Code Execution......Page 158 Detect: Firefox XCS Code Execution......Page 164 PsLoggedon......Page 168 LogonSessions......Page 169 Tasklist......Page 171 Sc......Page 172 Task Manager......Page 173 Process Explorer......Page 174 Netstat......Page 176 TCPView......Page 177 Detect: MS13-055 CAnchorElement......Page 178 Detect: Adobe Flash Player Shader Buffer Overflow......Page 181 Wireshark......Page 184 Detect: Java JAX-WS Remote Code Execution......Page 187 Notes and References......Page 190 Namespaces......Page 192 Installing BIND......Page 193 Building a Master......Page 195 named.conf......Page 196 Forward Zone......Page 197 Reverse Zone......Page 200 Scripting......Page 201 Loopbacks......Page 202 Controlling the Nameserver......Page 204 Starting BIND on Linux......Page 205 Starting BIND on Windows......Page 208 Completing the Installation......Page 210 Building a Slave......Page 211 Nslookup......Page 214 Dig: Host Name Query......Page 216 Dig: Response Fields......Page 217 Dig: Any Query......Page 218 Dig: Specifying the Server......Page 219 Dig: Zone Transfers......Page 220 Controlling Zone Transfers......Page 221 Rndc: Updating Zone Data......Page 222 Rndc: Server Control and Statistics......Page 223 Rndc: Logging DNS Queries......Page 224 BIND Version Reporting......Page 225 Forwarders......Page 226 Example: TKEY CVE 2015-5477......Page 228 Example: Buffer.c CVE 2016-2776......Page 231 Recursion and DNS Amplification Attacks......Page 232 Notes and References......Page 235 NMap: Basic Usage......Page 239 NMap: Ping Scans......Page 241 NMap: Determining if the Host Is Alive......Page 242 NMap: List Scans......Page 243 NMap: Stealth Scans......Page 244 NMap: UDP Scans......Page 246 NMap: Operating System Detection......Page 247 NMap: Scripts......Page 250 Zenmap......Page 252 Network Scanning and Metasploit......Page 253 Metasploit Database......Page 254 Metasploit Scanning Modules......Page 256 Custom Metasploit Modules......Page 258 Notes and References......Page 260 Installation on Windows Server 2012 and Later......Page 261 Installation on Windows Server 2008 R2......Page 265 Windows DNS......Page 266 Scripting Windows DNS......Page 268 Conditional Forwarding and Server Forwarding......Page 270 Recursion......Page 271 DNS Logging......Page 272 Stub Zones and Slave Zones......Page 274 Adding OpenSuSE Systems to a Windows Domain......Page 276 Adding Linux Systems to a Windows Domain Using PowerBroker Open......Page 277 Adding Users......Page 283 Scripting and PowerShell......Page 285 Organizing a Domain......Page 288 Groups and Delegation......Page 291 Remote Server Administration Tools......Page 292 Group Policy......Page 293 Group Policy Example: Directory Creation......Page 295 Group Policy Example: Software Restriction Policies......Page 296 Adding a Second Domain Controller......Page 298 Notes and References......Page 299 Managing a Domain......Page 300 Organizing a Domain......Page 301 Managing Systems Remotely......Page 302 SMB Firewall Rules......Page 303 Remote File Access......Page 304 Drive Mapping......Page 305 Managing Users and Groups......Page 306 Services......Page 307 Registry......Page 308 RPC Firewall Rules......Page 309 Scheduled Tasks......Page 310 Managing the Firewall Remotely......Page 311 Sysinternals Tools......Page 312 Psexec......Page 314 Enabling WinRM; Firewall Rules......Page 315 Winrs......Page 316 PowerShell......Page 317 WMI Structure......Page 318 Using WinRM to Enumerate WMI Data......Page 321 Windows Query Language (WQL)......Page 323 Using WinRM to Set WMI Values......Page 325 Using WinRM to Invoke WMI Methods......Page 326 Creating a WMI Namespace and Class......Page 328 WQL Schema Queries......Page 331 WMI Consumer Example: USB Connections......Page 332 WMI Consumer Example: PowerShell Start or Stop......Page 334 WMI Consumer Example: User Logon/Logoff......Page 336 Using wmic to Interact with WMI......Page 339 Using wmic to Enumerate WMI Data......Page 340 Using wmic to Invoke WMI Methods......Page 341 Using PowerShell to Interact with WMI......Page 342 Using Other Languages to Interact with WMI......Page 345 Using Linux to Interact with WMI......Page 346 Installation Without a GUI......Page 347 Adding or Removing the GUI......Page 348 Configuring a Server Without a GUI......Page 350 Managing the Firewall......Page 351 Configuring the Firewall to Allow SMB......Page 353 Configuring the Firewall to Allow RPC......Page 354 Allowing Windows Remote Management via the Command Line......Page 355 Windows Server 2012 and Later......Page 356 Windows Server 2008 R2......Page 357 Notes and References......Page 359 Useful WMI Classes......Page 360 Useful WMI Events......Page 367 Useful WMI Subscription Classes......Page 368 References......Page 369 Windows Reconnaissance......Page 371 Determining Privileges......Page 372 Determining the Domain......Page 373 Determining the Users......Page 374 Determining Privileges......Page 377 Determining the Domain......Page 378 Determining the Users......Page 379 Bypassing UAC......Page 380 Bypassing UAC by Asking......Page 383 Bypassing UAC via Injection......Page 386 Windows Privilege Escalation to SYSTEM......Page 388 Example: Windows 10-1504 and MS16-032 Secondary Logon Handle Privilege Escalation......Page 391 Example: Windows 8.1 and NtApphelpCacheControl......Page 393 Exploiting Insecure Configuration......Page 395 Always Install Elevated......Page 396 Local Administrator Password......Page 397 .dll Hijacking of IKEEXT......Page 400 Brute Force Attacks......Page 402 Network Hash Capturing......Page 405 LLMNR Poisoning and NBNS Poisoning......Page 408 WPAD and Responder......Page 411 Phishing for Credentials......Page 415 Dropping a Link......Page 418 Local Credential Gathering......Page 419 Cached Domain Credentials......Page 421 Token Impersonation and Incognito......Page 422 Mimikatz and Kiwi......Page 423 Cracking Hashes with John the Ripper......Page 428 Using Credentials Locally......Page 431 Windows Native Tools......Page 433 Psexec......Page 434 Wmiexec.py and smbexec.py......Page 436 Passing the Hashes......Page 437 Dumping Domain Hashes......Page 438 Notes and References......Page 440 Metasploit Tools......Page 442 Native Tools......Page 444 Example: Ubuntu 14.04 and Overlayfs Privilege Escalation......Page 445 Linux Direct Privilege Escalation......Page 448 Example: Ubuntu 15.04 Apport CVE-2015-1325 Local Privilege Escalation Vulnerability......Page 450 Uploading Files via a Simple Web Server......Page 451 Working with Limited Shells......Page 452 Completing the Attack......Page 453 Example: CentOS 6.3 and semtex.c......Page 454 Creating a Second Shell......Page 455 Completing the Attack......Page 456 Dirty COW......Page 457 Using Dirty COW......Page 458 Creating an Entry in /etc/passwd......Page 459 Using Dirty COW to Escalate Privileges......Page 461 Avoiding the Crash......Page 463 System cron Jobs......Page 464 User cron Jobs......Page 466 Exploiting cron......Page 469 SUID Programs......Page 470 Example: Exploiting SUID NMap......Page 471 Outline Placeholder......Page 472 Copying a File with netctat and /dev/tcp......Page 473 Notes and References......Page 474 Dirty COW......Page 475 Logging in Linux......Page 477 Syslog Messages......Page 478 Configuring the rsyslog Daemon on CentOS 6......Page 479 Configuring the rsyslog Daemon on Other Distributions......Page 481 Reading systemd-journald Logs with journalctl......Page 482 Configuring systemd-journald......Page 484 Spoofing Log Messages......Page 487 auditd......Page 488 Creating Auditd Rules......Page 489 Reading the Audit Log......Page 491 ausearch......Page 492 Sending Logs with Syslog......Page 494 Receiving Logs with syslog......Page 495 Spoofing Remote Logs......Page 496 Log Rotation......Page 497 Log Rotation with systemd-journald......Page 498 Logging in Windows......Page 499 Viewing Windows Logs......Page 503 Using PowerShell to View Logs......Page 504 PsLogList......Page 506 Clearing Logs......Page 508 Auditing File Access......Page 509 Remote Windows Logs......Page 512 Windows Event Collector......Page 513 Sysmon......Page 515 Using PowerShell to Query Sysmon Logs......Page 516 Sysmon Configuration......Page 520 Installing and Configuring Sysmon Across the Domain......Page 521 Integrating Windows and Linux Logs......Page 523 Notes and References......Page 524 Msfvenom......Page 528 Msfvenom Example: Linux ELF 64-bit Executable......Page 529 Msfvenom Architectures......Page 530 Msfvenom Formats......Page 531 Msfvenom Payloads......Page 533 Msfvenom Example: Java......Page 534 Msfvenom Example: Python......Page 535 Msfvenom Templates......Page 537 Veil-Evasion......Page 538 Persistence Using the Windows Startup Folder......Page 543 Persistence Using Registry Startup Keys......Page 544 Persistence Using Registry Winlogon Key......Page 546 Metasploit Registry-Only Persistence......Page 547 Metasploit Registry File System Persistence......Page 550 Schtasks: User-Level Persistence at Fixed Times......Page 551 Schtasks: Advanced Scheduling Options......Page 553 DLL Hijacking......Page 554 Custom Services for Windows Persistence......Page 555 WMI Persistence......Page 557 Tracking Failed Logons......Page 558 Configuring Web Delivery to Serve Malware......Page 560 Adding the Entry to the WMI Database......Page 562 Removing the Persistence......Page 564 WMI Persistence Using Metasploit......Page 565 Determining the Domain SID......Page 567 Determining the Hash for Krbtgt......Page 568 Creating a Golden Ticket......Page 569 Using a Golden Ticket......Page 570 Metasploit Golden Tickets......Page 572 Persistence Using ~/.bash_profile or ~/.profile and Local Malware......Page 573 Persistence Using ~/.bashrc and Web Delivered Malware......Page 576 Root Persistence Using System Cron Jobs and Local Malware......Page 578 User Persistence Using Cron Jobs......Page 579 Custom Services for Linux Persistence......Page 580 Linux Persistence via Services Using Metasploit......Page 582 Other Approaches......Page 584 Windows Persistence......Page 585 WMI Persistence......Page 586 Golden Tickets......Page 587 Introduction......Page 588 Software Restriction Policies: Shortcuts......Page 589 Software Restriction Policies: Subdirectories......Page 591 Logs Generated by Software Restriction Policies......Page 592 Bypassing Software Restriction Policies via Web Delivery......Page 594 PowerShell Execution Policy......Page 596 Bypassing PowerShell Execution Policy......Page 597 PowerShell Language Mode......Page 598 Bypassing Constrained Language Mode......Page 601 Blocking PowerShell......Page 603 Autoruns......Page 605 Using PowerShell to Detect Startup Persistence in a Domain......Page 606 Detecting Changes to Startup......Page 607 Registry Persistence......Page 610 WOW6432Node......Page 611 Autoruns......Page 612 Enumerating the Hosts on a Domain......Page 613 Using psexec to Detect Registry Persistence in a Domain......Page 614 Autoruns and PowerShell......Page 615 Auditing Registry Changes......Page 616 Scheduled Tasks......Page 617 Schtasks......Page 618 Task Scheduler......Page 619 Blocking the Creation of Scheduled Tasks via Group Policy......Page 620 Service Persistence......Page 621 Detecting Services on Remote Systems Using sc......Page 622 Detecting Recently Added Services......Page 624 Detecting WMI Persistence on a Domain......Page 625 Using Sysmon to Detect WMI Modifications......Page 628 Password Length, Complexity, and Rotation......Page 629 Account Lockouts......Page 630 Cached Domain Logons......Page 631 WDigest Registry......Page 632 LSA Protection......Page 633 Mimikatz Detection via Sysmon......Page 634 Finding the Local Administrator Account......Page 639 Limiting the Local Administrator Account......Page 640 The Local Administrator Password Solution (LAPS)......Page 641 Watching the Network......Page 645 Disable LLMNR......Page 646 Disable NetBIOS over TCP/IP......Page 647 DNS Entries for WPAD......Page 650 Detecting Responder Attacks on the Network......Page 651 Controlling Lateral Movement......Page 653 Firewall Source IP Rules......Page 654 Logging SMB Use......Page 655 Logging PSEXEC Use......Page 656 Blocking PSEXEC Use......Page 659 SMB Version 1......Page 660 Logging WinRM Use......Page 661 Logging WMI Queries......Page 663 PowerShell......Page 666 WMI......Page 667 Networking......Page 668 Detecting Lateral Movement......Page 669 Linux Client Programs......Page 670 Scp and Sftp Clients......Page 671 OpenSSH Server on CentOS 5, 6......Page 673 OpenSSH Server on CentOS 7......Page 674 OpenSSH Server on OpenSuSE......Page 675 OpenSSH Server on Mint and Ubuntu......Page 676 OpenSSH Server: Networking and Protocol......Page 677 OpenSSH Server: Key Locations......Page 678 OpenSSH Server: Key Creation......Page 679 OpenSSH Server: Authentication......Page 680 OpenSSH Server: Public Key Authentication......Page 681 Protecting SSH Keys......Page 683 OpenSSH Server: Other Authentication Methods......Page 684 OpenSSH Server: X11 Forwarding......Page 685 PuTTY......Page 686 PuTTY Agents and Other Options......Page 688 Attacks Against SSH......Page 689 Enumerating Users via SSH......Page 692 Attacking Passphrase Protected SSH Keys......Page 694 Securing OpenSSH......Page 696 SSHGuard......Page 697 SSHGuard 2.1 on CentOS 7.3 Using TCP Wrappers......Page 698 SSHGuard 2.1 on OpenSuSE 13.2 Using iptables......Page 700 SSHGuard 1.5 on CentOS 5.9......Page 703 FTP Servers......Page 705 Connecting to FTP Servers......Page 707 Creating a File Share from the Command Line......Page 708 Creating a File Share from File Explorer......Page 709 Windows Server 2012, 2012 R2, or 2016......Page 710 Windows Server 2008......Page 713 Accessing SMB File Shares......Page 714 Drive Mapping Using Group Policy......Page 715 Creating Individual SMB File Shares on a Windows File Server......Page 716 Installing and Controlling Samba......Page 719 Samba Configuration......Page 720 Command-Line Interface to Samba......Page 723 Version Detection......Page 725 Share Detection......Page 726 User Detection......Page 729 Preventing Brute Force Attacks......Page 730 Eternal Red/SambaCry......Page 731 Stopping Eternal Red / SambaCry......Page 733 Remote Desktop......Page 734 Persistence via Remote Desktop and Sticky Keys......Page 736 Enabling Remote Desktop via Metasploit......Page 737 Enabling Sticky Keys......Page 738 Notes and References......Page 739 Apache Installation......Page 742 Installing Apache on CentOS......Page 743 Installing Apache on OpenSuSE......Page 744 Installing Apache on Ubuntu and Mint......Page 745 Version and Module Structure of Apache......Page 746 Configuring Apache on CentOS......Page 747 Configuring Apache on OpenSuSE......Page 748 Configuring Apache on Ubuntu and Mint......Page 749 Loading Apache Modules in OpenSuSE......Page 750 Module Configuration: Apache Status......Page 751 SetHandler Directives......Page 753 Controlling Access via Require Directives......Page 754 Apache Status from the Browser......Page 755 Apache Status from the Apache Control Program......Page 756 Module Configuration: User Directories......Page 758 UserDir Directives......Page 761 Options Directive......Page 762 Apache Modules: Aliases......Page 763 Loading the CGI Module......Page 764 Configuring the CGI Module; ScriptAlias......Page 765 CGI Script: Example......Page 767 Logs and Logging......Page 768 LogFormat Directive......Page 769 CustomLog Directive......Page 770 Parsing Access Logs with Scripts......Page 771 Configuring a Virtual Host......Page 773 NameVirtualHost Directives......Page 774 VirtualHost Directive......Page 775 Building a Virtual Host on TCP/8080......Page 776 Apache Modules: ssl_module......Page 777 SSLProtocol and Ciphers......Page 778 Selecting Protocols and Ciphers......Page 780 SSL/TLS Keys......Page 781 SSL/TLS Self-Signed Certificate......Page 782 SSL/TLS Certificate Signing Request......Page 784 CA Keys......Page 785 CA Certificate......Page 786 Signing a .csr......Page 787 Redirection......Page 788 Testing HTTP Connections......Page 789 Testing HTTPS Connections......Page 790 htpasswd......Page 793 Configuring Basic Authentication......Page 795 Installing ModSecurity on OpenSuSE......Page 797 Installing ModSecurity on Ubuntu and Mint......Page 798 ModSecurity Logging......Page 799 ModSecurity Temporary Data......Page 801 ModSecurity Rules......Page 802 Installing the CRS on OpenSuSE......Page 804 Installing the CRS on Ubuntu and Mint......Page 805 Notes and References......Page 806 Configuring EPEL......Page 808 Installation......Page 810 IIS Manager......Page 811 Managing Multiple Web Servers from IIS Manager......Page 812 Web Sites......Page 814 Adding a Second Web Site......Page 815 Error Messages......Page 818 Virtual Directories......Page 819 Command-Line Tools......Page 820 Access Control......Page 822 Request Filtering......Page 824 Authentication......Page 825 Managing Web Server Certificates......Page 826 Windows System Certificates......Page 827 Managing Remote Servers......Page 828 Creating a Certificate Signing Request......Page 829 Completing a Certificate Signing Request......Page 830 Choosing SSL/TLS Protocols and Ciphers......Page 831 Redirection......Page 832 Logs and Logging......Page 833 ModSecurity......Page 836 Notes and References......Page 839 Extracting Credentials from Internet Explorer......Page 841 Using PasswordFox Against Windows......Page 843 Using PasswordFox Against Linux......Page 845 Firefox Master Password......Page 846 Ettercap......Page 847 Generating an SSL/TLS Certificate for MitM......Page 848 Ettercap ARP Poisoning......Page 849 SSLStrip......Page 853 Password Attacks......Page 854 Burp Suite Web Proxy......Page 855 Burp Suite Brute Force Password Attacks......Page 857 Custom Password Attacks......Page 862 Installing mod_evasive on CentOS 5......Page 863 Installing mod_evasive on OpenSuSE......Page 864 Configuring mod_evasive......Page 865 Heartbleed......Page 866 ShellShock......Page 870 Notes and References......Page 876 Network Firewalls......Page 877 IPFire......Page 879 Installing IPFire......Page 880 IPFire Initial Configuration......Page 881 Network Traffic Rules......Page 883 Configuring the Network......Page 884 External Alias Addresses......Page 887 Web Proxies......Page 890 Egress Filtering on the Internal (GREEN) Network......Page 892 Egress Filtering from the Firewall......Page 893 IPFire Features......Page 894 Impact of Egress Filters......Page 895 Reconnaissance Beyond the Firewall......Page 896 Determining the Network......Page 897 ARP Scans Through the Firewall......Page 898 Domain Identification Through a Firewall......Page 899 Proxy Detection......Page 900 DNS and DHCP Identification......Page 901 SSH SOCKS5 Proxy......Page 902 ProxyChains......Page 903 Using Proxies with Metasploit......Page 904 Using Metasploit Routes as Pivots......Page 906 Metasploit Port Scan Through a Pivot......Page 907 Metasploit Pivot as a SOCKS4a Proxy......Page 908 Mapping Egress Filter Rules......Page 909 Obtaining IPFire Administrative Credentials......Page 911 Pivoting to IPFire......Page 912 Attacking IPFire......Page 913 Notes and References......Page 915 Installation......Page 917 Installing MySQL and MariaDB on Linux......Page 918 MySQL 5.5 on Windows......Page 919 MySQL 5.6 on Windows......Page 920 MySQL 5.7 on Windows......Page 921 MariaDB on Windows......Page 923 The mysql Client......Page 924 HeidiSQL......Page 927 Initial Connections on CentOS or OpenSuSE......Page 928 Initial Connections on Mint and Ubuntu......Page 929 Initial Connections on Windows......Page 930 The Table mysql.user......Page 932 Initial Values in mysql.user......Page 933 Changing Passwords in MySQL ≤ 5.6......Page 935 Changing Authentication Plugins......Page 936 Creating Users......Page 937 The MySQL Password Hashing Algorithm......Page 939 The User debian-sys-maint......Page 940 Wildcards......Page 942 Privileges......Page 943 Viewing Assigned Privileges......Page 945 Assigning Privileges......Page 946 Revoking Privileges......Page 948 FILE Privileges......Page 949 Securing the Initial Installation......Page 950 MySQL Configuration Files......Page 951 MySQLAdmin......Page 953 The MySQL History......Page 954 Network Scanning for MySQL/MariaDB......Page 955 Identifying MySQL Users......Page 957 Brute Force Password Attacks Against MySQL and MariaDB......Page 958 CVE 2012-2122 User Login Vulnerability......Page 960 Cracking MySQL/MariaDB Hashes......Page 961 CVE 2012-5613 Windows FILE Privilege Attack......Page 962 Notes and References......Page 965 Downloading Snort......Page 966 Installing Snort Dependencies on OpenSuSE......Page 967 Installing Snort Dependencies on CentOS 5......Page 968 Installing Snort Dependencies on Mint or Ubuntu......Page 969 Snort as a Packet Sniffer......Page 970 Installing Precompiled Rules......Page 975 Starting Snort as an Intrusion Detection System......Page 976 Running Snort as an IDS on OpenSuSE......Page 977 Running Snort as an IDS on Windows......Page 979 Creating Custom Snort Rules......Page 980 Snort and Packet Captures......Page 982 Snort Users and Permissions......Page 983 Configuring Snort as a Service on CentOS 5/6......Page 984 Configuring Snort as a Service on CentOS 7......Page 985 Configuring Snort as a Service on Mint or Ubuntu......Page 986 Configuring Snort as a Service on OpenSuSE......Page 987 Snort as a Windows Service......Page 988 Snort Variables......Page 990 Snort Rule Locations......Page 991 Stream Preprocessor......Page 992 HTTP Preprocessor......Page 993 ARP Spoof Detection......Page 994 Sensitive Data and Other Preprocessors......Page 995 Controlling Snort Output from the Command Line......Page 996 Snort Unified Log......Page 997 Snort Rules......Page 998 Snort and EternalBlue......Page 999 Notes and References......Page 1000 Installing PHP on Linux......Page 1002 Testing PHP on CentOS......Page 1003 Configuring PHP as an Apache Module on CentOS......Page 1004 Configuring PHP as a CGI Module on CentOS......Page 1005 Configuring PHP......Page 1006 PHP on OpenSuSE......Page 1007 PHP 7 on OpenSuSE 42.2, 42.3......Page 1008 Testing PHP on OpenSuSE......Page 1009 Configuring PHP as a CGI Module on OpenSuSE......Page 1010 Configuring PHP......Page 1011 PHP on Mint or Ubuntu......Page 1012 Configuring PHP as a CGI Module on Mint or Ubuntu......Page 1014 XAMPP Installation......Page 1017 SSL/TLS with XAMPP......Page 1020 The XAMPP Configuration and Security Pages......Page 1023 PHP on IIS......Page 1025 Testing the Installation......Page 1026 Installing the CGI Module on IIS......Page 1027 Configuring an IIS Handler for PHP......Page 1028 Configuring PHP......Page 1029 PHP Extensions......Page 1031 Register Globals......Page 1032 Include Vulnerabilities......Page 1035 Remote Include Vulnerabilities......Page 1038 Manually Exploiting a Remote Include Vulnerability......Page 1039 Exploiting a Remote Include Vulnerability with Metasploit......Page 1040 Configuring PHP......Page 1043 Determining the PHP Version......Page 1044 PHP CGI Argument Injection......Page 1046 PHP Persistence......Page 1049 PHP Persistence with Metasploit Malware......Page 1050 PHP Persistence with Weevely......Page 1052 Notes and References......Page 1055 phpMyAdmin on CentOS via yum......Page 1057 Configuring Apache for phpMyAdmin on CentOS......Page 1058 Configuring phpMyAdmin on CentOS......Page 1060 Using phpMyAdmin on OpenSuSE......Page 1061 Configuring Apache for phpMyAdmin on OpenSuSE......Page 1062 Configuring phpMyAdmin on OpenSuSE......Page 1063 phpMyAdmin on Mint/Ubuntu via apt......Page 1064 Configuring phpMyAdmin on Mint/Ubuntu......Page 1067 phpMyAdmin on Windows with XAMPP......Page 1069 phpMyAdmin on Windows with IIS......Page 1070 phpMyAdmin Feature Storage......Page 1072 Brute Force Password Attacks......Page 1074 Metasploit Attacks Against phpMyAdmin......Page 1079 Installing Joomla!......Page 1082 Example: Joomla! 3.0 on CentOS 6.3......Page 1083 Example: Joomla! 3.2 on Ubuntu 14.04......Page 1085 Example: Joomla! 3.3 on Windows Server 2012 with XAMPP 5.5.19......Page 1086 Example: Joomla! 3.4 on Windows Server 2016 with IIS......Page 1087 Example: Joomla! 3.6 on OpenSuSE 42.2......Page 1088 Using Joomla!......Page 1090 Attacking Joomla!......Page 1091 Brute Force Password Attacks......Page 1092 Joomla! Scanning......Page 1095 Metasploit Attacks Against Joomla!......Page 1097 PHP Persistence on Joomla! with Weevely......Page 1100 Example: WordPress 3.3 on Mint 12......Page 1102 Example: WordPress 3.5 on Windows Server 2012 with IIS......Page 1106 Example: WordPress 4.0 on OpenSuSE 13.2......Page 1107 Example: WordPress 4.1 on XAMPP 5.6.3 on Windows Server 2012 R2......Page 1108 Example: WordPress 4.3 on CentOS 7.2......Page 1109 WordPress Plugins......Page 1110 Attacking WordPress......Page 1111 Brute Force Password Attacks......Page 1112 WordPress Scanning......Page 1115 Metasploit Modules......Page 1118 Notes and References......Page 1119 Index......Page 1120
دانلود کتاب Cyber Operations : Building, Defending, and Attacking Modern Computer Networks