• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!

teckV

Lab 12: Exploit Creation

1 mensagem neste tópico

vejam por voçes mesmos... aqui não há "ensinamentos".. apenas aprendizagem auto-didacta

aqui está um documento excelente para quem quer realmente saber e não apenas "parecer"  ;):P

neste documento vão aprender sobre o que mais MEXE no momento da segurança.... Desenvolver Exploitsoperar o Nessus e MetaSploit  :D :ipool: :smoke: :cheesygrin: :eek: :-[ :P:D;):)

o acesso REMOTO NÃO AUTORIZADO é uma realidade e para mim uma ARTE!!... de que lado querem estar?????  :fartnew2:

Every organization needs to actively evaluate its information security measures in order to identify the threats to the organizations infrastructure and assets. This process is termed as Penetration testing. By identifying and resolving these vulnerabilitiesthe IT security related costs the organization bears would be reduced and the information assets would be protected. A penetration test is performed in various stages that involve gathering requirementsscanning the system for vulnerabilitiesexploiting those vulnerabilities and patching the systems to prevent hacker activities. Various tools are used to ease the entire process of vulnerability assessment and exploit generation. Two such commonly known tools are Nessus and Metasploit.

Nessus is an open source vulnerability scanner available under the GNU GPL. The tool is designed with the purpose to automate the testing (NASL) makes it feasible to write vulnerability checks. Nessus software is a client-server model. The Nessus servernessusdlistens for incoming connections from Nessus clients that are used by the end-user to launch scans. Client has to authenticate to the server before scanning.

Metasploit framework comprises of an environment for writingtesting and using exploit code. It provides simple and easy-to-use tools for the exploit development process and hides the details like understanding of target’s architecture assembly language and operating system internals that would otherwise be necessary for exploit development. Metasploit is a open-source software released under the GNU GPL. The tool is written with Perl scripting language and is compatible with all UNIX like platforms and the Cygwin environment on windows.

The tool provides three interfaces.

1.) msfcli interfacewhich is used for scriptingwhere all exploit options are specified as a single command-line statement.

2.) msfweb interface that is accessible via a web browser

3.) msfconsole interface that provides an interactive command-shell interface and is the most popular medium for exploit development. We will use msfconsole for our experiments.

http://users.ece.gatech.edu/~owen/Academic/ECE4112/Fall2005/Projects/exploit%20creation.doc     

teckV

delivering EXTREME knowlodge

the insider

the persuader... knocking th invader

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Crie uma conta ou ligue-se para comentar

Só membros podem comentar

Criar nova conta

Registe para ter uma conta na nossa comunidade. É fácil!


Registar nova conta

Entra

Já tem conta? Inicie sessão aqui.


Entrar Agora