Metasploit 滲透測試工具訓練班-大綱

第一天

  • Module 0: Introduction
    • Your name, role, and expectation of the course
  • Module 2: The Basics
    • Setup your own Penetration Lab
    • Configure virtual network using VMware Workstation or Player
    • Launch your testing machine and virtual targets
  • Module 1: The Penetration Testing Framework
    • What is penetration testing
    • Why is penetration testing important
    • A Defense Perspective
    • An Offence Perspective
    • The Methodology
    • Recon / Scan
    • Vulnerability Assessment
    • Exploits Attack
    • Post Exploitation
  • Lab 1 Build the Lab Environment
    • Kali Linux basic commands (cat etc/issue, find, locate, ls –al, ps aux, …)
  • Lab 2 Execute Basic Linux Commands (Kali Linux)
    • Understanding “Remote Hacking”
    • Bind Shell
    • Reverse Shell
  • Lab 3 Bind Shell and Reverse Shell
  • Module 3: Target Scan
    • The autonomy of port scans
    • TCP Syn Scan
    • UDP Scan
    • Scan Tools – Nmap
    • Discover ports and protocols
    • Discover vulnerabilities
  • Lab 4 Nmap Scan in Action
  • Module 4: Exploits using Metasploit Framework
    • Getting a Reverse shell
    • Metasploit framework exploit overview
    • Select the attack module
    • Select the Payload
    • Metasploit Merterpreter Shell
    • Merterpreter commands
  • Lab 5 Metasploit In Action

第二天

  • Day 1 Recap
  • Module 5: Web Applications Exploits
    • Web Applications Exploits
    • SQL Injection
    • Cross Site Scripting
  • Lab 6 Web Application Exploits
    • Web Application Exploits – Proxy Based Exploits
    • How to become man in the middle?
    • Using Firefox plugins
    • Using Burp
  • Module 6: Binary Exploits
    • Buffer overflow basic
    • A simple buffer over application
    • Basic x86 Architecture
    • CPU registers that matter
    • Exploit Development
    • Crash the application using buffer overflow
    • Locate EIP
    • Locate exploitable buffer
    • Control EIP
    • Identify any “Bad Characters”
    • Locate “JMP ESP”
    • Generate the Payload