bueno yo los acabo de bajar ya que es legal por torrent y he constatado que estan bastante bien (creo que 16 horas de video)haber si hay alguien se atreve a traducirlos :
Miscellaneous
IT training guru James Conrad's newest Certified Ethical Hacker training will show you
just how important it is to know thy enemy. You'll see how frighteningly easy it can
be to hack into a system, elevate your privilege and quickly “own” a machine. You'll
learn how easy it can be to crack passwords – even those that would be considered “secure.”
You'll learn how hackers create the dreaded Trojans that can potentially infect the
computer of an unsuspecting user and taking control of the machine to infiltrate networks.
Why will we teach you these things? Because you have to know the hackers' tricks to
prevent them from accessing your users.
Most Certified Ethical Hackers become highly adept at detecting and thwarting
security threats - preventing significant harm to your business and making you an incredible asset!
You can also use your new skills to move into the field of penetration testing –
utilizing your CEH to test the security of your client's systems.
ecc_ehack_v7_01 - Certified Ethical Hacker Series Introduction
ecc_ehack_v7_02 - Introduction to Certified Ethical Hacking
ecc_ehack_v7_03 - VMWare and Linux
ecc_ehack_v7_04 - Footprinting and Reconnaissance Part 1
ecc_ehack_v7_05 - Footprinting and Reconnaissance Part 2
ecc_ehack_v7_06 - Scanning Part 1
ecc_ehack_v7_07 - Scanning Part 2
ecc_ehack_v7_08 - Enumeration
ecc_ehack_v7_09 - Passwords Part 1 Windows
ecc_ehack_v7_10 - Passwords Part 2 Linux
ecc_ehack_v7_11 - System Hacking
ecc_ehack_v7_12 - Malware
ecc_ehack_v7_13 - Hack-O_Rama
ecc_ehack_v7_14 - Sniffing
ecc_ehack_v7_15 - Social Engineering
ecc_ehack_v7_16 - Denial of Service
ecc_ehack_v7_17 - Session Hijacking
ecc_ehack_v7_18 - Web and SQL Hacking
ecc_ehack_v7_19 - Cryptography
ecc_ehack_v7_20 - Intrusion Detection Systems
ecc_ehack_v7_21 - Hacking Wireless Networks
http://depositfiles.com/files/zx51xxtj2
------------------------------------------------------------------------------------------------------------------
Offensive Security Lab Exercises
Me he encontrado con un libro bastante bueno, Offensive Security Lab el cual enseña con ejercicios como usar las herramientas que trae Backtrack. Es bastante claro e ilustrativo, aquí dejo el index para que vean los temas que trata
1. Module 1 - BackTrack Basics
1.1 Finding your way around the tools
1.1.1 Exercise 1
1.2 Basic Services
1.2.1 DHCP
1.2.2 Static IP assignment
1.2.3 Apache
1.2.4 SSHD
1.2.5 Tftpd
1.2.6 VNC Server
1.2.7 Exercise 2
1.3 Basic Bash Environment
Overview
1.3.1 Simple Bash Scripting
1.3.2 Exercise 3
1.3.3 Possible Solution for ICQ Exercise
1.3.4 Exercise 4
1.4 Netcat The Almighty
Overview
1.4.1 Connecting to a TCP/UDP port with Netcat
1.4.2 Listening on a TCP/UDP port with Netcat
1.4.3 Transferring files with Netcat
1.4.4 Remote Administration with Netcat
1.4.4.1 Scenario 1 – Bind Shell
1.4.4.2 Scenario 2 – Reverse Shell
1.4.5 Exercise 5
1.5 Using WireShark (Ethereal)
Overview
1.5.1 Peeking at a Sniffer
1.5.2 Capture filters
1.5.3 Following TCP Streams
1.5.4 Exercise 6
2. Module 2- Information Gathering Techniques
A note from the authors
2.1 Open Web Information Gathering
Overview
2.1.1 Google Hacking
2.1.1.1 Advanced Google Operators
2.1.1.2 Searching within a Domain
2.1.1.3 Nasty Example #1
2.1.1.4 Nasty Example #2
2.1.1.5 Email Harvesting
2.1.1.6 Finding Vulnerable Servers using Google
2.1.1.7 Google API
2.2. Miscellaneous Web Resources
2.2.1 Other search engines
2.2.2 Netcraft
2.2.3 Whois Reconnaissance
2.3 Exercise 7
3. Module 3- Open Services Information Gathering
A note from the authors
3.1 DNS Reconnaissance
3.1.1 Interacting with a DNS server
3.1.1.1 MX Queries
3.1.1.2 NS Queries
3.1.2 Automating lookups
3.1.3 Forward lookup bruteforce
3.1.4 Reverse lookup bruteforce
3.1.5 DNS Zone Transfers
3.1.6 Exercise 8
3.2 SNMP reconnaissance
3.2.1 Enumerating Windows Users
3.2.2 Enumerating Running Services
3.2.3 Enumerating open TCP ports
3.2.4 Enumerating installed software
3.2.5 Exercise 9
3.3 SMTP reconnaissance
3.3.1 Exercise 10
3.4 Microsoft Netbios Information Gathering
3.4.1 Null sessions
3.4.2 Scanning for the Netbios Service
3.4.3 Enumerating Usernames
3.4.4 Exercise 11
4. Module 4- Port Scanning
A note from the authors
4.1 TCP Port Scanning Basics
4.2 UDP Port Scanning Basics
4.3 Port Scanning Pitfalls
4.4 Nmap
4.5 Scanning across the network
4.5.1 Exercise 11
4.6 Unicornscan
5. Module 5- ARP Spoofing
A note from the authors
5.1 The Theory
5.2 Doing it the hard way
5.2.1 Victim Packet
5.2.2 Gateway Packet
5.3 Ettercap
5.3.1 DNS Spoofing.
5.3.2 Fiddling with traffic
5.3.3 Exercise 12
6. Module 6- Buffer overflow Exploitation (Win32)
A note from the authors
Overview
6.1 Looking for the Bugs
6.2 Fuzzing
6.3 Replicating the Crash
6.4 Controlling EIP
6.4.1 Binary Tree analysis
6.4.2 Sending a unique string
6.5 Locating Space for our Shellcode
6.6 Redirecting the execution flow
6.7 Finding a return address
6.7.1 Using OllyDbg
6.8 Getting our shell
6.9 Improving exploit stability
6.9.1 Exercise 13
7. Module 7- Working With Exploits
7.1 Looking for an exploit on BackTrack
7.1.1 RPC DCOM Example
7.1.2 Wingate Example
7.1.3 Exercise 14
7.2 Looking for exploits on the web
7.2.1 Security Focus
7.2.2 Milw0rm.com
8. Module 8- Transferring Files
Exercise
8.1 The non interactive shell
8.2 Uploading Files
8.2.1 Using TFTP
8.2.1.1 TFTP Pros
8.2.1.2 TFTP Cons
8.2.2 Using FTP
8.2.3 Inline Transfer - Using echo and DEBUG.exe
8.3 Exercise 15
9. Module 9 – Exploit frameworks
9.1 Metasploit
9.1.1 Metasploit Command Line Interface (MSFCLI)
9.1.2 Metasploit Console (MSFCONSOLE)
9.1.3 Metasploit Web Interface (MSFWEB)
9.1.4 Exercise 16
9.1.5 Interesting Payloads
9.1.5.1 Meterpreter Payload
9.1.5.2 PassiveX Payload
9.1.5.3 Binary Payloads
9.1.6 Exercise 17
9.1.7 Framework v3.0
9.1.7.1 Framework 3 Auxiliary Modules
9.1.8 Framework v3.0 Kung Foo
9.1.8.1 db_autopwn
9.1.8.2 Kernel Payloads
9.1.9 Exercise 18
9.2 Core Impact
9.2.1 Exercise 19
10. Module 10- Client Side Attacks
A note from the authors
10.1 Client side attacks
10.2 MS04-028
10.3 MS06-001
10.4 Client side exploits in action
10.5 Exercise 20
11. Module 11- Port Fun
A note from the authors
11.1 Port Redirection
11.2 SSL Encapsulation - Stunnel
11.2.1 Exercise 21
11.3 HTTP CONNECT Tunneling
11.4 ProxyTunnel
11.4.1 Exercise 22
11.5 SSH Tunneling
11.6 What about content inspection ?
12. Module 12- Password Attacks
A note from the authors
12.1 Online Password Attacks
12.2 Hydra
12.2.1 FTP Bruteforce
12.2.2 POP3 Bruteforce
12.2.3 SNMP Bruteforce
12.2.4 Microsoft VPN Bruteforce
12.2.5 Hydra GTK
12.3 Password profiling
12.3.1 WYD
12.4 Offline Password Attacks
12.4.1 Windows SAM
12.4.2 Windows Hash Dumping – PWDump / FGDump
12.4.3 John The Ripper
12.4.4 Rainbow Tables
12.4.5 Exercise 24
12.5 Physical Access Attacks
12.5.1. Resetting Microsoft Windows
12.5.2 Resetting a password on a Domain Controller
12.5.3 Resetting Linux Systems
12.5.4 Resetting a Cisco Device
13. Module 13 - Web Application Attack vectors
13.1 SQL Injection
13.1.1 Identifying SQL Injection Vulnerabilities
13.1.2 Enumerating Table Names
13.1.3 Enumerating the column types
13.1.4 Fiddling with the Database
13.1.5 Microsoft SQL Stored Procedures
13.1.6 Code execution
13.2 Web Proxies
13.3 Command injection Attacks
13.3.1 Exercise 25
14. Module 14 - Trojan Horses
14.1 Binary Trojan Horses
14.2 Open source Trojan horses
14.2.1 Spybot
14.2.2 Insider
14.3 World domination Trojan horses
14.3.1 Rxbot
15. Module 15 - Windows Oddities.
15.1 Alternate NTFS data Streams
15.1.1 Exercise 26
15.2 Registry Backdoors
15.2.1 Exercise 27
16. Module 16 - Rootkits
16.1 Aphex Rootkit
16.2 HXDEF Rootkit
16.3 Exercise R.I.P
Final Challenges.
Tasks
Páginas: 329
Formato: PDF
http://www.ziddu.com/download/8692611/offensive-security-labs.pdf.html
-------------------------------------------------------------------------------------------------------------------
METASPLOIT TOOLKIT
Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Case Study 1 RaXnet Cacti
Remote Command Execution . . . . . . . . . . . . . . . . . . . . . 131
Overview of the RaXnet
Cacti graph_image.php Vulnerability . . . . . . . . . . . . . . . . .132
Metasploit Module Source . . . . . . . . . . . . . . . . . . . . . . . .133
In-Depth Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Case Study 2 Mercur Messaging 2005
SP3 IMAP Remote Buffer Overflow (CVE –2006-1255) 143
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Vulnerability Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Exploitation Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
PSEUDO-RET-LIB-C . . . . . . . . . . . . . . . . . . . . . . . . . . .148
Complete Exploit Code . . . . . . . . . . . . . . . . . . . . . . . . . .151
In-Depth Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Case Study 3 SlimFTPd String Concatenation Overflow 159
Overview of the SlimFTPd Vulnerability . . . . . . . . . . . . . .160
SlimFTPd Vulnerability Details . . . . . . . . . . . . . . . . . . . . .160
Complete Exploit Code for
SlimFTPd String Concatenation Overflow . . . . . . . . . . . . .165
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Case Study 4 WS-FTP Server 5.03 MKD Overflow . . . . . 169
Overview of the WS-FTP Server 5.03 Vulnerability . . . . . .170
Vulnerability Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Exploitation Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Checking Banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Complete Exploit Code . . . . . . . . . . . . . . . . . . . . . . . . . .193
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Case Study 5 MailEnable HTTP
Authorization Header Buffer Overflow . . . . . . . . . . . . . 199
Overview of the MailEnable
HTTP Authorization Buffer Overflow Vulnerability . . . . . .200
Exploit Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Metasploit Module Source . . . . . . . . . . . . . . . . . . . . . . . .201
Contents
In-Depth Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
Appendix A Advantages of Network
Vulnerability Testing with Metasploit 3.0 . . . . . . . . . . . 211
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
Vulnerability Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . .212
How Metasploit Gives Sys
Admins a Vulnerability-Testing Advantage . . . . . . . . . . . . .213
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Appendix B Building a Test Lab for Penetration Testing 215
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Some Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Setting up a Penetration Test Lab . . . . . . . . . . . . . . . . . . . .218
Safety First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Isolating the Network . . . . . . . . . . . . . . . . . . . . . . . . .218
Conceal Network Configuration . . . . . . . . . . . . . . . . .219
Secure Install disks . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
Transferring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . .221
Labeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Destruction and Sanitization . . . . . . . . . . . . . . . . . . . .222
Reports of Findings . . . . . . . . . . . . . . . . . . . . . . . . . . .223
A Final Word on Safety . . . . . . . . . . . . . . . . . . . . . . . .224
Types of Pentest Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
The Virtual Pentest Lab . . . . . . . . . . . . . . . . . . . . . . . .225
The Internal Pentest lab . . . . . . . . . . . . . . . . . . . . . . . .226
External Pentest Lab . . . . . . . . . . . . . . . . . . . . . . . . . .226
Project-Specific Pentest Lab . . . . . . . . . . . . . . . . . . . . .227
Ad Hoc Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Selecting the Right Hardware . . . . . . . . . . . . . . . . . . . . . .228
Focus on the “Most Common” . . . . . . . . . . . . . . . . . .228
Use What Your Clients Use . . . . . . . . . . . . . . . . . . . . .229
Dual-Use Equipment . . . . . . . . . . . . . . . . . . . . . . . . .230
Selecting the Right Software . . . . . . . . . . . . . . . . . . . . . . .230
Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Commercial Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Running Your Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Managing the Team . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Team “Champion” . . . . . . . . . . . . . . . . . . . . . . . . . . .232
xv
xvi
Contents
Project Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Training and Cross-Training . . . . . . . . . . . . . . . . . . . .233
Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Selecting a Pentest Framework . . . . . . . . . . . . . . . . . . . . .235
OSSTMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
NIST SP 800-42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
ISSAF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Targets in the Penetration Test Lab . . . . . . . . . . . . . . . . . . .238
Foundstone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
De-ICE.net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
What Is a LiveCD? . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Advantages of Pentest LiveCDs . . . . . . . . . . . . . . . . . .240
Disadvantages of Pentest LiveCDs . . . . . . . . . . . . . . . .240
Building a LiveCD Scenario . . . . . . . . . . . . . . . . . . . .241
Real-World Scenarios . . . . . . . . . . . . . . . . . . . . . . . . .241
Create a Background Story . . . . . . . . . . . . . . . . . . . . .242
Adding Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Final Comments on LiveCDs . . . . . . . . . . . . . . . . . . . .243
Other Scenario Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Old Operating System Distributions . . . . . . . . . . . . . . .244
Vulnerable Applications . . . . . . . . . . . . . . . . . . . . . . . .244
Capture the Flag Events . . . . . . . . . . . . . . . . . . . . . . . .245
What is Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Appendix C Glossary of Technology and Terminology 247
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
http://www.mediafire.com/?0tm1sh5r23388it
contraseña: exploit-shell