|
-- ·|û / µù¥U --
|
¡@ |
|
|
¶Â«È¯µÓD º¯³z´ú¸Õ¹ê¥Î«ü«n¡]²Ä2ª©¡^ ( ²Åé ¦r) |
§@ªÌ¡G[¬ü] ¥Ö¯S °ò©i ¡] Peter Kim ¡^ | Ãþ§O¡G1. -> ¦w¥þ -> ºô¸ô¦w¥þ -> Àb«È§ðÀ»»P¤J«I |
ĶªÌ¡G |
¥Xª©ªÀ¡G¤H¥Á¶l¹q¥Xª©ªÀ | 3dWoo®Ñ¸¹¡G 46321 ¸ß°Ý®ÑÄy½Ð»¡¥X¦¹®Ñ¸¹¡I¡i¯Ê®Ñ¡j NT°â»ù¡G 395 ¤¸ |
¥Xª©¤é¡G1/1/2017 |
¶¼Æ¡G356 |
¥úºÐ¼Æ¡G0 |
|
¯¸ªø±ÀÂË¡G |
¦L¨ê¡G¶Â¥Õ¦L¨ê | »y¨t¡G ( ²Åé ª© ) |
|
¥[¤JÁʪ«¨® ¢x¥[¨ì§Úªº³Ì·R (½Ð¥ýµn¤J·|û) |
ISBN¡G9787115442451 |
§@ªÌ§Ç¡@|¡@ĶªÌ§Ç¡@|¡@«e¨¥¡@|¡@¤º®e²¤¶¡@|¡@¥Ø¿ý¡@|¡@§Ç |
(²Åé®Ñ¤W©Òz¤§¤U¸ü³sµ²¯Ó®É¶O¥\, ®¤¤£¾A¥Î¦b¥xÆW, YŪªÌ»Ýn½Ð¦Û¦æ¹Á¸Õ, ®¤¤£«OÃÒ) |
§@ªÌ§Ç¡G |
ĶªÌ§Ç¡G |
«e¨¥¡G |
¤º®e²¤¶¡G¡@¡@¡m¶Â«È¯µÓD¡X¡Xº¯³z´ú¸Õ¹ê¥Î«ü«n¡]²Ä2ª©¡^¡n¬OºZ¾P®Ñ¡m¶Â«È¯µÓD¡Xº¯³z´ú¸Õ¹ê¥Î«ü«n¡nªº¥þ·s¤É¯Åª©¡A¹ï¤W¤@ª©¤º®e¶i¦æ¤F¥þ±§ó·s¡A¦}¸É¥R¤F¤j¶qªº·sª¾ÃÑ¡C¥»®Ñªö¥Î¤j¶q¯u¹ê®×¨Ò©M·¥¦³À°§Uªº«ØijÁ¿¸Ñ¤F¦bº¯³z´ú¸Õ´Á¶¡·|±Á{ªº¤@¨Ç»Ùê¥H¤Î¬ÛÀ³ªº¸Ñ¨M¤èªk¡C ¡m¶Â«È¯µÓD¡X¡Xº¯³z´ú¸Õ¹ê¥Î«ü«n¡]²Ä2ª©¡^¡n¦@¤À¬°12³¹¡A²[»\¤F§ðÀ»¾÷¾¹/¤u¨ãªº¦w¸Ë°t¸m¡Aºôµ¸±½´y¡Aº|¬}§Q¥Î¡Aºô¯¸À³¥Îµ{§Çªº¤H¤uÀË´ú§Þ³N¡Aº¯³z¤ººô¡AªÀ·|¤uµ{¾Ç¤è±ªº§Þ¥©¡Aª«²z³X°Ý§ðÀ»¡A³WÁ×±þ¬r³n¥óÀË´úªº¤èªk¡A¯}¸Ñ±K½X¬ÛÃöªº¤p§Þ¥©©M¤ÀªR³ø§i¡BÄ~Äò±Ð¨|µ¥ª¾ÃÑ¡C ¡m¶Â«È¯µÓD¡X¡Xº¯³z´ú¸Õ¹ê¥Î«ü«n¡]²Ä2ª©¡^¡n½s±Æ¦³§Ç¡A³¹¸`¤§¶¡¬Û¤¬¿W¥ß¡AŪªÌ¬J¥i¥H«ö»Ý¾\Ū¡A¤]¥i¥H³v³¹¾\Ū¡C¥»®Ñ¤£n¨DŪªÌ¨ã³Æº¯³z´ú¸Õªº¬ÛÃöI´º¡A¦ý¬O¦pªG¨ã¦³¬ÛÃöªº¸gÅç¡A¹ï²z¸Ñ¥»®Ñªº¤º®e·|§ó¦³À°§U¡C |
¥Ø¿ý¡G²Ä1³¹¡@ÁÉ«e·Ç³Æ¡X¡X¦w¸Ë 1 1.1 «Ø¥ß´ú¸ÕÀô¹Ò 1 1.2 «Ø¥ß¤@Ó°ì 1 1.3 «Ø¥ß¨ä¥LªºªA°È¾¹ 2 1.4 ¹ê½î 2 1.5 ºc«Øº¯³z´ú¸ÕÀô¹Ò 3 1.5.1 ¦w¸Ë¤@Óº¯³z´ú¸ÕÀô¹Ò 3 1.5.2 µw¥ó 4 1.5.3 ¶}·½³n¥ó©M°Ó·~³n¥ó 5 1.5.4 «Ø¥ß¥»O 6 1.5.5 ·f«ØKali Linux 8 1.5.6 WindowsµêÀÀ¾÷ 17 1.5.7 ³]¸mWindowsÀô¹Ò 18 1.5.8 ±Ò°ÊPowerShell 20 1.5.9 Easy-P 22 1.6 ¾Ç²ß 24 1.6.1 Metasploitable 2 24 1.6.2 ¤G¶i¨î§Q¥Î 26 1.7 Á`µ² 36
²Ä2³¹¡@µo²y«e¡X¡X±½´yºôµ¸ 37 2.1 ³Q°Ê«H®§·j¯Á¡X¶}·½±¡³ø¡]OSINT¡^ 37 2.1.1 Recon-NG¡]https://bitbucket.org/LaNMaSteR53/recon-ng, Kali Linux¡^ 38 2.1.2 Discover¸}¥»¡]https://github.com/leebaird/discover, Kali Linux¡^ 42 2.1.3 SpiderFoot¡]http://www.spiderfoot.net/, Kali Linux¡^ 44 2.2 ³Ð«Ø±K½X¦r¨å 46 2.2.1 Wordhound¡]https://bitbucket.org/mattinfosec/wordhound.git, Kali Linux¡^ 46 2.2.2 BruteScrape¡]https://github.com/cheetz/brutescrape, Kali Linux¡^ 50 2.2.3 ¨Ï¥Î§ð³´±K½X¦Cªí¨Ó¬d§ä¶l¥ó¦a§}©M¾ÌÃÒ 51 2.2.4 Gitrob¡VGithub¤ÀªR(https://github.com/michenriksen/gitrob, Kali Linux) 54 2.2.5 ¶}·½±¡³ø¼Æ¾Ú·j¶° 56 2.3 ¥~³¡©Î¤º³¡¥D°Ê¦¡«H®§·j¶° 57 2.3.1 Masscan(https://github.com/robertdavidgraham/masscan, Kali Linux) 57 2.3.2 SPARTA¡]http://sparta.secforce.com/, Kali Linux¡^ 60 2.3.3 HTTP Screenshot¡]https://github.com/breenmachine/httpscreenshot, Kali Linux¡^ 63 2.4 º|¬}±½´y 67 2.4.1 Rapid7 Nexpose/Tenable Nessus¡]Kali/Windows/OS X¡^ 67 2.4.2 OpenVAS(http://www.openvas.org/, Kali) 68 2.5 ºô¯¸À³¥Îµ{§Ç±½´y 71 2.5.1 ºô¯¸±½´y¹Lµ{ 71 2.5.2 ºô¯¸À³¥Îµ{§Ç±½´y 72 2.5.3 OWASP Zap Proxy(https://code.google.com/p/zaproxy/, Kali Linux/Windows/OS X) 79 2.6 ¤ÀªRNessus¡BNmap©MBurp 81 2.7 Á`µ² 83
²Ä3³¹¡@±a²y¡X¡Xº|¬}§Q¥Î 85 3.1 Metasploit(http://www.metasploit.com, Windows/Kali Linux) 85 3.1.1 ±qKali¾Þ§@¨t²Îªº²×ºÝ¡Xªì©l¤Æ©M±Ò°ÊMetasploit¤u¨ã 86 3.1.2 ¨Ï¥Î³q¥Î°t¸m©R¥O¹B¦æMetasploit 86 3.1.3 ¹B¦æMetasploit¡Xº|¬}§Q¥Î¦ZÄò¾Þ§@©Î¨ä¥L 87 3.1.4 ¨Ï¥ÎMetasploit¥»O§Q¥ÎMS08-067º|¬} 87 3.2 ¸}¥» 89 3.3 ¥´¦L¾÷ 90 3.4 ¤ßŦ¥X¦å 94 3.5 Shellshock 97 3.6 ¾É¥XGit¥N½X®w¡]Kali Linux¡^ 101 3.7 Nosqlmap (www.nosqlmap.net/, Kali Linux) 103 3.8 ¼u©Ê·j¯Á¡]Kali Linux¡^ 106 3.9 Á`µ² 108
²Ä4³¹¡@©ß¶Ç¡X¡Xºô¯¸À³¥Îµ{§Çªº¤H¤uÀË´ú§Þ³N 109 4.1 ºô¯¸À³¥Îµ{§Çº¯³z´ú¸Õ 110 4.1.1 SQLª`¤J 111 4.1.2 ¤â¤uSQLª`¤J 115 4.1.3 ¸ó¯¸¸}¥»¡]XSS¡^ 131 4.1.4 ¸ó¯¸½Ð¨D°°³y¡]CSRF¡^ 136 4.1.5 ·|¸Ü¥OµP 139 4.1.6 ¨ä¥L¼Ò½k´ú¸Õ/¿é¤JÅçÃÒ 141 4.1.7 ¨ä¥LOWASP«e¤Q¤jº|¬} 144 4.1.8 ¥\¯à/·~°ÈÅÞ¿è´ú¸Õ 146 4.2 Á`µ² 147
²Ä5³¹¡@¾î¶Ç¡X¡Xº¯³z¤ººô 149 5.1 µL¾ÌÃÒ±ø¥ó¤Uªººôµ¸º¯³z 149 5.1.1 Responder.py (https://github.com/SpiderLabs/Responder, Kali Linux) 149 5.1.2 ARP´ÛÄF 153 5.1.3 Cain and Abel (http://www.oxid.it/cain.html, Windows) 154 5.1.4 Ettercap(http://ettercap.github.io/ettercap/, Kali Linux) 156 5.1.5 ¦Zªù¤u¼t¥N²z(https://github.com/secretsquirrel/ BDFProxy, Kali Linux) 157 5.1.6 ARP´ÛÄF¦Z§ðÀ»¾Þ§@ 159 5.2 §Q¥Î¥ô·N°ì¾ÌÃÒ¡]«DºÞ²zûÅv¡^ 167 5.2.1 ¶}®i¨t²Î°»¹î 167 5.2.2 ²Õµ¦²¤º¿ï¶µ 173 5.2.3 Ãö¤_º|¬}§Q¥Î¦Z´Áªº¤@ÂI´£¥Ü 175 5.2.4 Åv´£¤É 176 5.3 ¾Ö¦³¥»¦aºÞ²zûÅv©Î°ìºÞ²zûÅv 181 5.3.1 ¨Ï¥Î¾ÌÃÒ©Mpsexecº¯³z¾ãÓºôµ¸ 182 5.3.2 ¨Ï¥Îpsexec¤u¨ã¹ê²{¦b¦h¥D¾÷°õ¦æ©R¥O¡]Kali Linux¡^ 185 5.3.3 ¨Ï¥ÎWMI¤u¨ã¶i¦æ¾î¦Vº¯³z¡]Windows¡^ 186 5.3.4 Kerberos - MS14-068 188 5.3.5 ¶Ç»¼²¼¾Ú§ðÀ» 190 5.3.6 §Q¥ÎPostgreSQLº|¬}¶i¦æ¾î¦Vº¯³z 192 5.3.7 Àò¨ú½w¦sÃÒ®Ñ 195 5.4 §ðÀ»°ì±±¨î¾¹ 197 5.4.1 SMBExec(https://github.com/brav0hax/smbexec, Kali Linux) 197 5.4.2 psexec_ntdsgrab¡]Kali Linux¡^ 199 5.5 «ùÄò±±¨î 201 5.5.1 Veil©MPowerShell 201 5.5.2 ¨Ï¥Îp¹º¥ô°È¹ê²{«ùÄò±±¨î 204 5.5.3 ª÷²¼¾Ú 206 5.5.4 ¸U¯à±KÆ_ 213 5.5.5 Öߺ¢Áä 215 5.6 Á`µ² 218
²Ä6³¹¡@§U§ð¡X¡XªÀ·|¤uµ{¾Ç 219 6.1 ªñ¦ü°ì¦W 219 6.1.1 SMTP§ðÀ» 219 6.1.2 SSH§ðÀ» 220 6.2 ºôµ¸³¨³½ 222 6.3 ºôµ¸³¨³½³ø§i 231
²Ä7³¹¡@µu¶Ç¡X¡Xª«²z³X°Ý§ðÀ» 233 7.1 µL½uºôµ¸º¯³z 233 7.1.1 ³Q°ÊÃѧO©M°»¹î 233 7.1.2 ¥D°Ê§ðÀ» 235 7.2 ¤u¥d§J¶© 245 7.3 Kon-boot(http://www.piotrbania. com/all/kon- boot/, Windows/OS X) 249 7.3.1 Windows 250 7.3.2 OS X 250 7.4 º¯³z´ú¸Õ«KÄâ³]³Æ¡XRaspberry Pi 2 251 7.5 Rubber Ducky (http://hakshop.myshopify.com/ products/usb-rubber- ducky- deluxe) 255 7.6 Á`µ² 258
²Ä8³¹¡@¥|¤À½Ã¬ð¯}¡X¡X³WÁ×±þ¬r³n¥óÀË´ú 259 8.1 ³WÁ×±þ¬r³n¥óÀË´ú 259 8.1.1 ¦Zªù¤u¼t (https://github.com/secretsquirrel/the- backdoorfactory, Kali Linux) 259 8.1.2 WCE³WÁ×±þ¬r³n¥óÀË´ú¡]Windows¡^ 263 8.1.3 Veil (https://github.com/Veil-Framework, Kali Linux) 267 8.1.4 SMBExec (https://github.com/pentestgeek/smbexec, Kali Linux) 270 8.1.5 peCloak.py(http://www.securitysift.com/pecloak-py-an- experiment-in- av-evasion/, Windows) 272 8.1.6 Python 274 8.2 ¨ä¥LÁä½L°O¿ý¤u¨ã 276 8.2.1 ¨Ï¥ÎNishang¤UªºÁä½L°O¿ý¤u¨ã (https://github.com/ samratashok/ nishang) 277 8.2.2 ¨Ï¥ÎPowerSploit¤u¨ã¤¤ªºÁä½L°O¿ý¡]https://github.com/ mattifestation/ PowerSploit¡^ 278 8.3 Á`µ² 278
²Ä9³¹¡@¯S¶Ô²Õ¡X¡X¯}¸Ñ¡B§Q¥Î©M§Þ¥© 279 9.1 ±K½X¯}¸Ñ 279 9.1.1 John the Ripper(http://www.openwall.com/john/, Windows/Kali Linux/OS X) 282 9.1.2 oclHashcat (http://hashcat.net/oclhashcat/, Windows/Kali Linux) 283 9.2 º|¬}·j¯Á 296 9.2.1 searchsploit (Kali Linux) 296 9.2.2 BugTraq (http://www.securityfocus.com/bid) 298 9.2.3 Exploit-DB (http://www.exploit-db.com/) 298 9.2.4 ¬d¸ßMetasploit 299 9.3 ¤@¨Ç¤p§Þ¥© 300 9.3.1 MetasploitªºRC¸}¥» 300 9.3.2 Windows¶å±´ 301 9.3.3 ¶¹LUAC 302 9.3.4 Kali Linux NetHunter 304 9.3.5 ¥Í¦¨¤@Ó©w¨î¤Ï¦Vshell 306 9.3.6 ³WÁ×À³¥Î¯Å¨¾¤õùÙ 311 9.3.7 PowerShell 314 9.3.8 Windows 7/8¤W¶Ç¤å¥ó¨ì¥D¾÷ 315 9.3.9 ¤¤Âà 316 9.4 °Ó·~³n¥ó 323 9.4.1 Cobalt Strike 324 9.4.2 Immunity Canvas (http://www.immunityinc.com/products/canvas/, Kali Linux/ OS X/Windows) 328 9.4.3 Core Impact (http://www.coresecurity.com/core-impact-pro) 331
²Ä10³¹¡@¨â¤ÀÄÁªº¾Þ½m¡X¡X±q¹sÅܦ¨^¶¯ 333 10.1 ¤Q½X½u 333 10.2 ¤G¤Q½X½u 334 10.3 ¤T¤Q½X½u 334 10.4 ¤¤Q½X½u 335 10.5 ¤C¤Q½X½u 337 10.6 ¤K¤Q½X½u 339 10.7 ²×ÂI½u 340 10.8 ¹F°}¡I¹F°}¡I¹F°}¡I 342
²Ä11³¹¡@ÁɦZ¡X¡X¤ÀªR³ø§i 345
²Ä12³¹¡@Ä~Äò±Ð¨| 349 12.1 º|¬}Äa½àºô¯¸ 349 12.2 ¥Dnªº¦w¥þ·|ij 349 12.3 °ö°V½Òµ{ 351 12.4 §K¶O°ö°V 351 12.5 ¹ÜºX¬D¾Ô 352 12.6 «O«ù§ó·s 352 12.6.1 ¶l¥ó¦Cªí 352 12.6.2 ¼½«È 352 12.7 ¸òÃa¤p¤l¾Ç²ß 353
³Ì¦Zªºª`·N¨Æ¶µ 355
PÁÂ 356 |
§Ç¡G |
|