Penetration Testing with Shellcode

Master Shellcode to leverage the buffer overflow concept
Preview in Mapt

Penetration Testing with Shellcode

Hamza Megahed

1 customer reviews
Master Shellcode to leverage the buffer overflow concept
Mapt Subscription
FREE
$29.99/m after trial
eBook
$10.00
RRP $31.99
Save 68%
Print + eBook
$39.99
RRP $39.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$10.00
$39.99
$29.99 p/m after trial
RRP $31.99
RRP $39.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Penetration Testing with Shellcode Book Cover
Penetration Testing with Shellcode
$ 31.99
$ 10.00
Advanced Infrastructure Penetration Testing Book Cover
Advanced Infrastructure Penetration Testing
$ 35.99
$ 10.00
Buy 2 for $20.00
Save $47.98
Add to Cart

Book Details

ISBN 139781788473736
Paperback346 pages

Book Description

Security has always been a major concern for your application, your system, or your environment. This book's main goal is to build your skills for low-level security exploits, finding vulnerabilities and covering loopholes with Shellcode, assembly, and Metasploit.

This book will teach you topics ranging from memory management and assembly to compiling and extracting Shellcode and using syscalls and dynamically locating functions in memory. This book also covers techniques to compile 64-bit Shellcode for Linux and Windows along with Metasploit Shellcode tools. Lastly, this book will also show you to how to write your own exploits with intermediate techniques, using real-world scenarios.

By the end of this book, you will have become an expert in Shellcode and will understand how systems are compromised both at the operating system and network level.

Table of Contents

Chapter 1: Introduction
What is a stack?
Computer architecture
System calls
Summary
Chapter 2: Lab Setup
Configuring the attacker machine
Configuring Linux victim machine
Configuring Windows victim machine
Configuring Ubuntu for assembly x86
Networking
Summary
Chapter 3: Assembly Language in Linux
Assembly language code structure
Data types
Hello world
Stack
Data manipulation
Arithmetic operations
Loops
Controlling the flow
Procedures
Logical operations 
Summary 
Chapter 4: Reverse Engineering
Debugging in Linux
Debugging in Windows 
Summary
Chapter 5: Creating Shellcode
The basics
The relative address technique 
The execve syscall
TCP bind shell
Reverse TCP shell
Generating shellcode using Metasploit
Summary 
Chapter 6: Buffer Overflow Attacks
Stack overflow on Linux
Stack overflow on Windows
Summary
Chapter 7: Exploit Development – Part 1
Fuzzing and controlling instruction pointer
Injecting shellcode
A complete example of buffer overflow
Summary
Chapter 8: Exploit Development – Part 2
Injecting shellcode
Return-oriented programming
Structured exception handling
Summary
Chapter 9: Real-World Scenarios – Part 1
Freefloat FTP Server
Fuzzing 
Controlling the instruction pointer
Injecting shellcode 
An example
Summary 
Chapter 10: Real-World Scenarios – Part 2
Sync Breeze Enterprise
Fuzzing
Controlling the instruction pointer
Injecting shell code 
Summary 
Chapter 11: Real-World Scenarios – Part 3
Easy File Sharing Web Server
Fuzzing 
Controlling SEH
Injecting shellcode 
Summary 
Chapter 12: Detection and Prevention
System approach
Compiler approach 
Developer approach 
Summary

What You Will Learn

  • Create an isolated lab to test and inject Shellcodes (Windows and Linux).
  • Understand both Windows and Linux behavior.
  • Learn the assembly programming language.
  • Create Shellcode using assembly and Metasploit.
  • Detect buffer overflows.
  • Debug and reverse-engineer using tools such as gdb, edb, and immunity (Windows and Linux).
  • Exploit development and shellcodes injections  (Windows & Linux).
  • Prevent and protect against buffer overflows and heap corruption.

Authors

Table of Contents

Chapter 1: Introduction
What is a stack?
Computer architecture
System calls
Summary
Chapter 2: Lab Setup
Configuring the attacker machine
Configuring Linux victim machine
Configuring Windows victim machine
Configuring Ubuntu for assembly x86
Networking
Summary
Chapter 3: Assembly Language in Linux
Assembly language code structure
Data types
Hello world
Stack
Data manipulation
Arithmetic operations
Loops
Controlling the flow
Procedures
Logical operations 
Summary 
Chapter 4: Reverse Engineering
Debugging in Linux
Debugging in Windows 
Summary
Chapter 5: Creating Shellcode
The basics
The relative address technique 
The execve syscall
TCP bind shell
Reverse TCP shell
Generating shellcode using Metasploit
Summary 
Chapter 6: Buffer Overflow Attacks
Stack overflow on Linux
Stack overflow on Windows
Summary
Chapter 7: Exploit Development – Part 1
Fuzzing and controlling instruction pointer
Injecting shellcode
A complete example of buffer overflow
Summary
Chapter 8: Exploit Development – Part 2
Injecting shellcode
Return-oriented programming
Structured exception handling
Summary
Chapter 9: Real-World Scenarios – Part 1
Freefloat FTP Server
Fuzzing 
Controlling the instruction pointer
Injecting shellcode 
An example
Summary 
Chapter 10: Real-World Scenarios – Part 2
Sync Breeze Enterprise
Fuzzing
Controlling the instruction pointer
Injecting shell code 
Summary 
Chapter 11: Real-World Scenarios – Part 3
Easy File Sharing Web Server
Fuzzing 
Controlling SEH
Injecting shellcode 
Summary 
Chapter 12: Detection and Prevention
System approach
Compiler approach 
Developer approach 
Summary

Book Details

ISBN 139781788473736
Paperback346 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Advanced Infrastructure Penetration Testing Book Cover
Advanced Infrastructure Penetration Testing
$ 35.99
$ 10.00
Cybersecurity – Attack and Defense Strategies Book Cover
Cybersecurity – Attack and Defense Strategies
$ 31.99
$ 10.00
Metasploit Revealed: Secrets of the Expert Pentester Book Cover
Metasploit Revealed: Secrets of the Expert Pentester
$ 71.99
$ 10.00
Web Penetration Testing with Kali Linux - Third Edition Book Cover
Web Penetration Testing with Kali Linux - Third Edition
$ 39.99
$ 10.00
Mastering Linux Security and Hardening Book Cover
Mastering Linux Security and Hardening
$ 35.99
$ 10.00
Learn Wi-Fi Password Penetration Testing (WEP/WPA/WPA2) [Video] Book Cover
Learn Wi-Fi Password Penetration Testing (WEP/WPA/WPA2) [Video]
$ 49.99
$ 10.00