June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
自动化漏洞利用
|
187
可以参考相关引用。还可以看到将漏洞详细信息提交给常见漏洞评分系统
(
Common Vulnerability Scoring System
,
CVSS
)的结果。它提供了一个分数,
用于评价漏洞的脆弱性程度。如果你知道如何阅读
CVSS
,那么还可以更好
地了解这些详细信息的含义。比如,在前面的
CVSS
值表示网络上的攻击向
量(
attack vector
,
AV
)。攻击复杂性高,这表示攻击者需要熟练掌握对漏洞
的任何攻击才能成功。其余的可以在
CVSS
网站(
https://www.first.org/cvss/
specification-document
)上查找相关解释。
漏洞利用系统
对于漏洞利用,你可以将之看作一个有效载荷。一个有效载荷将会确定漏洞
利用成功时发生的事情。它是程序执行流程受到损害后运行的代码。不同的
有效载荷将为你提供不同的接口。并非所有有效载荷都适用于所有漏洞利用。
如果你想查看与要执行的漏洞利用兼容的潜在有效载荷列表,可以在加载模
块后输入
show payloads
命令。这将显示一个列表,如示例
5-17
所示。所有
这些有效载荷都提供了一个
UNIX shell
,因此可以输入
shell
命令。它们都显
示
UNIX shell
的原因是
distcc
是一个
UNIX
服务。
示例
5-17
:兼容
distcc
漏洞利用的有效载荷
msf exploit(unix/misc/distcc_exec) > show payloads
Compatible Payloads
=================== ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.