Shared Flashcard Set

Details

Metasploit: Penetration Testing
Material from the book: Metasploit - The Penetration Testers Guide
12
Computer Networking
Not Applicable
12/30/2014
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Networking Flashcards

 

 

Cards

Term
Penetration testing
 Definition
A way for you to simulate the methods that an attacker might use to circumvent security controls and gain access to an organization’s systems.
Term
PTES
 Definition
Penetration Testing Execution
Standard
Term
The 7 Phases of the PTES
 Definition
1. Pre-engagement Interactions
2. Intelligence Gathering
3. Threat Modeling
4. Vulnerability Analysis
5. Exploitation
6. Post Exploitation
7. Reporting
Term
Exploit
 Definition
An exploit is the means by which an attacker, or pen tester for that matter, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.
Term
Payload
 Definition
A payload is code that we want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt (see Chapter 5), whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.
Term
reverse shell
 Definition
reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt
Term
bind shell
 Definition
bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect.
Term
Shellcode
 Definition
Shellcode is a set of instructions used as a payload when exploitation occurs. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the series of instructions have been performed by the target machine, hence the name.
Term
Module
 Definition
A module in the context of this book is a piece of software that can be used by the Metasploit Framework.
Term
exploit module
 Definition
a software component that conducts the attack.
Term
auxiliary module
 Definition
may be required to perform an action such as scanning or system enumeration.
Term
Listener
 Definition
A listener is a component within Metasploit that waits for an incoming connection of some sort.
Supporting users have an ad free experience!