Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Índice Metasploit Edicion 2
Índice Metasploit Edicion 2
ndice
Introduccin .......................................................................................................................................................9
Captulo I Conceptos bsicos .......................................................................................................................... 11
'HQLFLRQHV ..................................................................................................................................................................... 11
6RIWZDUHDEOHYV6RIWZDUHVHJXUR .............................................................................................................................. 11
Bug................................................................................................................................................................................ 11
Exploit .......................................................................................................................................................................... 12
Payload ......................................................................................................................................................................... 12
Shellcode ...................................................................................................................................................................... 12
0-day exploit ................................................................................................................................................................. 13
%XIIHU2YHURZ ............................................................................................................................................................ 14
SQL Injection................................................................................................................................................................ 14
XSS (Cross-Site Scripting) ........................................................................................................................................... 14
Metasploit ..................................................................................................................................................................... 15
Mdulos ........................................................................................................................................................................ 15
,QWHUIDFHV0HWDVSORLW .................................................................................................................................................... 15
+HUUDPLHQWDVGHOIUDPHZRUN ........................................................................................................................................ 17
Arquitectura de Metasploit ........................................................................................................................................... 19
Tipos de mdulos en Metasploit IUDPHZRUN ................................................................................................................ 20
2. Versiones de Metasploit ................................................................................................................................................... 21
Metasploit Community Edition .................................................................................................................................... 21
Metasploit Pro............................................................................................................................................................... 22
Metasploit Express ....................................................................................................................................................... 22
3. El test de intrusin o pentest ............................................................................................................................................ 23
4. Fases del test de intrusin ................................................................................................................................................ 24
El contrato: alcance y trminos del test de intrusin .................................................................................................... 25
5HFROHFFLyQGHLQIRUPDFLyQ ......................................................................................................................................... 25
Anlisis de vulnerabilidades ......................................................................................................................................... 25
Explotacin de las vulnerabilidades ............................................................................................................................. 26
Post-explotacin del sistema ........................................................................................................................................ 26
*HQHUDFLyQGHLQIRUPHV ................................................................................................................................................ 27
5. Comandos bsicos de Metasploit..................................................................................................................................... 27
Comandos de ayuda y bsqueda................................................................................................................................... 29
&RPDQGRVGHLQWHUDFFLyQ\FRQJXUDFLyQ.................................................................................................................... 30
Comandos de base de datos .......................................................................................................................................... 34
6. Notas ticas ...................................................................................................................................................................... 37
JJJ
JJJ
ndice
JJJ