网络安全渗透测试与防护
定价:¥43.80
作者: 王立进
出版时间:2025-04
出版社:电子工业出版社
- 电子工业出版社
- 9787121483844
- 1-2
- 540579
- 68260242-0
- 平塑
- 16开
- 2025-04
- 358
- 224
- 电子与信息大类
- 网络
- 高职
内容简介
网络渗透测试是在客户授权下,模拟黑客挖掘及利用漏洞的手法对目标进行非破坏性的攻击测试,并根据测试结果提供整改建议。网络渗透测试是提高信息系统安全的有效手段,是受用户欢迎的网络安全服务类型。要想实现信息系统安全,需要大量掌握网络安全技术,尤其是掌握网络安全渗透测试及防护的人才。本书由校企“双元”合作开发,以“岗课赛证”融通为主旨,以渗透测试工程师的工作情景为主线,将网络渗透测试理论与实践紧密结合。本书分为七个项目,分别为渗透测试环境搭建、信息收集与漏洞扫描、Linux 操作系统渗透测试与加固、Windows 操作系统渗透测试与加固、数据库系统渗透测试与加固、无线网络渗透测试与加固、渗透测试报告撰写与沟通汇报。每个项目包括项目情境、项目任务、项目拓展、练习题四个部分,其中,项目情境让学生清楚将来要从事的工作内容,项目任务由渗透测试工程师的典型工作任务组成,项目拓展为学生深入学习指明方向,练习题让学生巩固所学的知识。
目录
项目一 渗透测试环境搭建 ········································································ 1
1.1 项目情境 ······················································································· 2
1.2 项目任务 ······················································································· 3
任务 1-1 安装与配置 Kali Linux 操作机 ··············································· 3
任务 1-2 安装与管理 Kali Linux 软件 ················································· 21
任务 1-3 安装与配置 Linux 靶机 ······················································· 26
任务 1-4 安装与配置 Windows 靶机 ··················································· 30
1.3 项目拓展——渗透测试方法论 ··························································· 45
1.4 练习题 ························································································· 48
项目二 信息收集与漏洞扫描 ···································································· 50
2.1 项目情境 ······················································································ 51
2.2 项目任务 ······················································································ 51
任务 2-1 通过公开网站收集信息 ······················································ 51
任务 2-2 使用 Nmap 工具收集信息 ··················································· 56
任务 2-3 使用 Nmap 工具扫描漏洞 ··················································· 61
任务 2-4 使用 Nessus 工具扫描漏洞 ·················································· 65
任务 2-5 检查主机弱口令 ······························································· 74
2.3 项目拓展——深入认识漏洞 ······························································ 78
2.4 练习题 ························································································· 79
网络安全 渗透测试与防护
VI
项目三 Linux 操作系统渗透测试与加固 ······················································ 81
3.1 项目情境 ······················································································ 82
3.2 项目任务 ······················································································ 82
任务 3-1 利用 vsFTPd 后门漏洞进行渗透测试 ····································· 82
任务 3-2 利用 Samba MS-RPC Shell 命令注入漏洞进行渗透测试 ·················· 87
任务 3-3 利用 Samba Sysmlink 默认配置目录遍历漏洞进行渗透测试 ··········· 90
任务 3-4 利用脏牛漏洞提升权限 ······················································ 94
任务 3-5 Linux 操作系统安全加固 ····················································· 97
3.3 项目拓展——脏牛漏洞利用思路解析 ················································ 101
3.4 练习题 ······················································································· 102
项目四 Windows 操作系统渗透测试与加固 ··············································· 104
4.1 项目情境 ···················································································· 105
4.2 项目任务 ···················································································· 105
任务 4-1 利用 MS17_010_externalblue 漏洞进行渗透测试 ····················· 105
任务 4-2 利用 CVE-2019-0708 漏洞进行渗透测试 ······························· 113
任务 4-3 利用 Trusted Service Paths 漏洞提权 ····································· 117
任务 4-4 社会工程学攻击测试 ······················································· 123
任务 4-5 利用 CVE-2020-0796 漏洞进行渗透测试 ······························· 126
任务 4-6 Windows 操作系统安全加固 ·············································· 133
4.3 项目拓展——社会工程学工具包 ······················································ 144
4.4 练习题 ······················································································· 145
项目五 数据库系统渗透测试与加固 ························································· 147
5.1 项目情境 ···················································································· 148
5.2 项目任务 ···················································································· 148
任务 5-1 暴力破解 MySQL 弱口令 ··············································
1.1 项目情境 ······················································································· 2
1.2 项目任务 ······················································································· 3
任务 1-1 安装与配置 Kali Linux 操作机 ··············································· 3
任务 1-2 安装与管理 Kali Linux 软件 ················································· 21
任务 1-3 安装与配置 Linux 靶机 ······················································· 26
任务 1-4 安装与配置 Windows 靶机 ··················································· 30
1.3 项目拓展——渗透测试方法论 ··························································· 45
1.4 练习题 ························································································· 48
项目二 信息收集与漏洞扫描 ···································································· 50
2.1 项目情境 ······················································································ 51
2.2 项目任务 ······················································································ 51
任务 2-1 通过公开网站收集信息 ······················································ 51
任务 2-2 使用 Nmap 工具收集信息 ··················································· 56
任务 2-3 使用 Nmap 工具扫描漏洞 ··················································· 61
任务 2-4 使用 Nessus 工具扫描漏洞 ·················································· 65
任务 2-5 检查主机弱口令 ······························································· 74
2.3 项目拓展——深入认识漏洞 ······························································ 78
2.4 练习题 ························································································· 79
网络安全 渗透测试与防护
VI
项目三 Linux 操作系统渗透测试与加固 ······················································ 81
3.1 项目情境 ······················································································ 82
3.2 项目任务 ······················································································ 82
任务 3-1 利用 vsFTPd 后门漏洞进行渗透测试 ····································· 82
任务 3-2 利用 Samba MS-RPC Shell 命令注入漏洞进行渗透测试 ·················· 87
任务 3-3 利用 Samba Sysmlink 默认配置目录遍历漏洞进行渗透测试 ··········· 90
任务 3-4 利用脏牛漏洞提升权限 ······················································ 94
任务 3-5 Linux 操作系统安全加固 ····················································· 97
3.3 项目拓展——脏牛漏洞利用思路解析 ················································ 101
3.4 练习题 ······················································································· 102
项目四 Windows 操作系统渗透测试与加固 ··············································· 104
4.1 项目情境 ···················································································· 105
4.2 项目任务 ···················································································· 105
任务 4-1 利用 MS17_010_externalblue 漏洞进行渗透测试 ····················· 105
任务 4-2 利用 CVE-2019-0708 漏洞进行渗透测试 ······························· 113
任务 4-3 利用 Trusted Service Paths 漏洞提权 ····································· 117
任务 4-4 社会工程学攻击测试 ······················································· 123
任务 4-5 利用 CVE-2020-0796 漏洞进行渗透测试 ······························· 126
任务 4-6 Windows 操作系统安全加固 ·············································· 133
4.3 项目拓展——社会工程学工具包 ······················································ 144
4.4 练习题 ······················································································· 145
项目五 数据库系统渗透测试与加固 ························································· 147
5.1 项目情境 ···················································································· 148
5.2 项目任务 ···················································································· 148
任务 5-1 暴力破解 MySQL 弱口令 ··············································
