The First Step Towards Hacking Book
The First Step Towards Hacking စာအုပ်
မြန်မာလိုရေးထားတဲ့ စာအုပ်ဖြစ်ပါတယ်။ ဘာသာပြန်စာအုပ် လုံးဝမဟုတ်ပါ။
၂၅.၈.၂၀၂၃ မှာ ထွက်ပါမယ်။
စာအုပ်ဝယ်ယူအားပေးသူတိုင်းအတွက် join နိုင်မယ့် Telegram link စာအုပ်ထဲမှာ ပါရှိပါတယ်။
၂၄.၈.၂၀၂၃ မတိုင်မီ Prepaid Preorder မှာယူသူတိုင်းအတွက် PDF file အခမဲ့ ရရှိပါမယ်။
စုစုပေါင်း စာမျက်နှာ ၇၂၅ မျက်နှာ ပါရှိပါတယ်။ စာအုပ်တန်ဖိုးမှာ ၅၅၀၀၀ ကျပ် ဖြစ်ပါတယ်။
Preorder မှာယူလိုပါက အောက်ပါ link တွေကနေ ဆက်သွယ်နိုင်ပါတယ်။
1. Facebook Page Messenger မှ ဆက်သွယ်ရန်
မာတိကာ
စဥ် အကြောင်းအရာ စာမျက်နှာ
Chapter 1 : Frequently Asked Questions 1-7
Chapter 2 : Basic Concepts of Programming
2.1. Introduction 8
2.2. Introduction to Binary 9-12
2.3. Bitwise Operators 12-13
2.4. Hexadecimal 13-15
2.5. Introduction to Programming 15-16
2.6. C Programming Language 16-22
2.6.1. Data Types & Variables in C 22-24
2.6.2. Operators in C 25-26
2.6.3. If Statement & Switch Statement in C 26-29
2.6.4. Looping in C 29-32
2.6.5. Break & Continue in C 32-33
2.6.6. Arrays in C 34-35
2.6.7. Strings in C 36
2.6.8. User Input in C 37-38
2.6.9. Memory Addresses & Pointers in C 38-39
2.6.10. Functions in C 39-41
2.6.11. strcpy/strncpy in C 41-42
2.7. Computer Memory 43
2.7.1. RAM (Random Access Memory) 43
2.7.2. Memory Segmentation 43-44
2.7.3. Programs in Memory 45-47
2.7.4. Processors 47
2.7.5. Registers 48-49
2.8. Assembly Language Basics 49
2.8.1. Machine Language Vs Assembly Vs C 50
2.8.2. Syntax of Assembly 50-56
2.9. Introduction to GDB 56-62
Chapter 7 : Finding Vulnerabilities
7.1. Introduction 140-141
7.2. Vulnerability Scanning 141
7.3. About Vulnerability Scanners 141-144
7.4. Scanning with OpenVAS 144-147
7.5. Scanning with Nmap 147-150
7.6. Scanning with ZAP 150-153
Chapter 8 : Password Cracking
8.1. Introduction 154
8.2. History of Passwords 155
8.3. Concepts of Password Cracking 155-159
8.4. Cracking Linux Password 159-163
8.5. Cracking Windows Password 163
8.5.1. SAM 163-165
8.5.2. LM Authentication System 165
8.5.3. NTLM 165-166
8.5.4. Windows Target (Windows 7,8,10,11) 166-173
8.5.5. Cracking Hashes 173-174
8.6. Cracking Zip and RAR Passwords 175-178
8.7. Cracking PDF Passwords 178
8.8. Cracking WiFi Passwords 178-182
8.9. Using Password Lists 183
8.9.1. Password Lists in Kali 183-185
8.8.2. Crunch 185-187
8.9.3. Cewl 187-188
8.9.4. CUPP 189-192
8.10. Bruteforcing 193-197
8.11. Online Password Cracking 197
8.11.1. Medusa 198-200
Chapter 9 : Exploiting Windows System
9.1. Introduction 201-203
9.2. Attacking Windows 7 Machine 203-207
9.3. About Eternalblue Vulnerability 207-208
9.4. Exploiting with Metasploit 208-209
9.5. Getting Shell Without Exploiting 210
9.5.1. LLMNR & NBNS 210-213
9.5.2. About NTLM Authentication 213-217
9.5.3. Responder 217-223
9.6. Exploiting with Metasploit Framework 223
9.6.1. Creating Payloads using msfvenom 223-225
9.6.2. Encoding Payloads using msfvenom 225-227
9.6.1. Embedding Payloads in Files 227-228
9.7. Exploiting with Hoaxshell 228-231
9.8. Exploiting with Havoc Framework 231-233
9.9. Exploiting with Villain 233-237
9.10. Exploiting with Veil 237-244
Chapter 10 : Testing With Metasploitable3 (Windows)
10.1. Introduction 245
10.1.1. Setting Up Metasploitable3 (Windows) Machine 245-247
10.2. Attacking Metasploitable3 Machine 247-252
10.3. Eternalblue Exploit 252
10.4. Bruteforcing FTP Server 253-255
10.5. IIS Directory Traversal 255-258
10.6. IIS FTP DoS 258-260
10.7. Attacking SSH Service 260-263
10.8. Attacking Web Service 263-266
10.9. Exploiting UDP Port 137 266-269
10.10. Exploiting UDP Port 161 269-275
10.11. Exploiting SMB 275-281
10.12. Exploiting RMI 281-282
10.13. Exploiting MySQL 283-289
10.14. Exploiting RDP 289-292
10.15. Exploiting Oracle GlassFish 292-297
10.16. Exploiting Windows Remote Management Service 298-301
10.17. Exploiting Tomcat Server 302-309
10.18. Exploiting Port 8020 309-311
10.19. Exploiting Port 8585 311-319
10.20. Exploiting Wordpress 319-330
10.21. Exploiting Jenkins 330-340
Chapter 11 : Sniffing & Spoofing
11.1. Introduction 341-342
11.2. Definitions 342
11.2.1. What is Sniffing 342-343
11.2.2. What is Spoofing 342-345
11.3. About Carnivore 346
11.4. Promiscuous Mode 346
11.5. TCPDump 347-350
11.6. Wireshark 350-363
Chapter 12 : Post Exploitation (Windows)
12.1. Introduction 364-366
12.2. Post-Exploitation in MSF 366-370
12.3. Windows Password Phishing 370-373
12.4. System Enumeration After Attack 373-375
12.5. User Enumeration After Attack 376-377
12.6. Network Enumeration After Attack 378-380
12.7. Password Hunting After Attack 380-385
12.8. Antivirus Enumeration 386-389
12.9. Using Automated Tools 389-393
12.10. Kernel Exploits 393-396
12.10.1. Privilege Escalation with Metasploit 396-400
12.10.2. Privilege Escalation Via Shell Access 400-408
12.11. Making Persistence 408-409
12.11.1. Persistence Via Meterpreter 409-411
12.11.2. Persistence Via New User 411-412
12.11.3. Persistence Via RDP 412-414
12.11.4. Using Veil for Persistence 414-418
12.11.5. Using Shellter 418-423
Chapter 13 : Exploiting Linux Systems
13.1. Introduction 424-424
13.2. Exploiting FTP Server 425-431
13.3. Exploiting SSH Service 431-433
13.4. Exploiting Drupal Web Framework 434-437
13.4.1. Exploiting Payroll Application 437-439
13.4.2. Exploiting phpMyAdmin 439-441
13.5. Enumerating NetBIOS 442-444
13.6. Exploiting SMB Service 445-449
13.7. Exploiting Ruby on Rails 449-456
Chapter 14 : Post-Exploitation (Linux)
14.1. Introduction 457-457
14.2. System Enumeration After Attack 457-460
14.3. User Enumeration After Attack 460-463
14.4. Network Enumeration After Attack 463-466
14.5. Password Hunting 466-468
14.6. Enumerating Using Automated Tools 468-475
14.7. Escalation Path: Kernel Exploits 475-478
14.8. Escalation Path: Passwords & File Permissions 479-482
14.9. Escalation Path: Sudo 482-489
14.10. Escalation Path: SUID (Env Variables) 490-495
14.11. Escalation Path: Capabilities 496-497
14.12. Escalation Path: Scheduled Tasks 497-501
Chapter 15 : Web Hacking Background Knowledge
15.1. Introduction 502-502
15.2. Web Servers 502-504
15.3. Web Clients 504-505
15.4. HTTP Vs HTTPS 505-506
15.5. HTTP Methods or HTTP Verbs 506-508
15.6. Web Server Fingerprinting 509-509
15.6.1. Web Server Fingerprinting With NetCat 509-511
15.7. Directories & Files Enumeration 511-512
15.7.1. Directory BruteForcing With DirBuster 513-518
15.7.2. Directory BruteForcing With Dirb 518-522
15.8. OWASP 522-523
15.8.1. OWASP Top 10 Vulnerabilities 523-524
Chapter 16 : Learning To OWASP Top 10
16.1. Introduction 525
16.2. Brocken Access Control 525-532
16.3. Cryptographic Failure 532-535
16.4. Injection 536
16.5. Insecure Design 537-538
16.6. Security Misconfiguration 539
16.7. Vulnerable & Outdated Components 540-541
16.8. Identification & Authentication Failure 541-543
16.9. Software & Data Integrity 543
16.10. Security Logging & Monitoring Failure 544
16.11. Server Side Request Forgery 544
Chapter 17 : SQL Injection
17.1. Introduction To Database 545
17.2. Introduction To MySQL 545-546
17.3. MySQL Basics 546-555
17.4. Using AiO Labs V5 555-557
17.5. What Is SQL Injection 558
17.6. Understanding The Working Flow Of Apps 559-561
17.7. Breaking Original Query 561-562
17.8. Fixing Errors 562-564
17.9. Finding Columns 564-566
17.10. Finding Vulnerable Columns 567-569
17.11. Finding Table Names 569-574
17.12. Finding Column Names 574-575
17.13. Dumping Credentials From Database 575
17.14. Error Based SQL Injection (GET) 576-578
17.15. Error Based SQL Injection (POST) 578-582
17.16. Blind Injection (GET) 583-592
17.17. Blind Injection (POST) 593-595
17.18. Dumping Into OutFiles 595-598
17.19. Header Injection 598-603
17.20. Cookie Injection 603-605
17.21. Bypassing Filters 606-607
17.22. Bypassing Web App Firewalls 608-612
17.23. SQL Injection Test In DVWA (Low, Medium, High) 612-614
17.24. SQL Injection With SQL Map 615-617
Chapter 18 : Other Injection Attacks
18.1. Introduction 618
18.2. Command Injection 618-622
18.3. Cross Site Scripting (XSS) 623
18.3.1. Reflected XSS 623-625
18.3.1.A. Redirecting To Malicious Web Pages 625-626
18.3.1.B. Setting A Trap For Victim 626-632
18.3.1.C. Cookie Stealing 632-634
18.3.1.D. Bypassing Obstacles 634-637
18.3.2. Stored XSS 637-639
18.3.3. DOM XSS 640-647
18.4. XML/XPath Injection 647-652
18.5. XML External Entities (XXE) 653-658
18.6. Server-Side Template Injection (SSTI) 658-664
18.7. Object-Relational Mapping (ORM) Injection 664-665
Chapter 19 : Other Web Attacks
19.1. Introduction 666
19.2. Cross-Site Request Forgery (CSRF) Attack 667-671
19.3. Server-Side Request Forgery (SSRF) Attack 672-677
19.4. File Upload Vulnerability 678-686
19.5. Remote Code Execution (RCE) 687-689
19.6. File Inclusion (LFI & RFI) 690-694
19.7. JavaScript Attack 695-700
19.8. Authentication Attacks 700
19.8.1. Login BruteForce 700-703
19.8.2. Weak 2FA Bypass 704-705
19.8.3. Bypass Password Reset Broken Logic 705-706
Chapter 20 : Conclusion
20.1. Introduction 707
20.2. Social Engineering 707-708
20.3. Preparing For WAN Attacks 709-711
20.4. Continuous Learning 712-713
20.5. Building A Strong Community 713-714
20.6. Final Thoughts 714-715
20.7. References 716
Where can I get book ? Now I live in South Dagon.
ReplyDelete