Penetration Testing Bootcamp电子书

Title Page

Copyright

Penetration Testing Bootcamp

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Planning and Preparation

Why does penetration testing take place?

Understanding the engagement

Defining objectives with stakeholder questionnaires

Scoping criteria

Documentation

Understanding the network diagram – onshore IT example

Data flow diagram

Organization chart

Building the systems for the penetration test

Penetration system software setup

Summary

Information Gathering

Understanding the current environment

Where to look for information – checking out the toolbox!

Search engines as an information source

Utilizing whois for information gathering

Enumerating DNS with dnsmap

DNS reconnaissance with DNSRecon

Checking for a DNS BIND version

Probing the network with Nmap

Checking for DNS recursion with NSE

Fingerprinting systems with P0f

Firewall reconnaissance with Firewalk

Detecting a web application firewall

Protocol fuzzing with DotDotPwn

Using Netdiscover to find undocumented IPs

Enumerating your findings

Summary

Setting up and maintaining the Command and Control Server

Command and control servers

Setting up secure connectivity

Inside server SSH setup

Command and control server SSH setup

Setting up a reverse SSH tunnel

stunnel to the rescue

stunnel setup on the client – Raspberry Pi

Verifying automation

Automating evidence collection

File utilities

Playing with tar

Split utility

Summary

Vulnerability Scanning and Metasploit

Vulnerability scanning tools

Scanning techniques

OpenVAS

Getting started with OpenVAS

Performing scans against the environment

Getting started with Metasploit

Exploiting our targets with Metasploit

Understanding client-side attacks

Using BeEF for browser-based exploitation

Using SET for client-side exploitation

Summary

Traffic Sniffing and Spoofing

Traffic sniffing tools and techniques

Sniffing tools

Tcpdump

WinDump

Wireshark

Understanding spoofing attacks

ARP spoofing

Ettercap

SSLStrip

Intercepting SSL traffic with SSLsplit

Summary

Password-based Attacks

Generating rainbow tables and wordlists

Creating rainbows with RainbowCrack

Crunching wordlists

Online locations

Cracking utilities

John the Ripper

THC-Hydra

Ncrack

Medusa

Social engineering experiments

Impersonation to get the goods

Scenario 1

Scenario 2

Dumpster diving

Free USB drives for all!!

Summary

Attacks on the Network Infrastructure

Wired-based attacks

snmp-check

Rogue DHCP server

Denial-of-service checks

Various attacks with hping3

Land attacks with hping3

Smurf attacks using hping3

MAC flooding with Macof

Wireless-based attacks

Cracking WPA2 with aircrack-ng

Monitoring the airway with Kismet

Attacking WEP with wifite

Bluetooth probing

Bluelog

Btscanner

Blueranger

Scanning with Hcitool

Physical security considerations

Secure access

Employee/vendor identification

Summary

Web Application Attacks

Manipulation by client-side testing

Cross-site scripting attacks

Reflected XSS attack

Stored XSS attack

Using OWASP ZAP to find session issues

Infrastructure and design weaknesses

Uniscan

Using Skipfish for web application recon

Identity-based testing

Role based access control

Apache-users

Wfuzz

Validating data, error handling, and logic

SQL Injection fun with Sqlmap

Error handling issues

Session management

Burp suite with intercept

Using XSS for cookie retrieval

Summary

Cleaning Up and Getting Out

Cleaning up any trails left behind

Covering your tracks

Clearev with Metasploit

Shredding files with shred

CLI tips for hiding your tracks

ClearLogs for Windows

Using DD and mkfs to clear drives

LUKS Nuke blowing up partition

Destroying equipment

Stakeholder-sponsored destruction

Destruction by the penetration tester

Summary

Writing Up the Penetration Testing Report

Gathering all your data

Importance of defining risk

Structure of a penetration test report

Cover sheet

Table of contents

Executive summary

The scope of the project

Objectives of the penetration test

Description of risk rating scale

Summary of findings

Detailed findings

Conclusion

Appendix A - tools used

Appendix B - attached reports

Appendix C - attached diagrams

About your company

Building the report

Delivering the report

Summary