Learn Penetration Testing电子书

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Section 1: The Basics

Introduction to Penetration Testing

Technical requirements

What is penetration testing?

Stages of a penetration test

Pre-engagement

Scoping

Timelines

Dealing with third parties

Payment

Your "get out of jail free card"

Intelligence gathering

Threat modeling

Vulnerability analysis

Exploitation

Post-exploitation

Reporting

Executive summary

Technical report

Getting started with your lab

Creating virtual machines in VMware, Hyper-V, and VirtualBox

Microsoft Hyper-V

VMware

VirtualBox

Target machines

Metasploitable

Summary

Questions

Getting Started with Kali Linux

Technical requirements

An introduction to Kali Linux

Installing and configuring Kali Linux

Installation

Installing Kali Linux on macOS

Installing Kali Linux using the Windows Subsystem for Linux (WSL)

Installing Kali Linux using VirtualBox

Configuring Kali Linux

Basic commands in Kali Linux

Scripting in Kali Linux

The essential tools of Kali Linux

Nmap

Aircrack-ng

John the Ripper (JTR) and Hydra

SET

Burp Suite

Summary

Questions

Section 2: Exploitation

Performing Information Gathering

Technical requirements

Passive information gathering

Using the internet

Google dorks

Shodan

Shodan scripting

Using Kali Linux

Maltego

Active information gathering

Nmap

Vulnerability scanning

OpenVAS

Nessus

Capturing traffic

Wireshark

tcpdump

Summary

Questions

Mastering Social Engineering

Technical requirements

What is social engineering?

Pretexting

Phishing

Spear phishing

Tailgating

Social engineering tools

The social engineering toolkit (SET)

Gophish

Modlishka

Wifiphisher

Creating a social engineering campaign

Installing Modlishka

Executing the attack

Using SET to create a phishing campaign

Summary

Questions

Diving into the Metasploit Framework

Technical requirements

Introducing Metasploit

Updating the Metasploit Framework

Linking the Metasploit Framework to a database

Enhancing your experience within Metasploit

Using Metasploit to exploit a remote target

Finding modules

Exploit-DB

Rapid7 exploit database

0day.today

Adding modules

Metasploit options, shells, and payloads

Options

Shells

Payloads

Working with MSFvenom

Summary

Questions

Understanding Password Attacks

Technical requirements

Introduction to password attacks

Working with wordlists

Password profiling

Password mutation

Offline password attacks

John the Ripper

Hashcat

Online password attacks

Hydra

Medusa

Ncrack

Dumping passwords from memory

Summary

Questions

Working with Burp Suite

Technical requirements

Understanding Burp Suite

Preparing your environment

Installing Burp Suite Professional

Setting up OWASP BWA

Configuring your browser

Exploring and configuring Burp Suite components

Burp Suite tools

Proxy

Target

Scanner

Repeater

Intruder

Sequencer

Decoder

Comparer

Extender

Summary

Questions

Attacking Web Applications

Technical requirements

Preparing your environment

Types of web application security testing

The components of a web application

Web application architecture

Web application languages

Python

Ruby

Java

Understanding the HTTP protocol

HTTP requests and responses

Common web application attacks

Inclusion attacks (LFI/RFI)

Cross-Site Request Forgery (CSRF)

Cross-site scripting (XSS)

SQL injection (SQLi)

Command execution

Attacking web applications

Nikto

Using Sqlmap

Performing attacks using Sqlmap

Information gathering

Dumping user details from SQL tables

Creating a backdoor using PHP

Performing XSS attacks

Performing a reflective XSS attack

Performing a stored XSS attack

Performing a file inclusion attack

Performing a command execution attack

Summary

Questions

Getting Started with Wireless Attacks

Technical requirements

Exploring wireless attacks

Wireless network architecture

Wireless frames

Notable wireless frames

Wireless security protocols

WEP

WPA

Wi-Fi Protected Access version 2 (WPA2)

Wi-Fi Protected Access version 3 (WPA3)

Types of wireless attacks

Compatible hardware

Wireless adapters

Wireless attack tools

Wifiphisher

Aircrack-ng suite

Airmon-ng

Airodump-ng

Aireplay-ng

Airgeddon

The Evil Twin attack

Cracking WEP, WPA, and WPA2

Cracking WPA/WPA2

Cracking WEP

Summary

Questions

Section 3: Post Exploitation

Moving Laterally and Escalating Your Privileges

Technical requirements

Discovering post-exploitation techniques

Lateral movement

Privilege escalation

Pivoting

Preparing your environment

Post-exploitation tools

Metasploit Framework

Metasploit post modules

Empire

Responder

Mimikatz

Performing post-exploitation attacks

Performing credential harvesting

Performing Overpass-the-Hash

Performing lateral movement

Performing a Pass-the-Ticket attack

Summary

Questions

Antivirus Evasion

Technical requirements

The evolution of antivirus technologies

Out with the old

In with the new

Concepts of antivirus evasion

Antivirus evasion techniques

Encoders

Custom compiling

Obfuscation

Getting started with antivirus evasion

MSFvenom

Veil Evasion

TheFatRat

Custom compiling

Testing evasion techniques

VirusTotal

Summary

Questions

Maintaining Control within the Environment

Technical requirements

The importance of maintaining access

Techniques used to maintain access

Backdoor

C2

Linux cron jobs

Living off the land

Using tools for persistence

The Metasploit Framework

Empire

Summary

Questions

Section 4: Putting It All Together

Reporting and Acting on Your Findings

Technical requirements

The importance of a penetration testing report

What goes into a penetration test report?

Cover page

Executive summary

Background

Overall posture

Risk ranking

General findings

Strategic roadmap

Technical report

Tools used

Information gathering

Vulnerability assessment and exploitation

Post-exploitation

Conclusion

Tools for report writing

Methodologies

Nodes

Issues and evidence

Recommending remediation options

Information gathering

Social engineering

Vulnerabilities and OS hardening

Passwords

Web applications

Privilege escalation and lateral movement

Summary

Questions

Where Do I Go from Here?

Technical requirements

Knowledge maintenance

Network penetration testing

Wireless penetration testing

Web application penetration testing

Online training

Cybrary

Pentester Academy

Pentesterlab

Certifications

eLearnSecurity

Offensive security

Global Information Assurance Certifications (GIACs)

Toolkit maintenance

Purposefully vulnerable resources

Vulnhub

Hack The Box

Summary

Assessments

Chapter 1: Introduction to Penetration Testing

Chapter 2: Getting Started with Kali Linux

Chapter 3: Performing Information Gathering

Chapter 4: Mastering Social Engineering

Chapter 5: Diving into the Metasploit Framework

Chapter 6: Understanding Password Attacks

Chapter 7: Working with Burp Suite

Chapter 8: Attacking Web Applications

Chapter 9: Getting Started with Wireless Attacks

Chapter 10: Moving Laterally and Escalating your Privileges

Chapter 11: Antivirus Evasion

Chapter 12: Maintaining Control within the Environment

Chapter 13: Reporting and Acting on Your Findings

Other Books You May Enjoy

Leave a review - let other readers know what you think