Backtrack 4: Assuring Security by Penetration Testing电子书

BackTrack 4: Assuring Security by Penetration Testing

Table of Contents

BackTrack 4: Assuring Security by Penetration Testing

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

I. Lab Preparation and Testing Procedures

1. Beginning with BackTrack

History

BackTrack purpose

Getting BackTrack

Using BackTrack

Live DVD

Installing to hard disk

Installation in real machine

Installation in VirtualBox

Portable BackTrack

Configuring network connection

Ethernet setup

Wireless setup

Starting the network service

Updating BackTrack

Updating software applications

Updating the kernel

Installing additional weapons

Nessus vulnerability scanner

WebSecurify

Customizing BackTrack

Summary

2. Penetration Testing Methodology

Types of penetration testing

Black-box testing

White-box testing

Vulnerability assessment versus penetration testing

Security testing methodologies

Open Source Security Testing Methodology Manual (OSSTMM)

Key features and benefits

Information Systems Security Assessment Framework (ISSAF)

Key features and benefits

Open Web Application Security Project (OWASP) Top Ten

Key features and benefits

Web Application Security Consortium Threat Classification (WASC-TC)

Key features and benefits

BackTrack testing methodology

Target scoping

Information gathering

Target discovery

Enumerating target

Vulnerability mapping

Social engineering

Target exploitation

Privilege escalation

Maintaining access

Documentation and reporting

The ethics

Summary

II. Penetration Testers Armory

3. Target Scoping

Gathering client requirements

Customer requirements form

Deliverables assessment form

Preparing the test plan

Test plan checklist

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

4. Information Gathering

Public resources

Document gathering

Metagoofil

DNS information

dnswalk

dnsenum

dnsmap

dnsmap-bulk

dnsrecon

fierce

Route information

0trace

dmitry

itrace

tcpraceroute

tctrace

Utilizing search engines

goorecon

theharvester

All-in-one intelligence gathering

Maltego

Documenting the information

Dradis

Summary

5. Target Discovery

Introduction

Identifying the target machine

ping

arping

arping2

fping

genlist

hping2

hping3

lanmap

nbtscan

nping

onesixtyone

OS fingerprinting

p0f

xprobe2

Summary

6. Enumerating Target

Port scanning

AutoScan

Netifera

Nmap

Nmap target specification

Nmap TCP scan options

Nmap UDP scan options

Nmap port specification

Nmap output options

Nmap timing options

Nmap scripting engine

Unicornscan

Zenmap

Service enumeration

Amap

Httprint

Httsquash

VPN enumeration

ike-scan

Summary

7. Vulnerability Mapping

Types of vulnerabilities

Local vulnerability

Remote vulnerability

Vulnerability taxonomy

Open Vulnerability Assessment System (OpenVAS)

OpenVAS integrated security tools

Cisco analysis

Cisco Auditing Tool

Cisco Global Exploiter

Cisco Passwd Scanner

Fuzzy analysis

BED

Bunny

JBroFuzz

SMB analysis

Impacket Samrdump

Smb4k

SNMP analysis

ADMSnmp

Snmp Enum

SNMP Walk

Web application analysis

Database assessment tools

DBPwAudit

Pblind

SQLbrute

SQLiX

SQLMap

SQL Ninja

Application assessment tools

Burp Suite

Grendel Scan

LBD

Nikto2

Paros Proxy

Ratproxy

W3AF

WAFW00F

WebScarab

Summary

8. Social Engineering

Modeling human psychology

Attack process

Attack methods

Impersonation

Reciprocation

Influential authority

Scarcity

Social relationship

Social Engineering Toolkit (SET)

Targeted phishing attack

Gathering user credentials

Common User Passwords Profiler (CUPP)

Summary

9. Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Scenario #1

Scenario #2

SNMP community scanner

VNC blank authentication scanner

IIS6 WebDAV unicode auth bypass

Scenario #3

Bind shell

Reverse shell

Meterpreter

Scenario #4

Scenario #5

Generating binary backdoor

Automated browser exploitation

Writing exploit module

Summary

10. Privilege Escalation

Attacking the password

Offline attack tools

Rainbowcrack

Samdump2

John

Ophcrack

Crunch

Wyd

Online attack tools

BruteSSH

Hydra

Network sniffers

Dsniff

Hamster

Tcpdump

Tcpick

Wireshark

Network spoofing tools

Arpspoof

Ettercap

Summary

11. Maintaining Access

Protocol tunneling

DNS2tcp

Ptunnel

Stunnel4

Proxy

3proxy

Proxychains

End-to-end connection

CryptCat

Sbd

Socat

Summary

12. Documentation and Reporting

Documentation and results verification

Types of reports

Executive report

Management report

Technical report

Network penetration testing report (sample contents)

Table of Contents

Presentation

Post testing procedures

Summary

A. Supplementary Tools

Vulnerability scanner

NeXpose community edition

NeXpose installation

Starting NeXpose community

Login to NeXpose community

Using NeXpose community

Web application fingerprinter

WhatWeb

BlindElephant

Network Ballista

Netcat

Open connection

Service banner grabbing

Simple server

File transfer

Portscanning

Backdoor Shell

Reverse shell

Summary

B. Key Resources

Vulnerability Disclosure and Tracking

Paid Incentive Programs

Reverse Engineering Resources

Network ports

Index