Learning Penetration Testing with Python电子书

Learning Penetration Testing with Python

Table of Contents

Learning Penetration Testing with Python

Credits

Disclaimer

About the Author

Acknowlegements

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Understanding the Penetration Testing Methodology

An overview of penetration testing

Understanding what penetration testing is not

Vulnerability assessments

Reverse engineering engagements

Hacking

Assessment methodologies

The penetration testing execution standard

Pre-engagement interactions

White Box Testing

Grey Box Testing

Black Box Testing

Double Blind Testing

Intelligence gathering

Threat modeling

Vulnerability analysis

Exploitation

Post exploitation

Reporting

An example engagement

Penetration testing tools

NMAP

Metasploit

Veil

Burp Suite

Hydra

John the Ripper

Cracking Windows passwords with John

oclHashcat

Ophcrack

Mimikatz and Incognito

SMBexec

Cewl

Responder

theHarvester and Recon-NG

pwdump and fgdump

Netcat

Sysinternals tools

Summary

2. The Basics of Python Scripting

Understanding the difference between interpreted and compiled languages

Python – the good and the bad

A Python interactive interpreter versus a script

Environmental variables and PATH

Understanding dynamically typed languages

The first Python script

Developing scripts and identifying errors

Reserved words, keywords, and built-in functions

Global and local variables

Understanding a namespace

Modules and imports

Python formatting

Indentation

Python variables

Debugging variable values

String variables

Number variables

Converting string and number variables

List variables

Tuple variables

Dictionary variables

Understanding default values and constructors

Passing a variable to a string

Operators

Comparison operators

Assignment operators

Arithmetic operators

Logical and membership operators

Compound statements

The if statements

Python loops

The while loop

The for loop

The break condition

Conditional handlers

Functions

The impact of dynamically typed languages on functions on functions

Curly brackets

How to comment your code

The Python style guide

Classes

Functions

Variables and instance names

Arguments and options

Your first assessor script

Summary

3. Identifying Targets with Nmap, Scapy, and Python

Understanding how systems communicate

The Ethernet frame architecture

Layer 2 in Ethernet networks

Layer 2 in wireless networks

The IP packet architecture

The TCP header architecture

Understanding how TCP works

The TCP three-way handshake

The UDP header architecture

Understanding how UDP works

Understanding Nmap

Inputting the target ranges for Nmap

Executing the different scan types

Executing TCP full connection scans

Executing SYN scans

Executing ACK scans

Executing UDP scans

Executing combined UDP and TCP scans

Skipping the operating system scans

Different output types

Understanding the Nmap Grepable output

Understanding the Nmap XML output

The Nmap scripting engine

Being efficient with Nmap scans

Determining your interface details with the netifaces library

Nmap libraries for Python

The Scapy library for Python

Summary

4. Executing Credential Attacks with Python

The types of credential attacks

Defining the online credential attack

Defining the offline credential attack

Identifying the target

Creating targeted usernames

Generating and verifying usernames with help from the U.S. census

Generating the usernames

Testing for users using SMTP VRFY

Creating the SMTP VRFY script

Summary

5. Exploiting Services with Python

Understanding the new age of service exploitation

Understanding the chaining of exploits

Checking for weak, default, or known passwords

Gaining root access to the system

Understanding the cracking of Linux hashes

Testing for the synchronization of account credentials

Automating the exploit train with Python

Summary

6. Assessing Web Applications with Python

Identifying live applications versus open ports

Identifying hidden files and directories with Python

Credential attacks with Burp Suite

Using twill to walk through the source

Understanding when to use Python for web assessments

Understanding when to use specific libraries

Being efficient during web assessments

Summary

7. Cracking the Perimeter with Python

Understanding today's perimeter

Clear-text protocols

Web applications

Encrypted remote access services

Virtual Private Networks (VPNs)

Mail services

Domain Name Service (DNS)

User Datagram Protocol (UDP) services

Understanding the link between accounts and services

Cracking inboxes with Burp Suite

Identifying the attack path

Understanding the limitations of perimeter scanning

Downloading backup files from a TFTP server

Determining the backup filenames

Cracking Cisco MD5 hashes

Gaining access through websites

The execution of file inclusion attacks

Verifying an RFI vulnerability

Exploiting the hosts through RFI

Summary

8. Exploit Development with Python, Metasploit, and Immunity

Getting started with registers

Understanding general purpose registers

The EAX

The EBX

The ECX

The EDX

Understanding special purpose registers

The EBP

The EDI

The EIP

The ESP

Understanding the Windows memory structure

Understanding the stack and the heap

Understanding the program image and dynamic-link libraries

Understanding the process environment block

Understanding the thread environment block

Kernel

Understanding memory addresses and endianness

Understanding the manipulation of the stack

Understanding immunity

Understanding basic buffer overflow

Writing a basic buffer overflow exploit

Understanding stack adjustments

Understanding the purpose of local exploits

Understanding other exploit scripts

Exploiting standalone binaries by executing scripts

Exploiting systems by TCP service

Exploiting systems by UDP service

Reversing Metasploit modules

Understanding protection mechanisms

Summary

9. Automating Reports and Tasks with Python

Understanding how to parse XML files for reports

Understanding how to create a Python class

Creating a Python script to parse an Nmap XML

Creating a Python script to generate Excel spreadsheets

Summary

10. Adding Permanency to Python Tools

Understanding logging within Python

Understanding the difference between multithreading and multiprocessing

Creating a multithreaded script in Python

Creating a multiprocessing script in Python

Building industry-standard tools

Summary

Index