售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Title Page
Second Edition
Copyright
Mastering Kali Linux for Advanced Penetration Testing
Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
Goal-Based Penetration Testing
Conceptual overview of security testing
Failure of classical vulnerability scanning, penetration testing, and Red Team Exercises
The testing methodology
Introduction to Kali Linux – history and purpose
Installing and updating Kali Linux
Using Kali Linux from a portable device
Installing Kali into a virtual machine
VMware Workstation Player
VirtualBox
Installing to a Docker appliance
Installing Kali to the cloud – creating an AWS instance
Organizing Kali Linux
Configuring and customizing Kali Linux
Resetting the root password
Adding a non-root user
Speeding up Kali operations
Sharing folders with the host operating system
Using BASH scripts to customize Kali
Building a verification lab
Setting up a virtual network with Active Directory
Installing defined targets
Metasploitable3
Mutillidae
Managing collaborative penetration testing using Faraday
Summary
Open Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
OSINT
Offensive OSINT
Maltego
CaseFile
Google caches
Scraping
Gathering usernames and email addresses
Obtaining user information
Shodan and censys.io
Google Hacking Database
Using dork script to query Google
DataDump sites
Using scripts to automatically gather OSINT data
Defensive OSINT
Dark Web
Security breaches
Threat Intelligence
Profiling users for password lists
Creating custom word lists for cracking passwords
Using CeWL to map a website
Extracting words from Twitter using Twofi
Summary
Active Reconnaissance of External and Internal Networks
Stealth scanning strategies
Adjusting source IP stack and tool identification settings
Modifying packet parameters
Using proxies with anonymity networks
DNS reconnaissance and route mapping
The whois command
Employing comprehensive reconnaissance applications
The recon-ng framework
IPv4
IPv6
Using IPv6 - specific tools
Mapping the route to the target
Identifying the external network infrastructure
Mapping beyond the firewall
IDS/IPS identification
Enumerating hosts
Live host discovery
Port, operating system, and service discovery
Port scanning
Writing your own port scanner using netcat
Fingerprinting the operating system
Determining active services
Large scale scanning
DHCP information
Identification and enumeration of internal network hosts
Native MS Windows commands
ARP broadcasting
Ping sweep
Using scripts to combine Masscan and nmap scans
Taking advantage of SNMP
Windows account information via Server Message Block (SMB) sessions
Locating network shares
Reconnaissance of active directory domain servers
Using comprehensive tools (SPARTA)
An example to configure SPARTA
Summary
Vulnerability Assessment
Vulnerability nomenclature
Local and online vulnerability databases
Vulnerability scanning with nmap
Introduction to LUA scripting
Customizing NSE scripts
Web application vulnerability scanners
Introduction to Nikto and Vega
Customizing Nikto and Vega
Vulnerability scanners for mobile applications
The OpenVAS network vulnerability scanner
Customizing OpenVAS
Specialized scanners
Threat modelling
Summary
Physical Security and Social Engineering
Methodology and attack methods
Computer-based
Voice-based
Physical attacks
Physical attacks at the console
Samdump2 and chntpw
Sticky keys
Attacking system memory with Inception
Creating a rogue physical device
Microcomputer-based attack agents
The Social Engineering Toolkit (SET)
Using a website attack vector - the credential harvester attack method
Using a website attack vector - the tabnabbing attack method
Using the PowerShell alphanumeric shellcode injection attack
HTA attack
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Spear phishing attack
Setting up a phishing campaign with Phishing Frenzy
Launching a phishing attack
Summary
Wireless Attacks
Configuring Kali for wireless attacks
Wireless reconnaissance
Kismet
Bypassing a hidden service set identifier (SSID)
Bypassing the MAC address authentication and open authentication
Attacking WPA and WPA2
Brute force attacks
Attacking wireless routers with Reaver
Denial-of-service (DoS) attacks against wireless communications
Compromising enterprise implementations of WPA/WPA2
Working with Ghost Phisher
Summary
Reconnaissance and Exploitation of Web-Based Applications
Methodology
Hackers mindmap
Conducting reconnaissance of websites
Detection of web application firewall and load balancers
Fingerprinting a web application and CMS
Mirroring a website from the command line
Client-side proxies
Burp Proxy
Extending the functionality of web browsers
Web crawling and directory brute force attacks
Web-service-specific vulnerability scanners
Application-specific attacks
Brute-forcing access credentials
OS command injection using commix
Injection attacks against databases
Maintaining access with web shells
Summary
Attacking Remote Access
Exploiting vulnerabilities in communication protocols
Compromising Remote Desktop Protocol (RDP)
Compromising secure shell
Compromising remote access protocols (VNC)
Attacking Secure Sockets Layer (SSL)
Weaknesses and vulnerabilities in the SSL protocol
Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)
Compression Ratio Info-leak Made Easy (CRIME)
Factoring Attack on RSA-EXPORT Keys (FREAK)
Heartbleed
Insecure TLS renegotiation
Logjam attack
Padding Oracle On Demanded Legacy Encryption (POODLE)
Introduction to Testssl
Reconnaissance of SSL connections
Using sslstrip to conduct a man-in-the-middle attack
Denial-of-service attacks against SSL
Attacking an IPSec virtual private network
Scanning for VPN gateways
Fingerprinting the VPN gateway
Capturing pre-shared keys
Performing offline PSK cracking
Identifying default user accounts
Summary
Client-Side Exploitation
Backdooring executable files
Attacking a system using hostile scripts
Conducting attacks using VBScript
Attacking systems using Windows PowerShell
The Cross-Site Scripting framework
The Browser Exploitation Framework (BeEF)
Configuring the BeEF
Understanding BeEF browser
Integrating BeEF and Metasploit attacks
Using BeEF as a tunneling proxy
Summary
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Pre-admission NAC
Adding new elements
Identifying the rules
Exceptions
Quarantine rules
Disabling endpoint security
Preventing remediation
Adding exceptions
Post-admission NAC
Bypassing isolation
Detecting HoneyPot
Bypassing antivirus using different frameworks
Using the Veil framework
Using Shellter
Bypassing application-level controls
Tunneling past client-side firewalls using SSH
Inbound to outbound
Bypassing URL filtering mechanisms
Outbound to inbound
Defeating application whitelisting
Bypassing Windows-specific operating system controls
Enhanced Migration Experience Toolkit (EMET)
User Account Control (UAC)
Other Windows-specific operating system controls
Access and authorization
Encryption
System security
Communications security
Auditing and logging
Summary
Exploitation
The Metasploit framework
Libraries
REX
Framework - core
Framework - base
Interfaces
Modules
Database setup and configuration
Exploiting targets using MSF
Single targets using a simple reverse shell
Single targets using a reverse shell with a PowerShell attack vector
Exploiting multiple targets using MSF resource files
Exploiting multiple targets with Armitage
Using public exploits
Locating and verifying publicly available exploits
Compiling and using exploits
Compiling C files
Adding the exploits that are written using Metasploit framework as a base
Developing a Windows exploit
Identifying a vulnerability using fuzzing
Crafting a Windows-specific exploit
Summary
Action on the Objective
Activities on the compromised local system
Conducting a rapid reconnaissance of a compromised system
Finding and taking sensitive data - pillaging the target
Creating additional accounts
Post-exploitation tools (MSF, the Veil-Pillage framework, scripts)
Veil-Pillage
Horizontal escalation and lateral movement
Compromising domain trusts and shares
PsExec, WMIC, and other tools
WMIC
Lateral movement using services
Pivoting and port forwarding
Using Proxychains
Summary
Privilege Escalation
Overview of common escalation methodology
Local system escalation
Escalating from administrator to system
DLL injection
PowerShell's Empire tool
Credential harvesting and escalation attacks
Password sniffers
Responder
SMB relay attacks
Escalating access rights in Active Directory
Compromising Kerberos - the golden ticket attack
Summary
Command and Control
Using persistent agents
Employing Netcat as a persistent agent
Using schtasks to configure a persistent task
Maintaining persistence with the Metasploit framework
Using the persistence script
Creating a standalone persistent agent with Metasploit
Persistence using social media and Gmail
Exfiltration of data
Using existing system services (Telnet, RDP, and VNC)
Exfiltration of data using DNS protocol
Exfiltration of data using ICMP
Using the Data Exfiltration Toolkit (DET)
Exfiltration from PowerShell
Hiding evidence of the attack
Summary
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜