Learn Ethical Hacking from Scratch电子书

Title Page

Copyright and Credits

Learn Ethical Hacking from Scratch

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introduction

What's in this book?

Preparation

Penetration testing

Network penetration testing

Gaining access

Post exploitation

Website penetration testing

Protecting your system

What is hacking?

Why should we learn about hacking?

A glimpse of hacking

Browser exploitation framework

Accessing the target computer's webcam

Summary

Setting Up a Lab

Lab overview

VirtualBox

Installation of VirtualBox

Installing Kali Linux

Installing Metasploitable

Installing Windows

Creating and using snapshots

Summary

Linux Basics

Overview of Kali Linux

Status bar icons

Connecting the wireless card

Linux commands

Commands

The ls command

The man command

The help command

The Tab button

Updating resources

Summary

Network Penetration Testing

What is a network?

Network basics

Connecting to a wireless adapter

MAC addresses

Wireless modes – managed and monitor

Enabling monitor mode manually

Enabling monitor mode using airmon-ng

Summary

Pre-Connection Attacks

Packet sniffing basics

Targeted packet sniffing

Deauthentication attack

What is a fake access point?

Creating fake access points with the MANA Toolkit

Summary

Network Penetration Testing - Gaining Access

WEP theory

Basic web cracking

Fake authentication attack

ARP request replay

WPA introduction

WPS cracking

Handshake theory

Capturing the handshake

Creating a wordlist

Wordlist cracking

Securing network from attacks

Summary

Post-Connection Attacks

Post-connection attacks

The netdiscover tool

The AutoScan tool

Zenmap

Summary

Man-in-the-Middle Attacks

Man-in-the–middle attacks

ARP spoofing using arpspoof

ARP spoofing using MITMf

Bypassing HTTPS

Session hijacking

DNS spoofing

MITMf screenshot keylogger

MITMf code injection

MITMf against a real network

Wireshark

Wireshark basics

Wireshark filters

Summary

Network Penetration Testing, Detection, and Security

Detecting ARP poisoning

Detecting suspicious behavior

Summary

Gaining Access to Computer Devices

Introduction to gaining access

Server side

Client side

Post-exploitation

Sever-side attacks

Server-side attack basics

Server-side attacks – Metasploit basics

Metasploit remote code execution

Summary

Scanning Vulnerabilities Using Tools

Installing MSFC

MSFC scan

MSFC analysis

Installing Nexpose

Running Nexpose

Nexpose analysis

Summary

Client-Side Attacks

Client-side attacks

Installing Veil

Payloads overview

Generating a Veil backdoor

Listening for connections

Testing the backdoor

Fake bdm1 updates

Client-side attacks using the bdm2 BDFProxy

Protection against delivery methods

Summary

Client-Side Attacks - Social Engineering

Client-side attacks using social engineering

Maltego overview

Social engineering – linking accounts

Social engineering – Twitter

Social engineering – emails

Social engineering – summary

Downloading and executing AutoIt

Changing the icon and compiling the payload

Changing extensions

Client-side attacks – TDM email spoofing

Summary

Attack and Detect Trojans with BeEF

The BeEF tool

BeEF – hook using a MITMf

BeEF – basic commands

BeEF – Pretty Theft

BeEF – Meterpreter 1

Detecting Trojans manually

Detecting Trojans using a sandbox

Summary

Attacks Outside the Local Network

Port forwarding

External backdoors

IP forwarding

External BeEF

Summary

Post Exploitation

An introduction to post exploitation

Meterpreter basics

Filesystem commands

Maintaining access by using simple methods

Maintaining access by using advanced methods

Keylogging

An introduction to pivoting

Pivoting autoroutes

Summary

Website Penetration Testing

What is a website?

Attacking a website

Summary

Website Pentesting - Information Gathering

Information gathering using tools

The Whois Lookup

Netcraft

Robtex

Websites on the same server

Information gathering from target websites

Finding subdomains

Information gathering using files

Analyzing file results

Summary

File Upload, Code Execution, and File Inclusion Vulnerabilities

File upload vulnerabilities

Getting started with Weevely

Code execution vulnerabilities

Local file inclusion vulnerabilities

Remote file inclusion using Metasploitable

Basic mitigation

Summary

SQL Injection Vulnerabilities

What is SQL?

The dangers of SQLi

Discovering SQLi

SQLi authorization bypass

Discovering an SQLi using the GET method

Basic SELECT statements

Discovering tables

Reading columns and their data

Reading and writing files on the server

The sqlmap tool

Preventing SQLi

Summary

Cross-Site Scripting Vulnerabilities

Introduction to XSS

Reflected XSS

Stored XSS

XSS BeEF exploitation

XSS protection

Summary

Discovering Vulnerabilities Automatically Using OWASP ZAP

OWASP ZAP start

OWASP ZAP results

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think