Hands-On Penetration Testing with Kali NetHunter电子书

Title Page

Copyright and Credits

Hands-On Penetration Testing with Kali NetHunter

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Section 1: Exploring Kali NetHunter

Introduction to Kali NetHunter

What is Kali NetHunter?

Tools within Kali NetHunter

MAC Changer

The MITM framework

HID attacks

DuckHunter HID

BadUSB MITM attacks

The MANA Wireless Toolkit

Software defined radio

Network Mapper

The Metasploit Payload Generator

Searchsploit

The Android platform and security model

The Android architecture

The Application layer

The Application Framework Layer

Android Libraries

Android Runtime

Kernel

The Android security model

Android Device Manager

SafetyNet

Verify applications

Application services

Android updates

The Google Play Store

Google Play Protect

Installing NetHunter

Building Kali NetHunter for a specific device (optional)

Additional optional hardware

Summary

Understanding the Phases of the Pentesting Process

The need for penetration testing

Types of hackers

White hat

Grey hat

Black hat

Script kiddie

Suicide hacker

Hacktivist

State-sponsored hacker

Penetration testing

Blue teaming vs red teaming vs purple team

Blue team

Red team

Purple team

Types of penetration tests

Phases of penetration testing

The pre-attack phase

The attack phase

The post-attack phase

Penetration testing methodologies and frameworks

OWASP testing framework

PCI penetration testing guide

Penetration Testing Execution Standard

Open Source Security Testing Methodology Manual

Phases of penetration testing

Reconnaissance

Scanning

Gaining access

Maintaining access

Clearing tracks

Deliverables

Summary

Section 2: Common Pentesting Tasks and Tools

Intelligence-Gathering Tools

Technical requirements

Objectives of intelligence gathering

Information for the taking

Types of information available

Network information

Organizational data

Tools for gathering useful information

Using Shodan

Working with filters

Using Metagoofil

Exercise using Metagoofil to collect information

Using Nikto

Exercise – working with Nikto

What is robots.txt?

Using Parsero

Exercise – working with Parsero

Using wget

Exercise – working with wget

Using HTTrack

Exercise – using HTTrack

Google Hacking

Exercise – what's the Right Search Engine

Location

Social networking

Using Echosec

Exercise – working with Echosec

Working with Recon-Ng

Going for technical data

Using WHOIS

Exercise – getting the most from WHOIS

nslookup

Reverse DNS Lookups

Looking up an NS record

Querying an MX record

Querying an SOA record

Querying another DNS

Using dnsenum

Exercise – working with dnsenum

Using DNSMAP

Using traceroute

Summary

Further reading

Scanning and Enumeration Tools

Technical requirements

Scanning

Conducting a scan

Troubleshooting scanning results

Determining whether a host is up or down

Exercise – working with ping

Using Nmap

Exercise – Performing a Ping Sweep with Nmap

Port scanning

Full Open/TCP connect scans

Stealth scans

XMAS scans

FIN scans

NULL scans

ACK scans

Tuning and tweaking

UDP scanning

Banner grabbing

Exercise using Telnet to banner-grab

Exercise – using nmap to banner-grab

Enumeration with NetHunter

Enumerating DNS

Enumerating SMTP

Exercise – using NMAP to enumerate

Exercise – working with smtp-user-enum

Working with SMB

Exercise – using enum4linux

Exercise – using acccheck

Exercise – using SMBmap

Summary

Further reading

Penetrating the Target

Technical requirements

Concerning passwords

Choosing an approach to cracking

Passive techniques

Man-in-the-Middle

Exercise – working with SSL strip

Active techniques

Working with Ncrack

Exercise – working with Ncrack

Offline attacks

Rainbow tables

Exercise – creating the rainbow table

Exercise – working with rtgen

Putting it together

Exercise – recovering passwords with hashcat

Executing applications

Escalating privileges

Executing applications on the target

Exercise – planting a backdoor with Netcat

Summary

Further reading

Clearing Tracks and Removing Evidence from a Target

Clearing tracks

Types of logs and their locations

DHCP server logs

Syslog messages

Packet analysis

Web server logs

Database logs

Event logs

Clearing logs on Windows

Using PowerShell to clear logs in Windows

Using the command prompt to clear logs in Windows

Clearing logs in Linux

Summary

Section 3: Advanced Pentesting Tasks and Tools

Packet Sniffing and Traffic Analysis

The need for sniffing traffic

Types of packet-sniffing techniques

Active sniffing

Passive sniffing

Tools and techniques of packet sniffing

Aircrack-ng

Observing wireless networks using airmon-ng

Arpspoof

Dsniff

Kismet

Tcpdump

TShark

The MITM framework

Packet analysis techniques

Dsniff

Tshark

Urlsnarf

Tcpdump

Summary

Targeting Wireless Devices and Networks

Wireless network topologies

Independent Basic Service Set

Basic Service Set

Extended Service Set

Wireless standards

Service Set Identifier

Wireless authentication modes

Wireless encryption standard

Wired Equivalent Privacy

Wi-Fi Protected Access

Wi-Fi Protected Access 2

Wireless threats

Wireless attacks

Exercise – checking whether a wireless card supports injection

Exercise – detecting access points and their manufacturers

Exercise – discovering the WPS version of an access point

Exercise – de-authentication attacks

Exercise – de-authenticating a specific client

Exercise – detecting a de-authentication attack

Exercise – discovering hidden SSIDs

Exercise – cracking WEP and WPA

Cracking WEP Encryption

Bluetooth hacking

Summary

Avoiding Detection

Scanning

Stealth scanning

Decoys

Idle scans

MAC spoofing

Fragmentation

Metasploit Payload Generator

Encrypting traffic

Summary

Hardening Techniques and Countermeasures

Security threats and countermeasures

Viruses

Other common viruses

Client system security

The Windows baseline

The Windows registry

User accounts

Patch management

Windows Firewall

Disabling services

The Linux baseline

Security scanner for Linux

Disabling services in Linux

Hardening networking devices

Hardening mobile devices

Summary

Building a Lab

Technical requirements

Hypervisor

Type 1

Type 2

Vulnerable systems

Setting up the lab

Step 1 – installing the hypervisor

Step 2 – obtaining vulnerable systems

Step 3 – setting up Metasploitable

Step 4 – setting up the OWASP broken web applications project

Summary

Selecting a Kali Device and Hardware

Small computers

Gem PDA

Raspberry Pi 2 and 3

ODROID U2

Mobile hardware

External components

Wireless adapters

OTG cables

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think