Penetration testing a hands-on introduction to hacking
"In Penetration Testing, security researcher and trainer Georgia Weidman provides you with a survey of important skills that any aspiring pentester needs. This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloade...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | eBook |
| Language: | English |
| Published: |
San Francisco, California
No Starch Press
2014
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Mass Email Attacks / Peter Van Eeckhoutte
- Multipronged Attacks / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 12. Bypassing Antivirus Applications / Peter Van Eeckhoutte
- Trojans / Peter Van Eeckhoutte
- Msfvenom / Peter Van Eeckhoutte
- How Antivirus Applications Work / Peter Van Eeckhoutte
- Microsoft Security Essentials / Peter Van Eeckhoutte
- VirusTotal / Peter Van Eeckhoutte
- Getting Past an Antivirus Program / Peter Van Eeckhoutte
- Encoding / Peter Van Eeckhoutte
- Custom Cross Compiling / Peter Van Eeckhoutte
- Encrypting Executables with Hyperion / Peter Van Eeckhoutte
- Evading Antivirus with Veil-Evasion / Peter Van Eeckhoutte
- Hiding in Plain Sight / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 13. Post Exploitation / Peter Van Eeckhoutte
- Meterpreter / Peter Van Eeckhoutte
- Using the upload Command / Peter Van Eeckhoutte
- getuid / Peter Van Eeckhoutte
- Local File Inclusion / Peter Van Eeckhoutte
- Remote File Inclusion / Peter Van Eeckhoutte
- Command Execution / Peter Van Eeckhoutte
- Cross-Site Scripting / Peter Van Eeckhoutte
- Checking for a Reflected XSS Vulnerability / Peter Van Eeckhoutte
- Leveraging XSS with the Browser Exploitation Framework / Peter Van Eeckhoutte
- Cross-Site Request Forgery / Peter Van Eeckhoutte
- Web Application Scanning with w3af / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 15. Wireless Attacks / Peter Van Eeckhoutte
- Setting Up / Peter Van Eeckhoutte
- Viewing Available Wireless Interfaces / Peter Van Eeckhoutte
- Scan for Access Points / Peter Van Eeckhoutte
- Monitor Mode / Peter Van Eeckhoutte
- Capturing Packets / Peter Van Eeckhoutte
- Open Wireless / Peter Van Eeckhoutte
- Wired Equivalent Privacy / Peter Van Eeckhoutte
- WEP Weaknesses / Peter Van Eeckhoutte
- Cracking WEP Keys with Aircrack-ng / Peter Van Eeckhoutte
- Includes bibliographical references and index
- 17.A Stack-Based Buffer Overflow In Windows / Peter Van Eeckhoutte
- Searching For a Known Vulnerability in War-FTP / Peter Van Eeckhoutte
- Causing a Crash / Peter Van Eeckhoutte
- Locating EIP / Peter Van Eeckhoutte
- Generating a Cyclical Pattern to Determine Offset / Peter Van Eeckhoutte
- Verifying Offsets / Peter Van Eeckhoutte
- Hijacking Execution / Peter Van Eeckhoutte
- Getting a Shell / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 18. Structured Exception Handler Overwrites / Peter Van Eeckhoutte
- SEH Overwrite Exploits / Peter Van Eeckhoutte
- Passing Control to SEH / Peter Van Eeckhoutte
- Finding the Attack String in Memory / Peter Van Eeckhoutte
- POP POP RET / Peter Van Eeckhoutte
- SafeSEH / Peter Van Eeckhoutte
- Using a Short Jump / Peter Van Eeckhoutte
- Choosing a Payload / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 19. Fuzzing, Porting Exploits, And Metasploit Modules / Peter Van Eeckhoutte
- Installing Immunity Debugger and Mona / Peter Van Eeckhoutte
- Setting Up the Ubuntu 8.10 Target / Peter Van Eeckhoutte
- Creating the Windows 7 Target / Peter Van Eeckhoutte
- Creating a User Account / Peter Van Eeckhoutte
- Opting Out of Automatic Updates / Peter Van Eeckhoutte
- Setting a Static IP Address / Peter Van Eeckhoutte
- Adding a Second Network Interface / Peter Van Eeckhoutte
- Installing Additional Software / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 2. Using Kali Linux / Peter Van Eeckhoutte
- Linux Command Line / Peter Van Eeckhoutte
- The Linux Filesystem / Peter Van Eeckhoutte
- Changing Directories / Peter Van Eeckhoutte
- Learning About Commands: The Man Pages / Peter Van Eeckhoutte
- User Privileges / Peter Van Eeckhoutte
- Adding a User / Peter Van Eeckhoutte
- Adding a User to the sudoers File / Peter Van Eeckhoutte
- Switching Users and Using sudo / Peter Van Eeckhoutte
- Metasploit Payloads / Peter Van Eeckhoutte
- Meterpreter / Peter Van Eeckhoutte
- Exploiting WebDAV Default Credentials / Peter Van Eeckhoutte
- Running a Script on the Target Web Server / Peter Van Eeckhoutte
- Uploading a Msfvenom Payload / Peter Van Eeckhoutte
- Exploiting Open phpMyAdmin / Peter Van Eeckhoutte
- Downloading a File with TFTP / Peter Van Eeckhoutte
- Downloading Sensitive Files / Peter Van Eeckhoutte
- Downloading a Configuration File / Peter Van Eeckhoutte
- Downloading the Windows SAM / Peter Van Eeckhoutte
- Exploiting a Buffer Overflow in Third-Party Software / Peter Van Eeckhoutte
- Exploiting Third-Party Web Applications / Peter Van Eeckhoutte
- Exploiting a Compromised Service / Peter Van Eeckhoutte
- Exploiting Open NFS Shares / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 9. Password Attacks / Peter Van Eeckhoutte
- Password Management / Peter Van Eeckhoutte
- Fuzzing Programs / Peter Van Eeckhoutte
- Finding Bugs with Code Review / Peter Van Eeckhoutte
- Fuzzing a Trivial FTP Server / Peter Van Eeckhoutte
- Attempting a Crash / Peter Van Eeckhoutte
- Porting Public Exploits to Meet Your Needs / Peter Van Eeckhoutte
- Finding a Return Address / Peter Van Eeckhoutte
- Replacing Shellcode / Peter Van Eeckhoutte
- Editing the Exploit / Peter Van Eeckhoutte
- Writing Metasploit Modules / Peter Van Eeckhoutte
- A Similar Exploit String Module / Peter Van Eeckhoutte
- Porting Our Exploit Code / Peter Van Eeckhoutte
- Exploitation Mitigation Techniques / Peter Van Eeckhoutte
- Stack Cookies / Peter Van Eeckhoutte
- Address Space Layout Randomization / Peter Van Eeckhoutte
- Data Execution Prevention / Peter Van Eeckhoutte
- Mandatory Code Signing / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 20. Using The Smartphone Pentest Framework / Peter Van Eeckhoutte
- A Note About Nessus Rankings / Peter Van Eeckhoutte
- Why Use Vulnerability Scanners? / Peter Van Eeckhoutte
- Exporting Nessus Results / Peter Van Eeckhoutte
- Researching Vulnerabilities / Peter Van Eeckhoutte
- The Nmap Scripting Engine / Peter Van Eeckhoutte
- Running a Single NSE Script / Peter Van Eeckhoutte
- Metasploit Scanner Modules / Peter Van Eeckhoutte
- Metasploit Exploit Check Functions / Peter Van Eeckhoutte
- Web Application Scanning / Peter Van Eeckhoutte
- Nikto / Peter Van Eeckhoutte
- Attacking XAMPP / Peter Van Eeckhoutte
- Default Credentials / Peter Van Eeckhoutte
- Manual Analysis / Peter Van Eeckhoutte
- Exploring a Strange Port / Peter Van Eeckhoutte
- Finding Valid Usernames / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 7. Capturing Traffic / Peter Van Eeckhoutte
- Networking for Capturing Traffic / Peter Van Eeckhoutte
- Using Wireshark / Peter Van Eeckhoutte
- Online Password Attacks / Peter Van Eeckhoutte
- Wordlists / Peter Van Eeckhoutte
- Guessing Usernames and Passwords with Hydra / Peter Van Eeckhoutte
- Offline Password Attacks / Peter Van Eeckhoutte
- Recovering Password Hashes from a Windows SAM File / Peter Van Eeckhoutte
- Dumping Password Hashes with Physical Access / Peter Van Eeckhoutte
- LM vs. NTLM Hashing Algorithms / Peter Van Eeckhoutte
- The Trouble with LM Password Hashes / Peter Van Eeckhoutte
- John the Ripper / Peter Van Eeckhoutte
- Cracking Linux Passwords / Peter Van Eeckhoutte
- Cracking Configuration File Passwords / Peter Van Eeckhoutte
- Rainbow Tables / Peter Van Eeckhoutte
- Online Password-Cracking Services / Peter Van Eeckhoutte
- Dumping Plaintext Passwords from Memory with Windows Credential Editor / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 10. Client-Side Exploitation / Peter Van Eeckhoutte
- Opening a Command Shell Listener / Peter Van Eeckhoutte
- Pushing a Command Shell Back to a Listener / Peter Van Eeckhoutte
- Automating Tasks with cron Jobs / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 3. Programming / Peter Van Eeckhoutte
- Bash Scripting / Peter Van Eeckhoutte
- Ping / Peter Van Eeckhoutte
- A Simple Bash Script / Peter Van Eeckhoutte
- Running Our Script / Peter Van Eeckhoutte
- Adding Functionality with if Statements / Peter Van Eeckhoutte
- A for Loop / Peter Van Eeckhoutte
- Streamlining the Results / Peter Van Eeckhoutte
- Python Scripting / Peter Van Eeckhoutte
- Connecting to a Port / Peter Van Eeckhoutte
- if Statements in Python / Peter Van Eeckhoutte
- Writing and Compiling C Programs / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 4. Using The Metasploit Framework / Peter Van Eeckhoutte
- Starting Metasploit / Peter Van Eeckhoutte
- Finding Metasploit Modules / Peter Van Eeckhoutte
- Creating a New File or Directory / Peter Van Eeckhoutte
- Copying, Moving, and Removing Files / Peter Van Eeckhoutte
- Adding Text to a File / Peter Van Eeckhoutte
- Appending Text to a File / Peter Van Eeckhoutte
- File Permissions / Peter Van Eeckhoutte
- Editing Files / Peter Van Eeckhoutte
- Searching for Text / Peter Van Eeckhoutte
- Editing a File with vi / Peter Van Eeckhoutte
- Data Manipulation / Peter Van Eeckhoutte
- Using grep / Peter Van Eeckhoutte
- Using sed / Peter Van Eeckhoutte
- Pattern Matching with awk / Peter Van Eeckhoutte
- Managing Installed Packages / Peter Van Eeckhoutte
- Processes and Services / Peter Van Eeckhoutte
- Managing Networking / Peter Van Eeckhoutte
- Setting a Static IP Address / Peter Van Eeckhoutte
- Viewing Network Connections / Peter Van Eeckhoutte
- Netcat: The Swiss Army Knife of TCP/IP Connections / Peter Van Eeckhoutte
- Check to See If a Port Is Listening / Peter Van Eeckhoutte
- Other Meterpreter Commands / Peter Van Eeckhoutte
- Meterpreter Scripts / Peter Van Eeckhoutte
- Metasploit Post-Exploitation Modules / Peter Van Eeckhoutte
- Railgun / Peter Van Eeckhoutte
- Local Privilege Escalation / Peter Van Eeckhoutte
- getsystem on Windows / Peter Van Eeckhoutte
- Local Escalation Module for Windows / Peter Van Eeckhoutte
- Bypassing UAC on Windows / Peter Van Eeckhoutte
- Udev Privilege Escalation on Linux / Peter Van Eeckhoutte
- Local Information Gathering / Peter Van Eeckhoutte
- Searching for Files / Peter Van Eeckhoutte
- Keylogging / Peter Van Eeckhoutte
- Gathering Credentials / Peter Van Eeckhoutte
- net Commands / Peter Van Eeckhoutte
- Another Way In / Peter Van Eeckhoutte
- Checking Bash History / Peter Van Eeckhoutte
- Lateral Movement / Peter Van Eeckhoutte
- PSExec / Peter Van Eeckhoutte
- Pass the Hash / Peter Van Eeckhoutte
- SSHExec / Peter Van Eeckhoutte
- A Note of Thanks / Peter Van Eeckhoutte
- About This Book / Peter Van Eeckhoutte
- Part I: The Basics / Peter Van Eeckhoutte
- Part II: Assessments / Peter Van Eeckhoutte
- Part III: Attacks / Peter Van Eeckhoutte
- Part IV: Exploit Development / Peter Van Eeckhoutte
- Part V: Mobile Hacking / Peter Van Eeckhoutte
- 0. Penetration Testing Primer / Peter Van Eeckhoutte
- The Stages of the Penetration Test / Peter Van Eeckhoutte
- Pre-engagement / Peter Van Eeckhoutte
- Information Gathering / Peter Van Eeckhoutte
- Threat Modeling / Peter Van Eeckhoutte
- Vulnerability Analysis / Peter Van Eeckhoutte
- Exploitation / Peter Van Eeckhoutte
- Post Exploitation / Peter Van Eeckhoutte
- Reporting / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 1. Setting Up Your Virtual Lab / Peter Van Eeckhoutte
- Installing VMware / Peter Van Eeckhoutte
- Setting Up Kali Linux / Peter Van Eeckhoutte
- Serving' Payloads / Peter Van Eeckhoutte
- Using the Multi/Handler Module / Peter Van Eeckhoutte
- Using an Auxiliary Module / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 5. Information Gathering / Peter Van Eeckhoutte
- Open Source Intelligence Gathering / Peter Van Eeckhoutte
- Netcraft / Peter Van Eeckhoutte
- Whois Lookups / Peter Van Eeckhoutte
- DNS Reconnaissance / Peter Van Eeckhoutte
- Searching for Email Addresses / Peter Van Eeckhoutte
- Maltego / Peter Van Eeckhoutte
- Port Scanning / Peter Van Eeckhoutte
- Manual Port Scanning / Peter Van Eeckhoutte
- Port Scanning with Nmap / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 6. Finding Vulnerabilities / Peter Van Eeckhoutte
- From Nmap Version Scan to Potential Vulnerability / Peter Van Eeckhoutte
- Nessus / Peter Van Eeckhoutte
- Nessus Policies / Peter Van Eeckhoutte
- Scanning with Nessus / Peter Van Eeckhoutte
- Bypassing Filters with Metasploit Payloads / Peter Van Eeckhoutte
- All Ports / Peter Van Eeckhoutte
- HTTP and HTTPS Payloads / Peter Van Eeckhoutte
- Client-Side Attacks / Peter Van Eeckhoutte
- Browser Exploitation / Peter Van Eeckhoutte
- PDF Exploits / Peter Van Eeckhoutte
- Java Exploits / Peter Van Eeckhoutte
- browser autopwn / Peter Van Eeckhoutte
- Winamp / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 11. Social Engineering / Peter Van Eeckhoutte
- The Social-Engineer Toolkit / Peter Van Eeckhoutte
- Spear-Phishing Attacks / Peter Van Eeckhoutte
- Choosing a Payload / Peter Van Eeckhoutte
- Setting Options / Peter Van Eeckhoutte
- Naming Your File / Peter Van Eeckhoutte
- Single or Mass Email / Peter Van Eeckhoutte
- Creating the Template / Peter Van Eeckhoutte
- Setting the Target / Peter Van Eeckhoutte
- Setting Up a Listener / Peter Van Eeckhoutte
- Web Attacks / Peter Van Eeckhoutte
- Wi-Fi Protected Access / Peter Van Eeckhoutte
- WPA2 / Peter Van Eeckhoutte
- The Enterprise Connection Process / Peter Van Eeckhoutte
- The Personal Connection Process / Peter Van Eeckhoutte
- The Four-Way Handshake / Peter Van Eeckhoutte
- Cracking WPA/WPA2 Keys / Peter Van Eeckhoutte
- Wi-Fi Protected Setup / Peter Van Eeckhoutte
- Problems with WPS / Peter Van Eeckhoutte
- Cracking WPS with Bully / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 16.A Stack-Based Buffer Overflow In Linux / Peter Van Eeckhoutte
- Memory Theory / Peter Van Eeckhoutte
- Linux Buffer Overflow / Peter Van Eeckhoutte
- A Vulnerable Program / Peter Van Eeckhoutte
- Causing a Crash / Peter Van Eeckhoutte
- Running GDB / Peter Van Eeckhoutte
- Crashing the Program in GDB / Peter Van Eeckhoutte
- Controlling EIP / Peter Van Eeckhoutte
- Hijacking Execution / Peter Van Eeckhoutte
- Endianness / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- Token Impersonation / Peter Van Eeckhoutte
- Incognito / Peter Van Eeckhoutte
- SMB Capture / Peter Van Eeckhoutte
- Pivoting / Peter Van Eeckhoutte
- Adding a Route in Metasploit / Peter Van Eeckhoutte
- Metasploit Port Scanners / Peter Van Eeckhoutte
- Running an Exploit through a Pivot / Peter Van Eeckhoutte
- Socks4a and ProxyChains / Peter Van Eeckhoutte
- Persistence / Peter Van Eeckhoutte
- Adding a User / Peter Van Eeckhoutte
- Metasploit Persistence / Peter Van Eeckhoutte
- Creating a Linux cron Job / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 14. Web Application Testing / Peter Van Eeckhoutte
- Using Burp Proxy / Peter Van Eeckhoutte
- SQL Injection / Peter Van Eeckhoutte
- Testing for SQL Injection Vulnerabilities / Peter Van Eeckhoutte
- Exploiting SQL Injection Vulnerabilities / Peter Van Eeckhoutte
- Using SQLMap / Peter Van Eeckhoutte
- XPath Injection / Peter Van Eeckhoutte
- Capturing Traffic / Peter Van Eeckhoutte
- Filtering Traffic / Peter Van Eeckhoutte
- Following a TCP Stream / Peter Van Eeckhoutte
- Dissecting Packets / Peter Van Eeckhoutte
- ARP Cache Poisoning / Peter Van Eeckhoutte
- ARP Basics / Peter Van Eeckhoutte
- IP Forwarding / Peter Van Eeckhoutte
- ARP Cache Poisoning with Arpspoof / Peter Van Eeckhoutte
- Using ARP Cache Poisoning to Impersonate the Default Gateway / Peter Van Eeckhoutte
- DNS Cache Poisoning / Peter Van Eeckhoutte
- Getting Started / Peter Van Eeckhoutte
- Using Dnsspoof / Peter Van Eeckhoutte
- SSL Attacks / Peter Van Eeckhoutte
- SSL Basics / Peter Van Eeckhoutte
- Using Ettercap for SSL Man-in-the-Middle Attacks / Peter Van Eeckhoutte
- SSL Stripping / Peter Van Eeckhoutte
- Using SSLstrip / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte
- 8. Exploitation / Peter Van Eeckhoutte
- Revisiting MS08-067 / Peter Van Eeckhoutte
- Configuring the Network for Your Virtual Machine / Peter Van Eeckhoutte
- Installing Nessus / Peter Van Eeckhoutte
- Installing Additional Software / Peter Van Eeckhoutte
- Setting Up Android Emulators / Peter Van Eeckhoutte
- Smartphone Pentest Framework / Peter Van Eeckhoutte
- Target Virtual Machines / Peter Van Eeckhoutte
- Creating the Windows XP Target / Peter Van Eeckhoutte
- VMware Player on Microsoft Windows / Peter Van Eeckhoutte
- VMware Fusion on Mac OS / Peter Van Eeckhoutte
- Installing and Activating Windows / Peter Van Eeckhoutte
- Installing VMware Tools / Peter Van Eeckhoutte
- Turning Off Windows Firewall / Peter Van Eeckhoutte
- Setting User Passwords / Peter Van Eeckhoutte
- Setting a Static IP Address / Peter Van Eeckhoutte
- Making XP Act Like It's a Member of a Windows Domain / Peter Van Eeckhoutte
- Installing Vulnerable Software / Peter Van Eeckhoutte
- The Module Database / Peter Van Eeckhoutte
- Built-In Search / Peter Van Eeckhoutte
- Setting Module Options / Peter Van Eeckhoutte
- RHOST / Peter Van Eeckhoutte
- RPORT / Peter Van Eeckhoutte
- SMBPIPE / Peter Van Eeckhoutte
- Exploit Target / Peter Van Eeckhoutte
- Payloads (or Shellcode) / Peter Van Eeckhoutte
- Finding Compatible Payloads / Peter Van Eeckhoutte
- A Test Run / Peter Van Eeckhoutte
- Types of Shells / Peter Van Eeckhoutte
- Bind Shells / Peter Van Eeckhoutte
- Reverse Shells / Peter Van Eeckhoutte
- Setting a Payload Manually / Peter Van Eeckhoutte
- Msfcli / Peter Van Eeckhoutte
- Getting Help / Peter Van Eeckhoutte
- Showing Options / Peter Van Eeckhoutte
- Payloads / Peter Van Eeckhoutte
- Creating Standalone Payloads with Msfvenom / Peter Van Eeckhoutte
- Choosing a Payload / Peter Van Eeckhoutte
- Setting Options / Peter Van Eeckhoutte
- Choosing an Output Format / Peter Van Eeckhoutte
- Mobile Attack Vectors / Peter Van Eeckhoutte
- Text Messages / Peter Van Eeckhoutte
- Near Field Communication / Peter Van Eeckhoutte
- QR Codes / Peter Van Eeckhoutte
- The Smartphone Pentest Framework / Peter Van Eeckhoutte
- Setting Up SPF / Peter Van Eeckhoutte
- Android Emulators / Peter Van Eeckhoutte
- Attaching a Mobile Modem / Peter Van Eeckhoutte
- Building the Android App / Peter Van Eeckhoutte
- Deploying the App / Peter Van Eeckhoutte
- Attaching the SPF Server and App / Peter Van Eeckhoutte
- Remote Attacks / Peter Van Eeckhoutte
- Default iPhone SSH Login / Peter Van Eeckhoutte
- Client-Side Attacks / Peter Van Eeckhoutte
- Client-Side Shell / Peter Van Eeckhoutte
- USSD Remote Control / Peter Van Eeckhoutte
- Malicious Apps / Peter Van Eeckhoutte
- Creating Malicious SPF Agents / Peter Van Eeckhoutte
- Mobile Post Exploitation / Peter Van Eeckhoutte
- Information Gathering / Peter Van Eeckhoutte
- Remote Control / Peter Van Eeckhoutte
- Pivoting Through Mobile Devices / Peter Van Eeckhoutte
- Privilege Escalation / Peter Van Eeckhoutte
- Summary / Peter Van Eeckhoutte