Ethical Hacking And Penetration Testing Made Easy
Patrick Engebretson
Acquiring Editor: Angelina Ward
Development Editor: Heather Scherer
Project Manager: Jessica Vaughan
Designer: Alisa Andreola
Development Editor: Heather Scherer
Project Manager: Jessica Vaughan
Designer: Alisa Andreola
 |
| The Basics Of Hacking And Penetration Testing Ethical Hacking And Penetration Testing Made Easy |
About the Author
Dr. Patrick Engebretson obtained his Doctor of Science degree with a specializationin information security from Dakota State University. He currently
serves as an assistant professor of information assurance and also works as a
senior penetration tester for a security firm in the Midwest. His research interests
include penetration testing, hacking, intrusion detection, exploitation,
honey pots, and malware. In the past several years, he has published many
peer-reviewed journal and conference papers in these areas. He has been
invited by the Department of Homeland Security to share his research at the
Software Assurance Forum in Washington, DC , and has also spoken at Black
Hat in Las Vegas. He regularly attends advanced exploitation and penetration
testing trainings from industry-recognized professionals and holds several certifications.
He teaches graduate and undergraduate courses in penetration testing,
wireless security, and intrusion detection, and advanced exploitation.
About the Technical Editor
James Broad (CISS P, C|EH, C)PTS , Security, MBA) is the President andowner of Cyber-Recon, LLC , where he and his team of consultants specialize
in Information Security, Information Assurance, and Certification and
Accreditation and offer other security consultancy services to corporate and government clients.
As a security professional with over 20 years of real-world IT experience, James
is an expert in many areas of IT security, specializing in security engineering,
penetration testing, and vulnerability analysis and research. He has provided
security services in the Nation’s most critical sectors including defense, law
enforcement, intelligence, finance, and healthcare.
James has a Master’s of Business Administration degree with specialization in
Information Technology (MBA/IT ) from the Ken Blanchard College of Business,
Bachelor’s degrees in Computer Programming and Security Management from
Southwestern University and is currently a Doctoral Learner pursuing a Ph.D.
in Information Security from Capella University. He is a member of ISS A and
(ISC ) 2®. James currently resides in Stafford, Virginia with his family: Deanne,
Micheal, and Temara.
Introduction
I suppose there are several questions that may be running through your head
as you contemplate reading this book: Who is the intended audience for this
book? How is this book different from book ‘x’ (insert your favorite title here)?
Why should I buy it? Because these are all fair questions and I am asking you
to plunk down your hard-earned cash, it is important to provide some answers
to these questions.
For people who are interested in learning about hacking and penetration testing,
walking into a well-stocked bookstore can be as confusing as searching
for “hacking” books at amazon.com. Initially, there appears to be an almost
endless selection to choose from. Most large bookstores have several shelves
dedicated to computer security books. They include books on programming
security, web application security, rootkits and malware, penetration testing,
and, of course, hacking. However, even the hacking books seem to vary in content
and subject matter. Some books focus on using tools but do not discuss
how these tools fit together. Other books focus on hacking a particular subject
but lack the broad picture.
This book is intended to address these issues. It is meant to be a single starting
point for anyone interested in the topics of hacking or penetration testing. The
book will certainly cover specific tools and topics but will also examine how
the tools fit together and how they rely on one another to be successful.
as you contemplate reading this book: Who is the intended audience for this
book? How is this book different from book ‘x’ (insert your favorite title here)?
Why should I buy it? Because these are all fair questions and I am asking you
to plunk down your hard-earned cash, it is important to provide some answers
to these questions.
For people who are interested in learning about hacking and penetration testing,
walking into a well-stocked bookstore can be as confusing as searching
for “hacking” books at amazon.com. Initially, there appears to be an almost
endless selection to choose from. Most large bookstores have several shelves
dedicated to computer security books. They include books on programming
security, web application security, rootkits and malware, penetration testing,
and, of course, hacking. However, even the hacking books seem to vary in content
and subject matter. Some books focus on using tools but do not discuss
how these tools fit together. Other books focus on hacking a particular subject
but lack the broad picture.
This book is intended to address these issues. It is meant to be a single starting
point for anyone interested in the topics of hacking or penetration testing. The
book will certainly cover specific tools and topics but will also examine how
the tools fit together and how they rely on one another to be successful.
Who is the intended audience for this book?
This book is meant to be a very gentle yet thorough guide to the world of hacking
and penetration testing. It is specifically aimed at helping you master the
basic steps needed to complete a hack or penetration test without overwhelming
you. By the time you finish this book, you will have a solid understanding
of the penetration testing process and you will be comfortable with the basic
tools needed to complete the job.
Specifically, this book is aimed at people who are new to the world of hacking
and penetration testing, for those with little or no previous experience, for
those who are frustrated by the inability to see the big picture (how the various
tools and phases fit together), or for those looking to expand their knowledge
of offensive security.
In short this book is written for anyone who is interested in computer security,
hacking, or penetration testing but has no prior experience and is not sure
where to begin. A colleague and I call this concept “zero entry hacking” (ZEH),
much like modern-day swimming pools. Zero entry pools gradually slope from
the dry end to the deep end, allowing swimmers to wade in without feeling
overwhelmed or without having a fear of drowning. The “zero entry” concept
allows everyone the ability to use the pool regardless of age or swimming ability.
This book employs a similar technique. ZEH is designed to expose you to
the basic concepts without overwhelming you. Completion of ZEH will prepare
you for advanced courses and books.
How is this book different from book ‘x’?
When not spending time with my family, there are two things I enjoy doing:
reading and hacking. Most of the time, I combine these hobbies by reading
about hacking. As a professor and a penetration tester, you can imagine that my
bookshelf is lined with many books on hacking, security, and penetration testing.
As with most things in life, the quality and value of every book is different.
Some books are excellent resources that have been used so many times that the
bindings are literally falling apart. Others are less helpful and remain in nearly
new condition. A book that does a good job of explaining the details without
losing the reader is worth its weight in gold. Unfortunately, most of my personal
favorites, those that are worn and tattered, are either very lengthy (500
pages) or very focused (an in-depth guide to a single topic). Neither of these is
a bad thing; in fact, quite the opposite, it is the level of detail and the clarity of
the authors’ explanation that make them so great. But at the same time, a very
large tome focused on a detailed subject of security can seem overwhelming to
newcomers.
Unfortunately, as a beginner trying to break into the security field and learn
the basics of hacking, tackling one of these books can be both daunting and
confusing. This book is different from other publications in two ways. First, it
is meant for beginners; recall the concept of “zero entry.” If you have never performed
any type of hacking or you have used a few tools but are not quite sure
what to do next (or how to interpret the results of the tool), this book is for
you. The goal is not to bury you with details but to present a broad overview of
the entire field.
Naturally, the book will still cover each of the major tools needed to complete
the steps in a penetration test, but it will not stop to examine all the in-depth
or additional functionality for each of these tools. This will be helpful from the
standpoint that it will focus on the basics, and in most cases allow us to avoid
confusion caused by advanced features or minor differences in tool versions.
For example, when we discuss port scanning, the chapter will discuss how to
run the basic scans with the very popular port scanner Nmap. Because the book
focuses on the basics, it becomes less important exactly which version of Nmap
the user is running. Running a SYN scan using Nmap is exactly the same regardless
of whether you are conducting your scan with Nmap version 2 or version 5.
This technique will be employed as often as possible, doing so should allow the
reader to learn Nmap (or any tool) without having to worry about the changes
in functionality that often accompany advanced features in version changes.
The goal of this book is to provide general knowledge that will allow you to
tackle advanced topics and books. Remember, once you have a firm grasp of
the basics, you can always go back and learn the specific details and advanced
features of a tool. In addition, each chapter will end with a list of suggested
tools and topics that are outside the scope of this book but can be used for further
study and to advance your knowledge.
Beyond just being written for beginners, this book actually presents the information
in a very unique way. All the tools and techniques we use in this book
will be carried out in a specific order against a small number of related targets
(all target machines will belong to the same subnet, and the reader will be able
to easily recreate this “target” network to follow along). Readers will be shown
how to interpret tool output and how to utilize that output to continue the
attack from one chapter to the next.
The use of a sequential and singular rolling example throughout the book will
help readers see the big picture and better comprehend how the various tools
and phases fit together. This is different from many other books on the market
today, which often discuss various tools and attacks but fail to explain how
those tools can be effectively chained together. Presenting information in a
way that shows the user how to clearly move from one phase to another will
provide valuable experience and allow the reader to complete an entire penetration
test by simply following along with the examples in the book. This concept
should allow the reader to get a clear understanding of the fundamental
knowledge while learning how the various tools and phases connect.
Why should I buy this book?
Even though the immediate answers to this question are highlighted in the
preceding sections, below you will find a condensed list of reasons:
You want to learn more about hacking and penetration testing but you are
unsure of where to start.
You have dabbled in hacking and penetration testing but you are not sure
how all the pieces fit together.
You want to learn more about the tools and processes that are used by
hackers and penetration testers to gain access to networks and systems.
You are looking for a good place to start building offensive security knowledge.
You enjoy a challenge.
Table of Contents
ACKNOWLEDGMENTS
............................................................................... ix
ABOUT THE AUTHOR
................................................................................ xi
ABOUT THE TECHNICAL EDITOR
............................................................. xiii
INTRODUCTION
....................................................................................... xv
CHAPTER 1 What is Penetration Testing?
.................................................1
CHAPTER 2 Reconnaissance
..................................................................15
CHAPTER 3 Scanning
.............................................................................43
CHAPTER 4 Exploitation
.........................................................................65
CHAPTER 5 Web-based Exploitation
.....................................................107
CHAPTER 6 Maintaining Access with Backdoors and Rootkits
...............127
CHAPTER 7 Wrapping Up the Penetration Test
......................................145
INDEX
...................................................................................................157
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
Pages
| 178 p |
File Size
|
3,806 KB |
File Type
|
PDF format |
ISBN
| 978-1-59749-655-1 |
Copyright
| 2011 Elsevier Inc |
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
