Second Edition
Take your penetration-testing skills to the next level
Michael Hixon
Justin Hutchens
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
2.00 USD |
|---|---|
Pages
| 906 p |
File Size
|
55,386 KB |
File Type
|
PDF format |
ISBN
| 978-1-78728-790-7 |
Copyright
| 2017 Packt Publishing All rights reserved |
Michael Hixon currently works as a security consultant with a focus on
penetration testing and web application security. He previously served in the
United States Marine Corp, where he was an infantryman, security forces
member, and counterintelligence agent. After the military, he worked as a
programmer before changing his focus to IT security. He has worked for the Red
Cross, Department of Defense, Department of Justice, and numerous intelligence
agencies in his career. He holds a bachelor’s degree in management information
systems and multiple professional information-security certifications, including
Certified Information Systems Security Professional (CISSP), eLearnSecurity
Web Application Penetration Tester (eWPT), Certified Ethical Hacker (CEH),
and eLearnSecurity Certified Professional Penetration Tester (eCPPT). He
currently runs the Baltimore chapter of the Open Web Application Security Project (OWASP).
Justin Hutchens currently works as a security consultant and regularly performs
penetration tests and security assessments for a wide range of clients. He
previously served in the United States Air Force, where he worked as an
intrusion-detection specialist, network-vulnerability analyst, and malware
forensic investigator for a large enterprise network with over 55,000 networked
systems. He holds a bachelor's degree in information technology and multiple
professional information-security certifications, including Certified Information
Systems Security Professional (CISSP), Offensive Security Certified
Professional (OSCP), eLearnSecurity Web Application Penetration Tester
(eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense
Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified
Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI).
He is also the writer and producer of Packt's e-learning video course Kali Linux -
Backtrack Evolved: Assuring Security by Penetration Testing.
About the Reviewer
Ahmad Muammar WK is an IT security consultant and penetration tester. He
holds Offensive Security Certified Professional (OSCP), Offensive Security
Certified Expert (OSCE), and elearnsecurity Mobile Application Penetration
Tester (eMAPT) certifications. He is the founder of ECHO (http://echo.or.id),
one of the oldest Indonesian IT security communities, and is also a founder of
IDSECCONF (http://idsecconf.org), the biggest annual security conference in
Indonesia. He also a reviewed Kali Linux Cookbook by Willie L. Pritchett and
David De Smet, Packt Publishing, and Kali Linux Network Scanning
Cookbook by Justin Hutchens, Packt Publishing.
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Sections Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Getting Started
Introduction
Configuring a security lab with VMware Player (Windows)
Getting ready
How to do it…
How it works…
Configuring a security lab with VMware Fusion (macOS)
Getting ready
How to do it…
How it works…
Installing Ubuntu Server
Getting ready
How to do it…
How it works…
Installing Metasploitable2
Getting ready
How to do it…
How it works…
Installing Windows Server
Getting ready
How to do it…
How it works…
Increasing the Windows attack surface
Getting ready
How to do it…
How it works…
Installing Kali Linux
Getting ready
How to do it…
How it works…
Using text editors (Vim and GNU nano)
Getting ready
How to do it…
How it works…
Keeping Kali updated
Getting ready
How to do it…
How it works…
Managing Kali services
Getting ready
How to do it…
How it works…
Configuring and using SSH
Getting ready
How to do it…
How it works…
Installing Nessus on Kali Linux
Getting ready
How to do it…
How it works…
2. Reconnaissance
Introduction
Using Google to find subdomains
Getting ready
How to do it...
How it works...
Finding e-mail addresses using theHarvester
Getting ready
How to do it…
How it works…
Enumerating DNS using the host command
Getting ready
How to do it...
How it works...
Enumerating DNS using DNSRecon
Getting ready
How to do it…
Standard DNS enumeration
Reverse lookups
Zone transfer
How it works…
Enumerating DNS using the dnsenum command
Getting ready
How to do it…
Default settings
Brute-force
How it works…
3. Discovery
Introduction
Knowing the OSI model
Using Scapy to perform host discovery (layers 2/3/4)
Getting ready
How to do it…
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using Nmap to perform host discovery (layers 2/3/4)
Getting ready
How to do it…
Layer 2 discovery - ARP
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using ARPing to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using netdiscover to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using Metasploit to perform host discovery (layer 2)
Getting ready
How to do it…
How it works…
Using hping3 to perform host discovery (layers 3/4)
Getting ready
How to do it…
Layer 3 discovery - ICMP
Layer 4 discovery - TCP and UDP
How it works…
Using ICMP to perform host discovery
Getting ready
How to do it…
How it works…
Using fping to perform host discovery
Getting ready
How to do it…
How it works…
4. Port Scanning
Introduction
UDP port scanning
TCP port scanning
Port scanning with Scapy (UDP, stealth, connect, and zombie)
Getting ready
How to do it…
UDP port scanning with Scapy
Stealth scanning with Scapy
Connect scanning with Scapy
Zombie scanning with Scapy
How it works…
Port scanning with Nmap (UDP, stealth, connect, zombie)
Getting ready
How to do it…
UDP scanning with Nmap
Stealth scanning with Nmap
Connect scanning with Nmap
Zombie scanning with Nmap
How it works…
Port scanning with Metasploit (UDP, stealth, and connect)
Getting ready
How to do it…
UDP scanning with Metasploit
Stealth scanning with Metasploit
Connect scanning with Metasploit
How it works…
Port scanning with hping3 (stealth)
Getting ready
How to do it…
How it works…
Port scanning with DMitry (connect)
Getting ready
How to do it…
How it works…
Port scanning with Netcat (connect)
Getting ready
How to do it…
How it works…
Port scanning with masscan (stealth)
Getting ready
How to do it…
How it works…
5. Fingerprinting
Introduction
Banner grabbing with Netcat
Getting ready
How to do it…
How it works…
Banner grabbing with Python sockets
Getting ready
How to do it….
How it works…
Banner grabbing with DMitry
Getting ready
How to do it…
How it works…
Banner grabbing with Nmap NSE
Getting ready
How to do it…
How it works…
Banner grabbing with Amap
Getting ready
How to do it…
How it works…
Service identification with Nmap
Getting ready
How to do it…
How it works…
Service identification with Amap
Getting ready
How to do it…
How it works…
Operating system identification with Scapy
Getting ready
How to do it…
How it works…
Operating system identification with Nmap
Getting ready
How to do it…
How it works…
Operating system identification with xprobe2
Getting ready
How to do it…
How it works…
Passive operating system identification with p0f
Getting ready
How to do it…
How it works…
SNMP analysis with Onesixtyone
Getting ready
How to do it…
How it works…
SNMP analysis with SNMPwalk
Getting ready
How to do it…
How it works…
Firewall identification with Scapy
Getting ready
How to do it…
How it works…
Firewall identification with Nmap
Getting ready
How to do it…
How it works…
Firewall identification with Metasploit
Getting ready
How to do it…
How it works…
6. Vulnerability Scanning
Introduction
Vulnerability scanning with the Nmap Scripting Engine
Getting ready
How to do it…
How it works…
Vulnerability scanning with MSF auxiliary modules
Getting ready
How to do it…
How it works…
Creating scan policies with Nessus
Getting ready
How to do it…
How it works…
Vulnerability scanning with Nessus
Getting ready
How to do it…
How it works…
Vulnerability scanning with OpenVAS
Getting ready
How to do it...
How it works...
Validating vulnerabilities with HTTP interaction
Getting ready
How to do it…
How it works…
Validating vulnerabilities with ICMP interaction
Getting ready
How to do it…
How it works…
7. Denial of Service
Introduction
Fuzz testing to identify buffer overflows
Getting ready
How to do it…
How it works…
Remote FTP service buffer-overflow DoS
Getting ready
How to do it…
How it works…
Smurf DoS attack
Getting ready
How to do it…
How it works…
DNS amplification DoS attacks
Getting ready
How to do it…
How it works…
SNMP amplification DoS attack
Getting ready
How to do it…
How it works…
SYN flood DoS attack
Getting ready
How to do it…
How it works…
Sock stress DoS attack
Getting ready
How to do it…
How it works…
DoS attacks with Nmap NSE
Getting ready
How to do it…
How it works…
DoS attacks with Metasploit
Getting ready
How to do it…
How it works…
DoS attacks with the exploit database
Getting ready
How to do it…
How it works…
8. Working with Burp Suite
Introduction
Configuring Burp Suite on Kali Linux
Getting ready
How to do it…
How it works…
Defining a web application target with Burp Suite
Getting ready
How to do it…
How it works…
Using Burp Suite Spider
Getting ready
How to do it…
How it works…
Using Burp Suite Proxy
Getting ready
How to do it…
How it works…
Using Burp Suite engagement tools
Getting ready
How to do it…
How it works…
Using the Burp Suite web application scanner
Getting ready
How to do it…
How it works…
Using Burp Suite Intruder
Getting ready
How to do it…
How it works…
Using Burp Suite Comparer
Getting ready
How to do it…
How it works…
Using Burp Suite Repeater
Getting ready
How to do it…
How it works…
Using Burp Suite Decoder
Getting ready
How to do it…
How it works…
Using Burp Suite Sequencer
Getting ready
How to do it…
How it works…
Using Burp Suite Extender
Getting ready
How to do it…
How it works…
Using Burp Suite Clickbandit
Getting ready
How to do it…
How it works…
9. Web Application Scanning
Introduction
Web application scanning with Nikto
Getting ready
How to do it…
How it works…
SSL/TLS scanning with SSLScan
Getting ready
How to do it…
How it works…
SSL/TLS scanning with SSLyze
Getting ready
How to do it…
How it works…
GET method SQL injection with sqlmap
Getting ready
How to do it…
How it works…
POST method SQL injection with sqlmap
Getting ready
How to do it…
How it works…
Requesting a capture SQL injection with sqlmap
Getting ready
How to do it…
How it works…
Automating CSRF testing
Getting ready
How to do it…
How it works…
Validating command-injection vulnerabilities with HTTP traffic
Getting ready
How to do it…
How it works…
Validating command-injection vulnerabilities with ICMP traffic
Getting ready
How to do it…
How it works…
10. Attacking the Browser with BeEF
Hooking the browser with BeEF
Getting ready
How to do it…
How it works…
Collecting information with BeEF
Getting ready
How to do it…
How it works…
Creating a persistent connection with BeEF
Getting ready
How to do it…
How it works…
Integrating BeEF and Metasploit
Getting ready
How to do it…
How it works…
Using the BeEF autorule engine
Getting ready
How to do it…
How it works…
11. Working with Sparta
Information gathering with Sparta
Getting ready
How to do it...
How it works...
Creating custom commands for Sparta
Getting ready
How to do it...
How it works...
Port scanning with Sparta
Getting ready
How to do it...
How it works...
Fingerprinting with Sparta
Getting ready
How to do it...
How it works...
Vulnerability scanning with Sparta
Getting ready
How to do it...
How it works...
Web application scanning with Sparta
Getting ready
How to do it...
How it works...
12. Automating Kali Tools
Introduction
Nmap greppable output analysis
Getting ready
How to do it…
How it works…
Port scanning with NMAP NSE execution
Getting ready
How to do it…
How it works…
Automate vulnerability scanning with NSE
Getting ready
How to do it…
How it works…
Automate web application scanning with Nikto
Getting ready
How to do it...
How it works...
Multithreaded MSF exploitation with reverse shell payload
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with backdoor executable
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with ICMP verification
Getting ready
How to do it…
How it works…
Multithreaded MSF exploitation with admin account creation
Getting ready
How to do it…
How it works…
Bookscreen
What this book covers
Chapter 1, Getting Started, explains the configuration of a security lab and then the
installation and configuration of Kali Linux and other security tools.
Chapter 2, Reconnaissance, explains how to collect information on your target
using passive information-gathering techniques. Collecting subdomains, e-mail
addresses, and DNS enumeration are covered in depth.
Chapter 3, Discovery, explains gathering domain information on our target and
identifying hosts on a given network segment.
Chapter 4, Port Scanning, covers multiple tools and methods for finding open ports
on one or more hosts.
Chapter 5, Fingerprinting, explains identifying the services and versions associated
with them once having identified open ports on our target(s).
Chapter 6, Vulnerability Scanning, discusses ways to identify vulnerabilities based
on the services and versions found in the previous chapter.
Chapter 7, Denial of Service, covers how to execute several types of DoS attack.
Chapter 8, Working with Burp Suite, covers Burp Suite and how to use the many
tools it comes bundled with.
Chapter 9, Web Application Scanning, covers a number of tools and techniques for
testing web applications.
Chapter 10, Attacking the Browser with BeEF, covers the Browser Exploitation
Framework (BeEF), including configuration, hooking a browser, and a number
of exploits.
Chapter 11, Working with Sparta, looks at how to configure and modify Sparta. We
also cover how to take full advantage of the tool to collect and organize your
information gathering.
Chapter 12, Automating Kali Tools, demonstrates automating a number of Kali
tools to both collect information and exploit targets.
Who this book is for
This book is for information-security professionals and casual security
enthusiasts alike. It provides foundational principles if you're a novice but will
also introduce scripting techniques and in-depth analysis if you're more
advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this
book will help you both understand and ultimately master many of the most
powerful and useful scanning techniques in the industry. It is assumed that you
have some basic security-testing experience.
What you need for this book
In order to perform the examples provided in this book, you will need the
following:
Vmware Workstation Player 12 (or newer) or Vmware Fusion 8.5 (or newer)
PuTTY 6.9 (for Windows users needing SSH)
Nessus 5.2.6
Kali Linux 2016.2
Ubuntu 64-bit 16.x
Metasploitable2
Wndows XP SP2