Synopses & Reviews
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.
In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.
Learn how to:
- Crack passwords and wireless network keys with brute-forcing and wordlists
- Test web applications for vulnerabilities
- Use the Metasploit Framework to launch exploits and write your own Metasploit modules
- Automate social-engineering attacks
- Bypass antivirus software
- Turn access to one machine into total control of the enterprise in the post exploitation phase
You'll even explore writing your own exploits. Then it's on to mobile hacking - Weidman's particular area of research - with her tool, the Smartphone Pentest Framework.
With its collection of hands-on lessons that cover key tools and strategies,
Penetration Testing is the introduction that every aspiring hacker needs.
Synopsis
In Penetration Testing, security researcher and trainer Georgia Weidman provides you with a survey of important skills that any aspiring pentester needs. This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.
About the Author
Georgia Weidman is a penetration tester, researcher, and the founder of Bulb Security, a security consulting firm. She has presented at conferences around the world, including BlackHat, Shmoocon, and Derbycon, and teaches classes on topics like penetration testing, mobile hacking, and exploit development. In 2012, she was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
Table of Contents
; About the Author; Foreword; Acknowledgments; Introduction; A Note of Thanks; About This Book; Penetration Testing Primer; The Stages of the Penetration Test; Summary; The Basics; Chapter 1: Setting Up Your Virtual Lab; 1.1 Installing VMware; 1.2 Setting Up Kali Linux; 1.3 Target Virtual Machines; 1.4 Creating the Windows XP Target; 1.5 Setting Up the Ubuntu 8.10 Target; 1.6 Creating the Windows 7 Target; 1.7 Summary; Chapter 2: Using Kali Linux; 2.1 Linux Command Line; 2.2 The Linux Filesystem; 2.3 Learning About Commands: The Man Pages; 2.4 User Privileges; 2.5 File Permissions; 2.6 Editing Files; 2.7 Data Manipulation; 2.8 Managing Installed Packages; 2.9 Processes and Services; 2.10 Managing Networking; 2.11 Netcat: The Swiss Army Knife of TCP/IP Connections; 2.12 Automating Tasks with cron Jobs; 2.13 Summary; Chapter 3: Programming; 3.1 Bash Scripting; 3.2 Python Scripting; 3.3 Writing and Compiling C Programs; 3.4 Summary; Chapter 4: Using the Metasploit Framework; 4.1 Starting Metasploit; 4.2 Finding Metasploit Modules; 4.3 Setting Module Options; 4.4 Payloads (or Shellcode); 4.5 Types of Shells; 4.6 Setting a Payload Manually; 4.7 Msfcli; 4.8 Creating Standalone Payloads with Msfvenom; 4.9 Using an Auxiliary Module; 4.10 Summary; Assessments; Chapter 5: Information Gathering; 5.1 Open Source Intelligence Gathering; 5.2 Port Scanning; 5.3 Summary; Chapter 6: Finding Vulnerabilities; 6.1 From Nmap Version Scan to Potential Vulnerability; 6.2 Nessus; 6.3 The Nmap Scripting Engine; 6.4 Running a Single NSE Script; 6.5 Metasploit Scanner Modules; 6.6 Metasploit Exploit Check Functions; 6.7 Web Application Scanning; 6.8 Manual Analysis; 6.9 Summary; Chapter 7: Capturing Traffic; 7.1 Networking for Capturing Traffic; 7.2 Using Wireshark; 7.3 ARP Cache Poisoning; 7.4 DNS Cache Poisoning; 7.5 SSL Attacks; 7.6 SSL Stripping; 7.7 Summary; Attacks; Chapter 8: Exploitation; 8.1 Revisiting MS08-067; 8.2 Exploiting WebDAV Default Credentials; 8.3 Exploiting Open phpMyAdmin; 8.4 Downloading Sensitive Files; 8.5 Exploiting a Buffer Overflow in Third-Party Software; 8.6 Exploiting Third-Party Web Applications; 8.7 Exploiting a Compromised Service; 8.8 Exploiting Open NFS Shares; 8.9 Summary; Chapter 9: Password Attacks; 9.1 Password Management; 9.2 Online Password Attacks; 9.3 Offline Password Attacks; 9.4 Dumping Plaintext Passwords from Memory with Windows Credential Editor; 9.5 Summary; Chapter 10: Client-Side Exploitation; 10.1 Bypassing Filters with Metasploit Payloads; 10.2 Client-Side Attacks; 10.3 Summary; Chapter 11: Social Engineering; 11.1 The Social-Engineer Toolkit; 11.2 Spear-Phishing Attacks; 11.3 Web Attacks; 11.4 Mass Email Attacks; 11.5 Multipronged Attacks; 11.6 Summary; Chapter 12: Bypassing Antivirus Applications; 12.1 Trojans; 12.2 How Antivirus Applications Work; 12.3 Microsoft Security Essentials; 12.4 VirusTotal; 12.5 Getting Past an Antivirus Program; 12.6 Hiding in Plain Sight; 12.7 Summary; Chapter 13: Post Exploitation; 13.1 Meterpreter; 13.2 Meterpreter Scripts; 13.3 Metasploit Post-Exploitation Modules; 13.4 Railgun; 13.5 Local Privilege Escalation; 13.6 Local Information Gathering; 13.7 Lateral Movement; 13.8 Pivoting; 13.9 Persistence; 13.10 Summary; Chapter 14: Web Application Testing; 14.1 Using Burp Proxy; 14.2 SQL Injection; 14.3 XPath Injection; 14.4 Local File Inclusion; 14.5 Remote File Inclusion; 14.6 Command Execution; 14.7 Cross-Site Scripting; 14.8 Cross-Site Request Forgery; 14.9 Web Application Scanning with w3af; 14.10 Summary; Chapter 15: Wireless Attacks; 15.1 Setting Up; 15.2 Monitor Mode; 15.3 Capturing Packets; 15.4 Open Wireless; 15.5 Wired Equivalent Privacy; 15.6 Wi-Fi Protected Access; 15.7 WPA2; 15.8 Wi-Fi Protected Setup; 15.9 Summary; Exploit Development; Chapter 16: A Stack-Based Buffer Overflow in Linux; 16.1 Memory Theory; 16.2 Linux Buffer Overflow; 16.3 Summary; Chapter 17: A Stack-Based Buffer Overflow in Windows; 17.1 Searching for a Known Vulnerability in War-FTP; 17.2 Causing a Crash; 17.3 Locating EIP; 17.4 Hijacking Execution; 17.5 Getting a Shell; 17.6 Summary; Chapter 18: Structured Exception Handler Overwrites; 18.1 SEH Overwrite Exploits; 18.2 Passing Control to SEH; 18.3 Finding the Attack String in Memory; 18.4 POP POP RET; 18.5 SafeSEH; 18.6 Using a Short Jump; 18.7 Choosing a Payload; 18.8 Summary; Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules; 19.1 Fuzzing Programs; 19.2 Porting Public Exploits to Meet Your Needs; 19.3 Writing Metasploit Modules; 19.4 Exploitation Mitigation Techniques; 19.5 Summary; Mobile Hacking; Chapter 20: Using the Smartphone Pentest Framework; 20.1 Mobile Attack Vectors; 20.2 The Smartphone Pentest Framework; 20.3 Remote Attacks; 20.4 Client-Side Attacks; 20.5 Malicious Apps; 20.6 Mobile Post Exploitation; 20.7 Summary; Resources; Chapter 0: Penetration Testing Primer; Chapter 2: Using Kali Linux; Chapter 3: Programming; Chapter 4: Using the Metasploit Framework; Chapter 5: Information Gathering; Chapter 6: Finding Vulnerabilities; Chapter 7: Capturing Traffic; Chapter 8: Exploitation; Chapter 9: Password Attacks; Chapter 11: Social Engineering; Chapter 12: Bypassing Antivirus Applications; Chapter 13: Post Exploitation; Chapter 14: Web Application Testing; Chapter 15: Wireless Attacks; Chapters 16-19: Exploit Development; Chapter 20: Using the Smartphone Pentest Framework; Courses; Downloading the Software to Build Your Virtual Lab;