ebook img

From Hacking to Report Writing: An Introduction to Security and Penetration Testing PDF

204 Pages·2016·12.377 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview From Hacking to Report Writing: An Introduction to Security and Penetration Testing

From Hacking to Report Writing An Introduction to Security and Penetration Testing — Robert Svensson From Hacking to Report Writing An Introduction to Security and Penetration Testing Robert Svensson From Hacking to Report Writing: An Introduction to Security and Penetration Testing Robert Svensson Berlin Germany ISBN-13 (pbk): 978-1-4842-2282-9 ISBN-13 (electronic): 978-1-4842-2283-6 DOI 10.1007/978-1-4842-2283-6 Library of Congress Control Number: 2016957882 Copyright © 2016 by Robert Svensson This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher's location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director: Welmoed Spahr Acquisitions Editor: Susan McDermott Developmental Editor: Laura Berendson Technical Reviewer: Stefan Pettersson Editorial Board: Steve Anglin, Pramila Balen, Laura Berendson, Aaron Black, Louise Corrigan, Jonathan Gennick, Robert Hutchinson, Celestin Suresh John, Nikhil Karkal, James Markham, Susan McDermott, Matthew Moodie, Natalie Pao, Gwenan Spearing Coordinating Editor: Rita Fernando Copy Editor: Karen Jameson Compositor: SPi Global Indexer: SPi Global Cover Image: Designed by Starline - Freepik.com Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail o [email protected] , or visit w ww.springer.com . Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail [email protected] , or visit w ww.apress.com . Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at w ww.apress.com/bulk-sales . Any source code or other supplementary materials referenced by the author in this text are available to readers at www.apress.com . For detailed information about how to locate your book’s source code, go to www.apress.com/ source-code/ . Printed on acid-free paper To Tyra - Always Contents at a Glance About the Author .....................................................................................................xv About the Technical Reviewer ...............................................................................xvii Acknowledgments ..................................................................................................xix Preface ...................................................................................................................xxi ■ Chapter 1: Introduction .........................................................................................1 ■ Chapter 2: Security Testing Basics ......................................................................11 ■ Chapter 3: The Security Testing Process .............................................................25 ■ Chapter 4: Technical Preparations ......................................................................31 ■ Chapter 5: Security Test Execution ......................................................................49 ■ Chapter 6: Identifying Vulnerabilities ..................................................................59 ■ Chapter 7: Exploiting Vulnerabilities ...................................................................89 ■ Chapter 8: Reporting Vulnerabilities .................................................................153 ■ Chapter 9: Example Reports ..............................................................................165 ■ Chapter 10: Ten Tips to Become a Better Security Tester ..................................181 Index .....................................................................................................................187 v Contents About the Author .....................................................................................................xv About the Technical Reviewer ...............................................................................xvii Acknowledgments ..................................................................................................xix Preface ...................................................................................................................xxi ■ Chapter 1: Introduction .........................................................................................1 Why Security Testing Is Important ....................................................................................1 Vulnerabilities Are Everywhere .........................................................................................2 Not Only Hackers Exploit Vulnerabilities ...........................................................................2 What Is a Security Test? ...................................................................................................2 The Inevitable Weakness of Any Security Test .................................................................3 What’s In a Name? ...........................................................................................................3 The World’s First Security Test .........................................................................................3 Who Are These Hackers Anyway? ....................................................................................4 State-Sponsored Actors ..........................................................................................................................4 Computer Criminals ................................................................................................................................5 Hacktivists ..............................................................................................................................................5 Insider .....................................................................................................................................................6 Script Kiddies .........................................................................................................................................7 What Is a Threat? ....................................................................................................................................8 Threats and Threat Agents ......................................................................................................................8 Summary ..........................................................................................................................9 vii ■ CONTENTS ■ Chapter 2: Security Testing Basics ......................................................................11 Types of Security Tests ...................................................................................................11 The Knowledge Factor vs. The Guesswork Factor ................................................................................12 Social Engineering .........................................................................................................14 What Is a Vulnerability? ..................................................................................................14 Uncovering Vulnerabilities ..............................................................................................16 The Vulnerability Wheel and the Heartbleed Bug ...........................................................17 The Vulnerability Wheel by Example .....................................................................................................17 Zero Day Exploits ............................................................................................................18 How Vulnerabilities Are Scored and Rated .....................................................................18 A Real-World Example Using CVSS .......................................................................................................18 Software Development Life Cycle and Security Testing .................................................19 How Security Testing Can Be Applied to the SDLC ...............................................................................20 Security Metrics .............................................................................................................20 What Is Important Data? .................................................................................................21 Client-Side vs. Server-Side Testing ................................................................................22 Summary ........................................................................................................................22 ■ Chapter 3: The Security Testing Process .............................................................25 The Process of a Security Test .......................................................................................25 The Initialization Phase ..................................................................................................26 Setting the Scope ...........................................................................................................26 Setting the Scope Using Old Reports ....................................................................................................27 Helping the Client to Set a Good Scope ................................................................................................28 Pre Security Test System Q&A ........................................................................................28 Statement of Work ..........................................................................................................29 Statement of Work Example: Organization XYZ ....................................................................................29 Get Out of Jail Free Card ................................................................................................29 Security Test Execution ..................................................................................................30 viii ■ CONTENTS Security Test Report .......................................................................................................30 Summary ........................................................................................................................30 ■ Chapter 4: Technical Preparations ......................................................................31 Collecting Network Traffi c ..............................................................................................31 Software Based ....................................................................................................................................31 Hardware Based ...................................................................................................................................33 Inform The CSIRT ............................................................................................................33 Keep Track of Things ......................................................................................................33 A Note on Notes ....................................................................................................................................34 Software Versioning and Revision Control Systems .............................................................................34 Use a Jump Server ...............................................................................................................................34 Screen ..................................................................................................................................................35 Know Which System You’re Testing ................................................................................35 The Habit of Saving Complex Commands ......................................................................36 Be Verifi able ...................................................................................................................36 Visually Recording Your Work .........................................................................................36 Tools of the Trade ...........................................................................................................37 The Worst Tools One Can Possibly Imagine ....................................................................37 Bash Lovely Bash ...........................................................................................................38 Keep a Command Log ....................................................................................................38 The Security Tester’s Software Setup ............................................................................39 Virtual Machines for Security Testing .............................................................................39 When to Use Hacker Distributions ..................................................................................39 Metasploit ......................................................................................................................40 Don’t Be Volatile .............................................................................................................40 End-of-the-Day Checklists .............................................................................................41 Keep Secrets Safe ..........................................................................................................41 Keep Your Backups Secure ...................................................................................................................42 Get Liability Insurance ....................................................................................................44 ix ■ CONTENTS Automated Vulnerability Scanners (and When to Use Them) ..........................................45 The Google Proxy Avoidance Service .............................................................................45 When to Connect Via VPN ...............................................................................................47 Summary ........................................................................................................................48 ■ Chapter 5: Security Test Execution ......................................................................49 Security Test Execution ..................................................................................................49 The Technical Security Test Process ..............................................................................49 The Layered Approach ..........................................................................................................................49 The Circular Approach ..........................................................................................................................53 When to Use What Approach ..........................................................................................53 The Layered Approach ..........................................................................................................................54 The Circular Approach ..........................................................................................................................54 Expecting the Unexpected ..............................................................................................54 The Pre-Security Test System Q&A Taken with a Grain of Salt .......................................54 To Test Production Systems or to Not Test Productions Systems - That Is the Question ......................................................................................55 Production Systems versus Pre-Production Systems ..........................................................................55 The Goal Is to Eventually Fail .........................................................................................56 Legal Considerations ......................................................................................................56 The Report ......................................................................................................................57 Summary ........................................................................................................................57 ■ Chapter 6: Identifying Vulnerabilities ..................................................................59 Footprinting ....................................................................................................................59 When to Footprint .................................................................................................................................59 Footprinting Examples ..........................................................................................................................60 Scanning ........................................................................................................................60 What a Network Scanner Is ..................................................................................................................61 A Very Short Brush-Up on Ports .....................................................................................61 Using NMAP ..........................................................................................................................................62 Ping Sweep ...........................................................................................................................................63 x ■ CONTENTS Scanning for TCP Services....................................................................................................................64 Scanning for UDP Services ...................................................................................................................65 Operating System Detection .................................................................................................................66 Common TCP and UDP-Based Services ................................................................................................67 NMAP Scripting Engine .........................................................................................................................68 Unknown Networks Ports ...............................................................................................69 On the Job: On Poor Documentation ..............................................................................70 DNS Zone Transfers ........................................................................................................71 DNS Brute Forcing ..........................................................................................................71 Server Debug Information ..............................................................................................72 Nslookup ........................................................................................................................74 Looping Nslookup .................................................................................................................................74 Getting Geographical IP Info Using Pollock ....................................................................75 Harvesting E-Mail Addresses with the Harvester ...........................................................77 Enumeration ...................................................................................................................77 Enumeration Example ...........................................................................................................................78 Enumerating Web Presence Using Netcraft....................................................................79 American Registry for Internet Numbers (ARIN) .............................................................80 Searching for IP Addresses ............................................................................................82 The Downside of Manual Domain Name and IP Address Searching .....................................................83 Data from Hacked Sites ..................................................................................................83 Where to Find Raw Data from Hacked Websites ..................................................................................84 The Ashley Madison Hack .....................................................................................................................84 Have I Been PWNED .......................................................................................................85 Shodan ...........................................................................................................................86 Checking Password Reset Functionality ........................................................................87 Summary ........................................................................................................................87 ■ Chapter 7: Exploiting Vulnerabilities ...................................................................89 System Compromise ......................................................................................................89 Password Attacks ...........................................................................................................90 xi

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.