ebook img

Penetration Testing Bootcamp: Quickly get up and running with pentesting techniques PDF

253 Pages·2017·22.818 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Penetration Testing Bootcamp: Quickly get up and running with pentesting techniques

Penetration Testing Bootcamp Quickly get up and running with pentesting techniques Jason Beltrame BIRMINGHAM - MUMBAI Penetration Testing Bootcamp Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2017 Production reference: 1230617 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78728-874-4 www.packtpub.com Credits Authors Copy Editor Jason Beltrame Safis Editing Reviewer Project Coordinator Kubilay Onur Gungor Kinjal Bari Commissioning Editor Proofreader Pratik Shah Safis Editing Acquisition Editor Indexer Chandan Kumar Mariammal Chettiyar Content Development Editor Graphics Mamata Walkar Kirk'd Penha Technical Editor Production Coordinator Naveenkumar Jain Melwyn dsa About the Author Jason Beltrame is a Systems Engineer for Cisco, living in the Eastern Pennsylvania Area. He has worked in the Network and Security field for 18 years, with the last 2 years as a Systems Engineer, and the prior 16 years on the operational side as a Network Engineer. During that time, Jason has achieved the following certifications: CISSP, CCNP, CCNP Security, CCDP, CCSP, CISA, ITILv2, and VCP5. He is a graduate from DeSales University with a BS in Computer Science. He has a passion for security and loves learning. In his current role at Cisco, Jason focuses on Security and Enterprise Networks, but as a generalist SE, he covers all aspects of technology. Jason works with commercial territory customers, helping them achieve their technology goals based on their individual business requirements. His 16 years of real-world experience allows him to relate with his customers and understand both their challenges and desired outcomes. I would like to thank my wife, Becky, for her support and love, as well as everything that she does. I would also like to thank both my children, Josh and Ryan, for supporting me along the way, and helping me relax and put things in perspective. Without this strong support system that I have, none of this would have been possible. Finally, I would like to thank Mike McPhee and Joey Muniz for their support in writing this new book. About the Reviewer Kubilay Onur Gungor has been working in the Cyber Security field for more than 8 years. He started his professional career with cryptanalysis of encrypted images using chaotic logistic maps. After working as a QA tester in the Netsparker Project, he continued his career in the penetration testing field. He performed many penetration tests and consultancies on the IT infrastructure of many large clients, such as banks, government institutions, and telecommunication companies. Following his pentesting activities, he worked as a web application security expert and incident management and response expert Sony Europe and Global Sony Electronics. Kubilay believes in a multidisciplinary approach to cyber security and defines it as a struggle. With this approach, he has developed his own unique certification and training program, including, penetration testing-malware analysis, incident management and response, cyber terrorism, criminal profiling, unorthodox methods, perception management, and international relations. Currently, this certification program is up and running in Istanbul as cyberstruggle.org. Besides security certificates, he holds foreign policy, brand management, surviving in extreme conditions, international cyber conflicts, anti-terrorism accreditation board, terrorism and counter-terrorism comparing studies certificates. www.PacktPub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. https://www.packtpub.com/mapt Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787288749. If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products! Table of Contents Preface 1 Chapter 1: Planning and Preparation 5 Why does penetration testing take place? 5 Understanding the engagement 6 Defining objectives with stakeholder questionnaires 6 Scoping criteria 7 Documentation 7 Understanding the network diagram – onshore IT example 8 Data flow diagram 9 Organization chart 11 Building the systems for the penetration test 12 Penetration system software setup 12 Summary 18 Chapter 2: Information Gathering 19 Understanding the current environment 20 Where to look for information – checking out the toolbox! 21 Search engines as an information source 21 Utilizing whois for information gathering 22 Enumerating DNS with dnsmap 25 DNS reconnaissance with DNSRecon 27 Checking for a DNS BIND version 29 Probing the network with Nmap 30 Checking for DNS recursion with NSE 33 Fingerprinting systems with P0f 34 Firewall reconnaissance with Firewalk 38 Detecting a web application firewall 42 Protocol fuzzing with DotDotPwn 44 Using Netdiscover to find undocumented IPs 46 Enumerating your findings 47 Summary 48 Chapter 3: Setting up and maintaining the Command and Control Server 49 Command and control servers 50 Setting up secure connectivity 51 Inside server SSH setup 52 Command and control server SSH setup 53 Setting up a reverse SSH tunnel 54 stunnel to the rescue 59 stunnel setup on the client – Raspberry Pi 61 Verifying automation 62 Automating evidence collection 63 File utilities 66 Playing with tar 66 Split utility 67 Summary 68 Chapter 4: Vulnerability Scanning and Metasploit 69 Vulnerability scanning tools 70 Scanning techniques 71 OpenVAS 71 Getting started with OpenVAS 72 Performing scans against the environment 75 Getting started with Metasploit 81 Exploiting our targets with Metasploit 82 Understanding client-side attacks 88 Using BeEF for browser-based exploitation 88 Using SET for client-side exploitation 92 Summary 96 Chapter 5: Traffic Sniffing and Spoofing 97 Traffic sniffing tools and techniques 97 Sniffing tools 98 Tcpdump 99 WinDump 102 Wireshark 103 Understanding spoofing attacks 108 ARP spoofing 109 Ettercap 112 SSLStrip 117 Intercepting SSL traffic with SSLsplit 119 Summary 124 Chapter 6: Password-based Attacks 125 Generating rainbow tables and wordlists 125 Creating rainbows with RainbowCrack 126 Crunching wordlists 129 Online locations 130 [ ii ]

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.