The Basics of Hacking and Penetration Testing This page intentionally left blank The Basics of Hacking and Penetration Testing Ethical Hacking and Penetration Testing Made Easy Second Edition Dr. Patrick Engebretson David Kennedy, Technical Editor AMSTERDAM(cid:1)BOSTON(cid:1)HEIDELBERG(cid:1)LONDON(cid:1)NEWYORK OXFORD(cid:1)PARIS(cid:1)SANDIEGO(cid:1)SANFRANCISCO(cid:1)SYDNEY(cid:1)TOKYO SyngressisanimprintofElsevier AcquiringEditor:ChrisKatsaropoulos EditorialProjectManager:BenjaminRearick ProjectManager:PriyaKumaraguruparan Designer:MarkRogers SyngressisanimprintofElsevier 225WymanStreet,Waltham,MA02451,USA Copyright(cid:1)2013,2011ElsevierInc.Allrightsreserved. Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronicormechanical, includingphotocopying,recording,oranyinformationstorageandretrievalsystem,withoutpermissioninwriting fromthepublisher.Detailsonhowtoseekpermission,furtherinformationaboutthePublisher’spermissionspolicies andourarrangementswithorganizationssuchastheCopyrightClearanceCenterandtheCopyrightLicensingAgency, canbefoundatourwebsite:www.elsevier.com/permissions. ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher(otherthanas maybenotedherein). Notices Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperiencebroaden ourunderstanding,changesinresearchmethodsorprofessionalpractices,maybecomenecessary.Practitionersand researchersmustalwaysrelyontheirownexperienceandknowledgeinevaluatingandusinganyinformationor methodsdescribedherein.Inusingsuchinformationormethodstheyshouldbemindfuloftheirownsafetyandthe safetyofothers,includingpartiesforwhomtheyhaveaprofessionalresponsibility. Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assumeanyliabilityfor anyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability,negligenceorotherwise,orfromany useoroperationofanymethods,products,instructions,orideascontainedinthematerialherein. LibraryofCongressCataloging-in-PublicationData Engebretson,Pat(PatrickHenry),1974- Thebasicsofhackingandpenetrationtesting:ethicalhackingandpenetrationtestingmadeeasy/ PatrickEngebretson.eSecondedition. pagescm Includesbibliographicalreferencesandindex. ISBN978-0-12-411644-3 1.Penetrationtesting(Computersecurity)2.Computerhackers.3.ComputersoftwareeTesting.4.Computer crimesePrevention.I.Title. QA76.9.A25E54432013 005.8edc23 2013017241 BritishLibraryCataloguing-in-PublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary. ISBN:978-0-12-411644-3 ForinformationonallSyngresspublications, visitourwebsiteatwww.syngress.com. PrintedintheUnitedStatesofAmerica 13141510987654321 Dedication ThisbookisdedicatedtoGodandmyfamily.TimetomakelikeZacBrownand get Knee Deep. v This page intentionally left blank Contents ACKNOWLEDGMENTS.............................................................................ix ABOUT THE AUTHOR...............................................................................xi vii INTRODUCTION.....................................................................................xiii CHAPTER1 What is Penetration Testing?.............................................. 1 CHAPTER2 Reconnaissance................................................................ 19 CHAPTER3 Scanning.......................................................................... 53 CHAPTER4 Exploitation...................................................................... 79 CHAPTER5 Social Engineering.......................................................... 127 CHAPTER6 Web-BasedExploitation .................................................. 141 CHAPTER7 Post Exploitation and MaintainingAccess with Backdoors, Rootkits,and Meterpreter......................167 CHAPTER8 Wrapping Up thePenetration Test...................................187 INDEX................................................................................................199 This page intentionally left blank Acknowledgments Thank you to everyone involved in making this second edition possible. PublishingabookisateameffortandIhavebeenblessedtobesurroundedby ix greatteammates.Thelistbelowiswoefullyinadequate,soIapologizeinadvance and thank everyone who had a hand in making this book a reality. Special thanksto: MY WIFE My rock, my lighthouse, my steel cables. Thank you for the encouragement, belief, support, and willingness to become a “single mother” again while I disappearedforhoursanddaystoworkonthissecondedition.Aswithsomany thingsinmylife,Iamcertainthatwithoutyou,thisbookwouldnothavebeen. More than anyone else, Iowethis worktoyou.I loveyou. MY GIRLS Iknowthatinmanyways,thiseditionwasharderforyouthanthefirstbecause you are now old enough to miss me when I am gone, but still too young to understand why I do it. Someday, whenyou are older, I hope youpick up this book and knowthat allthat Ido inmylife is for you. MY FAMILY Thank you to my extended family for your love and support. An extra special thank you to my mother Joyce, who once again served as my unofficial editor and has probably read this book more times than anyone else. Your quick turnaround time and insights wereinvaluable. DAVE KENNEDY It has been a real honor to have youcontribute to the book. I know how busy youarebetweenfamily,TrustedSec,theCONcircuit,SET,andeveryothercrazy project you run, but you always made time for this project and your insights havemadethiseditionmuchbetterthanIcouldhavehopedfor.Thankyoumy friend.#hugs.IwouldberemissnottogivesomeadditionalcredittoDave,not onlydidhecontributethroughthetechnicaleditingprocessbuthealsoworked tirelesslytoensurethebookwasKalicompliantand(naturally)single-handedly ownedChapter 5 (SET).