The Basics of Hacking and Penetration Testing Ethical Hacking and Penetration Testing Made Easy SECOND EDITION Dr. Patrick Engebretson TECHNICAL EDITOR David Kennedy Includes Coverage of Kali Linux Table of Contents Cover image Title page Copyright Dedication Acknowledgments My Wife My Girls My Family Dave Kennedy Jared DeMott To The Syngress Team About the Author Introduction What Is New In This Edition? Who Is The Intended Audience For This Book? How Is This Book Different From Book ‘X’? Why Should I Buy This Book? What Do I Need To Follow Along? Chapter 1. What is Penetration Testing? Information In This Chapter: Introduction Setting The Stage Introduction To Kali And Backtrack Linux: Tools. Lots Of Tools Working With Your Attack Machine: Starting The Engine The Use And Creation Of A Hacking Lab Phases Of A Penetration Test Where Do I Go From Here? Summary Chapter 2. Reconnaissance Information In This Chapter: Introduction HTTrack: Website Copier Google Directives: Practicing Your Google-Fu The Harvester: Discovering And Leveraging E-Mail Addresses Whois Netcraft Host Extracting Information From DNS Nslookup Dig Fierce: What To Do When Zone Transfers Fail Extracting Information From E-Mail Servers MetaGooFil ThreatAgent: Attack Of The Drones Social Engineering Sifting Through The Intel To Find Attackable Targets How Do I Practice This Step? Where Do I Go From Here? Summary Chapter 3. Scanning Information In This Chapter: Introduction Pings And Ping Sweeps Port Scanning The Three-Way Handshake Using Nmap To Perform A TCP Connect Scan Using Nmap To Perform An SYN Scan Using Nmap To Perform UDP Scans Using Nmap To Perform An Xmas Scan Using Nmap To Perform Null Scans The Nmap Scripting Engine: From Caterpillar To Butterfly Port Scanning Wrap Up Vulnerability Scanning How Do I Practice This Step? Where Do I Go From Here? Summary Chapter 4. Exploitation Information In This Chapter: Introduction Medusa: Gaining Access To Remote Services Metasploit: Hacking, Hugh Jackman Style! JtR: King Of The Password Crackers Local Password Cracking Remote Password Cracking Linux Password Cracking And A Quick Example Of Privilege Escalation Password Resetting: The Building And The Wrecking Ball Wireshark: Sniffing Network Traffic Macof: Making Chicken Salad Out Of Chicken Sh∗T Armitage: Introducing Doug Flutie Of Hacking Why Learn Five Tools When One Works Just As Well? How Do I Practice This Step? Where Do I Go From Here? Summary Chapter 5. Social Engineering Information In This Chapter: Introduction The Basics Of SET Website Attack Vectors The Credential Harvester Other Options Within SET Summary Chapter 6. Web-Based Exploitation Information In This Chapter: Introduction The Basics Of Web Hacking Nikto: Interrogating Web Servers W3af: More Than Just A Pretty Face Spidering: Crawling Your Target’s Website Intercepting Requests With Webscarab Code Injection Attacks Cross-Site Scripting: Browsers That Trust Sites ZED Attack Proxy: Bringing It All Together Under One Roof Intercepting In ZAP Spidering In ZAP Scanning In ZAP How Do I Practice This Step? Where Do I Go From Here? Additional Resources Summary Chapter 7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter Information In This Chapter: Introduction Netcat: The Swiss Army Knife Netcat’s Cryptic Cousin: Cryptcat Rootkits Hacker Defender: It Is Not What You Think Detecting And Defending Against Rootkits Meterpreter: The Hammer That Turns Everything Into A Nail How Do I Practice This Step? Where Do I Go From Here? Summary Chapter 8. Wrapping Up the Penetration Test Information In This Chapter: Introduction Writing The Penetration Testing Report Executive Summary Detailed Report Raw Output You Do Not Have To Go Home But You Cannot Stay Here Where Do I Go From Here? Wrap Up The Circle Of Life Summary Index Copyright Acquiring Editor: Chris Katsaropoulos Editorial Project Manager: Benjamin Rearick Project Manager: Priya Kumaraguruparan Designer: Mark Rogers Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2013, 2011 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.