O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Conducting Network Penetration and Espionage in a Global Environment

Book Description

When it's all said and done, penetration testing remains the most effective way to identify security vulnerabilities in computer networks. Conducting Network Penetration and Espionage in a Global Environment provides detailed guidance on how to perform effective penetration testing of computer networks-using free, open source, and commercially avai

Table of Contents

  1. Preface
  2. About the Author
  3. Chapter 1 - What You Need to Know First
    1. MATLAB® and SimuLink (MathSoft.com)
    2. Recommended Defensive Measures
    3. Google News Groups
    4. Typical PT Process
    5. Recommended Books/Classes
    6. Last But Not Least—A Pet Peeve
    7. Training
    8. Minimal Paperwork
  4. Chapter 2 - Attack from Christmas Island
  5. Chapter 3 - Indirect Target Information Acquisition (ITIA)
    1. Shodan
    2. Using Google to Obtain Information
    3. TheHarvester
    4. Nslookup
    5. Dig
    6. Dnsenum
    7. Dnswalk
    8. Dnsrecon
    9. Fierce
    10. Smtp-user-enum
    11. Dnsmap
    12. Dmitry
    13. Itrace
    14. Tcptraceroute
    15. Tctrace
    16. Goorecon
    17. Snmpenum
    18. Snmpwalk
    19. Snmpcheck
  6. Chapter 4 - Direct Target Information Acquisition (DTIA)
    1. Target Discovery
      1. Ping
      2. #ping -c 2 <target>
      3. #ping -c 3 -s 1000 IP
      4. Fping
      5. Genlist
      6. Hping
      7. Nbtscan
      8. Nping
      9. Onesixtyone
      10. P0f
      11. Xprobe2
    2. Enumerating Target
    3. Some Miscellaneous Items to Keep in Mind (Refer to as Needed)
      1. Start Networks
      2. Create Videos
      3. Whois xumpidhjns.it.cx
      4. Whois 95.141.28.91
      5. Whois nucebeb.changeip.name
      6. Whois 64.120.252.74
      7. Netcraft
      8. Host
      9. DNS Tools (More)
      10. Nslookup
  7. Chapter 5 - Nmap
    1. Nmap -T0 -O -sTV -vv -p- -PN IP
    2. Nmap -O -sSV -vv -p- -PN IP
    3. Nmap–script http-enum,http-headers,http-methods,http-php-version -p 80 IP
    4. Nmap -A -vvv -p- -PN -iL IPlist.txt
    5. Nmap -f -f -vvv -p- -PN IP
    6. Nmap -sP -PA IP.0/24
    7. Nmap -sS -sU -p U:53,T:22,134-139 IP
    8. Nmap -O -sUV -vvv -p- -PN IP
    9. Nmap -O -sXV -vvv -p- -PN IP
    10. Nmap -O -sNV -vvv -p- -PN IP
    11. Nmap -mtu 16 -vvv -p- -PN IP
    12. Nmap -sM -vvv -p- -PN IP
    13. Nmap -sC -p- -PN IP
    14. Nmap -p 139,445 IP
    15. Nmap -scanflags PSH -p- -PN IP
    16. Nmap -scanflags PSH -p135 IP
    17. Nmap -scanflags SYN -p135 IP
    18. Nmap -sA -scanflags PSH -p- -PN IP
    19. Nmap -sP IP.0/24 -oA Results
    20. Nmap -sP -PA -oN Results IP.0/24
    21. Nmap -n -sP 192.168.4.1-20
    22. Nmap -sP -oG Results IP.0/24
    23. Nmap -v -sP 192.168.0.0/16 10.0.0.0/8
    24. Nmap -sP -PN -PS -reason IP
    25. Nmap -sL IP.1-255
    26. Nmap -sS -sV -O -v IP
    27. Nmap -T0 -vv -b FTP_IP TARGET_IP -oA Results
    28. Nmap -sF -PN -p22 IP
    29. Nmap -sU -p0-65535 IP
    30. Nmap -sU -v -p 1-65535 IP
    31. Nmap -sU -p 161
    32. Nmap -sU -T5 -p 69, 123, 161, 1985 IP
    33. Nmap -PP -PM IP
      1. Nmap -sO IP
      2. Nmap -O IP
      3. Nmap -sV IP
  8. Chapter 6 - MATLAB, SimuLink, and R
  9. Chapter 7 - Metasploit Pro
    1. Now Verify Database Connectivity with Metasploit
    2. Perform an Nmap Scan within Metasploit
    3. Using Auxiliary Modules in Metasploit
    4. Using Metasploit to Exploit
      1. No Options to Set
      2. See Lots of Them
      3. Did We Obtain a Command Shell?
      4. See the Active Driver, such as postgresql
    5. If You Get an Error While Connecting to the DB
    6. Using the DB to Store Pen Test Results
    7. Analyzing Stored Results of DB
    8. Unfiltered Port
    9. Using Metasploit Auxiliary Module for Scans
      1. Use
      2. Set
      3. Run
    10. To Make the Scan Faster across Multiple Devices
    11. Target Services Scanning with Auxiliary Modules
    12. Vulnerability Scan with Metasploit Using Nessus
    13. Scanning with Nexpose within Metasploit:
    14. Note about Exploit-db
    15. Some Metasploit Exploit Commands
    16. Microsoft Exploit
    17. Exploiting a Windows 2003 Server
    18. Exploiting Windows 7/Server 2008 R2 SMB Client
    19. Exploiting Linux Ubuntu System
    20. Client Side Exploitation and A/V Bypass
    21. Msfpayload Can Be Used to Generate Binary and Shellcode
    22. To Set Up a Listener for the Reverse Connection
    23. Run Some Linux PPC Payloads against the FSB
    24. Generate Shellcode in C
    25. Meterpreter Commands
    26. Executive Summary
    27. Detailed Findings
      1. Tools Utilized
    28. Recommendations to Resolve Issues
  10. Chapter 8 - China, Syria, and the American Intelligence Community
    1. The Burning
    2. China
    3. Syria
  11. Chapter 9 - Building a Penetration Testing Lab
  12. Chapter 10 - Vendor Default Passwords and Default Unix Ports
  13. Chapter 11 - Oldies but Goodies If You Have Physical Access
    1. SafeBack
      1. New Technologies, Inc.
    2. GetTime
      1. New Technologies, Inc.
    3. FileList and FileCnvt and Excel
      1. New Technologies, Inc.
    4. GetFree
      1. New Technologies, Inc.
    5. Swap Files and GetSwap
      1. New Technologies, Inc.
        1. General Information
    6. GetSlack
      1. New Technologies, Inc.
    7. Temporary Files
    8. Filter_I
      1. New Technologies, Inc.
        1. Filter
        2. Intel
        3. Names
        4. Words
    9. Keyword Generation
      1. New Technologies, Inc.
    10. TextSearch Plus
      1. New Technologies, Inc.
    11. Crcmd5
      1. New Technologies, Inc.
    12. DiskSig
      1. New Technologies, Inc.
    13. Doc
      1. New Technologies, Inc.
    14. Mcrypt
      1. New Technologies, Inc.
    15. Micro-Zap
      1. New Technologies, Inc.
    16. Map
      1. New Technologies, Inc.
    17. M-Sweep
      1. New Technologies, Inc.
    18. Net Threat Analyzer
      1. New Technologies, Inc.
    19. AnaDisk
      1. New Technologies, Inc.
    20. Seized
      1. New Technologies, Inc.
    21. Scrub
      1. New Technologies, Inc.
    22. Spaces
      1. New Technologies, Inc.
    23. NTFS FileList
      1. New Technologies, Inc.
        1. Example
        2. General Information
    24. NTFS GetFree
      1. New Technologies, Inc.
        1. Example
        2. General Information
    25. NTFS GetSlack
      1. New Technologies, Inc.
        1. Example
        2. General Information
    26. NTFS VIEW
      1. New Technologies, Inc.
        1. Example
    27. NTFS Check
      1. New Technologies, Inc.
        1. Example
    28. NTIcopy
      1. New Technologies, Inc.
    29. Disk Search 32
      1. New Technologies, Inc.
        1. Example
  14. Chapter 12 - Order of Operations for Your Tools
    1. Reconnaissance
    2. Enumeration
    3. Exploitation
    4. Wireless Networks
    5. VOIP Networks
    6. Reporting
    7. Scripting/Programming/Debugging
  15. Chapter 13 - Using Your iPhone as a Network Scanner
    1. IP Scanner
    2. NetPro
    3. WiFi Scanner
    4. iNet
    5. Net Detective
    6. Net Swiss Army Knife
    7. Ping Analyzer
    8. WiFi Net Info
    9. TraceRoute
    10. PortScan
    11. Net Utility
    12. zTools