O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Penetration Testing Bootcamp

Book Description

Sharpen your pentesting skill in a bootcamp

About This Book

  • Get practical demonstrations with in-depth explanations of complex security-related problems
  • Familiarize yourself with the most common web vulnerabilities
  • Get step-by-step guidance on managing testing results and reporting

Who This Book Is For

This book is for IT security enthusiasts and administrators who want to understand penetration testing quickly.

What You Will Learn

  • Perform different attacks such as MiTM, and bypassing SSL encryption
  • Crack passwords and wireless network keys with brute-forcing and wordlists
  • Test web applications for vulnerabilities
  • Use the Metasploit Framework to launch exploits and write your own Metasploit modules
  • Recover lost files, investigate successful hacks, and discover hidden data
  • Write organized and effective penetration testing reports

In Detail

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.

This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test.

In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.

Style and approach

This book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Conventions
    5. Reader feedback
    6. Customer support
      1. Errata
      2. Piracy
      3. Questions
  2. Planning and Preparation
    1. Why does penetration testing take place?
      1. Understanding the engagement
    2. Defining objectives with stakeholder questionnaires
      1. Scoping criteria
      2. Documentation
        1. Understanding the network diagram – onshore IT example
        2. Data flow diagram
        3. Organization chart
    3. Building the systems for the penetration test
      1. Penetration system software setup
    4. Summary
  3. Information Gathering
    1. Understanding the current environment
    2. Where to look for information – checking out the toolbox!
      1. Search engines as an information source
    3. Utilizing whois for information gathering
    4. Enumerating DNS with dnsmap
      1. DNS reconnaissance with DNSRecon
    5. Checking for a DNS BIND version
    6. Probing the network with Nmap
    7. Checking for DNS recursion with NSE
    8. Fingerprinting systems with P0f
    9. Firewall reconnaissance with Firewalk
    10. Detecting a web application firewall
    11. Protocol fuzzing with DotDotPwn
    12. Using Netdiscover to find undocumented IPs
    13. Enumerating your findings
    14. Summary
  4. Setting up and maintaining the Command and Control Server
    1. Command and control servers
    2. Setting up secure connectivity
      1. Inside server SSH setup
      2. Command and control server SSH setup
      3. Setting up a reverse SSH tunnel
      4. stunnel to the rescue
        1. stunnel setup on the client – Raspberry Pi
      5. Verifying automation
    3. Automating evidence collection
      1. File utilities
        1. Playing with tar
        2. Split utility
    4. Summary
  5. Vulnerability Scanning and Metasploit
    1. Vulnerability scanning tools
    2. Scanning techniques
    3. OpenVAS
    4. Getting started with OpenVAS
    5. Performing scans against the environment
    6. Getting started with Metasploit
    7. Exploiting our targets with Metasploit
    8. Understanding client-side attacks
    9. Using BeEF for browser-based exploitation
    10. Using SET for client-side exploitation
    11. Summary
  6. Traffic Sniffing and Spoofing
    1. Traffic sniffing tools and techniques
      1. Sniffing tools
        1. Tcpdump
        2. WinDump
        3. Wireshark
    2. Understanding spoofing attacks
      1. ARP spoofing
    3. Ettercap
      1. SSLStrip
    4. Intercepting SSL traffic with SSLsplit
    5. Summary
  7. Password-based Attacks
    1. Generating rainbow tables and wordlists
      1. Creating rainbows with RainbowCrack
      2. Crunching wordlists
      3. Online locations
    2. Cracking utilities
      1. John the Ripper
      2. THC-Hydra
      3. Ncrack
      4. Medusa
    3. Social engineering experiments
      1. Impersonation to get the goods
        1. Scenario 1
        2. Scenario 2
      2. Dumpster diving
      3. Free USB drives for all!!
    4. Summary
  8. Attacks on the Network Infrastructure
    1. Wired-based attacks
      1. snmp-check
        1. Rogue DHCP server
      2. Denial-of-service checks
        1. Various attacks with hping3
          1. Land attacks with hping3
          2. Smurf attacks using hping3
      3. MAC flooding with Macof
    2. Wireless-based attacks
      1. Cracking WPA2 with aircrack-ng
    3. Monitoring the airway with Kismet
    4. Attacking WEP with wifite
    5. Bluetooth probing
      1. Bluelog
      2. Btscanner
      3. Blueranger
      4. Scanning with Hcitool
    6. Physical security considerations
      1. Secure access
      2. Employee/vendor identification
    7. Summary
  9. Web Application Attacks
    1. Manipulation by client-side testing
      1. Cross-site scripting attacks
      2. Reflected XSS attack
      3. Stored XSS attack
      4. Using OWASP ZAP to find session issues
    2. Infrastructure and design weaknesses
      1. Uniscan
      2. Using Skipfish for web application recon
    3. Identity-based testing
      1. Role based access control
      2. Apache-users
      3. Wfuzz
      4. Validating data, error handling, and logic
      5. SQL Injection fun with Sqlmap
      6. Error handling issues
      7. Session management
      8. Burp suite with intercept
      9. Using XSS for cookie retrieval
      10. Summary
  10. Cleaning Up and Getting Out
    1. Cleaning up any trails left behind
      1. Covering your tracks
        1. Clearev with Metasploit
        2. Shredding files with shred
        3. CLI tips for hiding your tracks
        4. ClearLogs for Windows
        5. Using DD and mkfs to clear drives
        6. LUKS Nuke blowing up partition
      2. Destroying equipment
        1. Stakeholder-sponsored destruction
        2. Destruction by the penetration tester
    2. Summary
  11. Writing Up the Penetration Testing Report
    1. Gathering all your data
      1. Importance of defining risk
      2. Structure of a penetration test report
        1. Cover sheet
        2. Table of contents
        3. Executive summary
        4. The scope of the project
        5. Objectives of the penetration test
        6. Description of risk rating scale
        7. Summary of findings
        8. Detailed findings
        9. Conclusion
        10. Appendix A - tools used
        11. Appendix B - attached reports
        12. Appendix C - attached diagrams
        13. About your company
    2. Building the report
    3. Delivering the report
    4. Summary