by Penetration Testing



Similar documents
Penetration Testing 2014

Department of Computer Science and Technology, UTU 2014

June 2014 WMLUG Meeting Kali Linux

Vulnerability Assessment and Penetration Testing

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Audience. Pre-Requisites

Ethical Hacking and Attack Tools

Penetration Testing with Kali Linux

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Client logo placeholder XXX REPORT. Page 1 of 37

!!!!!!!!!!!!!!!!!!!!!!

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space


Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Ethical Hacking Course Layout

Kerem Kocaer 2010/04/14

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Network Penetration Testing

Lab 10: Security Testing Linux Server

(WAPT) Web Application Penetration Testing

CEH Version8 Course Outline

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

NETWORK SECURITY WITH OPENSOURCE FIREWALL

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Learn Ethical Hacking, Become a Pentester

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Penetration Testing Workshop

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Service Definition (Q-D1) Penetration Testing. Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

CYBERTRON NETWORK SOLUTIONS

James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015

Certified Penetration Testing Specialist

Creation of Pentesting Labs

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CRYPTUS DIPLOMA IN IT SECURITY

Build Your Own Security Lab

VMware: Advanced Security

Vinny Hoxha Vinny Hoxha 12/08/2009

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

BackTrack 5 tutorial Part I: Information gathering and VA tools

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Evaluation of Penetration Testing Software. Research

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Deciphering The Prominent Security Tools Ofkali Linux

Penetration Testing Report Client: Business Solutions June 15 th 2015

Web application testing

ANTI-HACKER TOOL KIT. ourth Edition

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Cyber Essentials. Test Specification

Ethical Hacking as a Professional Penetration Testing Technique

Open Source Security Tool Overview

Information Security. Training

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Certified Penetration Testing Specialist

Penetration Test Overview

Enumerating and Breaking VoIP

Certified Ethical Hacker Exam Version Comparison. Version Comparison

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Healthcare Information Security Governance and Public Safety II

How To Hack A Nmap Port Scan With A 10 Second Delay On A Network With A Network On A Windows Server (For A Freebie) On A Linux Computer (For Freebie). For A Free Download) On An Ipnet (For

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Certified Penetration Testing Engineer

encription IT Security and Forensic Services

Chapter 1 The Principles of Auditing 1

Pen Test Tips 2. Shell vs. Terminal

BASICS OF ETHICAL HACKING

Demystifying Penetration Testing

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Bust a cap in a web app with OWASP ZAP

FSP-201: Ethical Hacking & IT Security

Anatomy of an ethical penetration test

Ethical Hacking and Penetration Testing. Review of the obligatory litterature

Security Considerations White Paper for Cisco Smart Storage 1

EC Council Security Analyst (ECSA)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

The Nexpose Expert System

Virtual Learning Tools in Cyber Security Education

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Certified Ethical Hacker (CEH)

Vulnerability analysis

Security of IPv6 and DNSSEC for penetration testers

1. LAB SNIFFING LAB ID: 10

Transcription:

BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi Heriyanto rpafktl Pen I I llv. I\ 1 J community expe PUBLISHING- - BIRMINGHAM MUMBAI source experience distilled!?

Preface 1 PART 1: Lab Preparation and Testing Procedures Chapter 1: Beginning with BackTrack 9 History 9 BackTrack purpose 9 Getting BackTrack 11 Using BackTrack 12 Live DVD 12 Installing to hard disk 13 Installation in real machine 13 Installation in VirtualBox 14 Portable BackTrack 19 Configuring network connection 21 Ethernet setup 21 Wireless setup 22 Starting the network service 24 Updating BackTrack 24 Updating software applications 25 Updating the kernel 26 Installing additional weapons 29 Nessus vulnerability WebSecurify 31 Customizing BackTrack 32 Summary 34 scanner 30 Chapter 2: Penetration Testing Methodology 37 Types of penetration testing Black-box testing White-box testing Vulnerability assessment versus penetration testing 38 38 39 39

Security testing methodologies 41 Open Source Security Testing Methodology Manual (OSSTMM) 42 Key features and benefits 43 Information Systems Security Assessment Framework (ISSAF) 44 Key features and benefits 45 Open Web Application Security Project (OWASP) Top Ten 46 Key features and benefits 48 Web Application Security Consortium Threat Classification (WASC-TC) 49 Key features and benefits 50 BackTrack testing methodology 51 Target scoping 52 Information gathering 52 Target discovery 53 Enumerating target 53 Vulnerability mapping 53 Social engineering 54 Target exploitation 54 Privilege escalation 54 Maintaining access 55 Documentation and reporting 55 The ethics 55 Summary 56 PART II: Chapter 3: Target Scoping Penetration Testers Armory Gathering client requirements 62 Customer requirements form 63 Deliverables assessment form 64 Preparing the test plan 64 Test plan checklist 66 Profiling test boundaries 67 Defining business objectives 68 Project management and scheduling 69 Summary 70 Chapter 4: Information Gathering 73 Public resources 74 Document gathering 75 Metagoofil 75 DNS information 77 dnswalk 78 dnsenum 79 dnsmap 81 [M] 6j1

dnsmap-bulk 83 dnsrecon 84 fierce 85 Route information 86 Otrace 86 dmitry 88 itrace 90 tcpraceroute 91 tctrace Utilizing search engines 93 goorecon 93 theharvester 95 All-in-one intelligence gathering 96 Maltego 96 Documenting the information 101 Dradis 102 Summary 107 Chapter 5: Target Discovery 109 Introduction 109 Identifying the target machine 110 ping 110 arping 111 arping2 112 fping 113 genlist 115 hping2 116 hping3 117 lanmap 118 nbtscan 119 nping 121 onesixtyone 122 OS fingerprinting 122 pof 123 xprobe2 124 Summary 126 Chapter 6: Enumerating Target 127 Port scanning 127 AutoScan 131 Netifera 134 Nmap 136 Nmap target specification 138 [iii] 92

Nmap TCP scan options 139 Nmap UDP scan options 140 Nmap port specification 141 Nmap output options 142 Nmap timing options 143 Nmap scripting engine 144 Unicornscan 147 Zenmap 148 Service enumeration 152 Amap 152 Httprint 153 Httsquash 155 VPN enumeration 156 ike-scan 157 Summary 159 Chapter 7: Vulnerability Mapping 161 Types of vulnerabilities 162 Local vulnerability 162 Remote vulnerability 163 Vulnerability taxonomy 164 Open Vulnerability Assessment System (OpenVAS) 165 OpenVAS integrated security tools 166 Cisco analysis 169 Cisco Auditing Tool 169 Cisco Global Exploiter 170 Cisco Passwd Scanner 172 Fuzzy analysis 173 BED 173 Bunny 175 JBroFuzz 177 SMB analysis 180 Impacket Samrdump 180 Smb4k 181 SNMP analysis 182 ADMSnmp 183 Snmp Enum 184 SNMP Walk 186 Web application analysis 188 Database assessment tools 188 DBPwAudit 189 Pblind 190 SQLbrute 191

SQLiX 194 SQLMap 196 SQLNinja 199 Application assessment tools 202 Burp Suite 202 Grendel Scan 204 LBD 206 Nikto2 207 Paros Proxy 209 Ratproxy 210 W3AF 212 WAFWOOF 214 WebScarab 215 Summary 217 Chapter 8: Social Engineering 219 Modeling human psychology 220 Attack process 220 Attack methods 221 Impersonation 221 Reciprocation 222 Influential authority 222 Scarcity 223 Social relationship 223 Social Engineering Toolkit (SET) 224 Targeted phishing attack 225 Gathering user credentials 230 Common User Passwords Profiler (CUPP) 234 Summary 235 Chapter 9: Target Exploitation 237 Vulnerability research 238 Vulnerability and exploit repositories 240 Advanced exploitation toolkit 241 MSFConsole 242 MSFCLI 244 Ninja 101 drills 246 Scenario #1 246 Scenario #2 248 Scenario #3 252 Scenario #4 261 Scenario #5 263 Writing exploit module 268 Summary 273

Chapter 10: Privilege Escalation 275 Attacking the password 276 Offline attack tools 277 Rainbowcrack 277 Samdump2 280 John 282 Ophcrack 284 Crunch 285 Wyd Online attack tools 287 BruteSSH 287 Hydra 288 Network sniffers 289 Dsniff 290 Hamster 291 Tcpdump 294 Tcpick 295 Wireshark 296 Network spoofing tools 298 Arpspoof 298 Ettercap 300 Summary 304 Chapter 11: Maintaining Access 305 Protocol tunneling 305 DNS2tcp 306 Ptunnel 307 Stunnel4 308 Proxy 311 3proxy 311 Proxychains 312 End-to-end connection 313 CryptCat 313 Sbd 314 Socat 315 Summary 319 Chapter 12: Documentation and Reporting 321 Documentation and results verification 322 Types of reports 323 Executive report 323 Management report 324 Technical report 325 Network penetration testing report (sample contents) 326 [vi] 286

Table of Contents 326 Presentation 327 Post testing procedures 328 Summary 329 PART 111: Extra Ammunition Appendix A: Supplementary Tools 333 Vulnerability scanner 333 NeXpose community edition 334 NeXpose installation 334 Starting NeXpose community 335 Login to NeXpose community 336 Using NeXpose community 336 Web application fingerprinter 338 WhatWeb 338 BlindElephant 339 Network Ballista 341 Netcat 341 Open connection 342 Service banner grabbing 342 Simple server 343 File transfer 343 Portscanning 344 Backdoor Shell 344 Reverse shell 345 Summary 346 Appendix B: Key Resources 347 Vulnerability Disclosure and Tracking 347 Paid Incentive Programs 349 Reverse Engineering Resources 349 Network ports 350 Index 357 [vii]

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information