Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier



Similar documents
Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Network Security: A Practical Approach. Jan L. Harrington

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Customer Relationship Management

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Metrics and Methods for Security Risk Management

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Managing Data in Motion

Virtualization and Forensics

Risk Analysis and the Security Survey

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Supply Chain Strategies

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

CYBERTRON NETWORK SOLUTIONS

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

Data Warehousing in the Age of Big Data

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Information Security

Eleventh Hour Security+

Measuring Data Quality for Ongoing Improvement

PowerShell for Penetration Testers

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Rapid System Prototyping with FPGAs

Implementing Database Security and Auditing

How To Perform An External Security Vulnerability Assessment Of An External Computer System

SharePoint Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.

Practical Intrusion Analysis

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Penetration Testing. Presented by

Certified Ethical Hacker (CEH)

by Penetration Testing

CRYPTUS DIPLOMA IN IT SECURITY

Footprinting and Reconnaissance Tools

Certified Ethical Hacker Exam Version Comparison. Version Comparison

for the Entire Organization

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

EC-Council Certified Security Analyst (ECSA)

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Master Data Management

INTERNATIONAL MONEY AND FINANCE

Digital Forensics with Open Source Tools

Vinny Hoxha Vinny Hoxha 12/08/2009

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Engineering DOCUMENTATION CONTROL HANDBOOK

How To Write A Diagram

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

June 2014 WMLUG Meeting Kali Linux

Department of Computer Science and Technology, UTU 2014

Private Equity and Venture Capital in Europe

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Hackers are here. Where are you?

Security Posture Assessment(SPA)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Computer Security Literacy

Build Your Own Security Lab

Human Performance Improvement

IT Manager's Handbook

CEH Version8 Course Outline

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Digital Pathways. Penetration Testing

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Financial Statement Analysis

Ethical Hacking Course Layout

McAfee Certified Assessment Specialist Network

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

Real World Web Service Testing For Web Hackers

!!!!!!!!!!!!!!!!!!!!!!

EC-Council. Certified Ethical Hacker. Program Brochure

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Working Memory and Education

Penetration testing & Ethical Hacking. Security Week 2014

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

IDS and Penetration Testing Lab ISA656 (Attacker)

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

Eye Tracking in User Experience Design

Looking at the SANS 20 Critical Security Controls

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

A Biologically Inspired Approach to Network Vulnerability Identification

Transcription:

Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY TOKYO SYNGRESS Syngrcss is an imprint of Elsevier

Contents Acknowledgments Introduction About the Author About the Technical Editor xiii xv xxi xxi CHAPTER 1 Tools of the Trade i 1.1 Objectives 1 1.2 Approach 2 1.3 Core technologies 4 1.3.1 LiveCDs 4 1.3.2 ISO images 6 1.3.3 Bootable USB drives 6 1.3.4 Creating a persistent LiveCD 8 1.4 Open source tools 9 1.4.1 Tools for building LiveCDs 9 1.4.2 Penetration testing toolkits 12 1.4.3 Penetration testing targets 20 1.5 Case study: the tools in action 23 1.6 Hands-on challenge 27 Summary 27 Endnote 28 49 CHAPTER 2 Reconnaissance 29 2.1 Objective 30 2.2 A methodology for reconnaissance 32 2.3 Intelligence gathering 33 2.3.1 Core technologies 34 2.3.2 Approach 36 2.3.3 Open source tools 40 2.3.4 Intelligence gathering summary 49 2.4 Footprinting 2.4.1 Core technologies 49 2.4.2 Approach 55 2.4.3 Open source tools 59 2.4.4 Footprinting summary 67 2.5 Human recon 67 2.5.1 Core technologies 68 2.5.2 Open source tools 71 2.5.3 Human recon summary 74 vii

viii Contents 2.6 Verification 74 2.6.1 Core technologies 74 2.6.2 Approach 76 2.6.3 Open source tools 82 2.6.4 Verification summary 84 2.7 Case study: the tools in action 85 2.7.1 Intelligence gathering, footprinting, and verification of an Internet-connected network 85 2.7.2 Case study summary 92 2.8 Hands-on challenge 92 Summary 93 Endnotes 93 CHAPTER 3 Scanning and Enumeration 95 3.1 Objectives 95 3.1.1 Before you start 96 3.1.2 Why do scanning and enumeration? 96 3.2 Scanning 97 3.2.1 Approach 97 3.2.2 Core technology 98 3.2.3 Open source tools 101 3.3 Enumeration 110 3.3.1 Approach 110 3.3.2 Core technology 111 3.3.3 Open source tools 115 3.4 Case studies: the tools in action 128 3.4.1 External 129 3.4.2 Internal 131 3.4.3 Stealthy 134 3.4.4 Noisy (IDS) testing 136 3.5 Hands-on challenge 138 Summary 138 CHAPTER 4 Client-Side Attacks and Human Weaknesses 141 4.1 Objective 141 4.2 Phishing 142 4.2.1 Approaches 142 4.2.2 Core technologies 146 4.2.3 Open source tools 150 4.3 Social network attacks 156 4.3.1 Approach 156 4.3.2 Core technologies 161 4.3.3 Open source tools 164

Contents ix 4.4 Custom malware 170 4.4.1 Approach 170 4.4.2 Core technologies 172 4.4.3 Open source tools 175 4.5 Case study, the tools in action 181 4.6 Hands-on challenge 187 Summary 187 Endnote 188 CHAPTER 5 Hacking Database Services 189 5.1 Objective 189 5.2 Core technologies 190 5.2.1 Basic terminology 190 5.2.2 Database installation 191 5.2.3 Communication 193 5.2.4 Resources and auditing 193 5.3 Microsoft SQL Server 194 5.3.1 Microsoft SQL Server users 194 5.3.2 SQL Server roles and permissions 195 5.3.3 SQL Server stored procedures 195 5.3.4 Open source tools 196 5.4 Oracle database management system 202 5.4.1 Oracle users 202 5.4.2 Oracle roles and privileges 204 5.4.3 Oracle stored procedures 204 5.4.4 Open source tools 204 5.5 Case study: the tools in action 212 5.6 Hands-on challenge 215 Summary 216 CHAPTER 6 Web Server and Web Application Testing 219 6.1 Objective 219 6.1.1 Web server vulnerabilities: a short history 220 6.1.2 Web applications: the new challenge 221 6.2 Approach 221 6.2.1 Web server testing 222 6.2.2 CGI and default pages testing 223 6.2.3 Web application testing 224 6.3 Core technologies 224 6.3.1 Web server exploit basics 225 6.3.2 CGI and default page exploitation 230 6.3.3 Web application assessment 231

X Contents 6.4 Open source tools 233 6.4.1 WAFWOOF 234 6.4.2 Nikto 236 6.4.3 Grendel-Scan 238 6.4.4 fimap 241 6.4.5 SQLiX 243 6.4.6 sqlmap 245 6.4.7 DirBuster 245 6.5 Case study: the tools in action 247 6.6 Hands-on challenge 255 Summary 256 Endnote 257 CHAPTER 7 Network Devices 259 7.1 Objectives 259 7.2 Approach 260 7.3 Core technologies 260 7.3.1 Switches 261 7.3.2 Routers 264 7.3.3 Firewalls 265 7.3.4 IPv6 266 7.4 Open source tools 267 7.4.1 Footprinting tools 267 7.4.2 Scanning tools 271 7.4.3 Enumeration tools 276 7.4.4 Exploitation tools 276 7.5 Case study: the tools in action 284 7.6 Hands-on challenge 289 Summary 290 CHAPTER 8 Enterprise Application Testing 291 8.1 Objective 291 8.2 Core technologies 292 8.2.1 What is an enterprise application? 292 8.2.2 Multi-tier architecture 293 8.2.3 Integrations 295 8.3 Approach 296 8.4 Open source tools 300 8.4.1 Nmap 300 8.4.2 Netstat 301 8.4.3 sapyto 303 8.4.4. soapui 306 8.4.5 Metasploit 313

Contents xi 8.5 Case study: the tools in action 313 8.6 Hands-on challenge 317 Summary 318 CHAPTER 9 Wireless Penetration Testing 319 9.1 Objective 319 9.2 Approach 320 9.3 Core technologies 321 9.3.1 Understanding WLAN vulnerabilities 321 9.3.2 Evolution of WLAN vulnerabilities 322 9.3.3 Wireless penetration testing tools 324 9.4 Open source tools 332 9.4.1 Information-gathering tools 332 9.4.2 Footprinting tools 338 9.4.3 Enumeration tool 342 9.4.4 Vulnerability assessment tool 342 9.4.5 Exploitation tools 343 9.4.6 Bluetooth vulnerabilities 362 9.5 Case study: the tools in action 367 9.6 Hands-on challenge 369 Summary 370 CHAPTER 10 Building Penetration Test Labs 371 10.1 Objectives 372 10.2 Approach 372 10.2.1 Designing your lab 372 10.2.2 Building your lab 385 10.2.3 Running your lab 388 10.3 Core technologies 390 10.3.1 Defining virtualization 391 10.3.2 Virtualization and penetration testing 391 10.3.3 Virtualization architecture 392 10.4 Open source tools 394 10.4.1 Xen 394 10.4.2 VirtualBox 395 10.4.3 GNS3/Dynagen/Dynamips 395 10.4.4 Other tools 396 10.5 Case study: the tools in action 397 10.6 Hands-on challenge 400 Summary 401 Index 403

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information