Book Image

Advanced Infrastructure Penetration Testing

Book Image

Advanced Infrastructure Penetration Testing

Overview of this book

It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN. With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system. By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.
Table of Contents (14 chapters)

ARP attacks

Address Resolution Protocol (ARP) is a protocol that maps the IP addresses with their associated MAC addresses, based on the RFC 826 standard. ARP is implemented in many operating systems, including Linux.

You can check it using the arp command:

Attackers can exploit its cache to perform man-in-the-middle attacks using a tool such as Ettercap:

If you are already using Kali Linux, you can also use the dsniff utility:

Attackers can use the IP/MAC matching capability of the ARP protocol to map their MAC addresses with legitimate IP addresses. If you are using Kali Linux, you can use it directly from the main menu.

To defend against ARP attacks, it is better to use dynamic ARP inspection by checking whether the packets match the binding table entries, otherwise packets will be dropped; but first you need to configure DHCP snooping.

This is the normal ARP operation:

...