Book Image

Penetration Testing Bootcamp

By : Jason Beltrame
Book Image

Penetration Testing Bootcamp

By: Jason Beltrame

Overview of this book

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.
Table of Contents (17 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Understanding spoofing attacks


What's the best way to get in between a conversation when it is not possible to physically be in line? Well, that's with spoofing attacks of course. Spoofing attacks are a fundamental requirement for attacks where you are in between a conversation or man-in-the-middle as it's often referred to. Spoofing attacks, in their simplest form, are you impersonating something else in order to get in the middle of that conversation or all the conversations if you impersonate the default gateway.

To accomplish this task, we will be performing ARP spoofing. This will allow us to tell the host to send its traffic to us as the default gateway and to tell the default gateway to send traffic to that host to us. This way, we can place ourselves in the middle of that conversation. Once we are in the middle of that conversation, we can not only learn information about the conversation, but also manipulate the various responses to glean information from either side or send malware...