Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

The Attack

In the briefing I stated that I wanted to attack the processes used by the editing staff in some way. The philosophy behind that being that it behooves you to learn the way your target works to create the most successful and precise attacks possible, rather than relying on generic exploits or attacks.

This attack is directed at Adobe InDesign, a complex publishing layout and editing package. Rather than look for unpublished buffer overflows or other memory corruption bugs, the goal is to create a hostile InDesign plugin and trick a user into installing it. Creating plugins for InDesign can be complex process, but this code need not be overly complicated as the goal is simply to deliver our C2 agent. Additionally, Adobe provides a complete Software Development Kit (SDK).

The targets are running OS X, so in order to create a plugin we need the following:

  • Adobe InDesign CS5
  • Apple InDesign SDK (download link)
  • A Mac running OS X, El Capitan
  • The latest version of Apple's Xcode...