Hands-On Penetration Testing on Windows

Book Image

Hands-On Penetration Testing on Windows

By : Phil Bramwell

Book Image

Hands-On Penetration Testing on Windows

By: Phil Bramwell

Overview of this book

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients. In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode. We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.

Title Page

Dedication

Packt Upsell

Contributors

Preface

Free Chapter

Bypassing Network Access Control

Bypassing Network Access Control

Technical requirements

Bypassing MAC filtering – considerations for the physical assessor

Design weaknesses – exploiting weak authentication mechanisms

Bypassing validation checks

Breaking out of jail – masquerading the stack

Further reading

Sniffing and Spoofing

Sniffing and Spoofing

Technical requirements

Advanced Wireshark – going beyond simple captures

Advanced Ettercap – the man-in-the-middle Swiss Army Knife

Ettercap filters – fine-tuning your analysis

Getting better – spoofing with BetterCAP

Further reading

Windows Passwords on the Network

Windows Passwords on the Network

Technical requirements

Understanding Windows passwords

Capturing Windows passwords on the network

Let it rip – cracking Windows hashes

Further reading

Advanced Network Attacks

Advanced Network Attacks

Technical requirements

Binary injection with BetterCAP proxy modules

HTTP downgrading attacks with sslstrip

The evil upgrade – attacking software update mechanisms

IPv6 for hackers

Further reading

Cryptography and the Penetration Tester

Cryptography and the Penetration Tester

Technical requirements

Flipping the bit – integrity attacks against CBC algorithms

Sneaking your data in – hash length extension attacks

Busting the padding oracle with PadBuster

Further reading

Advanced Exploitation with Metasploit

Advanced Exploitation with Metasploit

Technical requirements

How to get it right the first time – generating payloads

Modules – the bread and butter of Metasploit

Efficiency and attack organization with Armitage

Social engineering attacks with Metasploit payloads

Further reading

Stack and Heap Memory Management

Stack and Heap Memory Management

Technical requirements

An introduction to debugging

Stack smack – introducing buffer overflows

Introducing shellcoding

Further Reading

Windows Kernel Security

Windows Kernel Security

Technical requirements

Kernel fundamentals – understanding how kernel attacks work

Pointing out the problem – pointer issues

Practical kernel attacks with Kali

Further reading

Weaponizing Python

Weaponizing Python

Technical requirements

Incorporating Python into your work

Python network analysis

Antimalware evasion in Python

Python and Scapy – a classy pair

Further reading

Windows Shellcoding

Windows Shellcoding

Technical requirements

Taking out the guesswork – heap spraying

Understanding Metasploit shellcode delivery

Injection with Backdoor Factory

Further reading

Bypassing Protections with ROP

Bypassing Protections with ROP

Technical requirements

DEP and ASLR – the intentional and the unavoidable

Introducing return-oriented programming

Getting hands-on with the return-to-PLT attack

Further reading

Fuzzing Techniques

Fuzzing Techniques

Technical requirements

Network fuzzing – mutation fuzzing with Taof proxying

Hands-on fuzzing with Kali and Python

Fuzzy registers – the low-level perspective

Further reading

Going Beyond the Foothold

Going Beyond the Foothold

Technical requirements

Gathering goodies – enumeration with post modules

Network pivoting with Metasploit

Escalating your pivot – passing attacks down the line

Further reading

Taking PowerShell to the Next Level

Taking PowerShell to the Next Level

Technical requirements

Power to the shell – PowerShell fundamentals

Post-exploitation with PowerShell

Offensive PowerShell – introducing the Empire framework

Further reading

Escalating Privileges

Escalating Privileges

Technical requirements

Climb the ladder with Armitage

When the easy way fails—local exploits

Escalation with WMIC and PS Empire

Dancing in the shadows – looting domain controllers with vssadmin

Further reading

Maintaining Access

Maintaining Access

Technical requirements

Persistence with Metasploit and PowerShell Empire

Hack tunnels – netcat backdoors on the fly

Maintaining access with PowerSploit

Further reading

Tips and Tricks

Tips and Tricks

Getting familiar with VMware Workstation

Building your attack lab

Network configuration tricks

Further reading

Assessment

Chapter 1: Bypassing Network Access Control

Chapter 2: Sniffing and Spoofing

Chapter 3: Windows Passwords on the Network

Chapter 4: Advanced Network Attacks

Chapter 5: Cryptography and the Penetration Tester

Chapter 6: Advanced Exploitation with Metasploit

Chapter 7: Stack and Heap Memory Management

Chapter 8: Windows Kernel Security

Chapter 9: Weaponizing Python

Chapter 10: Windows Shellcoding

Chapter 11: Bypassing Protections with ROP

Chapter 12: Fuzzing Techniques

Chapter 13: Going Beyond the Foothold

Chapter 14: Taking PowerShell to the Next Level

Chapter 15: Escalating Privileges

Chapter 16: Maintaining Access

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Appendix 2. Other Books You May Enjoy

If you enjoyed this book, you may be interested in these other books by Packt:

Kali Linux - An Ethical Hacker's Cookbook Himanshu Sharma

ISBN: 978-1-78712-182-9

Installing, setting up and customizing Kali for pentesting on multiple platforms
Pentesting routers and embedded devices
Bug hunting 2017
Pwning and escalating through corporate network
Buffer overﬂows 101
Auditing wireless networks
Fiddling around with software-defned radio
Hacking on the run with NetHunter
Writing good quality reports

Mastering Kali Linux for Advanced Penetration Testing - Second Edition Vijay Kumar Velu

ISBN: 978-1-78712-023-5

Select and configure the most effective tools from Kali Linux to test network security
Employ stealth to avoid detection in the network being tested
Recognize when stealth attacks are being used against your network
Exploit networks and data systems using wired and wireless networks as well as web services
Identify and download valuable data from target systems
Maintain access to compromised systems
Use social engineering to compromise the weakest part of the network—the end users