Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By : Phil Bramwell
Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By: Phil Bramwell

Overview of this book

Let’s be honest—security testing can get repetitive. If you’re ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients. This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You’ll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you’ll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you’ll be able to go deeper and keep your access. By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients’ environments and providing the necessary insight for proper remediation.

Related Content you might be interested in

Current Title:

Small book image
Windows and Linux Penetration Testing from Scratch - Second Edition
Phil Bramwell
Aug, 2022 | 510 pages
No titles found
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Part 1: Recon and Exploitation
Part 1: Recon and Exploitation
Free Chapter
2
Chapter 1: Open Source Intelligence
Chapter 1: Open Source Intelligence
Technical requirements
Hiding in plain sight – OSINT and passive recon
The world of Shodan
Google’s dark side
Diving into OSINT with Kali
Summary
Questions
3
Chapter 2: Bypassing Network Access Control
Chapter 2: Bypassing Network Access Control
Technical requirements
Bypassing media access control filtering – considerations for the physical assessor
Design weaknesses – exploiting weak authentication mechanisms
Bypassing validation checks
Breaking out of jail – masquerading the stack
Summary
Questions
Further reading
4
Chapter 3: Sniffing and Spoofing
Chapter 3: Sniffing and Spoofing
Technical requirements
Advanced Wireshark – going beyond simple captures
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Getting better – scanning, sniffing, and spoofing with BetterCAP
Summary
Questions
Further reading
5
Chapter 4: Windows Passwords on the Network
Chapter 4: Windows Passwords on the Network
Technical requirements
Understanding Windows passwords
Capturing Windows passwords on the network
Let it rip – cracking Windows hashes
Summary
Questions
Further reading
6
Chapter 5: Assessing Network Security
Chapter 5: Assessing Network Security
Technical requirements
Network probing with Nmap
Exploring binary injection with BetterCAP
Smuggling data – dodging firewalls with HTTPTunnel
IPv6 for hackers
Summary
Questions
Further reading
7
Chapter 6: Cryptography and the Penetration Tester
Chapter 6: Cryptography and the Penetration Tester
Technical requirements
Flipping the bit – integrity attacks against CBC algorithms
Sneaking your data in – hash length extension attacks
Busting the padding oracle with PadBuster
Summary
Questions
8
Chapter 7: Advanced Exploitation with Metasploit
Chapter 7: Advanced Exploitation with Metasploit
Technical requirements
How to get it right the first time – generating payloads
Modules – the bread and butter of Metasploit
Efficiency and attack organization with Armitage
Social engineering attacks with Metasploit payloads
Summary
Questions
Further reading
9
Part 2: Vulnerability Fundamentals
Part 2: Vulnerability Fundamentals
10
Chapter 8: Python Fundamentals
Chapter 8: Python Fundamentals
Technical requirements
Incorporating Python into your work
Network analysis with Python modules
Antimalware evasion in Python
Python and Scapy – a classy pair
Summary
Questions
Further reading
11
Chapter 9: PowerShell Fundamentals
Chapter 9: PowerShell Fundamentals
Technical requirements
Power to the shell – PowerShell fundamentals
Post-exploitation with PowerShell
Encoding and decoding binaries in PowerShell
Offensive PowerShell – introducing the Empire framework
Summary
Questions
Further reading
12
Chapter 10: Shellcoding - The Stack
Chapter 10: Shellcoding - The Stack
Technical requirements
An introduction to debugging
Stack smack – introducing buffer overflows
Introducing shellcoding
Summary
Questions
Further reading
13
Chapter 11: Shellcoding – Bypassing Protections
Chapter 11: Shellcoding – Bypassing Protections
Technical requirements
DEP and ASLR – the intentional and the unavoidable
Introducing ROP
Getting hands-on with the return-to-PLT attack
Summary
Questions
Further reading
14
Chapter 12: Shellcoding – Evading Antivirus
Chapter 12: Shellcoding – Evading Antivirus
Technical requirements
Living off the land with PowerShell
Understanding Metasploit shellcode delivery
Injection with Backdoor Factory
Summary
Questions
15
Chapter 13: Windows Kernel Security
Chapter 13: Windows Kernel Security
Technical requirements
Kernel fundamentals – understanding how kernel attacks work
Pointing out the problem – pointer issues
Practical kernel attacks with Kali
Summary
Questions
Further reading
16
Chapter 14: Fuzzing Techniques
Chapter 14: Fuzzing Techniques
Technical requirements
Network fuzzing – mutation fuzzing with Taof proxying
Hands-on fuzzing with Kali and Python
Fuzzy registers – the low-level perspective
Summary
Questions
Further reading
17
Part 3: Post-Exploitation
Part 3: Post-Exploitation
18
Chapter 15: Going Beyond the Foothold
Chapter 15: Going Beyond the Foothold
Technical requirements
Gathering goodies – enumeration with post modules
Network pivoting with Metasploit
Escalating your pivot – passing attacks down the line
Summary
Questions
Further reading
19
Chapter 16: Escalating Privileges
Chapter 16: Escalating Privileges
Technical requirements
Climbing the ladder with Armitage
When the easy way fails – local exploits
Escalation with WMIC and PS Empire
Dancing in the shadows – looting domain controllers with vssadmin
Summary
Questions
Further reading
20
Chapter 17: Maintaining Access
Chapter 17: Maintaining Access
Technical requirements
Persistence with Metasploit and PowerShell Empire
Hack tunnels – netcat backdoors on the fly
Maintaining access with PowerSploit
Summary
Questions
Further reading
21
Answers
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Summary

In this chapter, we jumped into the fun (and disconcerting) world of OSINT. We started our journey by taking a look at what we can find with just our web browser: examining our target’s sites, sending weird requests to see whether we can prompt some funny response that reveals information, and checking out social media and other public resources. We reviewed a few services on the internet that scan and gather this information for us to see whether we can get a head start on our enumeration phase, looking for things such as insecure SSL/TLS, open ports, and just generally anything that’s exposed to the web that would usually take some time and probing to discover on our own. We took a look at what Google can find for us if we’re willing to think outside of the box, and finally, we cracked open our copy of Kali to see what kind of automation is available to us for applying these principles. Of course, this is just the surface of what can be a very sophisticated and surprisingly effective phase of any assessment, but we’ve started training our brains to think a little bit differently about the things our client may take for granted. We’ve dipped our toes into the waters of our client’s information – now, let’s get a little splashy. In the next chapter, we’re going to start probing the network and getting a feel for the insider’s perspective.

Previous Section
End of Section 7
Next Section