Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By : Phil Bramwell
Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By: Phil Bramwell

Overview of this book

Let’s be honest—security testing can get repetitive. If you’re ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients. This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You’ll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you’ll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you’ll be able to go deeper and keep your access. By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients’ environments and providing the necessary insight for proper remediation.

Related Content you might be interested in

Current Title:

Small book image
Windows and Linux Penetration Testing from Scratch - Second Edition
Phil Bramwell
Aug, 2022 | 510 pages
No titles found
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Part 1: Recon and Exploitation
Part 1: Recon and Exploitation
Free Chapter
2
Chapter 1: Open Source Intelligence
Chapter 1: Open Source Intelligence
Technical requirements
Hiding in plain sight – OSINT and passive recon
The world of Shodan
Google’s dark side
Diving into OSINT with Kali
Summary
Questions
3
Chapter 2: Bypassing Network Access Control
Chapter 2: Bypassing Network Access Control
Technical requirements
Bypassing media access control filtering – considerations for the physical assessor
Design weaknesses – exploiting weak authentication mechanisms
Bypassing validation checks
Breaking out of jail – masquerading the stack
Summary
Questions
Further reading
4
Chapter 3: Sniffing and Spoofing
Chapter 3: Sniffing and Spoofing
Technical requirements
Advanced Wireshark – going beyond simple captures
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Getting better – scanning, sniffing, and spoofing with BetterCAP
Summary
Questions
Further reading
5
Chapter 4: Windows Passwords on the Network
Chapter 4: Windows Passwords on the Network
Technical requirements
Understanding Windows passwords
Capturing Windows passwords on the network
Let it rip – cracking Windows hashes
Summary
Questions
Further reading
6
Chapter 5: Assessing Network Security
Chapter 5: Assessing Network Security
Technical requirements
Network probing with Nmap
Exploring binary injection with BetterCAP
Smuggling data – dodging firewalls with HTTPTunnel
IPv6 for hackers
Summary
Questions
Further reading
7
Chapter 6: Cryptography and the Penetration Tester
Chapter 6: Cryptography and the Penetration Tester
Technical requirements
Flipping the bit – integrity attacks against CBC algorithms
Sneaking your data in – hash length extension attacks
Busting the padding oracle with PadBuster
Summary
Questions
8
Chapter 7: Advanced Exploitation with Metasploit
Chapter 7: Advanced Exploitation with Metasploit
Technical requirements
How to get it right the first time – generating payloads
Modules – the bread and butter of Metasploit
Efficiency and attack organization with Armitage
Social engineering attacks with Metasploit payloads
Summary
Questions
Further reading
9
Part 2: Vulnerability Fundamentals
Part 2: Vulnerability Fundamentals
10
Chapter 8: Python Fundamentals
Chapter 8: Python Fundamentals
Technical requirements
Incorporating Python into your work
Network analysis with Python modules
Antimalware evasion in Python
Python and Scapy – a classy pair
Summary
Questions
Further reading
11
Chapter 9: PowerShell Fundamentals
Chapter 9: PowerShell Fundamentals
Technical requirements
Power to the shell – PowerShell fundamentals
Post-exploitation with PowerShell
Encoding and decoding binaries in PowerShell
Offensive PowerShell – introducing the Empire framework
Summary
Questions
Further reading
12
Chapter 10: Shellcoding - The Stack
Chapter 10: Shellcoding - The Stack
Technical requirements
An introduction to debugging
Stack smack – introducing buffer overflows
Introducing shellcoding
Summary
Questions
Further reading
13
Chapter 11: Shellcoding – Bypassing Protections
Chapter 11: Shellcoding – Bypassing Protections
Technical requirements
DEP and ASLR – the intentional and the unavoidable
Introducing ROP
Getting hands-on with the return-to-PLT attack
Summary
Questions
Further reading
14
Chapter 12: Shellcoding – Evading Antivirus
Chapter 12: Shellcoding – Evading Antivirus
Technical requirements
Living off the land with PowerShell
Understanding Metasploit shellcode delivery
Injection with Backdoor Factory
Summary
Questions
15
Chapter 13: Windows Kernel Security
Chapter 13: Windows Kernel Security
Technical requirements
Kernel fundamentals – understanding how kernel attacks work
Pointing out the problem – pointer issues
Practical kernel attacks with Kali
Summary
Questions
Further reading
16
Chapter 14: Fuzzing Techniques
Chapter 14: Fuzzing Techniques
Technical requirements
Network fuzzing – mutation fuzzing with Taof proxying
Hands-on fuzzing with Kali and Python
Fuzzy registers – the low-level perspective
Summary
Questions
Further reading
17
Part 3: Post-Exploitation
Part 3: Post-Exploitation
18
Chapter 15: Going Beyond the Foothold
Chapter 15: Going Beyond the Foothold
Technical requirements
Gathering goodies – enumeration with post modules
Network pivoting with Metasploit
Escalating your pivot – passing attacks down the line
Summary
Questions
Further reading
19
Chapter 16: Escalating Privileges
Chapter 16: Escalating Privileges
Technical requirements
Climbing the ladder with Armitage
When the easy way fails – local exploits
Escalation with WMIC and PS Empire
Dancing in the shadows – looting domain controllers with vssadmin
Summary
Questions
Further reading
20
Chapter 17: Maintaining Access
Chapter 17: Maintaining Access
Technical requirements
Persistence with Metasploit and PowerShell Empire
Hack tunnels – netcat backdoors on the fly
Maintaining access with PowerSploit
Summary
Questions
Further reading
21
Answers
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Preface

Maybe you’ve just finished a boot camp on ethical hacking and you can’t get enough. Perhaps you’re an administrator who has realized that it’s time to understand how the bad guys work with these dark arts. It’s also possible that someone gave you this book for your birthday after misunderstanding when you said you have a keen interest in den nesting. Whoever you are (except for that last one), this book is for you. But why this book?

Let’s be honest: this subject has a tendency to be dry. Sometimes, it feels like an author is there to just tell us how it is, providing a sparse foundation of the concepts under discussion. I think the experience is more enjoyable if it feels more like an interactive learning session than a lecture. So, I’ve endeavored to discuss pen testing in a more conversational and relaxed manner. Reading this book should feel like we’re just hanging out in the lab and exploring these concepts. I think the kids these days call this vibing. I’ll have to ask my nieces.

This book isn’t intended for complete beginners, but it is accessible to different levels of experience. Overall, it is assumed that you have some experience and education in information technology and cybersecurity. This book won’t “teach you how to hack,” and in fact, many of the labs feature old attacks that aren’t likely to succeed in a real-world environment. The foundation they all provide, however, is very much still relevant. The lessons will be valuable to those who intend to understand how the core concept works, and from there, they can be translated into modern attacks. This book emphasizes understanding over blindly following steps.

Previous Section
Next Section