Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By : Phil Bramwell
Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By: Phil Bramwell

Overview of this book

Let’s be honest—security testing can get repetitive. If you’re ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients. This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You’ll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you’ll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you’ll be able to go deeper and keep your access. By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients’ environments and providing the necessary insight for proper remediation.

Related Content you might be interested in

Current Title:

Small book image
Windows and Linux Penetration Testing from Scratch - Second Edition
Phil Bramwell
Aug, 2022 | 510 pages
No titles found
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Part 1: Recon and Exploitation
Part 1: Recon and Exploitation
Free Chapter
2
Chapter 1: Open Source Intelligence
Chapter 1: Open Source Intelligence
Technical requirements
Hiding in plain sight – OSINT and passive recon
The world of Shodan
Google’s dark side
Diving into OSINT with Kali
Summary
Questions
3
Chapter 2: Bypassing Network Access Control
Chapter 2: Bypassing Network Access Control
Technical requirements
Bypassing media access control filtering – considerations for the physical assessor
Design weaknesses – exploiting weak authentication mechanisms
Bypassing validation checks
Breaking out of jail – masquerading the stack
Summary
Questions
Further reading
4
Chapter 3: Sniffing and Spoofing
Chapter 3: Sniffing and Spoofing
Technical requirements
Advanced Wireshark – going beyond simple captures
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Getting better – scanning, sniffing, and spoofing with BetterCAP
Summary
Questions
Further reading
5
Chapter 4: Windows Passwords on the Network
Chapter 4: Windows Passwords on the Network
Technical requirements
Understanding Windows passwords
Capturing Windows passwords on the network
Let it rip – cracking Windows hashes
Summary
Questions
Further reading
6
Chapter 5: Assessing Network Security
Chapter 5: Assessing Network Security
Technical requirements
Network probing with Nmap
Exploring binary injection with BetterCAP
Smuggling data – dodging firewalls with HTTPTunnel
IPv6 for hackers
Summary
Questions
Further reading
7
Chapter 6: Cryptography and the Penetration Tester
Chapter 6: Cryptography and the Penetration Tester
Technical requirements
Flipping the bit – integrity attacks against CBC algorithms
Sneaking your data in – hash length extension attacks
Busting the padding oracle with PadBuster
Summary
Questions
8
Chapter 7: Advanced Exploitation with Metasploit
Chapter 7: Advanced Exploitation with Metasploit
Technical requirements
How to get it right the first time – generating payloads
Modules – the bread and butter of Metasploit
Efficiency and attack organization with Armitage
Social engineering attacks with Metasploit payloads
Summary
Questions
Further reading
9
Part 2: Vulnerability Fundamentals
Part 2: Vulnerability Fundamentals
10
Chapter 8: Python Fundamentals
Chapter 8: Python Fundamentals
Technical requirements
Incorporating Python into your work
Network analysis with Python modules
Antimalware evasion in Python
Python and Scapy – a classy pair
Summary
Questions
Further reading
11
Chapter 9: PowerShell Fundamentals
Chapter 9: PowerShell Fundamentals
Technical requirements
Power to the shell – PowerShell fundamentals
Post-exploitation with PowerShell
Encoding and decoding binaries in PowerShell
Offensive PowerShell – introducing the Empire framework
Summary
Questions
Further reading
12
Chapter 10: Shellcoding - The Stack
Chapter 10: Shellcoding - The Stack
Technical requirements
An introduction to debugging
Stack smack – introducing buffer overflows
Introducing shellcoding
Summary
Questions
Further reading
13
Chapter 11: Shellcoding – Bypassing Protections
Chapter 11: Shellcoding – Bypassing Protections
Technical requirements
DEP and ASLR – the intentional and the unavoidable
Introducing ROP
Getting hands-on with the return-to-PLT attack
Summary
Questions
Further reading
14
Chapter 12: Shellcoding – Evading Antivirus
Chapter 12: Shellcoding – Evading Antivirus
Technical requirements
Living off the land with PowerShell
Understanding Metasploit shellcode delivery
Injection with Backdoor Factory
Summary
Questions
15
Chapter 13: Windows Kernel Security
Chapter 13: Windows Kernel Security
Technical requirements
Kernel fundamentals – understanding how kernel attacks work
Pointing out the problem – pointer issues
Practical kernel attacks with Kali
Summary
Questions
Further reading
16
Chapter 14: Fuzzing Techniques
Chapter 14: Fuzzing Techniques
Technical requirements
Network fuzzing – mutation fuzzing with Taof proxying
Hands-on fuzzing with Kali and Python
Fuzzy registers – the low-level perspective
Summary
Questions
Further reading
17
Part 3: Post-Exploitation
Part 3: Post-Exploitation
18
Chapter 15: Going Beyond the Foothold
Chapter 15: Going Beyond the Foothold
Technical requirements
Gathering goodies – enumeration with post modules
Network pivoting with Metasploit
Escalating your pivot – passing attacks down the line
Summary
Questions
Further reading
19
Chapter 16: Escalating Privileges
Chapter 16: Escalating Privileges
Technical requirements
Climbing the ladder with Armitage
When the easy way fails – local exploits
Escalation with WMIC and PS Empire
Dancing in the shadows – looting domain controllers with vssadmin
Summary
Questions
Further reading
20
Chapter 17: Maintaining Access
Chapter 17: Maintaining Access
Technical requirements
Persistence with Metasploit and PowerShell Empire
Hack tunnels – netcat backdoors on the fly
Maintaining access with PowerSploit
Summary
Questions
Further reading
21
Answers
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

Chapter 1, Open Source Intelligence, provides a look at how to use publicly available resources such as Google to gather surprisingly useful information about a target.

Chapter 2, Bypassing Network Access Control, examines how network access is sometimes controlled based on how a system “appears,” and how we can tweak that appearance.

Chapter 3, Sniffing and Spoofing, explores the world of intercepting data off the wire (or out of the air) and manipulating data on the fly.

Chapter 4, Windows Passwords on the Network, reviews how Windows manages passwords during authentication over the network and how to intercept these attempts.

Chapter 5, Assessing Network Security, provides a crash course in network analysis and vulnerability assessment with Nmap, further covering intercepting data to inject our own in its place, and providing a review of IPv6 in today’s still-IPv4-dominant world.

Chapter 6, Cryptography and the Penetration Tester, looks at attacks that exploit weaknesses in cryptographic implementations.

Chapter 7, Advanced Exploitation with Metasploit, dives into the inner workings of Metasploit, as well as how to use Metasploit-generated payloads with other excellent tools, such as Shellter.

Chapter 8, Python Fundamentals, provides a crash course in Python from a pen tester’s perspective. This foundation is useful later in the book.

Chapter 9, PowerShell Fundamentals, also provides a crash course in a scripting language: PowerShell. This foundation is also useful in later labs.

Chapter 10, Shellcoding – The Stack, provides a review of how the stack works and how it can be manipulated.

Chapter 11, Shellcoding – Bypassing Protections, jumping off from the stack foundation in Chapter 10, Shellcoding – The Stack, explores how defenders have responded and how attacks such as return-oriented programming had to adapt to these responses.

Chapter 12, Shellcoding – Evading Antivirus, explores how antimalware can be confused when we live off the land with PowerShell, and an alternative to Shellter’s dynamic injection approach: cave jumping.

Chapter 13, Windows Kernel Security, provides a foundation in how kernel weaknesses are found and an exploration of real-world examples.

Chapter 14, Fuzzing Techniques, provides a practical review of the fuzzing methodology and how to inform exploit development with the results.

Chapter 15, Going Beyond the Foothold, looks at the first steps after we finally establish our initial foothold in our target, including how to conduct recon and further attacks from that privileged position.

Chapter 16, Escalating Privileges, provides a more in-depth look at how we can escalate privileges locally with Metasploit, as well as finding and using passwords – even when we don’t know what the password is.

Chapter 17, Maintaining Access, takes a look at how we can persist once we’ve made it inside the target environment, both from scratch with the target’s built-in abilities and with specialized tools for building reboot-resistant access.

Answers can be used to check your knowledge by providing the answers to the quizzes at the end of each chapter.

Previous Section
Next Section