Book Image

Learn Penetration Testing

By : Rishalin Pillay
Book Image

Learn Penetration Testing

By: Rishalin Pillay

Overview of this book

Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses. You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats. By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively
Table of Contents (21 chapters)
Free Chapter
1
Section 1: The Basics
4
Section 2: Exploitation
12
Section 3: Post Exploitation
16
Section 4: Putting It All Together

Offline password attacks

Offline password attacks are a way of cracking passwords without being discovered. Since there is no brute forcing to an active service, the risk of detection is a lot less. The aim is to obtain the hashed version of a password and reverse it back to plain text. Different hashing algorithms output different hashes of varying bit lengths. Since hashes are made up of hexadecimal numbers, which are four bits each, identifying a hash bit length would entail counting the number of hexadecimal numbers and multiplying by four.

For example, a hash of 63640264849A87C90356129D99EA165E37AA5FABC1FEA46906DF1A7CA50DB492 contains 64 characters. 64 x 4 = 256. This tells us that the bit length of the hash is 256 bits. In this example, the most common hashing algorithm that would output a 256 bit hash is SHA-256. What if you have a hash that is 128 bits? Here, we have...