Book Image

Improving your Penetration Testing Skills

By : Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh

Book Image

Improving your Penetration Testing Skills

By: Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh

Overview of this book

Penetration testing (or ethical hacking) is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats. This Learning Path starts with an in-depth explanation of what hacking and penetration testing are. You’ll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it’s exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to strengthen your defense against online attacks. By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities. This Learning Path includes content from the following Packt books: • Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez • Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh , Monika Agarwal, et al.

Title Page

Copyright

Improving your Penetration Testing Skills

About Packt

Contributors

About the authors

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most of this book

Free Chapter

Introduction to Penetration Testing and Web Applications

Introduction to Penetration Testing and Web Applications

Proactive security testing

Considerations when performing penetration testing

A web application overview for penetration testers

Setting Up Your Lab with Kali Linux

Setting Up Your Lab with Kali Linux

Important tools in Kali Linux

Vulnerable applications and servers to practice on

Reconnaissance and Profiling the Web Server

Reconnaissance and Profiling the Web Server

Information gathering

Scanning – probing the target

Authentication and Session Management Flaws

Authentication and Session Management Flaws

Authentication schemes in web applications

Session management mechanisms

Common authentication flaws in web applications

Detecting and exploiting improper session management

Preventing authentication and session attacks

Detecting and Exploiting Injection-Based Flaws

Detecting and Exploiting Injection-Based Flaws

Command injection

NoSQL injection

Mitigation and prevention of injection vulnerabilities

Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

An overview of Cross-Site Scripting

Exploiting Cross-Site Scripting

Scanning for XSS flaws

Preventing and mitigating Cross-Site Scripting

Cross-Site Request Forgery, Identification, and Exploitation

Cross-Site Request Forgery, Identification, and Exploitation

Testing for CSRF flaws

Exploiting a CSRF flaw

Preventing CSRF

Attacking Flaws in Cryptographic Implementations

Attacking Flaws in Cryptographic Implementations

A cryptography primer

Secure communication over SSL/TLS

Identifying weak implementations of SSL/TLS

Custom encryption protocols

Common flaws in sensitive data storage and transmission

Preventing flaws in cryptographic implementations

Using Automated Scanners on Web Applications

Using Automated Scanners on Web Applications

Considerations before using an automated scanner

Web application vulnerability scanners in Kali Linux

Content Management Systems scanners

Fuzzing web applications

Post-scanning actions

Metasploit Quick Tips for Security Professionals

Metasploit Quick Tips for Security Professionals

Installing Metasploit on Windows

Installing Linux and macOS

Installing Metasploit on macOS

Using Metasploit in Kali Linux

Setting up a penetration-testing lab

Setting up SSH connectivity

Connecting to Kali using SSH

Configuring PostgreSQL

Creating workspaces

Using the database

Using the hosts command

Understanding the services command

Information Gathering and Scanning

Information Gathering and Scanning

Passive information gathering with Metasploit

Active information gathering with Metasploit

Port scanning—the Nmap way

Port scanning—the db_nmap way

Host discovery with ARP Sweep

UDP Service Sweeper

SMB scanning and enumeration

Detecting SSH versions with the SSH Version Scanner

SMTP enumeration

SNMP enumeration

WinRM scanning and brute forcing

Integrating with Nessus

Integrating with NeXpose

Integrating with OpenVAS

Server-Side Exploitation

Server-Side Exploitation

Exploiting a Linux server

Exploiting a Windows Server machine

Exploiting common services

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

MS17-010 EternalRomance/EternalSynergy/EternalChampion

Installing backdoors

Denial of Service

Meterpreter

Understanding the Meterpreter core commands

Understanding the Meterpreter filesystem commands

Understanding Meterpreter networking commands

Understanding the Meterpreter system commands

Setting up multiple communication channels with the target

Meterpreter anti-forensics

The getdesktop and keystroke sniffing

Using a scraper Meterpreter script

Scraping the system using winenum

Automation with AutoRunScript

Meterpreter resource scripts

Meterpreter timeout control

Meterpreter sleep control

Meterpreter transports

Interacting with the registry

Loading framework plugins

Meterpreter API and mixins

Railgun—converting Ruby into a weapon

Adding DLL and function definitions to Railgun

Injecting the VNC server remotely

Enabling Remote Desktop

Post-Exploitation

Post-Exploitation

Post-exploitation modules

Dumping the contents of the SAM database

Passing the hash

Incognito attacks with Meterpreter

Setting up a persistence with backdoors

Becoming TrustedInstaller

Backdooring Windows binaries

Pivoting with Meterpreter

Port forwarding with Meterpreter

Credential harvesting

Enumeration modules

Autoroute and socks proxy server

Analyzing an existing post-exploitation module

Writing a post-exploitation module

Using MSFvenom

Payloads and payload options

Meterpreter payloads with trusted certificates

Client-Side Exploitation and Antivirus Bypass

Client-Side Exploitation and Antivirus Bypass

Exploiting a Windows 10 machine

Bypassing antivirus and IDS/IPS

Metasploit macro exploits

Human Interface Device attacks

Backdooring executables using a MITM attack

Creating a Linux trojan

Creating an Android backdoor

Social-Engineer Toolkit

Social-Engineer Toolkit

Getting started with the Social-Engineer Toolkit

Working with the spear-phishing attack vector

Website attack vectors

Working with the multi-attack web method

Infectious media generator

Working with Modules for Penetration Testing

Working with Modules for Penetration Testing

Working with auxiliary modules

DoS attack modules

Post-exploitation modules

Understanding the basics of module building

Analyzing an existing module

Building your own post-exploitation module

Building your own auxiliary module

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Types of shell

Before moving to the next topic, let's talk about the different types of shell available. When looking at the list of available shells, they fall into two categories: bind and reverse.

A bind shell instructs the target to start the command shell and listen on a local port, allowing the attacker to connect to the target on the listening port. A bind shell is great for local vulnerabilities, for example, when you have already compromised a target machine via a phishing attack and want to leverage a local service to do privilege escalation; however, nowadays it is not suitable for most remote exploitation scenarios because the target is probably behind a firewall.

For that reason, most of the time we will use a reverse shell as our payload. A reverse shell starts a connection with the attacker's machine, in this case, the attacker's machine is the...