Book Image

Improving your Penetration Testing Skills

By : Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh
Book Image

Improving your Penetration Testing Skills

By: Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh

Overview of this book

Penetration testing (or ethical hacking) is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats. This Learning Path starts with an in-depth explanation of what hacking and penetration testing are. You’ll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it’s exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to strengthen your defense against online attacks. By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities. This Learning Path includes content from the following Packt books: • Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez • Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh , Monika Agarwal, et al.

Related Content you might be interested in

Current Title:

Small book image
Improving your Penetration Testing Skills
Gilberto Najera-Gutierrez | Juned Ahmed Ansari | Daniel Teixeira | Abhinav Singh
Jul, 2019 | 11 hours 52 minutes
No titles found
Table of Contents (24 chapters)
Title Page
Title Page
Copyright
Copyright
Improving your Penetration Testing Skills
About Packt
About Packt
Why subscribe?
Packt.com
Contributors
Contributors
About the authors
Packt is searching for authors like you
Preface
Preface
Who this book is for
What this book covers
To get the most of this book
Get in touch
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Considerations when performing penetration testing
Kali Linux
A web application overview for penetration testers
2
Setting Up Your Lab with Kali Linux
Setting Up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Vulnerable applications and servers to practice on
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Information gathering
Scanning – probing the target
4
Authentication and Session Management Flaws
Authentication and Session Management Flaws
Authentication schemes in web applications
Session management mechanisms
Common authentication flaws in web applications
Detecting and exploiting improper session management
Preventing authentication and session attacks
5
Detecting and Exploiting Injection-Based Flaws
Detecting and Exploiting Injection-Based Flaws
Command injection
SQL injection
XML injection
NoSQL injection
Mitigation and prevention of injection vulnerabilities
6
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
An overview of Cross-Site Scripting
Exploiting Cross-Site Scripting
Scanning for XSS flaws
Preventing and mitigating Cross-Site Scripting
7
Cross-Site Request Forgery, Identification, and Exploitation
Cross-Site Request Forgery, Identification, and Exploitation
Testing for CSRF flaws
Exploiting a CSRF flaw
Preventing CSRF
8
Attacking Flaws in Cryptographic Implementations
Attacking Flaws in Cryptographic Implementations
A cryptography primer
Secure communication over SSL/TLS
Identifying weak implementations of SSL/TLS
Custom encryption protocols
Common flaws in sensitive data storage and transmission
Preventing flaws in cryptographic implementations
9
Using Automated Scanners on Web Applications
Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux
Content Management Systems scanners
Fuzzing web applications
Post-scanning actions
10
Metasploit Quick Tips for Security Professionals
Metasploit Quick Tips for Security Professionals
Introduction
Installing Metasploit on Windows
Installing Linux and macOS
Installing Metasploit on macOS
Using Metasploit in Kali Linux
Setting up a penetration-testing lab
Setting up SSH connectivity
Connecting to Kali using SSH
Configuring PostgreSQL
Creating  workspaces
Using the database
Using the hosts command
Understanding the services command
11
Information Gathering and Scanning
Information Gathering and Scanning
Introduction
Passive information gathering with Metasploit
Active information gathering with Metasploit
Port scanning—the Nmap way
Port scanning—the db_nmap way
Host discovery with ARP Sweep
UDP Service Sweeper
SMB scanning and enumeration
Detecting SSH versions with the SSH Version Scanner
FTP scanning
SMTP enumeration
SNMP enumeration
HTTP scanning
WinRM scanning and brute forcing
Integrating with Nessus
Integrating with NeXpose
Integrating with OpenVAS
12
Server-Side Exploitation
Server-Side Exploitation
Introduction
Exploiting a Linux server
SQL injection
Types of shell
Exploiting a Windows Server machine
Exploiting common services
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
MS17-010 EternalRomance/EternalSynergy/EternalChampion
Installing backdoors
Denial of Service
13
Meterpreter
Meterpreter
Introduction
Understanding the Meterpreter core commands
Understanding the Meterpreter filesystem commands
Understanding Meterpreter networking commands
Understanding the Meterpreter system commands
Setting up multiple communication channels with the target
Meterpreter anti-forensics
The getdesktop and keystroke sniffing
Using a scraper Meterpreter script
Scraping the system using winenum
Automation with AutoRunScript
Meterpreter resource scripts
Meterpreter timeout control
Meterpreter sleep control
Meterpreter transports
Interacting with the registry
Loading framework plugins
Meterpreter API and mixins
Railgun—converting Ruby into a weapon
Adding DLL and function definitions to Railgun
Injecting the VNC server remotely
Enabling Remote Desktop
14
Post-Exploitation
Post-Exploitation
Introduction
Post-exploitation modules
Bypassing UAC
Dumping the contents of the SAM database
Passing the hash
Incognito attacks with Meterpreter
Using Mimikatz
Setting up a persistence with backdoors
Becoming TrustedInstaller
Backdooring Windows binaries
Pivoting with Meterpreter
Port forwarding with Meterpreter
Credential harvesting
Enumeration modules
Autoroute and socks proxy server
Analyzing an existing post-exploitation module
Writing a post-exploitation module
15
Using MSFvenom
Using MSFvenom
Introduction
Payloads and payload options
Encoders
Output formats
Templates
Meterpreter payloads with trusted certificates
16
Client-Side Exploitation and Antivirus Bypass
Client-Side Exploitation and Antivirus Bypass
Introduction
Exploiting a Windows 10 machine
Bypassing antivirus and IDS/IPS
Metasploit macro exploits
Human Interface Device attacks
HTA attack
Backdooring executables using a MITM attack
Creating a Linux trojan
Creating an Android backdoor
17
Social-Engineer Toolkit
Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit
Working with the spear-phishing attack vector
Website attack vectors
Working with the multi-attack web method
Infectious media generator
18
Working with Modules for Penetration Testing
Working with Modules for Penetration Testing
Introduction
Working with auxiliary modules
DoS attack modules
Post-exploitation modules
Understanding the basics of module building
Analyzing an existing module
Building your own post-exploitation module
Building your own auxiliary module
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Preventing flaws in cryptographic implementations

For HTTPS communication, disable all deprecated protocols, such as any version of SSL and even TLS 1.0 and 1.1. The last two need to be taken into consideration for the target users of the application, as TLS 1.2 may not be fully supported by older browsers or systems. Also, disabling weak encryption algorithms, such as DES and MD5 hashing, and modes, such as ECB, must be considered.

Furthermore, the responses of applications must include the secure flag in cookies and the HTTP Strict-Transport-Security (HSTS) header to prevent SSL Strip attacks.

More information about TLS configuration can be found at https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet.

Passwords must never be stored in cleartext, and it's inadvisable to use encryption algorithms to protect them. Rather, a one-way, salted hash function...

Previous Section
End of Chapter 8
Next Chapter