Book Image

Improving your Penetration Testing Skills

By : Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh
Book Image

Improving your Penetration Testing Skills

By: Gilberto Najera-Gutierrez, Juned Ahmed Ansari, Daniel Teixeira, Abhinav Singh

Overview of this book

Penetration testing (or ethical hacking) is a legal and foolproof way to identify vulnerabilities in your system. With thorough penetration testing, you can secure your system against the majority of threats. This Learning Path starts with an in-depth explanation of what hacking and penetration testing are. You’ll gain a deep understanding of classical SQL and command injection flaws, and discover ways to exploit these flaws to secure your system. You'll also learn how to create and customize payloads to evade antivirus software and bypass an organization's defenses. Whether it’s exploiting server vulnerabilities and attacking client systems, or compromising mobile phones and installing backdoors, this Learning Path will guide you through all this and more to strengthen your defense against online attacks. By the end of this Learning Path, you'll have the knowledge and skills you need to invade a system and identify all its vulnerabilities. This Learning Path includes content from the following Packt books: • Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari and Gilberto Najera-Gutierrez • Metasploit Penetration Testing Cookbook - Third Edition by Abhinav Singh , Monika Agarwal, et al.

Related Content you might be interested in

Current Title:

Small book image
Improving your Penetration Testing Skills
Gilberto Najera-Gutierrez | Juned Ahmed Ansari | Daniel Teixeira | Abhinav Singh
Jul, 2019 | 11 hours 52 minutes
No titles found
Table of Contents (24 chapters)
Title Page
Title Page
Copyright
Copyright
Improving your Penetration Testing Skills
About Packt
About Packt
Why subscribe?
Packt.com
Contributors
Contributors
About the authors
Packt is searching for authors like you
Preface
Preface
Who this book is for
What this book covers
To get the most of this book
Get in touch
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Considerations when performing penetration testing
Kali Linux
A web application overview for penetration testers
2
Setting Up Your Lab with Kali Linux
Setting Up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Vulnerable applications and servers to practice on
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Information gathering
Scanning – probing the target
4
Authentication and Session Management Flaws
Authentication and Session Management Flaws
Authentication schemes in web applications
Session management mechanisms
Common authentication flaws in web applications
Detecting and exploiting improper session management
Preventing authentication and session attacks
5
Detecting and Exploiting Injection-Based Flaws
Detecting and Exploiting Injection-Based Flaws
Command injection
SQL injection
XML injection
NoSQL injection
Mitigation and prevention of injection vulnerabilities
6
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
An overview of Cross-Site Scripting
Exploiting Cross-Site Scripting
Scanning for XSS flaws
Preventing and mitigating Cross-Site Scripting
7
Cross-Site Request Forgery, Identification, and Exploitation
Cross-Site Request Forgery, Identification, and Exploitation
Testing for CSRF flaws
Exploiting a CSRF flaw
Preventing CSRF
8
Attacking Flaws in Cryptographic Implementations
Attacking Flaws in Cryptographic Implementations
A cryptography primer
Secure communication over SSL/TLS
Identifying weak implementations of SSL/TLS
Custom encryption protocols
Common flaws in sensitive data storage and transmission
Preventing flaws in cryptographic implementations
9
Using Automated Scanners on Web Applications
Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux
Content Management Systems scanners
Fuzzing web applications
Post-scanning actions
10
Metasploit Quick Tips for Security Professionals
Metasploit Quick Tips for Security Professionals
Introduction
Installing Metasploit on Windows
Installing Linux and macOS
Installing Metasploit on macOS
Using Metasploit in Kali Linux
Setting up a penetration-testing lab
Setting up SSH connectivity
Connecting to Kali using SSH
Configuring PostgreSQL
Creating  workspaces
Using the database
Using the hosts command
Understanding the services command
11
Information Gathering and Scanning
Information Gathering and Scanning
Introduction
Passive information gathering with Metasploit
Active information gathering with Metasploit
Port scanning—the Nmap way
Port scanning—the db_nmap way
Host discovery with ARP Sweep
UDP Service Sweeper
SMB scanning and enumeration
Detecting SSH versions with the SSH Version Scanner
FTP scanning
SMTP enumeration
SNMP enumeration
HTTP scanning
WinRM scanning and brute forcing
Integrating with Nessus
Integrating with NeXpose
Integrating with OpenVAS
12
Server-Side Exploitation
Server-Side Exploitation
Introduction
Exploiting a Linux server
SQL injection
Types of shell
Exploiting a Windows Server machine
Exploiting common services
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
MS17-010 EternalRomance/EternalSynergy/EternalChampion
Installing backdoors
Denial of Service
13
Meterpreter
Meterpreter
Introduction
Understanding the Meterpreter core commands
Understanding the Meterpreter filesystem commands
Understanding Meterpreter networking commands
Understanding the Meterpreter system commands
Setting up multiple communication channels with the target
Meterpreter anti-forensics
The getdesktop and keystroke sniffing
Using a scraper Meterpreter script
Scraping the system using winenum
Automation with AutoRunScript
Meterpreter resource scripts
Meterpreter timeout control
Meterpreter sleep control
Meterpreter transports
Interacting with the registry
Loading framework plugins
Meterpreter API and mixins
Railgun—converting Ruby into a weapon
Adding DLL and function definitions to Railgun
Injecting the VNC server remotely
Enabling Remote Desktop
14
Post-Exploitation
Post-Exploitation
Introduction
Post-exploitation modules
Bypassing UAC
Dumping the contents of the SAM database
Passing the hash
Incognito attacks with Meterpreter
Using Mimikatz
Setting up a persistence with backdoors
Becoming TrustedInstaller
Backdooring Windows binaries
Pivoting with Meterpreter
Port forwarding with Meterpreter
Credential harvesting
Enumeration modules
Autoroute and socks proxy server
Analyzing an existing post-exploitation module
Writing a post-exploitation module
15
Using MSFvenom
Using MSFvenom
Introduction
Payloads and payload options
Encoders
Output formats
Templates
Meterpreter payloads with trusted certificates
16
Client-Side Exploitation and Antivirus Bypass
Client-Side Exploitation and Antivirus Bypass
Introduction
Exploiting a Windows 10 machine
Bypassing antivirus and IDS/IPS
Metasploit macro exploits
Human Interface Device attacks
HTA attack
Backdooring executables using a MITM attack
Creating a Linux trojan
Creating an Android backdoor
17
Social-Engineer Toolkit
Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit
Working with the spear-phishing attack vector
Website attack vectors
Working with the multi-attack web method
Infectious media generator
18
Working with Modules for Penetration Testing
Working with Modules for Penetration Testing
Introduction
Working with auxiliary modules
DoS attack modules
Post-exploitation modules
Understanding the basics of module building
Analyzing an existing module
Building your own post-exploitation module
Building your own auxiliary module
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

To get the most of this book

To successfully take advantage of this book, the reader is recommended to have a basic understanding of the following topics:

  • Linux OS installation
  • Unix/Linux command-line usage
  • The HTML language
  • PHP web application programming
  • Python programming
  • A Metasploitable 2 vulnerable machine
  • A Metasploitable 3 vulnerable machine
  • A Windows 7 x86 client machine
  • A Windows 10 client machine
  • An Android OS device or a virtual machine

The only hardware necessary is a personal computer, with an operation system capable of running VirtualBox or other virtualization software. As for specifications, the recommended setup is as follows:

  • Intel i5, i7, or a similar CPU
  • 500 GB on hard drive
  • 8 GB on RAM
  •  An internet connection

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at www.packt.com.
  2. Select the SUPPORT tab.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Improving-your-Penetration-Testing-SkillsIn case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The msfdb command allows you to manage the Metasploit Framework database, not just initialize the database."

A block of code is set as follows:

print_status psh_exec(script)
print_good 'Finished!'

Any command-line input or output is written as follows:

root@kali:~# systemctl start postgresql

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select the Kali Linux virtual machine and click on Settings."

Warnings or important notes appear like this.
Tips and tricks appear like this.
Previous Section
Next Section