Book Image

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

By : Lee Allen
Book Image

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

By: Lee Allen

Overview of this book

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.
Table of Contents (18 chapters)
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Index

A

  • ACK scan
    • about / ACK scan
  • Admin1
    • about / Adding complexity or emulating target environments, Admin1
  • advanced features, Domain Information Groper (Dig)
    • about / Advanced features of Dig
    • output, shortening / Shortening the output
    • bind version, listing / Listing the bind version
    • reverse DNS lookup / Reverse DNS lookup using Dig
    • multiple commands / Multiple commands
    • path, tracing / Tracing the path
    • batching / Batching with dig
    • IDS rules, avoiding / IDS rules, how to avoid them
    • decoys, using / Using decoys
  • advanced packaging tools (APT)
    • about / Updating the applications and operating system
  • advanced penetration testing
    • about / Introduction to advanced penetration testing, Advanced penetration testing
  • advanced techniques, Nmap
    • about / Other Nmap techniques
    • stealthy / Remaining stealthy
    • zombie host / Shifting blame — the zombies did it!
  • AFRINIC
    • about / Gathering and validating domain and IP information
    • URL / Gathering and validating domain and IP information
  • after filter / Filters
  • allintext filter / Google filters
  • allinurl filter / Google filters
  • APNIC
    • URL / Gathering and validating domain and IP information
    • about / Gathering and validating domain and IP information
  • App1
    • about / Adding complexity or emulating target environments, App1
  • AppEvent.Evt file / Important directories and files
  • Apple Filing Protocol
    • about / Nmap — getting to know you
  • apt-get dist-upgrade command / Updating the applications and operating system
  • apt-get install command / "C"ing is believing—Create a vulnerable program
  • arch command / Important commands
  • ARIN
    • URL / Gathering and validating domain and IP information
    • about / Gathering and validating domain and IP information
  • Armitage
    • used, for post exploitation / Using Armitage for post-exploitation
    • data, gathering / Enumeration
    • enumeration / Enumeration
    • used, for exploitation / Exploitation
    • about / Were connected, now what?
  • Armitage, and Meterpreter
    • combining / Were connected, now what?
  • ARP poison
    • about / Client-side attacks with Fast-Track
  • arsenal
    • custom Nmap scripts, adding / Adding custom Nmap scripts to your arsenal
  • ASLR
    • about / Turning ASLR on and off in BackTrack
    • turning on / Turning ASLR on and off in BackTrack
    • turning off / Turning ASLR on and off in BackTrack
  • assets
    • finding / Finding specific assets
  • author filter / Google filters
  • automation script
    • creating / Creating an automation script
  • auxiliary modules
    • using, in MetaSploit / Using auxiliary modules

B

  • Backtrack
    • exploring / Exploring BackTrack
    • login information, for default install / Logging in
    • default password, modifying / Changing the default password
  • BackTrack
    • installing, as virtual machine / Installing your BackTrack virtual machine
    • URL, for downloading / Installing your BackTrack virtual machine
    • virtual machine, preparing for / Preparing the virtual guest machine for BackTrack
    • installing, on virtual disk image / Installing BackTrack on the virtual disk image
    • operating system, updating / Updating the applications and operating system
    • applications, updating / Updating the applications and operating system
    • about / Creating an automation script, Default output, Batching with dig, DNS brute forcing with fierce, Metagoofil, Package repositories, Lab preparation
    • manual if config / BackTrack – Manual ifconfig
    • fuzzing tools / Fuzzing tools included in BackTrck, Bruteforce Exploit Detector (BED)
    • Kioptrix system, exploiting from / Enumeration
  • BackTrack 5
    • TFTP server, installing on / Installing and starting a TFTP server on BackTrack 5
    • PostgreSQL, installing on / Installing PostgreSQL on BackTrack 5
    • about / Quick reality check – Load Balance Detector
  • BackTrack guest machine
    • about / BackTrack guest machine
  • BackTrack Linux
    • about / Practice makes perfect
  • banner grabbing
    • with Netcat / Banner grabbing with Netcat
    • with Ncat / Banner grabbing with Ncat
    • with smbclient / Banner grabbing with smbclient
  • banners
    • about / Understanding banners
  • bash tool
    • about / Which tools are available on the remote system
  • basic scans, Nmap / Basic scans — warming up
  • batching
    • with Domain Information Groper (Dig) / Batching with dig
  • BED
    • about / Bruteforce Exploit Detector (BED)
  • before filter / Filters
  • benefits, exploitation / Exploitation – Why bother?
  • benefits, VIM / VIM — The power user's text editor of choice
  • bind version
    • listing / Listing the bind version
  • Blackbox testing
    • about / Before testing begins
  • boot.ini file / Important directories and files
  • bourne shell
    • about / Creating an automation script
  • bovrflow program / Understanding the basics of buffer overflows
  • branch nodes
    • about / Adding nodes
  • bruteforcing
    • about / Brute forcing passwords
    • with THC Hydra / THC Hydra
  • buffer overflows
    • about / Buffer overflows—A refresher
    • basics / Understanding the basics of buffer overflows
  • Burp
    • about / Introduction to MagicTree

C

  • cache filter / Google filters
  • canonicalization
    • about / Canonicalization
  • cat command / Important commands
  • checklist
    • about / Using a checklist
  • city filter / Filters
  • client-side attacks
    • with Fast-Track / Client-side attacks with Fast-Track
  • combining
    • Armitage, with Meterpreter / Were connected, now what?
  • commands, Linux
    • ls -oaF / Important commands
    • locate / Important commands
    • updatedb / Important commands
    • grep / Important commands
    • less / Important commands
    • cat / Important commands
    • df -H / Important commands
    • date / Important commands
    • free / Important commands
    • arch / Important commands
    • echo / Important commands
    • last / Important commands
    • logname / Important commands
    • pwd / Important commands
    • uname -a / Important commands
    • netstat / Important commands
    • ifconfig or /sbin/ifconfig / Important commands
    • udevd -version / Important commands
    • find / -type f -perm 777 / Important commands
  • command syntax, Nmap / Commonly seen Nmap scan types and options
  • command syntax, onesixtyone / When the SNMP community string is NOT "public"
  • common network management tools
    • using / Using common network management tools to do the deed
  • Comodo Secure DNS®
    • about / Changing nameservers
  • compromised hosts
    • cleaning up / Cleaning up compromised hosts
  • compromised hosts, cleaning up
    • about / Cleaning up compromised hosts
    • checklist / Using a checklist
    • local log files / Local log files
  • configuring
    • Vlab_1 clients / Configuring and testing our Vlab_1 clients
    • pure-ftpd / Installing and configuring pure-ftpd
    • Mutillidae 2.1.7 / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
    • pfSense / Installing and configuring pfSense
    • pfSense DHCP server / Configuring the pfSense DHCP server
    • virtual lab / Adding complexity or emulating target environments
    • firewall1 / Configuring firewall1
    • Firewall2 / Firewall2 setup and configuration
  • connectivity
    • verifying, for virtual machine / Verifying connectivity
  • country filter / Filters
  • cover page, executive report / The report
  • cross-references
    • about / Adding nodes
  • curl tool / Which tools are available on the remote system
  • custom Nmap scripts
    • adding, to arsenal / Adding custom Nmap scripts to your arsenal
  • custom word list
    • creating / Creating a custom wordlist

D

  • data
    • exporting, into HTML / Exporting data into HTML
    • reviewing / Reviewing the data
  • database
    • script, adding to / Adding a new script to the database
  • database connectivity
    • verifying, in MetaSploit / Verifying database connectivity
  • databases
    • and Metasploit / Databases and Metasploit
  • data collection, MagicTree / Data collection
  • data gathering
    • about / Data gathering, network analysis, and pillaging
  • data nodes
    • about / Adding nodes
  • date command / Important commands
  • DB1
    • about / Adding complexity or emulating target environments, DB1
  • decoys
    • using / Using decoys
  • default.sav file / Important directories and files
  • default command usage, DNS brute forcing / Default command usage
  • default HTML template
    • modifying / Changing the default HTML template
  • default output, Domain Information Groper (Dig) / Default output
  • default output, nslookup / Default output
  • default password
    • modifying / Changing the default password
  • detailed reporting, executive report / The report
  • DevMachine
    • about / NewAlts Research Labs' virtual network
  • df -H command / Important commands
  • dhclient command / Starting the virtual lab
  • DHCP server
    • about / Setup
  • diff function
    • about / VIM — The power user's text editor of choice
  • directories, Linux / Important directories and files
  • directories, Windows / Important directories and files
  • DNS brute forcing
    • with fierce / DNS brute forcing with fierce
    • default command usage / Default command usage
    • custom word list, creating / Creating a custom wordlist
  • DNS reconnaissance
    • about / DNS recon
    • nslookup / Nslookup — it's there when you need it
    • Domain Information Groper (Dig) / Domain Information Groper (Dig)
  • domain information
    • gathering / Gathering and validating domain and IP information
    • validating / Gathering and validating domain and IP information
  • Domain Information Groper (Dig)
    • about / Domain Information Groper (Dig)
    • URL, for interface / Domain Information Groper (Dig)
    • default output / Default output
    • used, for zone transfer / Zone transfers using Dig
    • advanced features / Advanced features of Dig, Listing the bind version, Tracing the path
    • reverse DNS lookup / Reverse DNS lookup using Dig
  • Domain Name System (DNS)
    • about / DNS recon
  • downloading
    • vulnserver application / Introducing vulnserver
  • Dradis
    • about / Creating an automation script
  • Dradis Category field
    • about / Dradis Category field
    • default HTML template, modifying / Changing the default HTML template
  • Dradis Framework
    • about / Introduction to the Dradis Framework
    • overview / Introduction to the Dradis Framework
    • project template, exporting / Exporting a project template
    • project template, importing / Importing a project template
    • sample data, preparing for import / Preparing sample data for import
    • data, exporting into HTML / Exporting data into HTML
    • binding, to available interface / Binding to an available interface other than 127.0.0.1
  • Dradis framework
    • for collaboration / Dradis framework for collaboration

E

  • echo command / Important commands
  • engagement documentation
    • rules / Rules of engagement documentation
  • enumeration avoidance techniques
    • about / Enumeration avoidance techniques
    • naming conventions / Naming conventions
    • port knocking / Port knocking
    • intrusion detection and avoidance systems / Intrusion detection and avoidance systems
    • trigger points / Trigger points
    • SNMP lockdown / SNMP lockdown
  • example page, executive report / The report
  • executive report
    • about / The report
    • cover page / The report
    • index / The report
    • Executive Summary / The report
    • primary sections / The report
    • findings section / The report
    • network diagram / The report
    • example page / The report
    • detailed reporting / The report
  • Executive Summary
    • about / The report
  • Exif data
    • about / Metadata collection
  • exiftool
    • about / Extracting metadata from photos using exiftool
    • used, for extracting metadata from photos / Extracting metadata from photos using exiftool
  • EXIT command / Bruteforce Exploit Detector (BED)
  • exploit
    • running / Running the exploit
  • Exploit-DB
    • about / Google hacking database, Searching Exploit-DB
    • searching / Searching Exploit-DB, Cracking the hash
  • exploitation
    • about / Exploitation – Why bother?
    • benefits / Exploitation – Why bother?
    • Armitage, using / Exploitation
  • ExploitDB
    • about / Exploit-DB at hand
    • code, compiling / Compiling the code
    • proof of concept code, compiling / Compiling the proof of concept code
    • code, troubleshooting / Troubleshooting the code

F

  • Fast-Track
    • about / Fast-Track
    • using / Fast-Track
    • updating / Updating Fast-Track
    • client-side attacks / Client-side attacks with Fast-Track
  • file integrity monitoring
    • about / File integrity monitoring
  • files
    • getting, from victim machines / Getting files to and from victim machines
    • moving / Moving the files
  • files, Linux / Important directories and files
  • files, Windows / Important directories and files
  • filetype filter / Google filters
  • filters
    • about / Filters
    • net / Filters
    • city / Filters
    • country / Filters
    • port / Filters
    • before / Filters
    • after / Filters
    • os / Filters
  • find / -type f -perm 777 command / Important commands
  • findings section, executive report / The report
  • Firewalker
    • about / Finding the ports
  • Firewall1
    • about / Adding complexity or emulating target environments
    • rules, setting for LAN / Configuring firewall1
  • firewall1
    • configuring / Configuring firewall1
  • Firewall2
    • about / Adding complexity or emulating target environments
    • configuring / Firewall2 setup and configuration
    • setting up / Firewall2 setup and configuration
  • firewall configuration
    • about / Firewall configuration
  • Firewall Rules option
    • about / Setup
  • firewalls
    • about / Stealth scanning through the firewall, Network segmentation and firewalls
    • stealth scanning / Stealth scanning through the firewall
    • traceroute, performing / Traceroute to find out if there is a firewall
    • blocked ports, determining / Finding out if the firewall is blocking certain ports
  • Flash
    • about / Extracting metadata from photos using exiftool
  • Foca
    • about / Metadata collection
  • footprinting
    • about / Introduction to reconnaissance, SHODAN
  • FreeBSD
    • about / Installing VirtualBox, Installing and configuring pfSense, Configuring firewall1
  • free command / Important commands
  • FTP banners
    • about / SHODAN
    / Understanding banners
  • ftp tool / Which tools are available on the remote system
  • Full Clone radial button
    • about / Creating a Kioptrix VM Level 3 clone
  • full scan
    • performing, with Nmap / Full scan with Nmap
  • fuzzer
    • about / Introduction to fuzzing
  • fuzzing
    • about / Introduction to fuzzing
    • overview / Introduction to fuzzing
  • fuzzing tools, BackTrack
    • about / Fuzzing tools included in BackTrck
    • BED / Bruteforce Exploit Detector (BED)
    • SFUZZ / SFUZZ: Simple fuzzer

G

  • Gallarific
    • about / Using WebScarab as a HTTP proxy
  • GCC compiler
    • about / Which tools are available on the remote system
  • gcc tool / Which tools are available on the remote system
  • GNU Debugger
    • about / "C"ing is believing—Create a vulnerable program
    • URL, for info / "C"ing is believing—Create a vulnerable program
  • GNU General Public License (GPL)
    • about / Planning for action
  • Google
    • filters / Google filters
    • about / Searching the Internet for clues
  • Google filters
    • about / Google filters
    • allinurl / Google filters
    • allintext / Google filters
    • intitle / Google filters
    • cache / Google filters
    • phonebook / Google filters
    • author / Google filters
    • filetype / Google filters
    • site / Google filters
    • link / Google filters
  • Google Hacking Database (GHDB)
    • about / Google hacking database
  • grep command / Important commands

H

  • Hackbar
    • about / Introduction to Mantra
  • HAProxy
    • installing, for load balancing / Installing HAProxy for load balancing
  • history files
    • about / History files and logs
  • host file
    • Kioptrix3.com, adding to / Adding Kioptrix3.com to the host file
  • hosts file / Important directories and files
  • Hping
    • about / Finding the ports, Hping
  • Hping2
    • about / Hping
  • Hping3
    • about / Hping
  • HTML
    • data, exporting into / Exporting data into HTML
  • http banner
    • about / Banner grabbing with Ncat
  • HTTP banners
    • about / HTTP banners
  • HTTP proxy
    • WebScarab, using as / Using WebScarab as a HTTP proxy
  • HTTP status code
    • about / HTTP banners
    • 200 / HTTP banners
    • 301 / HTTP banners
    • 302 / HTTP banners
    • 307 / HTTP banners
    • 400 / HTTP banners
    • 401 / HTTP banners
    • 403 / HTTP banners
    • 404 / HTTP banners
    • 502 / HTTP banners
    • 501 / HTTP banners
    • 505 / HTTP banners
  • HTTP[Date] method / So, what are we looking for anyhow?

I

  • IANA
    • URL / Gathering and validating domain and IP information
    • about / Gathering and validating domain and IP information
  • ICANN
    • URL / Gathering and validating domain and IP information
    • about / Gathering and validating domain and IP information
  • ICCF
    • about / VIM — The power user's text editor of choice
  • ICMP packets
    • about / Setup
  • identification number (IPID)
    • about / Shifting blame — the zombies did it!
  • idle scan
    • concepts / Shifting blame — the zombies did it!
  • IDS
    • avoiding / Now you see me, now you don't — Avoiding IDS
    • about / The scenario
  • IDS rules
    • avoiding / IDS rules, how to avoid them
  • ifconfig / Finding network information
  • ifconfig or /sbin/ifconfig command / Important commands
  • image nodes
    • about / Adding nodes
  • Imperva Scuba
    • about / Introduction to MagicTree
  • index, executive report / The report
  • index.dat file / Important directories and files
  • information
    • gathering, with whois / Gathering information with whois
    • about / Reviewing the data
    • putting to use / Putting this information to use
    • searching / Searching for information
  • installed packages
    • verifying / Checking installed packages
  • installed software
    • finding / Finding installed software and tools
  • installed tools
    • finding / Finding installed software and tools
  • installing
    • VirtualBox / Installing VirtualBox
    • BackTrack, as virtual machine / Installing your BackTrack virtual machine
    • BackTrack, on virtual disk image / Installing BackTrack on the virtual disk image
    • OpenOffice / Installing OpenOffice
    • TFTP server, on BackTrack 5 / Installing and starting a TFTP server on BackTrack 5
    • pure-ftpd / Installing and configuring pure-ftpd
    • Kioptrix Level 3 / Installing Kioptrix Level 3
    • Mutillidae 2.1.7, on Ubuntu virtual machine / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
    • pfSense / Installing and configuring pfSense
    • HAProxy, for load balancing / Installing HAProxy for load balancing
    • M0n0Wall, on VirtualBox Machine / Setup
    • WordPress, in Ubuntu Server / Web1
  • Internet
    • searching, for clues / Searching the Internet for clues
  • Internet Archive
    • about / Searching the Internet for clues
  • InterNic
    • URL / Gathering and validating domain and IP information
    • about / Gathering and validating domain and IP information
  • intitle filter / Google filters
  • intrusion detection and avoidance systems
    • about / Intrusion detection and avoidance systems
  • Intrusion Detection System
    • about / Intrusion detection and avoidance systems
  • IO APIC setting
    • about / Installing Kioptrix Level 3
  • IP/CIDR notation
    • about / Filters
  • IP information
    • validating / Gathering and validating domain and IP information
    • gathering / Gathering and validating domain and IP information
  • IP settings
    • maintaining, after reboot / Maintaining IP settings after reboot
  • iptables tool / Which tools are available on the remote system
  • IronGeek
    • URL / Practice makes perfect, Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
    • about / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine

K

  • Kioptrix
    • virtual machine, adding / Target practice – Adding a Kioptrix virtual machine
    • exploiting, with Metasploit / Using Metasploit to exploit Kioptrix
    • about / Taking on Level 3 – Kioptrix
  • Kioptrix3.com
    • about / Adding Kioptrix3.com to the host file, Taking on Level 3 – Kioptrix
    • adding, to host file / Adding Kioptrix3.com to the host file
  • Kioptrix Level 1
    • about / Practice makes perfect, NewAlts Research Labs' virtual network
  • Kioptrix Level 3
    • installing / Installing Kioptrix Level 3
    • URL, for installing / Installing Kioptrix Level 3
    • about / Taking on Level 3 – Kioptrix
  • Kioptrix system
    • exploiting, from BackTrack / Enumeration
  • Kioptrix virtual machine
    • adding / Target practice – Adding a Kioptrix virtual machine
  • Kioptrix VM Level 1
    • about / Target practice – Adding a Kioptrix virtual machine
  • Kioptrix VM Level 3
    • about / Practice makes perfect
  • Kioptrix VM Level 3 clone
    • creating / Creating a Kioptrix VM Level 3 clone
  • Kioptrix VM Level 3 Clone
    • about / Practice makes perfect

L

  • *.log file / Important directories and files
  • lab
    • virtual machine, adding to / Adding another virtual machine to our lab
  • lab preparation
    • about / Lab preparation
    • BackTrack guest machine / BackTrack guest machine
    • Ubuntu guest machine / Ubuntu guest machine
    • pfSense guest machine configuration / pfSense guest machine configuration
    • firewall configuration / Firewall configuration
  • LACNIC
    • about / Gathering and validating domain and IP information
    • URL / Gathering and validating domain and IP information
  • LAN
    • about / Setup
    • Firewall1 rules, setting for / Configuring firewall1
  • LAN IP configuration
    • about / LAN IP configuration
  • last command / Important commands, Users and credentials
  • lastlog command / Users and credentials
  • ldd command / Turning ASLR on and off in BackTrack
  • less command / Important commands
  • link filter / Google filters
  • Linux
    • about / Installing VirtualBox, Turning ASLR on and off in BackTrack, Linux
    • files / Important directories and files
    • directories / Important directories and files
    • commands / Important commands
  • live decoys
    • about / Using decoys
  • Load Balance Detector
    • about / Quick reality check – Load Balance Detector, Taking on Level 3 – Kioptrix
  • load balancers
    • detecting / Detecting load balancers, So, what are we looking for anyhow?
  • load balancing
    • HAProxy, installing for / Installing HAProxy for load balancing
  • local log files
    • about / Local log files
  • locate command / Important commands
  • logname command / Important commands
  • logs
    • about / History files and logs
  • ls -oaF command / Important commands
  • Lullar.com
    • about / Searching the Internet for clues

M

  • M0n0Wall
    • URL, for downloading / Setup
    • installing, on VirtualBox Machine / Setup
    • interfaces, configuring / Setup
  • M0n0Wall firewall installation
    • setting up / Setup
  • M0n0wall virtual instance
    • setting up / Firewall2 setup and configuration
  • macros
    • about / Old school — The text editor method
  • MagicTree
    • about / Introduction to MagicTree, Creating an automation script, SHODAN, Enumeration and exploitation
    • starting / Starting MagicTree
    • launching / Starting MagicTree
    • nodes, adding / Adding nodes
    • data collection / Data collection
    • report, generating / Report generation
  • Mantra
    • about / Introduction to Mantra
    • overview / Introduction to Mantra
  • manual exploitation
    • about / Manual exploitation
    • services, enumerating / Enumerating services
    • full scan, with Nmap / Full scan with Nmap
  • manual if config, BackTrack / BackTrack – Manual ifconfig
  • manual if config, Ubuntu / Ubuntu – Manual ifconfig
  • Mass Client Attack Web Server
    • about / Client-side attacks with Fast-Track
  • metadata
    • extracting, from photos with exiftool / Extracting metadata from photos using exiftool
  • metadata collection
    • about / Metadata collection
  • MetaGoofil
    • about / Metagoofil
  • Metagoofil Blackhat Arsenal Edition
    • about / Metagoofil
  • Metasploit
    • and databases / Databases and Metasploit
    • database connectivity, verifying / Verifying database connectivity
    • Nmap scan, performing within / Performing an Nmap scan from within Metasploit
    • auxiliary modules, using / Using auxiliary modules
    • used, for exploiting Kioptrix / Using Metasploit to exploit Kioptrix
    • about / Fast-Track
  • Metasploit framework
    • updating / Updating the Metasploit framework
  • Meterpreter
    • about / Were connected, now what?, Networking details
  • Microsoft Windows™
    • post exploitation / Microsoft Windows™ post-exploitation
  • miscellaneous evasion techniques
    • about / Miscellaneous evasion techniques
    • divide and conquer / Divide and conquer
    • hiding out / Hiding out (on controlled units)
    • file integrity monitoring / File integrity monitoring
    • common network management tools / Using common network management tools to do the deed
  • Mutillidae
    • about / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • Mutillidae 2.1.7
    • about / Practice makes perfect
    • installing, on Ubuntu virtual machine / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
    • configuring / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • MySQL
    • setting up, for PBNJ / Setting up MySQL for PBNJ
    • starting / Starting MySQL

N

  • name servers
    • modifying / Changing nameservers
  • Nano
    • about / Nano
    • launching / Nano
    • URL, for info / Nano
  • nano editor
    • about / Creating an automation script
  • nanorc
    • about / Nano
  • NAT non-routable addresses
    • about / Network segmentation and firewalls
  • Ncat
    • about / Nmap — getting to know you, Banner grabbing with Netcat and Ncat
    • used, for banner grabbing / Banner grabbing with Ncat
  • Ncrack
    • about / Nmap — getting to know you
  • nc tool / Which tools are available on the remote system
  • Ndiff
    • about / Nmap — getting to know you
  • Nessus
    • about / Introduction to MagicTree
  • Netcat
    • about / Banner grabbing with Netcat and Ncat
    • used, for banner grabbing / Banner grabbing with Netcat
  • net filter / Filters
  • NetSetup.log file / Important directories and files
  • netstat command / Important commands
  • network analysis
    • about / Data gathering, network analysis, and pillaging
  • network baselines
    • creating, with scanPBNJ / Creating network baselines with scanPBNJ
  • network connections
    • determining / Determine connections
  • network diagram, executive report / The report
  • network information
    • finding / Finding network information
  • networking information
    • gathering / Networking details
  • network segmentation
    • about / Network segmentation and firewalls
  • network sniffing
    • about / Looking at traffic patterns
  • NewAlts Development Lab
    • scope, defining for test / Defining the scope
    • goals, for test / Determining the "why"
    • rules of engagement document, creating / Developing the Rules of Engagement document
    • network layout, reviewing / Initial plan of attack
    • exploitation / Enumeration and exploitation
    • enumeration / Enumeration and exploitation
    • documentation, for test / Reporting
    • issues, in penetration test / Reporting
  • NewAlts Research Labs
    • about / The scenario
    • virtual network, setting up / NewAlts Research Labs' virtual network
  • Nexpose vulnerability scanner toolkit
    • about / Metasploit — learn it and love it
  • Nikto
    • about / Introduction to MagicTree
  • Nmap
    • about / Introduction to MagicTree, Nmap — getting to know you, Timing is everything
    • using / Nmap — getting to know you
    • command syntax / Commonly seen Nmap scan types and options
    • scan options / Commonly seen Nmap scan types and options
    • scan types / Commonly seen Nmap scan types and options
    • output types / Commonly seen Nmap scan types and options
    • basic scans / Basic scans — warming up
    • advanced techniques / Other Nmap techniques
    • different scan types, using / Trying different scan types, SYN scan, ACK scan
    • script, verifying / How to decide if a script is right for you
    • new script, adding to database / Adding a new script to the database
    • full scan, performing / Full scan with Nmap
  • Nmap data
    • importing / Importing your Nmap data
  • Nmap firewalk script
    • about / Nmap firewalk script
  • nmap options
    • -T(0-5) templates / Taking your time
    • --max-hostgroup / Taking your time
    • --max-retries / Taking your time
    • -max-parallelism / Taking your time
    • --scan-delay / Taking your time
  • Nmap scan
    • performing, within Metasploit / Performing an Nmap scan from within Metasploit
  • Nmap Scripting Engine
    • about / Nmap — getting to know you
    • URL, for tutorial / Adding custom Nmap scripts to your arsenal
  • Nmap suite
    • ZenMap / Nmap — getting to know you
    • Ncat / Nmap — getting to know you
    • Ncrack / Nmap — getting to know you
    • Ndiff / Nmap — getting to know you
    • Nping / Nmap — getting to know you
  • nmap tool / Which tools are available on the remote system
  • no-nonsense test example / No-nonsense test example
  • nodes
    • adding / Adding nodes
  • node types
    • about / Adding nodes
    • branch nodes / Adding nodes
    • simple nodes / Adding nodes
    • text nodes / Adding nodes
    • data nodes / Adding nodes
    • XML data nodes / Adding nodes
    • image nodes / Adding nodes
    • cross-references / Adding nodes
    • overview nodes / Adding nodes
    • special nodes / Adding nodes
  • NoteCase
    • about / NoteCase
    • using / NoteCase
  • Nping
    • about / Nmap — getting to know you
  • NRO
    • about / Gathering and validating domain and IP information
    • URL / Gathering and validating domain and IP information
  • nslookup
    • about / Nslookup — it's there when you need it
    • default output / Default output
    • name servers, modifying / Changing nameservers
    • automation script, creating / Creating an automation script
  • ntuser.dat file / Important directories and files
  • Null scan
    • about / Null scan

O

  • onesixtyone
    • about / When the SNMP community string is NOT "public"
    • command syntax / When the SNMP community string is NOT "public"
  • OpenOffice
    • installing / Installing OpenOffice
    • about / Report generation
  • Open Source Intelligence (OSINT)
    • about / Introduction to reconnaissance
  • OpenVas
    • about / Introduction to MagicTree
  • OPT1
    • about / Setup
  • os filter / Filters
  • OSVDB
    • URL / Using WebScarab as a HTTP proxy
  • outbound connections
    • about / Determine connections
  • output types, Nmap
    • -oA / Commonly seen Nmap scan types and options
    • -oG / Commonly seen Nmap scan types and options
    • -oX / Commonly seen Nmap scan types and options
    • -oN / Commonly seen Nmap scan types and options
  • overview nodes
    • about / Adding nodes
  • OWASP team
    • about / Using WebScarab as a HTTP proxy

P

  • package repositories
    • about / Package repositories
  • packages
    • installing, in pfSense / Installing additional packages in pfSense
  • pagefile.sys file / Important directories and files
  • passive reconnaissance
    • need for / Introduction to reconnaissance
    • about / Introduction to reconnaissance
  • passwords
    • about / Passwords: Something you know…
    • cracking / Cracking the hash
    • bruteforcing / Brute forcing passwords
  • PBNJ
    • about / Creating network baselines with scanPBNJ
    • MySQL, setting up for / Setting up MySQL for PBNJ
  • PBNJ database
    • preparing / Preparing the PBNJ database
  • PCnet-PCI II adapter / Setup
  • PeekYou
    • about / Searching the Internet for clues
  • penetration tester
    • about / Introduction to reconnaissance
  • penetration testing
    • about / Introduction to advanced penetration testing, Penetration testing, Introduction to reconnaissance, Practice makes perfect
  • Penetration Testing Execution Standard (PTES)
    • about / Before testing begins
  • people
    • finding, on web / Finding people (and their documents) on the web
  • pfSense
    • about / Installing and configuring pfSense, Lab preparation
    • configuring / Installing and configuring pfSense
    • installing / Installing and configuring pfSense
    • virtual machine, preparing for / Preparing the virtual machine for pfSense
    • URL, for download mirrors / Preparing the virtual machine for pfSense
    • network, setting up / pfSense network setup
    • web console settings, configuring / Configuring firewall1
    • packages, installing in / Installing additional packages in pfSense
  • pfsense1
    • about / NewAlts Research Labs' virtual network
  • pfsense2
    • about / NewAlts Research Labs' virtual network
  • pfSense DHCP server
    • configuring / Configuring the pfSense DHCP server
    • about / pfSense DHCP – Permanent reservations
  • pfSense guest machine configuration
    • about / pfSense guest machine configuration
    • pfSense network setup / pfSense network setup
    • WAN IP configuration / WAN IP configuration
    • LAN IP configuration / LAN IP configuration
  • pfSense installation
    • about / SNMPEnum
  • pfSense network setup
    • about / pfSense network setup
  • pfSense virtual machine
    • installing / Configuring firewall1
    • downloading / Configuring firewall1
  • pfSense virtual machine persistence
    • about / pfSense virtual machine persistence
  • PFSense VM
    • about / Practice makes perfect
  • phonebook filter / Google filters
  • pivoting
    • about / Pivoting
  • Pluggable Authentication Module (PAM)
    • about / Important directories and files
  • port filter / Filters
  • port knocking
    • about / Port knocking
  • post exploitation
    • rules of engagement / Rules of engagement
    • Armitage, using / Using Armitage for post-exploitation
  • post exploitation, Microsoft Windows™ / Microsoft Windows™ post-exploitation
  • PostgreSQL
    • installing, on BackTrack 5 / Installing PostgreSQL on BackTrack 5
  • practice environment
    • setting up / The setup, NewAlts Research Labs' virtual network
  • pre-testing procedure
    • about / Before testing begins
    • scope, determining / Determining scope
    • limits, setting / Setting limits — nothing lasts forever
  • primary sections, executive report / The report
  • programs
    • running, at startup / Programs and services that run at startup
  • project template
    • exporting / Exporting a project template
    • importing / Importing a project template
  • PTES / Introduction to reconnaissance
  • pure-ftpd
    • configuring / Installing and configuring pure-ftpd
    • installing / Installing and configuring pure-ftpd
    • starting / Starting pure-ftpd
  • pwd command / Important commands

Q

  • Qualys
    • about / Introduction to MagicTree
  • quick scan
    • performing, with unicornscan / Quick scan with Unicornscan

R

  • Rails application
    • about / Introduction to the Dradis Framework
  • reconnaissance
    • about / Introduction to reconnaissance
    • types / Introduction to reconnaissance
  • reconnaissance workflow
    • about / Reconnaissance workflow
  • Red Hat
    • about / Checking installed packages
  • registrar
    • specifying, for usage / Specifying which registrar to use
  • remote system
    • tools / Which tools are available on the remote system
  • report generation
    • about / Report generation
  • Report option
    • about / Report generation
  • reverse DNS lookup
    • with Domain Information Groper (Dig) / Reverse DNS lookup using Dig
  • RIPE
    • about / Gathering and validating domain and IP information
    • URL / Gathering and validating domain and IP information
  • RPM
    • about / Checking installed packages
  • rules of engagement, post exploitation
    • about / Rules of engagement
    • permissions / What is permitted?
    • goals, assessing / What is permitted?
    • modifications / Can you modify anything and everything?
    • persistence / Are you allowed to add persistence?
    • data storage / How is the data that is collected and stored handled by you and your team?
    • data collection / How is the data that is collected and stored handled by you and your team?
    • personal information / Employee data and personal information
    • employee data / Employee data and personal information

S

  • --script-help option / How to decide if a script is right for you
  • SAMBA / The report
  • samba exploit
    • used, for gaining access to system / Exploitation
  • SAM file / Important directories and files
  • sample data
    • preparing, for import / Preparing sample data for import
  • scanf function / "C"ing is believing—Create a vulnerable program
  • scan options, Nmap
    • -g / Commonly seen Nmap scan types and options
    • --spoof_mac / Commonly seen Nmap scan types and options
    • -S / Commonly seen Nmap scan types and options
    • -e / Commonly seen Nmap scan types and options
    • -F / Commonly seen Nmap scan types and options
    • -p / Commonly seen Nmap scan types and options
    • -R / Commonly seen Nmap scan types and options
    • -N / Commonly seen Nmap scan types and options
    • -n / Commonly seen Nmap scan types and options
    • -h / Commonly seen Nmap scan types and options
    • -6 / Commonly seen Nmap scan types and options
    • -A / Commonly seen Nmap scan types and options
    • -T(0-5) / Commonly seen Nmap scan types and options
    • --scan_delay / Commonly seen Nmap scan types and options
    • -sV / Commonly seen Nmap scan types and options
  • scanPBNJ
    • used, for creating network baselines / Creating network baselines with scanPBNJ
  • scan types, Nmap
    • -sA / Commonly seen Nmap scan types and options
    • -sP / Commonly seen Nmap scan types and options
    • -sR / Commonly seen Nmap scan types and options
    • -sS / Commonly seen Nmap scan types and options
    • -sT / Commonly seen Nmap scan types and options
    • -sU / Commonly seen Nmap scan types and options
    • -sX / Commonly seen Nmap scan types and options
    • -sL / Commonly seen Nmap scan types and options
    • -sO / Commonly seen Nmap scan types and options
    • -sM / Commonly seen Nmap scan types and options
    • -sI / Commonly seen Nmap scan types and options
    • -sW / Commonly seen Nmap scan types and options
    • SYN / SYN scan
    • Null / Null scan
    • ACK / ACK scan
  • script
    • adding, to database / Adding a new script to the database
  • scripts
    • about / Old school — The text editor method
  • search engines
    • about / Using search engines to do your job for you
    • used, for finding information / Using search engines to do your job for you
  • SecApps Google Hacking Database Explorer
    • about / Searching the Internet for clues
  • SecEvent.Evt file / Important directories and files
  • security.sav file / Important directories and files
  • segmentation fault
    • about / Understanding the basics of buffer overflows
  • services
    • enumerating / Enumerating services
    • running, at startup / Programs and services that run at startup
  • SET
    • about / Fast-Track, Social Engineering Toolkit
    • URL, for documentation / Social Engineering Toolkit
    • overview / Social Engineering Toolkit
  • sftp tool / Which tools are available on the remote system
  • SFUZZ
    • about / SFUZZ: Simple fuzzer
  • shell scripting
    • about / Creating an automation script
  • SHODAN
    • about / SHODAN
  • simple nodes
    • about / Adding nodes
  • site
    • detecting, for balancing / So, what are we looking for anyhow?
  • Site Digger 3.0
    • about / Searching the Internet for clues
  • site filter / Google filters
  • smbclient
    • used, for banner grabbing / Banner grabbing with smbclient
  • SNMP
    • about / SNMP: A goldmine of information just waiting to be discovered
    • SNMPEnum / SNMPEnum
    • SNMPCheck / SNMPCheck
  • SNMPCheck
    • about / SNMPCheck
  • SNMP community string
    • about / When the SNMP community string is NOT "public"
  • SNMPEnum
    • about / SNMPEnum
  • SNMP lockdown
    • about / SNMP lockdown
  • software.sav file / Important directories and files
  • special nodes
    • about / Adding nodes
  • SQL injection
    • about / Using a checklist
  • SSH
    • about / The scenario
  • SSH banners / SHODAN
    • about / Understanding banners
  • SSH session
    • about / Blending in
  • ssh tool / Which tools are available on the remote system
  • SSH traffic
    • about / Blending in
  • stealth scanning
    • through firewall / Stealth scanning through the firewall
  • strcpy() function / Introduction to fuzzing
  • SYN scan
    • about / SYN scan
  • system
    • accessing, samba exploit used / Exploitation
  • system.sav file / Important directories and files
  • system data
    • gathering / Were connected, now what?
  • system file / Important directories and files
  • system information
    • files / Configurations, settings, and other files
    • settings / Configurations, settings, and other files
    • configurations / Configurations, settings, and other files

T

  • target environments
    • emulating / Adding complexity or emulating target environments
  • TCP Sequence Prediction rating
    • about / Shifting blame — the zombies did it!
  • TCP Sequence Prediction ratings
    • about / Shifting blame — the zombies did it!
  • Telnet banners / SHODAN, Understanding banners
  • telnet tool / Which tools are available on the remote system
  • test results
    • managing / Effectively manage your test results
  • text editor method
    • about / Old school — The text editor method
  • text nodes
    • about / Adding nodes
  • TFTP server
    • starting / Installing and starting a TFTP server on BackTrack 5
    • installing, on BackTrack 5 / Installing and starting a TFTP server on BackTrack 5
  • tftp tool / Which tools are available on the remote system
  • THC Hydra
    • about / THC Hydra
    • bruteforcing with / THC Hydra
  • The Harvester
    • about / Searching the Internet for clues
  • TinEye
    • about / Searching the Internet for clues
  • traffic
    • logged, by firewall / Blending in
  • traffic patterns
    • about / Looking at traffic patterns
  • tree command
    • about / Blending in

U

  • Ubuntu
    • about / Adding another virtual machine to our lab, Lab preparation
    • manual if config / Ubuntu – Manual ifconfig
  • Ubuntu guest machine
    • about / Ubuntu guest machine
  • Ubuntu Server
    • WordPress, installing in / Web1
  • Ubuntu virtual machine
    • about / Practice makes perfect
    • Mutillidae 2.1.7, installing on / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • Ubuntu_TestMachine_1
    • about / Practice makes perfect, Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • udevd -version command / Important commands
  • ufw (Uncomplicated Firewall)
    • about / Maintaining IP settings after reboot
    • URL, for info / Maintaining IP settings after reboot
  • uname -a command / Important commands
  • unicornscan
    • quick scan, performing with / Quick scan with Unicornscan
    • about / Quick scan with Unicornscan
  • updatedb command / Important commands
  • updating
    • Fast-Track / Updating Fast-Track
  • user credentials
    • gaining / Users and credentials

V

  • VboxManage tool
    • URL / Target practice – Adding a Kioptrix virtual machine
  • VDI (Virtual Disk Image) / Preparing the virtual machine for pfSense
  • victim machines
    • files, getting from / Getting files to and from victim machines
  • vim
    • about / Old school — The text editor method
  • VIM
    • about / VIM — The power user's text editor of choice
    • benefits / VIM — The power user's text editor of choice
  • vimtutor / VIM — The power user's text editor of choice
  • VirtualBox
    • installing / Installing VirtualBox
    • URL / Installing VirtualBox
    • virtual machine, preparing / Adding another virtual machine to our lab
    • URL, for manual / Starting the virtual lab
    • settings, for guest machine setup / Setup
    • network adapters / Setup
  • VirtualBox Machine
    • M0n0Wall, installing on / Setup
  • virtual disk image
    • BackTrack, installing on / Installing BackTrack on the virtual disk image
  • virtual guest machine
    • preparing, for BackTrack / Preparing the virtual guest machine for BackTrack
  • virtual guest machines
    • cloning / Creating a Kioptrix VM Level 3 clone
  • virtual lab
    • requisites, for configuration / Practice makes perfect
    • starting / Starting the virtual lab
    • configuring / Adding complexity or emulating target environments
    • challenges, in setting up / The challenge
  • virtual machine
    • BackTrack, installing as / Installing your BackTrack virtual machine
    • adding, to lab / Adding another virtual machine to our lab
    • preparing, in VirtualBox / Adding another virtual machine to our lab
    • connectivity, verifying / Verifying connectivity
    • preparing, for pfSense / Preparing the virtual machine for pfSense
  • virtual network
    • setting up / NewAlts Research Labs' virtual network
  • Virtual Test Lab Environments
    • setting up / No-nonsense test example
  • Vlab_1 clients
    • testing / Configuring and testing our Vlab_1 clients
    • configuring / Configuring and testing our Vlab_1 clients
  • VOIP
    • about / What is permitted?
  • vulnerability assessments
    • about / Vulnerability assessments
  • vulnerable program
    • creating / "C"ing is believing—Create a vulnerable program
  • vulnserver
    • about / Introducing vulnserver
  • vulnserver application
    • downloading / Introducing vulnserver

W

  • w3af
    • about / Web Application Attack and Audit Framework (w3af)
  • w3af console
    • used, for scanning / Scanning by using the w3af console
  • w3af GUI
    • used, for saving time / Using w3af GUI to save time
  • WAF
    • about / Detecting Web Application Firewalls (WAF), The scenario
    • detecting / Detecting Web Application Firewalls (WAF)
  • WAFW00F
    • about / Detecting Web Application Firewalls (WAF)
  • WAN
    • about / Setup
  • WAN IP configuration
    • about / WAN IP configuration
  • web
    • people, finding on / Finding people (and their documents) on the web
  • Web1
    • about / Adding complexity or emulating target environments, Web1
  • web console settings, pfSense
    • configuring / Configuring firewall1
  • WebScarab
    • about / Using WebScarab as a HTTP proxy
    • using, as HTTP proxy / Using WebScarab as a HTTP proxy
  • WebServer
    • about / NewAlts Research Labs' virtual network
  • web server
    • setting up / Why bother with setting up labs?
  • web server modifications
    • about / Web server modifications
  • wget tool / Which tools are available on the remote system
  • Whitebox test
    • about / Determine connections
  • Whitebox testing
    • about / Before testing begins
  • White Pages
    • about / Searching the Internet for clues
  • whois
    • used, for gathering information / Gathering information with whois
    • about / Gathering information with whois, Specifying which registrar to use
    • usage / Gathering information with whois
    • used, for finding originating country of IP address / Where in the world is this IP?
  • win.ini file / Important directories and files
  • Windows machine
    • directories / Important directories and files
    • files / Important directories and files
  • Wireshark
    • about / Shifting blame — the zombies did it!, Using decoys, Bruteforce Exploit Detector (BED)
  • WordPress
    • installing, in Ubuntu Server / Web1
    • about / The scenario

X

  • XML data nodes
    • about / Adding nodes

Z

  • ZenMap
    • about / Nmap — getting to know you
  • zombie host
    • about / Shifting blame — the zombies did it!
  • zone transfers
    • with Domain Information Groper (Dig) / Zone transfers using Dig