The Hacker Playbook Practical Guide To Penetration Testing.pdf
(
10698 KB
)
Pobierz
PLAYBOOK
HACKER
THE
Practical Guide To
Penetration Testing
Copyright © 2014 by Secure Planet LLC. All rights reserved. Except as permitted under United States Copyright Act of 1976, no part of
this publication may be reproduced or distributed in any form or by any means, or stored in a data base or retrieval system, without the
prior written permission of the author.
ISBN: 1494932636
ISBN 13: 9781494932633
Library of Congress Control Number: 2014900431
CreateSpace Independent Publishing Platform
North Charleston, South Carolina
MHID:
Book design and production by Peter Kim, Secure Planet LLC
Cover design by Dit Vannouvong
Publisher: Secure Planet LLC
Published: 1st January 2014
Preface
Introduction
Additional Information about this Book
Disclaimer
Pregame - The Setup
Setting Up a Penetration Testing Box
Hardware:
Basic hardware requirements are:
Optional hardware discussed later within the book:
Commercial Software
Kali Linux (http://www.kali.org/)
High level tools list additional to Kali:
Setting up Kali:
Once Your Kali VM is Up and Running:
Windows VM Host
High level tools list addition to Windows:
Setting up Windows
Summary
Before the Snap - Scanning the Network
External Scanning
Passive Discovery
Discover Scripts (Previously Backtrack Scripts) (Kali Linux)
How to Run Passive Discovery
Using Compromised Lists to Find Email Addresses and Credentials
External/Internal Active Discovery
The Process for Network Scanning:
Network Vulnerability Scanning (Nexpose/Nessus)
Screen Capture - Peeping Tom
Web Application Scanning
The Process for Web Scanning:
Web Application Scanning
Configuring Your Network Proxy and Browser
Spider Application
Discover Content
Running the Active Scanner
Summary
The Drive - Exploiting Scanner Findings
Metasploit (http://www.metasploit.com) (Windows/Kali Linux)
Basic Steps when Configuring Metasploit Remote Attacks:
Searching via Metasploit (using the good ol’ MS08-067 vulnerability):
Scripts
WarFTP Example
Summary
The Throw - Manual Web Application Findings
Web Application Penetration Testing
SQL Injections
SQLmap (http://sqlmap.org/) (Kali Linux)
Sqlninja (http://sqlninja.sourceforge.net/) (Kali Linux)
Executing Sqlninja
Cross-Site Scripting (XSS)
BeEF Exploitation Framework (http://beefproject.com/) (Kali Linux)
Cross-Site Scripting Obfuscation:
Crowd Sourcing
OWASP Cheat Sheet
Cross-Site Request Forgery (CSRF)
Using Burp for CSRF Replay Attacks
Session Tokens
Additional Fuzzing/Input Validation
Functional/Business Logic Testing
Conclusion
The Lateral Pass - Moving Through the Network
On the Network without Credentials:
Responder.py (https://github.com/SpiderLabs/Responder) (Kali Linux)
With any Domain Credentials (Non-Admin):
Group Policy Preferences:
Pulling Clear Text Credentials
WCE - Windows Credential Editor
(http://www.ampliasecurity.com/research/wcefaq.html) (Windows)
Mimikatz
(http://blog.gentilkiwi.com/mimikatz)(Windows)
Post Exploitation Tips
Post Exploitation Lists from Room362.com:
With Any Local Administrative or Domain Admin Account:
Owning the Network with Credentials and PSExec:
PSExec and Veil (Kali Linux)
PSExec Commands Across Multiple IPs (Kali Linux)
Attack the Domain Controller:
SMBExec (https://github.com/brav0hax/smbexec) (Kali Linux)
Post Exploitation with PowerSploit (https://github.com/mattifestation/PowerSploit)
(Windows)
Commands:
Post Exploitation with PowerShell (https://code.google.com/p/nishang/) (Windows)
ARP (Address Resolution Protocol) Poisoning
IPv4
Cain and Abel (Windows)
Ettercap (Kali Linux)
Plik z chomika:
ideon410
Inne pliki z tego folderu:
Programming 3D Applications with HTML5 and WebGL.pdf
(65730 KB)
WordPress All-in-One For Dummies.pdf
(53102 KB)
Learning PHP, MySQL, and JavaScript.pdf
(10270 KB)
Professional Android Wearables.pdf
(30206 KB)
The Hacker Playbook 2 - Practical Guide To Penetration Testing.pdf
(16805 KB)
Inne foldery tego chomika:
Crystal Reports
htlm5
JavaScript
Jquery
PHP -MySQL
Zgłoś jeśli
naruszono regulamin