Kali Linux penetration testing bible
Otros Autores: | |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Hoboken, New Jersey :
Wiley
[2021]
|
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631677206719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- About the Author
- About the Technical Editor
- Acknowledgments
- Contents at a Glance
- Contents
- Introduction
- What Does This Book Cover?
- Companion Download Files
- How to Contact the Publisher
- How to Contact the Author
- Chapter 1 Mastering the Terminal Window
- Kali Linux File System
- Terminal Window Basic Commands
- Tmux Terminal Window
- Starting Tmux
- Tmux Key Bindings
- Tmux Session Management
- Navigating Inside Tmux
- Tmux Commands Reference
- Managing Users and Groups in Kali
- Users Commands
- Groups Commands
- Managing Passwords in Kali
- Files and Folders Management in Kali Linux
- Displaying Files and Folders
- Permissions
- Manipulating Files in Kali
- Searching for Files
- Files Compression
- Manipulating Directories in Kali
- Mounting a Directory
- Managing Text Files in Kali Linux
- Vim vs. Nano
- Searching and Filtering Text
- Remote Connections in Kali
- Remote Desktop Protocol
- Secure Shell
- SSH with Credentials
- Passwordless SSH
- Kali Linux System Management
- Linux Host Information
- Linux OS Information
- Linux Hardware Information
- Managing Running Services
- Package Management
- Process Management
- Networking in Kali Linux
- Network Interface
- IPv4 Private Address Ranges
- Static IP Addressing
- DNS
- Established Connections
- File Transfers
- Summary
- Chapter 2 Bash Scripting
- Basic Bash Scripting
- Printing to the Screen in Bash
- Variables
- Commands Variable
- Script Parameters
- User Input
- Functions
- Conditions and Loops
- Conditions
- Loops
- File Iteration
- Summary
- Chapter 3 Network Hosts Scanning
- Basics of Networking
- Networking Protocols
- TCP
- UDP
- Other Networking Protocols
- IP Addressing
- IPv4
- Subnets and CIDR
- IPv6
- Port Numbers
- Network Scanning.
- Identifying Live Hosts
- Ping
- ARP
- Nmap
- Port Scanning and Services Enumeration
- TCP Port SYN Scan
- UDP
- Basics of Using Nmap Scans
- Services Enumeration
- Operating System Fingerprinting
- Nmap Scripting Engine
- NSE Category Scan
- NSE Arguments
- DNS Enumeration
- DNS Brute-Force
- DNS Zone Transfer
- DNS Subdomains Tools
- Fierce
- Summary
- Chapter 4 Internet Information Gathering
- Passive Footprinting and Reconnaissance
- Internet Search Engines
- Shodan
- Google Queries
- Information Gathering Using Kali Linux
- Whois Database
- TheHarvester
- DMitry
- Maltego
- Summary
- Chapter 5 Social Engineering Attacks
- Spear Phishing Attacks
- Sending an E-mail
- The Social Engineer Toolkit
- Sending an E-mail Using Python
- Stealing Credentials
- Payloads and Listeners
- Bind Shell vs. Reverse Shell
- Bind Shell
- Reverse Shell
- Reverse Shell Using SET
- Social Engineering with the USB Rubber Ducky
- A Practical Reverse Shell Using USB Rubber Ducky and PowerShell
- Generating a PowerShell Script
- Starting a Listener
- Hosting the PowerShell Script
- Running PowerShell
- Download and Execute the PS Script
- Reverse Shell
- Replicating the Attack Using the USB Rubber Ducky
- Summary
- Chapter 6 Advanced Enumeration Phase
- Transfer Protocols
- FTP (Port 21)
- Exploitation Scenarios for an FTP Server
- Enumeration Workflow
- Service Scan
- Advanced Scripting Scan with Nmap
- More Brute-Forcing Techniques
- SSH (Port 22)
- Exploitation Scenarios for an SSH Server
- Advanced Scripting Scan with Nmap
- Brute-Forcing SSH with Hydra
- Advanced Brute-Forcing Techniques
- Telnet (Port 23)
- Exploitation Scenarios for Telnet Server
- Enumeration Workflow
- Service Scan
- Advanced Scripting Scan
- Brute-Forcing with Hydra
- E-mail Protocols
- SMTP (Port 25)
- Nmap Basic Enumeration.
- Nmap Advanced Enumeration
- Enumerating Users
- POP3 (Port 110) and IMAP4 (Port 143)
- Brute-Forcing POP3 E-mail Accounts
- Database Protocols
- Microsoft SQL Server (Port 1433)
- Oracle Database Server (Port 1521)
- MySQL (Port 3306)
- CI/CD Protocols
- Docker (Port 2375)
- Jenkins (Port 8080/50000)
- Brute-Forcing a Web Portal Using Hydra
- Step 1: Enable a Proxy
- Step 2: Intercept the Form Request
- Step 3: Extracting Form Data and Brute-Forcing with Hydra
- Web Protocols 80/443
- Graphical Remoting Protocols
- RDP (Port 3389)
- RDP Brute-Force
- VNC (Port 5900)
- File Sharing Protocols
- SMB (Port 445)
- Brute-Forcing SMB
- SNMP (Port UDP 161)
- SNMP Enumeration
- Summary
- Chapter 7 Exploitation Phase
- Vulnerabilities Assessment
- Vulnerability Assessment Workflow
- Vulnerability Scanning with OpenVAS
- Installing OpenVAS
- Scanning with OpenVAS
- Exploits Research
- SearchSploit
- Services Exploitation
- Exploiting FTP Service
- FTP Login
- Remote Code Execution
- Spawning a Shell
- Exploiting SSH Service
- SSH Login
- Telnet Service Exploitation
- Telnet Login
- Sniffing for Cleartext Information
- E-mail Server Exploitation
- Docker Exploitation
- Testing the Docker Connection
- Creating a New Remote Kali Container
- Getting a Shell into the Kali Container
- Docker Host Exploitation
- Exploiting Jenkins
- Reverse Shells
- Using Shells with Metasploit
- Exploiting the SMB Protocol
- Connecting to SMB Shares
- SMB Eternal Blue Exploit
- Summary
- Chapter 8 Web Application Vulnerabilities
- Web Application Vulnerabilities
- Mutillidae Installation
- Apache Web Server Installation
- Firewall Setup
- Installing PHP
- Database Installation and Setup
- Mutillidae Installation
- Cross-Site Scripting
- Reflected XSS
- Stored XSS
- Exploiting XSS Using the Header.
- Bypassing JavaScript Validation
- SQL Injection
- Querying the Database
- Bypassing the Login Page
- Execute Database Commands Using SQLi
- SQL Injection Automation with SQLMap
- Testing for SQL Injection
- Command Injection
- File Inclusion
- Local File Inclusion
- Remote File Inclusion
- Cross-Site Request Forgery
- The Attacker Scenario
- The Victim Scenario
- File Upload
- Simple File Upload
- Bypassing Validation
- Encoding
- OWASP Top 10
- Summary
- Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle
- Web Enumeration and Exploitation
- Burp Suite Pro
- Web Pentest Using Burp Suite
- More Enumeration
- Nmap
- Crawling
- Vulnerability Assessment
- Manual Web Penetration Testing Checklist
- Common Checklist
- Special Pages Checklist
- Secure Software Development Lifecycle
- Analysis/Architecture Phase
- Application Threat Modeling
- Assets
- Entry Points
- Third Parties
- Trust Levels
- Data Flow Diagram
- Development Phase
- Testing Phase
- Production Environment (Final Deployment)
- Summary
- Chapter 10 Linux Privilege Escalation
- Introduction to Kernel Exploits and Missing Configurations
- Kernel Exploits
- Kernel Exploit: Dirty Cow
- SUID Exploitation
- Overriding the Passwd Users File
- CRON Jobs Privilege Escalation
- CRON Basics
- Crontab
- Anacrontab
- Enumerating and Exploiting CRON
- sudoers
- sudo Privilege Escalation
- Exploiting the Find Command
- Editing the sudoers File
- Exploiting Running Services
- Automated Scripts
- Summary
- Chapter 11 Windows Privilege Escalation
- Windows System Enumeration
- System Information
- Windows Architecture
- Listing the Disk Drives
- Installed Patches
- Who Am I?
- List Users and Groups
- Networking Information
- Showing Weak Permissions
- Listing Installed Programs
- Listing Tasks and Processes.
- File Transfers
- Windows Host Destination
- Linux Host Destination
- Windows System Exploitation
- Windows Kernel Exploits
- Getting the OS Version
- Find a Matching Exploit
- Executing the Payload and Getting a Root Shell
- The Metasploit PrivEsc Magic
- Exploiting Windows Applications
- Running As in Windows
- PSExec Tool
- Exploiting Services in Windows
- Interacting with Windows Services
- Misconfigured Service Permissions
- Overriding the Service Executable
- Unquoted Service Path
- Weak Registry Permissions
- Exploiting the Scheduled Tasks
- Windows PrivEsc Automated Tools
- PowerUp
- WinPEAS
- Summary
- Chapter 12 Pivoting and Lateral Movement
- Dumping Windows Hashes
- Windows NTLM Hashes
- SAM File and Hash Dump
- Using the Hash
- Mimikatz
- Dumping Active Directory Hashes
- Reusing Passwords and Hashes
- Pass the Hash
- Pivoting with Port Redirection
- Port Forwarding Concepts
- SSH Tunneling and Local Port Forwarding
- Remote Port Forwarding Using SSH
- Dynamic Port Forwarding
- Dynamic Port Forwarding Using SSH
- Summary
- Chapter 13 Cryptography and Hash Cracking
- Basics of Cryptography
- Hashing Basics
- One-Way Hash Function
- Hashing Scenarios
- Hashing Algorithms
- Message Digest 5
- Secure Hash Algorithm
- Hashing Passwords
- Securing Passwords with Hash
- Hash-Based Message Authenticated Code
- Encryption Basics
- Symmetric Encryption
- Advanced Encryption Standard
- Asymmetric Encryption
- Rivest Shamir Adleman
- Cracking Secrets with Hashcat
- Benchmark Testing
- Cracking Hashes in Action
- Attack Modes
- Straight Mode
- Combinator
- Mask and Brute-Force Attacks
- Brute-Force Attack
- Hybrid Attacks
- Cracking Workflow
- Summary
- Chapter 14 Reporting
- Overview of Reports in Penetration Testing
- Scoring Severities.
- Common Vulnerability Scoring System Version 3.1.