Mastering kali linux for advanced penetration testing

Publicado Por Unknown // 16:08 // 20 oct 2014 




Table of Contents
[ ii ]
Chapter 2: Identifying the Target – Passive Reconnaissance 43
Basic principles of reconnaissance 44
Open Source intelligence 45
DNS reconnaissance and route mapping 47
WHOIS 48
DNS reconnaissance 50
IPv4 51
IPv6 53
Mapping the route to the target 54
Obtaining user information 57
Gathering names and e-mail addresses 58
Profiling users for password lists 61
Summary 63
Chapter 3: Active Reconnaissance and Vulnerability Scanning 65
Stealth scanning strategies 66
Adjusting source IP stack and tool identification settings 66
Modifying packet parameters 68
Using proxies with anonymity networks (Tor and Privoxy) 69
Identifying the network infrastructure 73
Enumerating hosts 75
Live host discovery 75
Port, operating system, and service discovery 76
Port scanning 76
Fingerprinting the operating system 77
Determining active services 79
Employing comprehensive reconnaissance applications 80
nmap 81
The recon-ng framework 82
Maltego 85
Vulnerability scanning 88
Summary 89
Chapter 4: Exploit 91
Threat modeling 92
Using online and local vulnerability resources 93
The Metasploit Framework 98
Exploiting a vulnerable application 103
Exploiting multiple targets with Armitage 105
Team testing with Armitage 107
Scripting the Armitage attack 108
Bypassing IDs and antivirus detection 110
Summary 118
Table of Contents
[ iii ]
Chapter 5: Post Exploit – Action on the Objective 119
Bypassing Windows User Account Control 120
Conducting a rapid reconnaissance of a compromised system 122
Using the WMIC scripting language 125
Finding and taking sensitive data – pillaging the target 129
Creating additional accounts 133
Using Metasploit for post-exploit activities 134
Escalating user privileges on a compromised host 139
Replaying authentication tokens using incognito 140
Manipulating access credentials with Windows Credential Editor 142
Escalating from Administrator to SYSTEM 143
Accessing new accounts with horizontal escalation 143
Covering your tracks 144
Summary 147
Chapter 6: Post Exploit – Persistence 149
Compromising the existing system and application files
for remote access 150
Remotely enabling the Telnet service 150
Remotely enabling Windows Terminal Services 152
Remotely enabling Virtual Network Computing 154
Using persistent agents 155
Employing Netcat as a persistent agent 155
Maintaining persistence with the Metasploit Framework 159
Using the metsvc script 159
Using the persistence script 161
Creating a standalone persistent agent with Metasploit 163
Redirecting ports to bypass network controls 165
Example 1 – simple port redirection 166
Example 2 – bidirectional port redirection 167
Summary 168
Part 2: The Delivery Phase
Chapter 7: Physical Attacks and Social Engineering 171
Social Engineering Toolkit 172
Spear Phishing Attack 176
Using a website attack vector – Java Applet Attack Method 181
Using a website attack vector – Credential Harvester Attack Method 186
Using a website attack vector – Tabnabbing Attack Method 188
Using a website attack vector - Multi-Attack Web Method 190
Table of Contents
[ iv ]
Using the PowerShell alphanumeric shellcode injection attack 190
Hiding executables and obfuscating the attacker's URL 192
Escalating an attack using DNS redirection 194
Physical access and hostile devices 197
Raspberry Pi attack vectors 200
Summary 202
Chapter 8: Exploiting Wireless Communications 203
Configuring Kali for wireless attacks 204
Wireless reconnaissance 204
Kismet 207
Bypassing a Hidden Service Set Identifier 209
Bypassing the MAC address authentication 211
Compromising a WEP encryption 213
Attacking WPA and WPA2 219
Brute-force attacks 219
Attacking wireless routers with Reaver 223
Cloning an access point 224
Denial-of-service attacks 225
Summary 227
Chapter 9: Reconnaissance and Exploitation
of Web-based Applications 229
Conducting reconnaissance of websites 230
Vulnerability scanners 236
Extending the functionality of traditional vulnerability scanners 237
Extending the functionality of web browsers 238
Web-service-specific vulnerability scanners 240
Testing security with client-side proxies 243
Server exploits 250
Application-specific attacks 251
Brute-forcing access credentials 251
Injection attacks against databases 252
Maintaining access with web backdoors 254
Summary 256
Chapter 10: Exploiting Remote Access Communications 257
Exploiting operating system communication protocols 258
Compromising Remote Desktop Protocol 258
Compromising Secure Shell 262
Exploiting third-party remote access applications 264
Table of Contents
[ v ]
Attacking Secure Sockets Layer 266
Configuring Kali for SSLv2 scanning 267
Reconnaissance of SSL connections 269
Using sslstrip to conduct a man-in-the-middle attack 275
Denial-of-service attacks against SSL 277
Attacking an IPSec Virtual Private Network 278
Scanning for VPN gateways 279
Fingerprinting the VPN gateway 280
Capturing pre-shared keys 282
Performing offline PSK cracking 282
Identifying default user accounts 283
Summary 283
Chapter 11: Client-side Exploitation 285
Attacking a system using hostile scripts 286
Conducting attacks using VBScript 286
Attacking systems using Windows PowerShell 289
The Cross-Site Scripting Framework 291
The Brower Exploitation Framework – BeEF 299
Installing and configuring the Browser Exploitation Framework 300
A walkthrough of the BeEF browser 303
Integrating BeEF and Metasploit attacks 308
Using BeEF as a tunneling proxy 309
Summary 311
Appendix: Installing Kali Linux 313
Downloading Kali Linux 313
Basic Installation of Kali Linux 314
Installing Kali Linux to a virtual machine 315
Full disk encryption and nuking the master key 316
Setting up a test environment 321
Vulnerable operating systems and applications 322
Index 327

Descargar:

 http://www.mediafire.com/download/kos3w3g10wr2amn/Mastering+kali.rar


Etiquetas: