The Basics of Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Made Easy
- 2nd Edition - June 24, 2013
- Author: Patrick Engebretson
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 4 1 1 6 4 4 - 3
- eBook ISBN:9 7 8 - 0 - 1 2 - 4 1 1 6 4 1 - 2
The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginn… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThe Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security.
Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.
This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.
Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.
This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.
- Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases
- Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University
- Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test
Security Consultants, beginning InfoSec professionals, Students
Dedication
Acknowledgments
My Wife
My Girls
My Family
Dave Kennedy
Jared DeMott
To the Syngress Team
About the Author
Introduction
What is New in This Edition?
Who is the Intended Audience for This Book?
How is This Book Different from Book ‘x’?
Why Should I Buy This Book?
What Do I Need to Follow Along?
1. What is Penetration Testing?
Information in This Chapter:
Introduction
Setting the Stage
Introduction to Kali and Backtrack Linux: Tools. Lots of Tools
Working with Your Attack Machine: Starting the Engine
The Use and Creation of a Hacking Lab
Phases of a Penetration Test
Where Do I Go from Here?
Summary
2. Reconnaissance
Information in This Chapter:
Introduction
HTTrack: Website Copier
Google Directives: Practicing Your Google-Fu
The Harvester: Discovering and Leveraging E-mail Addresses
Whois
Netcraft
Host
Extracting Information from DNS
nslookup
Dig
Fierce: What to Do When Zone Transfers Fail
Extracting Information from E-mail Servers
MetaGooFil
ThreatAgent: Attack of the Drones
Social Engineering
Sifting Through the Intel to Find Attackable Targets
How Do I Practice This Step?
Where Do I Go from Here?
Summary
3. Scanning
Information in This Chapter:
Introduction
Pings and Ping Sweeps
Port Scanning
The Three-Way Handshake
Using Nmap to Perform a TCP Connect Scan
Using Nmap to Perform an SYN Scan
Using Nmap to Perform UDP Scans
Using Nmap to Perform an Xmas Scan
Using Nmap to Perform Null Scans
The Nmap Scripting Engine: From Caterpillar to Butterfly
Port Scanning Wrap Up
Vulnerability Scanning
How Do I Practice This Step?
Where Do I Go from Here?
Summary
4. Exploitation
Information in This Chapter:
Introduction
Medusa: Gaining Access to Remote Services
Metasploit: Hacking, Hugh Jackman Style!
JtR: King of the Password Crackers
Local Password Cracking
Remote Password Cracking
Linux Password Cracking and a Quick Example of PrivilegeEscalation
Password Resetting: The Building and the Wrecking Ball
Wireshark: Sniffing Network Traffic
Macof: Making Chicken Salad Out of Chicken Sh∗t
Armitage: Introducing Doug Flutie of Hacking
Why Learn Five Tools When One Works Just as Well?
How Do I Practice This Step?
Where Do I Go from Here?
Summary
5. Social Engineering
Information in This Chapter:
Introduction
The Basics of SET
Website Attack Vectors
The Credential Harvester
Other Options Within SET
Summary
6. Web-Based Exploitation
Information in This Chapter:
Introduction
The Basics of Web Hacking
Nikto: Interrogating Web Servers
w3af: More than Just a Pretty Face
Spidering: Crawling Your Target’s Website
Intercepting Requests with Webscarab
Code Injection Attacks
Cross-Site Scripting: Browsers that Trust Sites
ZED Attack Proxy: Bringing It All Together Under One Roof
Intercepting in ZAP
Spidering in ZAP
Scanning in ZAP
How Do I Practice This Step?
Where Do I Go from Here?
Additional Resources
Summary
7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter
Information in This Chapter:
Introduction
Netcat: The Swiss Army Knife
Netcat’s Cryptic Cousin: Cryptcat
Rootkits
Hacker Defender: It is Not What You Think
Detecting and Defending Against Rootkits
Meterpreter: The Hammer that Turns Everything into a Nail
How Do I Practice This Step?
Where Do I Go from Here?
Summary
8. Wrapping Up the Penetration Test
Information in This Chapter:
Introduction
Writing the Penetration Testing Report
Executive Summary
Detailed Report
Raw Output
You Do Not Have to Go Home but You Cannot Stay Here
Where Do I Go from Here?
Wrap Up
The Circle of Life
Summary
Index
Acknowledgments
My Wife
My Girls
My Family
Dave Kennedy
Jared DeMott
To the Syngress Team
About the Author
Introduction
What is New in This Edition?
Who is the Intended Audience for This Book?
How is This Book Different from Book ‘x’?
Why Should I Buy This Book?
What Do I Need to Follow Along?
1. What is Penetration Testing?
Information in This Chapter:
Introduction
Setting the Stage
Introduction to Kali and Backtrack Linux: Tools. Lots of Tools
Working with Your Attack Machine: Starting the Engine
The Use and Creation of a Hacking Lab
Phases of a Penetration Test
Where Do I Go from Here?
Summary
2. Reconnaissance
Information in This Chapter:
Introduction
HTTrack: Website Copier
Google Directives: Practicing Your Google-Fu
The Harvester: Discovering and Leveraging E-mail Addresses
Whois
Netcraft
Host
Extracting Information from DNS
nslookup
Dig
Fierce: What to Do When Zone Transfers Fail
Extracting Information from E-mail Servers
MetaGooFil
ThreatAgent: Attack of the Drones
Social Engineering
Sifting Through the Intel to Find Attackable Targets
How Do I Practice This Step?
Where Do I Go from Here?
Summary
3. Scanning
Information in This Chapter:
Introduction
Pings and Ping Sweeps
Port Scanning
The Three-Way Handshake
Using Nmap to Perform a TCP Connect Scan
Using Nmap to Perform an SYN Scan
Using Nmap to Perform UDP Scans
Using Nmap to Perform an Xmas Scan
Using Nmap to Perform Null Scans
The Nmap Scripting Engine: From Caterpillar to Butterfly
Port Scanning Wrap Up
Vulnerability Scanning
How Do I Practice This Step?
Where Do I Go from Here?
Summary
4. Exploitation
Information in This Chapter:
Introduction
Medusa: Gaining Access to Remote Services
Metasploit: Hacking, Hugh Jackman Style!
JtR: King of the Password Crackers
Local Password Cracking
Remote Password Cracking
Linux Password Cracking and a Quick Example of PrivilegeEscalation
Password Resetting: The Building and the Wrecking Ball
Wireshark: Sniffing Network Traffic
Macof: Making Chicken Salad Out of Chicken Sh∗t
Armitage: Introducing Doug Flutie of Hacking
Why Learn Five Tools When One Works Just as Well?
How Do I Practice This Step?
Where Do I Go from Here?
Summary
5. Social Engineering
Information in This Chapter:
Introduction
The Basics of SET
Website Attack Vectors
The Credential Harvester
Other Options Within SET
Summary
6. Web-Based Exploitation
Information in This Chapter:
Introduction
The Basics of Web Hacking
Nikto: Interrogating Web Servers
w3af: More than Just a Pretty Face
Spidering: Crawling Your Target’s Website
Intercepting Requests with Webscarab
Code Injection Attacks
Cross-Site Scripting: Browsers that Trust Sites
ZED Attack Proxy: Bringing It All Together Under One Roof
Intercepting in ZAP
Spidering in ZAP
Scanning in ZAP
How Do I Practice This Step?
Where Do I Go from Here?
Additional Resources
Summary
7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter
Information in This Chapter:
Introduction
Netcat: The Swiss Army Knife
Netcat’s Cryptic Cousin: Cryptcat
Rootkits
Hacker Defender: It is Not What You Think
Detecting and Defending Against Rootkits
Meterpreter: The Hammer that Turns Everything into a Nail
How Do I Practice This Step?
Where Do I Go from Here?
Summary
8. Wrapping Up the Penetration Test
Information in This Chapter:
Introduction
Writing the Penetration Testing Report
Executive Summary
Detailed Report
Raw Output
You Do Not Have to Go Home but You Cannot Stay Here
Where Do I Go from Here?
Wrap Up
The Circle of Life
Summary
Index
- No. of pages: 225
- Language: English
- Edition: 2
- Published: June 24, 2013
- Imprint: Syngress
- Paperback ISBN: 9780124116443
- eBook ISBN: 9780124116412
PE
Patrick Engebretson
Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation, honey pots, and malware. In the past several years he has published many peer reviewed journal and conference papers in these areas. Dr. Engebretson has been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC and has also spoken at Black Hat in Las Vegas. He regularly attends advanced exploitation and penetration testing trainings from industry recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.
Affiliations and expertise
Assistant Professor of Information Assurance; Senior Penetration Tester for security firm in the MidwestRead The Basics of Hacking and Penetration Testing on ScienceDirect