更新时间:2021-07-02 21:36:31
coverpage
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
Planning and Preparation
Why does penetration testing take place?
Understanding the engagement
Defining objectives with stakeholder questionnaires
Scoping criteria
Documentation
Understanding the network diagram – onshore IT example
Data flow diagram
Organization chart
Building the systems for the penetration test
Penetration system software setup
Summary
Information Gathering
Understanding the current environment
Where to look for information – checking out the toolbox!
Search engines as an information source
Utilizing whois for information gathering
Enumerating DNS with dnsmap
DNS reconnaissance with DNSRecon
Checking for a DNS BIND version
Probing the network with Nmap
Checking for DNS recursion with NSE
Fingerprinting systems with P0f
Firewall reconnaissance with Firewalk
Detecting a web application firewall
Protocol fuzzing with DotDotPwn
Using Netdiscover to find undocumented IPs
Enumerating your findings
Setting up and maintaining the Command and Control Server
Command and control servers
Setting up secure connectivity
Inside server SSH setup
Command and control server SSH setup
Setting up a reverse SSH tunnel
stunnel to the rescue
stunnel setup on the client – Raspberry Pi
Verifying automation
Automating evidence collection
File utilities
Playing with tar
Split utility
Vulnerability Scanning and Metasploit
Vulnerability scanning tools
Scanning techniques
OpenVAS
Getting started with OpenVAS
Performing scans against the environment
Getting started with Metasploit
Exploiting our targets with Metasploit
Understanding client-side attacks
Using BeEF for browser-based exploitation
Using SET for client-side exploitation
Traffic Sniffing and Spoofing
Traffic sniffing tools and techniques
Sniffing tools
Tcpdump
WinDump
Wireshark
Understanding spoofing attacks
ARP spoofing
Ettercap
SSLStrip
Intercepting SSL traffic with SSLsplit
Password-based Attacks
Generating rainbow tables and wordlists
Creating rainbows with RainbowCrack
Crunching wordlists
Online locations
Cracking utilities
John the Ripper
THC-Hydra
Ncrack
Medusa
Social engineering experiments
Impersonation to get the goods
Scenario 1
Scenario 2
Dumpster diving
