Download Professional Penetration Testing (Second Edition) packt pub pdf

Find out how to turn hacking and pen testing skills into a professional career Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester. Save yourself some money! Thomas Wilhelm has delivered pen testing training to countless security professionals and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator.

After reading this book you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios. Penetration testing is the act of testing a network to find security vulnerabilities before they are exploited by phishers, digital piracy groups, and countless other organized or individual malicious hackers.

An example of the output from this is shown in the following screenshot:. As the screenshot shows, the web server banner has been modified and says packt.

If we do additional queries against the www. The next thing we will look at is the capability to review the domain server information. This is accomplished by using the domain dossier. Return to the main page, and in the Domain Dossier dialog box, enter yahoo.

There are many tools we could look at, but again, we just want to briefly acquaint ourselves with tools for each area of our security testing procedure. If you are using Windows and you open a command prompt window and enter tracert www. The majority of you reading this book probably know why this is blocked; for those of you who do not, it is because Microsoft has blocked the ICMP protocol, which is what the tracert command uses by default.

It is simple to get past this because the server is running services; we can use those protocols to reach it, and in this case, that protocol is TCP.

As you can see, we now have additional information about the path to the potential target; moreover, we have additional machines to add to our target database as we conduct our test within the limits of the rules of engagement. The Wayback Machine is proof that nothing that has ever been on the Internet leaves! There have been many assessments in which a client informed the team that they were testing a web server that hadn't placed into production, and when they were shown the site had already been copied and stored, they were amazed that this actually does happen.

I like to use the site to download some of my favorite presentations, tools, and so on, that have been removed from a site or, in some cases, whose site no longer exists. As an example, one of the tools used to show students the concept of steganography is the infostego tool. This tool was released by Antiy Labs , and it provided students an easy-to-use tool to understand the concepts.

They now concentrate more on the antivirus market. A portion from their page is shown in the following screenshot:. Now, let's try and use the power of the Wayback Machine to find our software. Open the browser of your choice and go to www. The Wayback Machine is hosted there and can be seen in the following screenshot:. As indicated, there are billion pages archived at the time of writing this book.

In the URL section, enter www. This will result in the site searching its archives for the entered URL. After a few moments, the results of the search will be displayed. An example of this is shown in the following screenshot:. We know we don't want to access a page that has been recently archived, so to be safe, click on This will result in the calendar being displayed and showing all the dates in on which the site was archived.

You can select any one that you want; an example of the archived site from December 18 is shown in the following screenshot: as you can see, the infostego tool is available, and you can even download it!

Feel free to download and experiment with the tool if you like. The Shodan site is one of the most powerful cloud scanners available. You are required to register with the site to be able to perform the more advanced types of queries. It is highly recommended that you register, since the power of the scanner and the information you can discover is quite impressive, especially after registration. The page that is presented once you log in is shown in the following screenshot:.

The screenshot shows recently shared search queries as well as the most recent searches the logged-in user has conducted. This is another tool you should explore deeply if you do professional security testing. For now, we will look at one example and move on, since an entire book could be written just on this tool.

If you are logged in as a registered user, you can enter iphone us into the search query window. This will return pages with iphone in the query and mostly in the United States, but as with any tool, there will be some hits on other sites as well. This is the step that starts the true hacker-type activity. This is when you probe and explore the target network; consequently, ensure that you have with you explicit written permission to carry out this activity.

Never perform an intrusive target search without permission, as this written authorization is the only aspect which differentiates you and a malicious hacker. Without it, you are considered a criminal like them. No matter how good our skills are, we need to find systems that we can attack. This is accomplished by probing the network and looking for a response.

One of the most popular tools to do this with is the excellent open source tool nmap , written by Fyodor. We will use the exceptional penetration-testing framework Kali Linux. Regardless of which version of nmap you explore with, they all have similar, if not the same, command syntax. The network we are scanning is the An example of this ping sweep command is shown in the following screenshot:. We now have live systems on the network that we can investigate further.

For those of you who would like a GUI tool, you can use Zenmap. Now that we have live systems, we want to see what is open on these machines. A good analogy to a port is a door, and it's that if the door is open, I can approach it. There might be things that I have to do once I get to the door to gain access, but if it is open, then I know it is possible to get access, and if it is closed, then I know I cannot go through that door.

Furthermore, we might need to know the type of lock that is on the door, because it might have weaknesses or additional protection that we need to know about. The same is with ports: if they are closed, then we cannot go into that machine using that port. We have a number of ways to check for open ports, and we will continue with the same theme and use nmap. We have machines that we have identified, so we do not have to scan the entire network as we did previously-we will only scan the machines that are up.

Additionally, one of the machines found is our own machine; therefore, we will not scan ourselves—we could, but it's not the best plan. The targets that are live on our network are 1 , 2 , 16 , and We can scan these by entering nmap -sS Alternatively, you can use the nmap -h option to display a list of options.

The first portion of the stealth scan not completing the three-way handshake result is shown in the following screenshot:. We now have live systems and openings that are on the machine. The next step is to determine what, if anything, is running on the ports we have discovered and it is imperative that we identify what is running on the machine so that we can use it as we progress deeper into our methodology.

We once again turn to nmap. In most command and terminal windows, there is history available; hopefully, this is the case for you and you can browse through it with the up and down arrow keys on your keyboard. For our network, we will enter nmap -sV From our previous scan, we've determined that the other machines have all scanned ports closed, so to save time, we won't scan them again. From the results, you can now see that we have additional information about the ports that are open on the target.

Gnome is slightly reminiscent of the Windows 3. The Gnome desktop has been around since the early days of Linux. The Kali Linux default desktop environment is Gnome 3. When you do a standard install, the desktop looks like this:.

The toolbar on the left border is the favorites group. The security tool menu is found under the Applications tab in the upper-left corner of the desktop.

This is a very good categorized list and makes it easier to find any tool you wish to use. The list is shown in the following screenshot:. Changing the desktop image in Gnome 3 is easy, but the settings menu is a bit hard to find.

It is hidden under the icon in the upper-right corner. The following screenshot shows the system menu, which has the sound volume control, the network connection dialog, and the settings editor:. Most of the settings in Gnome are found in the settings dialog, shown in the next screenshot. The following screenshot shows the desktop editor, with the default desktop images:.

To change the images, you simply click on the image you wish to change. That opens a dialog box and you can choose one of several included images, or choose one of your own from the images in your Pictures directory:. With age comes stability and KDE is a very stable desktop. The look and feel are very similar to Windows, so for a Windows user it is easy to use. One advantage of KDE is that the desktop is highly configurable.

If you don't like what it looks like, just change it. This can be a big advantage. KDE comes with all the latest Jumping Monkeys and features.

You probably like your desktop environment your way, like we do. It doesn't matter what latest thing has been added as long as you can configure the desktop to be the same as it has been for years. This helps with muscle memory. Muscle memory comes into play because having everything in the expected place makes the overhead of the job lower, because there isn't any time spent searching for common tools you use every day.

It is more effective not to have to think about where a tool is hidden on the machine or how to save a file since the developers decided the application no longer needs a menu bar. With KDE, you can change your desktop back to an old-school no-frills desktop with everything just like it has been for years.

If you are bored, you can customize the desktop beyond any semblance of the default Kali look. The next screenshot shows the default desktop with the Start menu open at Applications. The menu organization is similar to the Gnome 3 menu you have already seen:. One drawback of KDE is since it is so highly configurable and does come with a lot of built-in features, it is very heavy on the memory of the machine and puts a demand on the video card.

KDE does need to run on a modern machine with a good amount of memory. Also, being so highly configurable, it is easy to sometimes screw up your settings. One advantage of KDE is the desktop widgets. Desktop widgets are small applications that run on the desktop to do a number of things. When hacking, you need to keep an eye on your local system resources.

There are widgets you can use to keep an eye on system memory, CPU, and network usage at a glance. It's a sad thing to be in the middle of work, fire up one more tool, and have your system crash because you ran out of memory. Using a widget, you can keep an eye on memory usage, network, and CPU usage. KDE also works really well when using more than one monitor and is completely configurable in assigning which monitor is the main monitor and where your toolbar go.

It also reverts to using a single monitor without a reboot or playing with the configuration. This is great when your machine is a laptop that you move a lot. The KDE developers seem to understand that the desktop interface for a tablet will not work on a workstation that uses a mouse. Since the advent of the tablet, KDE now really comes with two interfaces, Plasma and Neon, and they interchange when the hardware changes. They both use the same backend toolsets; only the look and function changes when changing from tablet mode to workstation mode.

This was a failure with the Windows 8 desktop and also a failure with the Gnome desktop. You cannot design an interface to work with your finger and with a mouse. What you will always end up with is an interface that doesn't work well with either. KDE is graphically busy and uses a lot of resources. This makes it unsuitable for a very old machine, or one with low graphics memory. It was a file manager. This is reminiscent of the creation of the Linux kernel itself, where Linus Torvalds started with a file manager module.

Installations had problems, but the live disk seems to work well. I noticed the Kali-Linux graphical installation asks for machine domain but regular installation does not. The following screenshot shows the default LXDE desktop. This desktop environment is also reminiscent of Windows XP with the menu launch button in the lower-left corner:.

Could not load tags. Latest commit. Git stats 5 commits. Failed to load latest commit information. View code. Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's security What is this book about? This book covers the following exciting features: Set up a secure penetration testing laboratory Use proxies, crawlers, and spiders to investigate an entire website Identify cross-site scripting and client-side vulnerabilities Exploit vulnerabilities that allow the insertion of code into web applications Exploit vulnerabilities that require complex setups If you feel this book is for you, get your copy today!