Penetration Testing: A Hands-On Introduction to HackingPenetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: –Crack passwords and wireless network keys with brute-forcing and wordlists –Test web applications for vulnerabilities –Use the Metasploit Framework to launch exploits and write your own Metasploit modules –Automate social-engineering attacks –Bypass antivirus software –Turn access to one machine into total control of the enterprise in the post exploitation phase You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs. |
Contents
Penetration Testing Primer | 1 |
The Basics | 7 |
Setting Up Your Virtual Lab | 9 |
Using Kali Linux | 55 |
Programming | 75 |
Using the
Metasploit Framework | 87 |
Assessment | 111 |
Information Gathering | 113 |
Post Exploitation | 277 |
Web Application Testing | 313 |
Wireless Attacks | 339 |
Exploit Development | 359 |
A StackBased Buffer Overflow in Linux | 361 |
A StackBased Buffer Overflow in Windows | 379 |
Structured Exception Handler Overwrites | 401 |
Fuzzing Porting Exploits and Metasploit Modules | 421 |
Finding Vulnerabilities | 133 |
Capturing Traffic | 155 |
Attacks | 177 |
Exploitation | 179 |
Password Attacks | 197 |
ClientSide Exploitation | 215 |
Social Engineering | 243 |
Bypassing Antivirus Applications | 257 |
Other editions - View all
Common terms and phrases
able additional agent allow Android application attack browser buffer bytes called Chapter choose client command connect crash create credentials Current default device domain enter example executable exploit function georgia hashes host install instructions IP address issue Kali Linux listening look machine malicious memory Metasploit Meterpreter mobile module Nmap Once options output packet password payload pentest port privileges request Required root root@kali scan script server session shell shellcode shown in Figure shown in Listing snip specify stack start Starting string target techniques tell TFTP tool traffic username virtual machine vulnerability we’ll Windows XP write