Hands-on penetration testing on Windows : unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis /
Penetration testing is highly competitive, and it's easy to get stuck in the same routine client after client. This book will provide hands-on experience with penetration testing while guiding you through behind-the-scenes action along the way.
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham, UK :
Packt Publishing,
2018.
|
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Bypassing Network Access Control; Technical requirements; Bypassing MAC filtering
- considerations for the physical assessor; Configuring a Kali wireless access point to bypass MAC filtering; Design weaknesses
- exploiting weak authentication mechanisms; Capturing captive portal authentication conversations in the clear; Layer-2 attacks against the network; Bypassing validation checks; Confirming the Organizationally Unique Identifier; Passive Operating system Fingerprinter
- Spoofing the HTTP User-AgentBreaking out of jail
- masquerading the stack; Following the rules spoils the fun
- suppressing normal TCP replies; Fabricating the handshake with Scapy and Python; Summary; Questions; Further reading; Chapter 2: Sniffing and Spoofing; Technical requirements; Advanced Wireshark
- going beyond simple captures; Passive wireless analysis; Targeting WLANs with the Aircrack-ng suite; WLAN analysis with Wireshark; Active network analysis with Wireshark; Advanced Ettercap
- the man-in-the-middle Swiss Army Knife; Bridged sniffing and the malicious access point
- Ettercap filters
- fine-tuning your analysisKilling connections with Ettercap filters; Getting better
- spoofing with BetterCAP; ICMP redirection with BetterCAP; Summary; Questions; Further reading; Chapter 3: Windows Passwords on the Network; Technical requirements; Understanding Windows passwords; A crash course on hash algorithms; Password hashing methods in Windows; If it ends with 1404EE, then it's easy for me
- understanding LM hash flaws; Authenticating over the network-a different game altogether; Capturing Windows passwords on the network
- A real-world pen test scenario
- the chatty printerConfiguring our SMB listener; Authentication capture; Hash capture with LLMNR/NetBIOS NS spoofing; Let it rip
- cracking Windows hashes; The two philosophies of password cracking; John the Ripper cracking with a wordlist; John the Ripper cracking with masking; Reviewing your progress with the show flag; Summary; Questions; Further reading; Chapter 4: Advanced Network Attacks; Technical requirements; Binary injection with BetterCAP proxy modules; The Ruby file injection proxy module
- replace_file.rb
- Creating the payload and connect-back listener with MetasploitHTTP downgrading attacks with sslstrip; Removing the need for a certificate
- HTTP downgrading; Understanding HSTS bypassing with DNS spoofing; HTTP downgrade attacks with BetterCAP ARP/DNS spoofing; The evil upgrade
- attacking software update mechanisms; Exploring ISR Evilgrade; Configuring the payload and upgrade module; Spoofing ARP/DNS and injecting the payload; IPv6 for hackers; IPv6 addressing basics; Local IPv6 reconnaissance and the Neighbor Discovery Protocol; IPv6 man-in-the-middle
- attacking your neighbors
- Living in an IPv4 world
- creating a local 4-to-6 proxy for your tools