BackTrack 4: Assuring Security by Penetration Testing. Master the art of penetration testing with BackTrack

BackTrack 4: Assuring Security by Penetration Testing. Master the art of penetration testing with BackTrack - Opis

BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools (...) więcej is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed. Spis treści:
BackTrack 4: Assuring Security by Penetration Testing
Table of Contents
BackTrack 4: Assuring Security by Penetration Testing
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
I. Lab Preparation and Testing Procedures
1. Beginning with BackTrack
History
BackTrack purpose
Getting BackTrack
Using BackTrack
Live DVD
Installing to hard disk
Installation in real machine
Installation in VirtualBox
Portable BackTrack
Configuring network connection
Ethernet setup
Wireless setup
Starting the network service
Updating BackTrack
Updating software applications
Updating the kernel
Installing additional weapons
Nessus vulnerability scanner
WebSecurify
Customizing BackTrack
Summary
2. Penetration Testing Methodology
Types of penetration testing
Black-box testing
White-box testing
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual (OSSTMM)
Key features and benefits
Information Systems Security Assessment Framework (ISSAF)
Key features and benefits
Open Web Application Security Project (OWASP) Top Ten
Key features and benefits
Web Application Security Consortium Threat Classification (WASC-TC)
Key features and benefits
BackTrack testing methodology
Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting
The ethics
Summary
II. Penetration Testers Armory
3. Target Scoping
Gathering client requirements
Customer requirements form
Deliverables assessment form
Preparing the test plan
Test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Public resources
Document gathering
Metagoofil
DNS information
dnswalk
dnsenum
dnsmap
dnsmap-bulk
dnsrecon
fierce
Route information
0trace
dmitry
itrace
tcpraceroute
tctrace
Utilizing search engines
goorecon
theharvester
All-in-one intelligence gathering
Maltego
Documenting the information
Dradis
Summary
5. Target Discovery
Introduction
Identifying the target machine
ping
arping
arping2
fping
genlist
hping2
hping3
lanmap
nbtscan
nping
onesixtyone
OS fingerprinting
p0f
xprobe2
Summary
6. Enumerating Target
Port scanning
AutoScan
Netifera
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Nmap scripting engine
Unicornscan
Zenmap
Service enumeration
Amap
Httprint
Httsquash
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Open Vulnerability Assessment System (OpenVAS)
OpenVAS integrated security tools
Cisco analysis
Cisco Auditing Tool
Cisco Global Exploiter
Cisco Passwd Scanner
Fuzzy analysis
BED
Bunny
JBroFuzz
SMB analysis
Impacket Samrdump
Smb4k
SNMP analysis
ADMSnmp
Snmp Enum
SNMP Walk
Web application analysis
Database assessment tools
DBPwAudit
Pblind
SQLbrute
SQLiX
SQLMap
SQL Ninja
Application assessment tools
Burp Suite
Grendel Scan
LBD
Nikto2
Paros Proxy
Ratproxy
W3AF
WAFW00F
WebScarab
Summary
8. Social Engineering
Modeling human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship
Social Engineering Toolkit (SET)
Targeted phishing attack
Gathering user credentials
Common User Passwords Profiler (CUPP)
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario #1
Scenario #2
SNMP community scanner
VNC blank authentication scanner
IIS6 WebDAV unicode auth bypass
Scenario #3
Bind shell
Reverse shell
Meterpreter
Scenario #4
Scenario #5
Generating binary backdoor
Automated browser exploitation
Writing exploit module
Summary
10. Privilege Escalation
Attacking the password
Offline attack tools
Rainbowcrack
Samdump2
John
Ophcrack
Crunch
Wyd
Online attack tools
BruteSSH
Hydra
Network sniffers
Dsniff
Hamster
Tcpdump
Tcpick
Wireshark
Network spoofing tools
Arpspoof
Ettercap
Summary
11. Maintaining Access
Protocol tunneling
DNS2tcp
Ptunnel
Stunnel4
Proxy
3proxy
Proxychains
End-to-end connection
CryptCat
Sbd
Socat
Summary
12. Documentation and Reporting
Documentation and results verification
Types of reports
Executive report
Management report
Technical report
Network penetration testing report (sample contents)
Table of Contents
Presentation
Post testing procedures
Summary
III. Extra Ammunition
A. Supplementary Tools
Vulnerability scanner
NeXpose community edition
NeXpose installation
Starting NeXpose community
Login to NeXpose community
Using NeXpose community
Web application fingerprinter
WhatWeb
BlindElephant
Network Ballista
Netcat
Open connection
Service banner grabbing
Simple server
File transfer
Portscanning
Backdoor Shell
Reverse shell
Summary
B. Key Resources
Vulnerability Disclosure and Tracking
Paid Incentive Programs
Reverse Engineering Resources
Network ports
Index mniej