Hands-On Penetration Testing with Kali NetHunter
Glen D. Singh Sean Philip Oriyano更新时间:2021-07-02 12:39:24
最新章节:Leave a review - let other readers know what you thinkcoverpage
Title Page
Copyright and Credits
Hands-On Penetration Testing with Kali NetHunter
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Section 1: Exploring Kali NetHunter
Introduction to Kali NetHunter
What is Kali NetHunter?
Tools within Kali NetHunter
MAC Changer
The MITM framework
HID attacks
DuckHunter HID
BadUSB MITM attacks
The MANA Wireless Toolkit
Software defined radio
Network Mapper
The Metasploit Payload Generator
Searchsploit
The Android platform and security model
The Android architecture
The Application layer
The Application Framework Layer
Android Libraries
Android Runtime
Kernel
The Android security model
Android Device Manager
SafetyNet
Verify applications
Application services
Android updates
The Google Play Store
Google Play Protect
Installing NetHunter
Building Kali NetHunter for a specific device (optional)
Additional optional hardware
Summary
Understanding the Phases of the Pentesting Process
The need for penetration testing
Types of hackers
White hat
Grey hat
Black hat
Script kiddie
Suicide hacker
Hacktivist
State-sponsored hacker
Penetration testing
Blue teaming vs red teaming vs purple team
Blue team
Red team
Purple team
Types of penetration tests
Phases of penetration testing
The pre-attack phase
The attack phase
The post-attack phase
Penetration testing methodologies and frameworks
OWASP testing framework
PCI penetration testing guide
Penetration Testing Execution Standard
Open Source Security Testing Methodology Manual
Phases of penetration testing
Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
Deliverables
Summary
Section 2: Common Pentesting Tasks and Tools
Intelligence-Gathering Tools
Technical requirements
Objectives of intelligence gathering
Information for the taking
Types of information available
Network information
Organizational data
Tools for gathering useful information
Using Shodan
Working with filters
Using Metagoofil
Exercise using Metagoofil to collect information
Using Nikto
Exercise – working with Nikto
What is robots.txt?
Using Parsero
Exercise – working with Parsero
Using wget
Exercise – working with wget
Using HTTrack
Exercise – using HTTrack
Google Hacking
Exercise – what's the Right Search Engine
Location
Social networking
Using Echosec
Exercise – working with Echosec
Working with Recon-Ng
Going for technical data
Using WHOIS
Exercise – getting the most from WHOIS
nslookup
Reverse DNS Lookups
Looking up an NS record
Querying an MX record
Querying an SOA record
Querying another DNS
Using dnsenum
Exercise – working with dnsenum
Using DNSMAP
Using traceroute
Summary
Further reading
Scanning and Enumeration Tools
Technical requirements
Scanning
Conducting a scan
Troubleshooting scanning results
Determining whether a host is up or down
Exercise – working with ping
Using Nmap
Exercise – Performing a Ping Sweep with Nmap
Port scanning
Full Open/TCP connect scans
Stealth scans
XMAS scans
FIN scans
NULL scans
ACK scans
Tuning and tweaking
UDP scanning
Banner grabbing
Exercise using Telnet to banner-grab
Exercise – using nmap to banner-grab
Enumeration with NetHunter
Enumerating DNS
Enumerating SMTP
Exercise – using NMAP to enumerate
Exercise – working with smtp-user-enum
Working with SMB
Exercise – using enum4linux
Exercise – using acccheck
Exercise – using SMBmap
Summary
Further reading
Penetrating the Target
Technical requirements
Concerning passwords
Choosing an approach to cracking
Passive techniques
Man-in-the-Middle
Exercise – working with SSL strip
Active techniques
Working with Ncrack
Exercise – working with Ncrack
Offline attacks
Rainbow tables
Exercise – creating the rainbow table
Exercise – working with rtgen
Putting it together
Exercise – recovering passwords with hashcat
Executing applications
Escalating privileges
Executing applications on the target
Exercise – planting a backdoor with Netcat
Summary
Further reading
Clearing Tracks and Removing Evidence from a Target
Clearing tracks
Types of logs and their locations
DHCP server logs
Syslog messages
Packet analysis
Web server logs
Database logs
Event logs
Clearing logs on Windows
Using PowerShell to clear logs in Windows
Using the command prompt to clear logs in Windows
Clearing logs in Linux
Summary
Section 3: Advanced Pentesting Tasks and Tools
Packet Sniffing and Traffic Analysis
The need for sniffing traffic
Types of packet-sniffing techniques
Active sniffing
Passive sniffing
Tools and techniques of packet sniffing
Aircrack-ng
Observing wireless networks using airmon-ng
Arpspoof
Dsniff
Kismet
Tcpdump
TShark
The MITM framework
Packet analysis techniques
Dsniff
Tshark
Urlsnarf
Tcpdump
Summary
Targeting Wireless Devices and Networks
Wireless network topologies
Independent Basic Service Set
Basic Service Set
Extended Service Set
Wireless standards
Service Set Identifier
Wireless authentication modes
Wireless encryption standard
Wired Equivalent Privacy
Wi-Fi Protected Access
Wi-Fi Protected Access 2
Wireless threats
Wireless attacks
Exercise – checking whether a wireless card supports injection
Exercise – detecting access points and their manufacturers
Exercise – discovering the WPS version of an access point
Exercise – de-authentication attacks
Exercise – de-authenticating a specific client
Exercise – detecting a de-authentication attack
Exercise – discovering hidden SSIDs
Exercise – cracking WEP and WPA
Cracking WEP Encryption
Bluetooth hacking
Summary
Avoiding Detection
Scanning
Stealth scanning
Decoys
Idle scans
MAC spoofing
Fragmentation
Metasploit Payload Generator
Encrypting traffic
Summary
Hardening Techniques and Countermeasures
Security threats and countermeasures
Viruses
Other common viruses
Client system security
The Windows baseline
The Windows registry
User accounts
Patch management
Windows Firewall
Disabling services
The Linux baseline
Security scanner for Linux
Disabling services in Linux
Hardening networking devices
Hardening mobile devices
Summary
Building a Lab
Technical requirements
Hypervisor
Type 1
Type 2
Vulnerable systems
Setting up the lab
Step 1 – installing the hypervisor
Step 2 – obtaining vulnerable systems
Step 3 – setting up Metasploitable
Step 4 – setting up the OWASP broken web applications project
Summary
Selecting a Kali Device and Hardware
Small computers
Gem PDA
Raspberry Pi 2 and 3
ODROID U2
Mobile hardware
External components
Wireless adapters
OTG cables
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-07-02 12:39:24