Hacker Secrets Practical guide to penetration testing

Excellent reputation on the market penetration test books, in the field of test books in the United States ranked the first, the reader's good reviews, sales second kill all other similar penetration test books.
The tactics of penetration testing, described in rugby lingo, are as follows.
Preparation - Installation: This chapter describes how to set up the lab, attack host, and tools used throughout the book.
Before serving - Scan the network: Before carrying out various operations, you need to carefully check the environment and understand the situation. We will take you to discover and intelligently scan the target system.
Dribbling - Exploit: Infiltrate the target system based on the vulnerabilities found in Chapter 2. In this chapter, we need manual practices to penetrate the target system.
Toss - Manual detection techniques for Web applications: Sometimes you need to get creative when finding targets that are publicly available on the Internet. We'll delve into how to manually search and attack web applications.
Cross transmission - Penetration of the Intranet: After a system has been breached, various methods for horizontal penetration of the network will be discussed.
Assists -- Social Engineering: Deceiving opponents through play. This chapter will explain some social engineering strategies.
Short Pass - Physical Access Attack: A good short pass requires a short distance. In this section, physical attack methods are introduced.
Quarterback Break - Evade antivirus detection: The quarterback break is ideal when only a few yards away. Sometimes you cannot escape the anti-virus software. This chapter describes how to avoid the anti-virus software and overcome the above obstacles.
Secret Service Groups - Cracking, Exploiting and Techniques: Cracking codes, exploiting vulnerabilities, Nethunters and some techniques.
Two-minute drill - Go from Zero to Hero: You only have two minutes to go from no access rights to very high domain administrator rights.
Post-match -- Analysis report: Write the penetration test report and report the results.
Continuing education: Share with your readers some of the things you need to do to improve penetration testing.
Content abstract
Hacker Tips -- The Practical Guide to Penetration Testing (2nd Edition) is a new and updated version of the bestselling Hacker Tips -- The Practical Guide to Penetration Testing. It completely updates the previous edition and adds a lot of new knowledge. The book uses real-world examples and helpful advice to explain some of the obstacles you face during penetration testing and how to overcome them.
The hacking tips - penetration test practical guide (2nd edition), which is divided into 12 chapters, covering against the installation of the machine/tool configuration, network scanning, and the exploit, artificial detection technology of web applications, network, social engineering skills, physical access to attack, to evade antivirus software testing method, Tips on cracking passwords and analysis reports, continuing education and other knowledge.
The Hacker Secret -- A Practical Guide to Penetration Testing (2nd Edition) is organized and independent of each other so that readers can read it either on demand or chapter by chapter. A background in penetration testing is not required, but relevant experience is helpful in understanding the content of this book.
Author's brief introduction
Peter Kim is the CEO and Chairman of Secure Planet. He has nearly 10 years of experience in the security field and has been engaged in penetration testing for the past 7 years. He has taught courses in penetration testing and cybersecurity at Howard Community College in Maryland and holds numerous security-related certifications.
directory
Chapter 1 Preparation -- Installation 1
1.1 Setting up a Test Environment 1
1.2 Creating a domain 1
1.3 Creating Other Servers 2
1.4 Practice 2
1.5 Build penetration test environment 3
1.5.1 Installing a Penetration Test Environment 3
1.5.2 Hardware 4
1.5.3 Open Source and Commercial Software 5
1.5.4 Establishing the Platform 6
1.5.5 Setting up Kali Linux 8
1.5.6 Windows VM 17
1.5.7 Setting the Windows Environment 18
1.5.8 Starting PowerShell 20
1.5.9 Easy-P 22
1.6 Learning 24
1.6.1 Metasploitable 2 24
1.6.2 Binary utilization 26
1.7 Summary 36
Chapter 2 Before serving -- Scan the network 37
2.1 Passive Information Search - Open Source Intelligence (OSINT) 37
2.1.1 Recon-NG (https://bitbucket.org/LaNMaSteR53/recon-ng,
Kali Linux) 38
2.1.2 Discover script (https://github.com/leebaird/discover, Kali Linux) 42
2.1.3 SpiderFoot (http://www.spiderfoot.net/, Kali Linux) 44
2.2 Creating a Password Dictionary 46
2.2.1 Wordhound (https://bitbucket.org/mattinfosec/wordhound.git,
Kali Linux) 46
2.2.2 BruteScrape (https://github.com/cheetz/brutescrape, Kali Linux) 50
2.2.3 Use the hack password list to find email addresses and credentials 51
2.2.4 Gitrob -- Github Analysis (https://github.com/michenriksen/gitrob,
Kali Linux) 54
2.2.5 Open-source intelligence data collection 56
2.3 External or internal active information collection 57
2.3.1 Masscan (https://github.com/robertdavidgraham/masscan, Kali Linux) 57
2.3.2 SPARTA (http://sparta.secforce.com/, Kali Linux) 60
2.3.3 HTTP Screenshot (https://github.com/breenmachine/httpscreenshot,
Kali Linux) 63
2.4 Vulnerability Scan 67
2.4.1 Rapid7 Nexpose/Tenable Nessus (Kali/Windows/OS X) 67
2.4.2 OpenVAS(http://www.openvas.org/, Kali) 68
2.5 Website Application Scan 71
2.5.1 Scanning websites 71
2.5.2 Website application Scan 72
2.5.3 OWASP Zap Proxy(https://code.google.com/p/zaproxy/,
Kali Linux/Windows/OS X) 79
2.6 Analyze Nessus, Nmap, and Burp 81
2.7 Summary 83
Chapter 3 Dribbling the Ball -- Exploit the Hole 85
3.1 Metasploit(http://www.metasploit.com, Windows/Kali Linux) 85
3.1.1 Starting the Metasploit Tool from a Terminal of the Kali Operating System 86 Initialize and start the Metasploit tool
3.1.2 Run Metasploit 86 Using the Common Configuration Command
3.1.3 Running Metasploit - Exploit subsequent operations or other 87
3.1.4 Using the Metasploit platform to exploit Vulnerability MS08-067 87
3.2 Script 89
3.3 Printer 90
3.4 Heartbleed 94
3.5 Shellshock 97
3.6 Exporting Git Code Base (Kali Linux) 101
3.7 Nosqlmap (www.nosqlmap.net/, Kali Linux) 103
3.8 Elastic Search (Kali Linux) 106
3.9 Summary 108
Chapter 4 Toss -- Manual detection techniques for Web Applications 109
4.1 Web Application Penetration Test 110
4.1.1 SQL Injection 111
4.1.2 Manual SQL injection 115
4.1.3 Cross-site Scripting (XSS) 131
4.1.4 Cross-site Request Forgery (CSRF) 136
4.1.5 Session token 139
4.1.6 Other Fuzzy Test/Input Verification 141
4.1.7 Other Top 10 OWASP Vulnerabilities 144
4.1.8 Functional/Business Logic Test 146
4.2 Summary 147
Chapter 5 Cross Transmission -- Penetrating the Intranet 149
5.1 Network Penetration without Credentials 149
5.1.1 Responder. py (https://github.com/SpiderLabs/Responder, Kali Linux) 149
5.1.2 ARP Deception 153
5.1.3 Cain and Abel (http://www.oxid.it/cain.html, Windows) 154
5.1.4 Ettercap(http://ettercap.github.io/ettercap/, Kali Linux) 156
5.1.5 Backdoor Factory Agent (https://github.com/secretsquirrel/ BDFProxy,
Kali Linux) 157
5.1.6 Attack Operations after ARP spoofing 159
5.2 Using Arbitrary domain Credentials (non-administrator rights) 167
5.2.1 Conducting System Reconnaissance 167
5.2.2 Group Policy Preference 173
5.2.3 A note on the late exploitation of the vulnerability 175
5.2.4 Promoting Permission 176
5.3 Having Local Administrator Rights or Domain Administrator Rights 181
5.3.1 Infiltrate the entire Network Using Credentials and psexec 182
5.3.2 Executing Commands on Multiple Hosts Using the psexec Tool (Kali Linux) 185
5.3.3 Using the WMI Tool for Horizontal Penetration (Windows) 186
5.3.4 Kerberos-MS14-068 188
5.3.5 Pass ticket Attack 190
5.3.6 Horizontal Infiltration Using the PostgreSQL Vulnerability 192
5.3.7 Obtaining the Cache Certificate 195
5.4 Attacking Domain Controller 197
5.4.1 SMBExec(https://github.com/brav0hax/smbexec, Kali Linux) 197
5.4.2 psexec_ntdsgrab (Kali Linux) 199
5.5 Continuous Control 201
5.5.1 Veil and PowerShell 201
5.5.2 Implementing Continuous Control Using Scheduled Tasks 204
5.5.3 Gold Note 206
5.5.4 Universal Key 213
5.5.5 Viscous bond 215
5.6 Summary 218
Chapter 6 Assists -- Social Engineering 219
6.1 Approximate domain name 219
6.1.1 SMTP Attack 219
6.1.2 SSH Attack 220
6.2 Phishing 222
6.3 Phishing Report 231
Chapter 7 Short Passing -- Physical Access Attacks 233
7.1 Wireless Network Penetration 233
7.1.1 Passive Identification and Reconnaissance 233
7.1.2 Active Attack 235
7.2 Worker Card Clone 245
7.3 Kon-boot(http://www.piotrbania.) com/all/kon-boot /, Windows/OS X) 249
7.3.1 Windows 250
7.3.2 OS X 250
7.4 Penetration Test Portable Device - Raspberry Pi 2 251
7.5 Rubber Ducky (http://hakshop.myshopify.com/ products/ usb-rubber-ducky -
deluxe) 255
7.6 Summary 258
Chapter 8 Quarterback Breakout -- Circumventing anti-virus detection 259
8.1 Avoiding Antivirus Software 259
8.1.1 Back Door Factory (https://github.com/secretsquirrel/the-backdoorfactory,
Kali Linux) 259
8.1.2 WCE Evading Detection by Anti-virus Software (Windows) 263
8.1.3 Veil (https://github.com/Veil-Framework, Kali Linux) 267
8.1.4 SMBExec (https://github.com/pentestgeek/smbexec, Kali Linux) 270
8.1.5 peCloak. py(http://www.securitysift.com/pecloak-py-an-experiment-in -
Av - evasion/Windows) 272
8.1.6 Python 274
8.2 Other Keyboard Logging Tools 276
8.2.1 Use Nishang Keylogging tool (https://github.com/ samratashok/)
nishang) 277
8.2.2 Using Keylogging in PowerSploit (https://github.com/ mattifestation/)
PowerSploit) 278
8.3 Summary 278
Chapter 9 The Secret Service -- Hacking, Exploitation, and Techniques 2