The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing

Ethical Hacking and Penetration Testing Made Easy

2nd Edition - June 24, 2013

Write a review

  • Author: Patrick Engebretson
  • Paperback ISBN: 9780124116443
  • eBook ISBN: 9780124116412

Purchase options

Purchase options
Available
DRM-free (Mobi, PDF, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security.Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.

Key Features

  • Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases
  • Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University
  • Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test

Readership

Security Consultants, beginning InfoSec professionals, Students

Table of Contents

  • Dedication
    Acknowledgments
    My Wife
    My Girls
    My Family
    Dave Kennedy
    Jared DeMott
    To the Syngress Team
    About the Author
    Introduction
    What is New in This Edition?
    Who is the Intended Audience for This Book?
    How is This Book Different from Book ‘x’?
    Why Should I Buy This Book?
    What Do I Need to Follow Along?

    1. What is Penetration Testing?
    Information in This Chapter:
    Introduction
    Setting the Stage
    Introduction to Kali and Backtrack Linux: Tools. Lots of Tools
    Working with Your Attack Machine: Starting the Engine
    The Use and Creation of a Hacking Lab
    Phases of a Penetration Test
    Where Do I Go from Here?
    Summary

    2. Reconnaissance
    Information in This Chapter:
    Introduction
    HTTrack: Website Copier
    Google Directives: Practicing Your Google-Fu
    The Harvester: Discovering and Leveraging E-mail Addresses
    Whois
    Netcraft
    Host
    Extracting Information from DNS
    nslookup
    Dig
    Fierce: What to Do When Zone Transfers Fail
    Extracting Information from E-mail Servers
    MetaGooFil
    ThreatAgent: Attack of the Drones
    Social Engineering
    Sifting Through the Intel to Find Attackable Targets
    How Do I Practice This Step?
    Where Do I Go from Here?
    Summary

    3. Scanning
    Information in This Chapter:
    Introduction
    Pings and Ping Sweeps
    Port Scanning
    The Three-Way Handshake
    Using Nmap to Perform a TCP Connect Scan
    Using Nmap to Perform an SYN Scan
    Using Nmap to Perform UDP Scans
    Using Nmap to Perform an Xmas Scan
    Using Nmap to Perform Null Scans
    The Nmap Scripting Engine: From Caterpillar to Butterfly
    Port Scanning Wrap Up
    Vulnerability Scanning
    How Do I Practice This Step?
    Where Do I Go from Here?
    Summary

    4. Exploitation
    Information in This Chapter:
    Introduction
    Medusa: Gaining Access to Remote Services
    Metasploit: Hacking, Hugh Jackman Style!
    JtR: King of the Password Crackers
    Local Password Cracking
    Remote Password Cracking
    Linux Password Cracking and a Quick Example of PrivilegeEscalation
    Password Resetting: The Building and the Wrecking Ball
    Wireshark: Sniffing Network Traffic
    Macof: Making Chicken Salad Out of Chicken Sh∗t
    Armitage: Introducing Doug Flutie of Hacking
    Why Learn Five Tools When One Works Just as Well?
    How Do I Practice This Step?
    Where Do I Go from Here?
    Summary

    5. Social Engineering
    Information in This Chapter:
    Introduction
    The Basics of SET
    Website Attack Vectors
    The Credential Harvester
    Other Options Within SET
    Summary

    6. Web-Based Exploitation
    Information in This Chapter:
    Introduction
    The Basics of Web Hacking
    Nikto: Interrogating Web Servers
    w3af: More than Just a Pretty Face
    Spidering: Crawling Your Target’s Website
    Intercepting Requests with Webscarab
    Code Injection Attacks
    Cross-Site Scripting: Browsers that Trust Sites
    ZED Attack Proxy: Bringing It All Together Under One Roof
    Intercepting in ZAP
    Spidering in ZAP
    Scanning in ZAP
    How Do I Practice This Step?
    Where Do I Go from Here?
    Additional Resources
    Summary

    7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter
    Information in This Chapter:
    Introduction
    Netcat: The Swiss Army Knife
    Netcat’s Cryptic Cousin: Cryptcat
    Rootkits
    Hacker Defender: It is Not What You Think
    Detecting and Defending Against Rootkits
    Meterpreter: The Hammer that Turns Everything into a Nail
    How Do I Practice This Step?
    Where Do I Go from Here?
    Summary

    8. Wrapping Up the Penetration Test
    Information in This Chapter:
    Introduction
    Writing the Penetration Testing Report
    Executive Summary
    Detailed Report
    Raw Output
    You Do Not Have to Go Home but You Cannot Stay Here
    Where Do I Go from Here?
    Wrap Up
    The Circle of Life
    Summary

    Index

Product details

  • No. of pages: 225
  • Language: English
  • Copyright: © Syngress 2013
  • Published: June 24, 2013
  • Imprint: Syngress
  • Paperback ISBN: 9780124116443
  • eBook ISBN: 9780124116412

About the Author

Patrick Engebretson

Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation, honey pots, and malware. In the past several years he has published many peer reviewed journal and conference papers in these areas. Dr. Engebretson has been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC and has also spoken at Black Hat in Las Vegas. He regularly attends advanced exploitation and penetration testing trainings from industry recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.

Affiliations and Expertise

Assistant Professor of Information Assurance; Senior Penetration Tester for security firm in the Midwest

Ratings and Reviews

Write a review

There are currently no reviews for "The Basics of Hacking and Penetration Testing"