The Basics of Hacking and Penetration Testing - 2nd Edition - ISBN: 9780124116443, 9780124116412

The Basics of Hacking and Penetration Testing

2nd Edition

Ethical Hacking and Penetration Testing Made Easy

Authors: Patrick Engebretson
eBook ISBN: 9780124116412
Paperback ISBN: 9780124116443
Imprint: Syngress
Published Date: 1st August 2013
Page Count: 225
Tax/VAT will be calculated at check-out
15% off
15% off
15% off
18.99
16.14
23.95
20.36
29.95
25.46
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access


Description

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security.

Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.

This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.

Key Features

  • Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
  • Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
  • Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.

Readership

Security Consultants, beginning InfoSec professionals, Students

Table of Contents

Dedication

Acknowledgments

My Wife

My Girls

My Family

Dave Kennedy

Jared DeMott

To the Syngress Team

About the Author

Introduction

What is New in This Edition?

Who is the Intended Audience for This Book?

How is This Book Different from Book ‘x’?

Why Should I Buy This Book?

What Do I Need to Follow Along?

Chapter 1. What is Penetration Testing?

Information in This Chapter:

Introduction

Setting the Stage

Introduction to Kali and Backtrack Linux: Tools. Lots of Tools

Working with Your Attack Machine: Starting the Engine

The Use and Creation of a Hacking Lab

Phases of a Penetration Test

Where Do I Go from Here?

Summary

Chapter 2. Reconnaissance

Information in This Chapter:

Introduction

HTTrack: Website Copier

Google Directives: Practicing Your Google-Fu

The Harvester: Discovering and Leveraging E-mail Addresses

Whois

Netcraft

Host

Extracting Information from DNS

nslookup

Dig

Fierce: What to Do When Zone Transfers Fail

Extracting Information from E-mail Servers

MetaGooFil

ThreatAgent: Attack of the Drones

Social Engineering

Sifting Through the Intel to Find Attackable Targets

How Do I Practice This Step?

Where Do I Go from Here?

Summary

Chapter 3. Scanning

Information in This Chapter:

Introduction

Pings and Ping Sweeps

Port Scanning

The Three-Way Handshake

Using Nmap to Perform a TCP Connect Scan

Using Nmap to Perform an SYN Scan

Using Nmap to Perform UDP Scans

Using Nmap to Perform an Xmas Scan

Using Nmap to Perform Null Scans

The Nmap Scripting Engine: From Caterpillar to Butterfly

Port Scanning Wrap Up

Vulnerability Scanning

How Do I Practice This Step?

Where Do I Go from Here?

Summary

Chapter 4. Exploitation

Information in This Chapter:

Introduction

Medusa: Gaining Access to Remote Services

Metasploit: Hacking, Hugh Jackman Style!

JtR: King of the Password Crackers

Local Password Cracking

Remote Password Cracking

Linux Password Cracking and a Quick Example of Privilege Escalation

Password Resetting: The Building and the Wrecking Ball

Wireshark: Sniffing Network Traffic

Macof: Making Chicken Salad Out of Chicken Sh∗t

Armitage: Introducing Doug Flutie of Hacking

Why Learn Five Tools When One Works Just as Well?

How Do I Practice This Step?

Where Do I Go from Here?

Summary

Chapter 5. Social Engineering

Information in This Chapter:

Introduction

The Basics of SET

Website Attack Vectors

The Credential Harvester

Other Options Within SET

Summary

Chapter 6. Web-Based Exploitation

Information in This Chapter:

Introduction

The Basics of Web Hacking

Nikto: Interrogating Web Servers

w3af: More than Just a Pretty Face

Spidering: Crawling Your Target’s Website

Intercepting Requests with Webscarab

Code Injection Attacks

Cross-Site Scripting: Browsers that Trust Sites

ZED Attack Proxy: Bringing It All Together Under One Roof

Intercepting in ZAP

Spidering in ZAP

Scanning in ZAP

How Do I Practice This Step?

Where Do I Go from Here?

Additional Resources

Summary

Chapter 7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter

Information in This Chapter:

Introduction

Netcat: The Swiss Army Knife

Netcat’s Cryptic Cousin: Cryptcat

Rootkits

Hacker Defender: It is Not What You Think

Detecting and Defending Against Rootkits

Meterpreter: The Hammer that Turns Everything into a Nail

How Do I Practice This Step?

Where Do I Go from Here?

Summary

Chapter 8. Wrapping Up the Penetration Test

Information in This Chapter:

Introduction

Writing the Penetration Testing Report

Executive Summary

Detailed Report

Raw Output

You Do Not Have to Go Home but You Cannot Stay Here

Where Do I Go from Here?

Wrap Up

The Circle of Life

Summary

Index

Details

No. of pages:
225
Language:
English
Copyright:
© Syngress 2013
Published:
Imprint:
Syngress
eBook ISBN:
9780124116412
Paperback ISBN:
9780124116443

About the Author

Patrick Engebretson

Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest.

Affiliations and Expertise

Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation, honey pots, and malware. In the past several years he has published many peer reviewed journal and conference papers in these areas. Dr. Engebretson has been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC and has also spoken at Black Hat in Las Vegas. He regularly attends advanced exploitation and penetration testing trainings from industry recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.

Reviews

"...this is meant to be a practical book, and it positively encourages you to download, fire up and use the tools mentioned. The first chapter even tells you how to set up your own ‘hacking lab’. So whatever your interest in hacking, you’ll get the most out of the book if you follow along."--Network Security,Aug 1 2013

"For people looking to become pen-testers, this is an excellent first step. For anyone simply curious about what pen-testing involves and who wants to try some of the techniques for themselves, it may be all you need." - Network Security, December 2011