The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing

Ethical Hacking and Penetration Testing Made Easy

2nd Edition - June 24, 2013

Write a review

  • Author: Patrick Engebretson
  • Paperback ISBN: 9780124116443
  • eBook ISBN: 9780124116412

Purchase options

Purchase options
Available
DRM-free (Mobi, PDF, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class. This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.

Key Features

  • Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
  • Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
  • Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.

Readership

Security Consultants, beginning InfoSec professionals, Students

Table of Contents

  • Dedication

    Acknowledgments

    My Wife

    My Girls

    My Family

    Dave Kennedy

    Jared DeMott

    To the Syngress Team

    About the Author

    Introduction

    What is New in This Edition?

    Who is the Intended Audience for This Book?

    How is This Book Different from Book ‘x’?

    Why Should I Buy This Book?

    What Do I Need to Follow Along?

    Chapter 1. What is Penetration Testing?

    Information in This Chapter:

    Introduction

    Setting the Stage

    Introduction to Kali and Backtrack Linux: Tools. Lots of Tools

    Working with Your Attack Machine: Starting the Engine

    The Use and Creation of a Hacking Lab

    Phases of a Penetration Test

    Where Do I Go from Here?

    Summary

    Chapter 2. Reconnaissance

    Information in This Chapter:

    Introduction

    HTTrack: Website Copier

    Google Directives: Practicing Your Google-Fu

    The Harvester: Discovering and Leveraging E-mail Addresses

    Whois

    Netcraft

    Host

    Extracting Information from DNS

    nslookup

    Dig

    Fierce: What to Do When Zone Transfers Fail

    Extracting Information from E-mail Servers

    MetaGooFil

    ThreatAgent: Attack of the Drones

    Social Engineering

    Sifting Through the Intel to Find Attackable Targets

    How Do I Practice This Step?

    Where Do I Go from Here?

    Summary

    Chapter 3. Scanning

    Information in This Chapter:

    Introduction

    Pings and Ping Sweeps

    Port Scanning

    The Three-Way Handshake

    Using Nmap to Perform a TCP Connect Scan

    Using Nmap to Perform an SYN Scan

    Using Nmap to Perform UDP Scans

    Using Nmap to Perform an Xmas Scan

    Using Nmap to Perform Null Scans

    The Nmap Scripting Engine: From Caterpillar to Butterfly

    Port Scanning Wrap Up

    Vulnerability Scanning

    How Do I Practice This Step?

    Where Do I Go from Here?

    Summary

    Chapter 4. Exploitation

    Information in This Chapter:

    Introduction

    Medusa: Gaining Access to Remote Services

    Metasploit: Hacking, Hugh Jackman Style!

    JtR: King of the Password Crackers

    Local Password Cracking

    Remote Password Cracking

    Linux Password Cracking and a Quick Example of Privilege Escalation

    Password Resetting: The Building and the Wrecking Ball

    Wireshark: Sniffing Network Traffic

    Macof: Making Chicken Salad Out of Chicken Sht

    Armitage: Introducing Doug Flutie of Hacking

    Why Learn Five Tools When One Works Just as Well?

    How Do I Practice This Step?

    Where Do I Go from Here?

    Summary

    Chapter 5. Social Engineering

    Information in This Chapter:

    Introduction

    The Basics of SET

    Website Attack Vectors

    The Credential Harvester

    Other Options Within SET

    Summary

    Chapter 6. Web-Based Exploitation

    Information in This Chapter:

    Introduction

    The Basics of Web Hacking

    Nikto: Interrogating Web Servers

    w3af: More than Just a Pretty Face

    Spidering: Crawling Your Target’s Website

    Intercepting Requests with Webscarab

    Code Injection Attacks

    Cross-Site Scripting: Browsers that Trust Sites

    ZED Attack Proxy: Bringing It All Together Under One Roof

    Intercepting in ZAP

    Spidering in ZAP

    Scanning in ZAP

    How Do I Practice This Step?

    Where Do I Go from Here?

    Additional Resources

    Summary

    Chapter 7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter

    Information in This Chapter:

    Introduction

    Netcat: The Swiss Army Knife

    Netcat’s Cryptic Cousin: Cryptcat

    Rootkits

    Hacker Defender: It is Not What You Think

    Detecting and Defending Against Rootkits

    Meterpreter: The Hammer that Turns Everything into a Nail

    How Do I Practice This Step?

    Where Do I Go from Here?

    Summary

    Chapter 8. Wrapping Up the Penetration Test

    Information in This Chapter:

    Introduction

    Writing the Penetration Testing Report

    Executive Summary

    Detailed Report

    Raw Output

    You Do Not Have to Go Home but You Cannot Stay Here

    Where Do I Go from Here?

    Wrap Up

    The Circle of Life

    Summary

    Index

Product details

  • No. of pages: 225
  • Language: English
  • Copyright: © Syngress 2013
  • Published: June 24, 2013
  • Imprint: Syngress
  • Paperback ISBN: 9780124116443
  • eBook ISBN: 9780124116412

About the Author

Patrick Engebretson

Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation, honey pots, and malware. In the past several years he has published many peer reviewed journal and conference papers in these areas. Dr. Engebretson has been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC and has also spoken at Black Hat in Las Vegas. He regularly attends advanced exploitation and penetration testing trainings from industry recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.

Affiliations and Expertise

Assistant Professor of Information Assurance; Senior Penetration Tester for security firm in the Midwest

Ratings and Reviews

Write a review

There are currently no reviews for "The Basics of Hacking and Penetration Testing"