Penetration Tester's Open Source Toolkit (eBook)
592 Seiten
Elsevier Science (Verlag)
978-0-08-055607-9 (ISBN)
.Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
.Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
.Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
.Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
.Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
.Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
.Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
.Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
.Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab."
Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.* Perform Network ReconnaissanceMaster the objectives, methodology, and tools of the least understood aspect of a penetration test.* Demystify Enumeration and ScanningIdentify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.* Hack Database ServicesUnderstand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.* Test Web Servers and ApplicationsCompromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.* Test Wireless Networks and DevicesUnderstand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.* Examine Vulnerabilities on Network Routers and SwitchesUse Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.* Customize BackTrack 2Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.* Perform Forensic Discovery and Analysis with BackTrack 2Use BackTrack in the field for forensic analysis, image acquisition, and file carving.* Build Your Own PenTesting LabEverything you need to build your own fully functional attack lab.
Front Cover 1
Penetration Tester's Open Source Toolkit 2
Copyright Page 4
Technical Editor and Contributing Author 6
Contributing Authors 7
Contents 12
Chapter 1: Reconnaissance 21
Objectives 22
Approach 24
A Methodology for Reconnaissance 25
Intelligence Gathering 26
Footprinting 36
Verification 43
Core Technologies 53
Intelligence Gathering 53
Search Engines 53
WHOIS 54
RWHOIS 55
Domain Name Registries and Registrars 55
Web Site Copiers 56
Social Networking Services 57
Footprinting 57
DNS 58
SMTP 61
Verification 62
Virtual Hosting 63
IP Subnetting 63
The Regional Internet Registries 63
Open Source Tools 66
Intelligence Gathering Tools 66
Web Resources 67
Linux/UNIX Command-Line Tools 71
Open Source Windows Tools 82
Footprinting Tools 86
Web Resources 87
Linux/UNIX Console Tools 88
Open Source Windows Tools 90
Verification Tools 92
Web Resources 92
Linux/UNIX Console Tools 96
Case Study: The Tools in Action 102
Intelligence Gathering, Footprinting, and Verification of an Internet-Connected Network 102
Footprinting 113
Verification 114
Chapter 2: Enumeration and Scanning 119
Introduction 120
Objectives 120
Before You Start 120
Why Do This? 121
Approach 122
Scanning 122
Enumeration 123
Notes and Documentation 123
Active versus Passive 124
Moving On 124
Core Technology 124
How Scanning Works 125
Port Scanning 126
Going behind the Scenes with Enumeration 127
Service Identifi cation 128
RPC Enumeration 128
Fingerprinting 129
Being Loud, Quiet, and All That Lies Between 129
Timing 130
Bandwidth Issues 130
Unusual Packet Formation 130
Open Source Tools 131
Scanning 131
Nmap 131
Netenum: Ping Sweep 139
Unicornscan: Port Scan and Fuzzing 140
Scanrand: Port Scan 141
Enumeration 143
Nmap: Banner Grabbing 143
Netcat 143
P0f: Passive OS Fingerprinting 146
Xprobe2: OS Fingerprinting 146
Httprint 148
Ike-scan: VPN Assessment 149
Amap: Application Version Detection 150
Windows Enumeration: Smbgetserverinfo/smbdumpusers/smbclient 151
Nbtscan 154
Smb-nat: Windows/Samba SMB Session Brute Force 154
Case Studies: The Tools in Action 156
External 156
Internal 158
Stealthy 163
Noisy (IDS) Testing 166
Further Information 168
Chapter 3: Hacking Database Services 173
Introduction 174
Objectives 174
Approach 174
Core Technologies 174
Basic Terminology 175
Database Installation 176
Default Users and New Users 177
Roles and Privileges 180
Technical Details 182
Case Studies: Using Open Source and Closed Source Tools 184
Microsoft SQL Server 184
Discovering Microsoft SQL Servers 184
Identifying Vulnerable Microsoft SQL Server Services 188
Attacking Microsoft SQL Server Authentication 194
Microsoft SQL Server Password Creation Guidelines 195
Microsoft SQL Default Usernames and Passwords 195
Creating Username and Dictionary Files 197
SQL Auditing Tools (SQLAT) 197
Obtaining and Cracking Microsoft SQL Server Password Hashes 199
Analyzing the Database 204
Obtaining Access to the Host Operating System 206
SQLAT: SQLExec (Sqlquery), TFTP, and fgdump.exe 209
Oracle Database Management System 212
Identifying and Enumerating Oracle Database with Nmap 213
Penetration Testing Oracle Services with BackTrack 220
Cracking Oracle Database Hashes 228
Privilege Escalation in Oracle from TNS Listener, No Password 234
SQL Clients 237
Shell Usage and History 237
Arguments Viewable by All Users 238
History and Trace Logs 238
Further Information 238
Chapter 4: Web Server and Web Application Testing 241
Objectives 242
Introduction 242
Web Server Vulnerabilities: A Short History 242
Web Applications: The New Challenge 243
Chapter Scope 243
Approach 244
Web Server Testing 245
CGI and Default Pages Testing 246
Web Application Testing 247
Core Technologies 247
Web Server Exploit Basics 247
What Are We Talking About? 247
CGI and Default Page Exploitation 252
Web Application Assessment 254
Information Gathering Attacks 255
File System and Directory Traversal Attacks 255
Command Execution Attacks 255
Database Query Injection Attacks 255
Cross-site Scripting Attacks 256
Impersonation Attacks 256
Parameter Passing Attacks 257
Open Source Tools 257
Intelligence Gathering Tools 257
Scanning Tools 266
Assessment Tools 278
Authentication 282
Proxy 294
Exploitation Tools 297
Metasploit 297
SQL Injection Tools 300
Case Studies: The Tools in Action 308
Web Server Assessments 308
CGI and Default Page Exploitation 313
Web Application Assessment 322
Chapter 5: Wireless Penetration Testing Using BackTrack 2 343
Introduction 344
Approach 345
Understanding WLAN Vulnerabilities 345
Evolution of WLAN Vulnerabilities 346
Core Technologies 348
WLAN Discovery 348
Choosing the Right Antenna 350
WLAN Encryption 351
No Encryption 351
Wired Equivalent Privacy (WEP) 352
Wi-Fi Protected Access (WPA/WPA2) 352
Extensible Authentication Protocol (EAP) 352
Virtual Private Network (VPN) 353
WLAN Attacks 353
Attacks against WEP 353
Attacks against WPA 355
Attacks against LEAP 355
Attacks against VPN 355
Open Source Tools 356
Information Gathering Tools 356
Google (Internet Search Engines) 357
WiGLE.net (Work Smarter, Not Harder) 357
Usenet Newsgroups 357
Scanning Tools 358
Kismet 358
Footprinting Tools 362
Enumeration Tools 363
Vulnerability Assessment Tools 364
Exploitation Tools 366
MAC Address Spoofing 367
Deauthentication with Aireplay-ng 368
Cracking WEP with the Aircrack-ng Suite 369
Cracking WPA with CoWPAtty 379
Bluetooth Vulnerabilities 382
Bluetooth Discovery 383
Exploiting Bluetooth Vulnerabilities 384
The Future of Bluetooth 385
Case Studies 386
Case Study: Cracking WEP 386
Case Study: Cracking WPA-PSK 388
Case Study: Exploiting Bluetooth 390
Summary 392
Chapter 6: Network Devices 393
Objectives 394
Approach 394
Core Technologies 395
Open Source Tools 396
Footprinting Tools 396
Traceroute 396
DNS 396
Nmap 398
ICMP 399
ike-scan 400
Scanning Tools 402
Nmap 402
ASS 406
Cisco Torch 407
Enumeration Tools 409
SNMP 409
Finger 409
Vulnerability Assessment Tools 410
Nessus 410
Exploitation Tools 411
onesixtyone 411
Hydra 412
TFTP Brute Force 414
Cisco Global Exploiter 415
Internet Routing Protocol Attack Suite (IRPAS) 417
Ettercap 419
Case Study: The Tools in Action 420
Obtaining a Router Configuration by Brute Force 421
Where to Go from Here? 428
Further Information 429
Common and Default Vendor Passwords 432
Modification of cge.pl 433
References 433
Software 434
Chapter 7: Customizing BackTrack 2 435
Introduction 436
Module Management 436
Locating Modules 436
Converting Modules from Different Formats 438
Creating a Module from Source 439
Adding Modules to Your BackTrack Live CD or HD Installation 439
Hard Drive Installation 441
Basic Hard Drive Installation 441
Dual Boot Installation (Windows XP and BackTrack) 443
Other Configurations 446
USB Installation 446
USB Thumb Drive Installation 446
The Easiest Way to Install BackTrack to a USB Thumb Drive Using Windows 447
Alternative Directions to Install BackTrack on a USB Thumb Drive Using Windows 449
Installing BackTrack on a USB Thumb Drive Using Linux 453
Saving a USB Configuration 454
Directions to Save Your Changes on Your BackTrack USB Thumb Drive 454
Directions to Save Your New Changes (and Keep Your Old Ones) on Your BackTrack USB Thumb Drive 455
Directions to Write a Script to Save Your New Changes (and Keep Your Old Ones) on Your BackTrack USB Thumb Drive 455
External USB Hard Drive Installation 456
Installing Additional Open Source Tools 463
Updating Scripts 463
Installing aircrack-ptw 465
Installing Nessus 466
Installing Metasploit Framework 3.0 GUI 469
Installing VMWare Server 470
Installing Java for Firefox 471
Further Information 471
Quick Reference to Other Customizations 472
Remote-Exploit Forums and BackTrack Wiki 472
Credits 473
Chapter 8: Forensic Discovery and Analysis Using Backtrack 475
Introduction 476
Digital Forensics 478
Acquiring Images 478
Linux dd 480
Linux dcfldd 490
dd_rescue 493
Forensic Analysis 494
Autopsy 495
mboxgrep 498
memfetch 500
Memfetch Find 503
pasco 505
Rootkit Hunter 507
The Sleuth Kit 509
The Sleuth Kit Continued: Allin1 for The Sleuth Kit 514
Vinetto 518
File Carving 520
Foremost 523
Magicrescue 524
Case Studies: Digital Forensics with the Backtrack Distribution 527
Summary 538
Chapter 9: Building Penetration Test Labs 539
Introduction 540
Setting Up a Penetration Test Lab 540
Safety First 540
Isolating the Network 541
Concealing the Network Configuration 542
Securing Install Disks 543
Transferring Data 545
Labeling 546
Destruction and Sanitization 546
Reports of Findings 547
Final Word on Safety 549
Types of Pen-Test Labs 549
The Virtual Pen-Test Lab 549
The Internal Pen-Test Lab 550
The External Pen-Test Lab 551
The Project-Specific Pen-Test Lab 552
The Ad Hoc Lab 552
Selecting the Right Hardware 553
Focus on the “Most Common” 553
Use What Your Clients Use 554
Dual-Use Equipment 554
Selecting the Right Software 555
Open Source Tools 555
Commercial Tools 556
Running Your Lab 557
Managing the Team 557
Team “Champion” 557
Project Manager 557
Training and Cross-Training 558
Metrics 559
Selecting a Pen-Test Framework. 560
OSSTMM 560
NIST SP 800-42 561
ISSAF 562
Targets in the Penetration Test Lab 563
Foundstone 563
De-ICE.net 564
What Is a LiveCD? 564
Advantages of Pen-test LiveCDs 565
Disadvantages of Pen-test LiveCDs 565
Building a LiveCD Scenario 566
Difficulty Levels 566
Real-World Scenarios 567
Creating a Background Story 568
Adding Content 568
Final Comments on LiveCDs 569
Using a LiveCD in a Penetration Test Lab 569
Scenario 569
Network Setup 570
Open Source Tools 570
Other Scenario Ideas 573
Old Operating System Distributions 573
Vulnerable Applications 574
Capture the Flag Events 574
What’s Next? 575
Forensics 575
Training 575
Summary 577
Index 579
| Erscheint lt. Verlag | 16.11.2007 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Informatik ► Office Programme ► Office | |
| ISBN-10 | 0-08-055607-8 / 0080556078 |
| ISBN-13 | 978-0-08-055607-9 / 9780080556079 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 37,7 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
