Details

Hands on Hacking


Hands on Hacking

Become an Expert at Next Gen Penetration Testing and Purple Teaming
1. Aufl.

von: Matthew Hickey, Jennifer Arcuri

28,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 20.08.2020
ISBN/EAN: 9781119561514
Sprache: englisch
Anzahl Seiten: 608

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>A fast, hands-on introduction to offensive hacking techniques</b></p> <p><i>Hands-On Hacking</i> teaches readers to see through the eyes of their adversary and apply hacking techniques to better understand real-world risks to computer networks and data. Readers will benefit from the author's years of experience in the field hacking into computer networks and ultimately training others in the art of cyber-attacks. This book holds no punches and explains the tools, tactics and procedures used by ethical hackers and criminal crackers alike.</p> <p>We will take you on a journey through a hacker’s perspective when focused on the computer infrastructure of a target company, exploring how to access the servers and data. Once the information gathering stage is complete, you’ll look for flaws and their known exploits—including tools developed by real-world government financed state-actors.</p> <ul> <li>An introduction to the same hacking techniques that malicious hackers will use against an organization</li> <li>Written by infosec experts with proven history of publishing vulnerabilities and highlighting security flaws</li> <li>Based on the tried and tested material used to train hackers all over the world in the art of breaching networks</li> <li>Covers the fundamental basics of how computer networks are inherently vulnerable to attack, teaching the student how to apply hacking skills to uncover vulnerabilities</li> </ul> <p>We cover topics of breaching a company from the external network perimeter, hacking internal enterprise systems and web application vulnerabilities. Delving into the basics of exploitation with real-world practical examples, you won't find any hypothetical academic only attacks here. From start to finish this book will take the student through the steps necessary to breach an organization to improve its security.</p> <p>Written by world-renowned cybersecurity experts and educators, <i>Hands-On Hacking</i> teaches entry-level professionals seeking to learn ethical hacking techniques. If you are looking to understand penetration testing and ethical hacking, this book takes you from basic methods to advanced techniques in a structured learning format.</p>
<p>Foreword xviii</p> <p>Introduction xx</p> <p><b>Chapter 1 Hacking a Business Case 1</b></p> <p>All Computers are Broken 2</p> <p>The Stakes 4</p> <p>What’s Stolen and Why It’s Valuable 4</p> <p>The Internet of Vulnerable Things 4</p> <p>Blue, Red, and Purple Teams 5</p> <p>Blue Teams 5</p> <p>Red Teams 5</p> <p>Purple Teams 7</p> <p>Hacking is Part of Your Company’s Immune System 9</p> <p>Summary 11</p> <p>Notes 12</p> <p><b>Chapter 2 Hacking Ethically and Legally 13</b></p> <p>Laws That Affect Your Work 14</p> <p>Criminal Hacking 15</p> <p>Hacking Neighborly 15</p> <p>Legally Gray 16</p> <p>Penetration Testing Methodologies 17</p> <p>Authorization 18</p> <p>Responsible Disclosure 19</p> <p>Bug Bounty Programs 20</p> <p>Legal Advice and Support 21</p> <p>Hacker House Code of Conduct 22</p> <p>Summary 22</p> <p><b>Chapter 3 Building Your Hack Box 23</b></p> <p>Hardware for Hacking 24</p> <p>Linux or BSD? 26</p> <p>Host Operating Systems 27</p> <p>Gentoo Linux 27</p> <p>Arch Linux 28</p> <p>Debian 28</p> <p>Ubuntu 28</p> <p>Kali Linux 29</p> <p>Verifying Downloads 29</p> <p>Disk Encryption 31</p> <p>Essential Software 33</p> <p>Firewall 34</p> <p>Password Manager 35</p> <p>Email 36</p> <p>Setting Up VirtualBox 36</p> <p>Virtualization Settings 37</p> <p>Downloading and Installing VirtualBox 37</p> <p>Host-Only Networking 37</p> <p>Creating a Kali Linux VM 40</p> <p>Creating a Virtual Hard Disk 42</p> <p>Inserting a Virtual CD 43</p> <p>Virtual Network Adapters 44</p> <p>Labs 48</p> <p>Guest Additions 51</p> <p>Testing Your Virtual Environment 52</p> <p>Creating Vulnerable Servers 53</p> <p>Summary 54</p> <p><b>Chapter 4 Open Source Intelligence Gathering 55</b></p> <p>Does Your Client Need an OSINT Review? 56</p> <p>What are You Looking For? 57</p> <p>Where Do You Find It? 58</p> <p>OSINT Tools 59</p> <p>Grabbing Email Addresses from Google 59</p> <p>Google Dorking the Shadows 62</p> <p>A Brief Introduction to Passwd and Shadow Files 62</p> <p>The Google Hacking Database 65</p> <p>Have You Been “Pwned” Yet? 66</p> <p>OSINT Framework Recon-ng 67</p> <p>Recon-ng Under the Hood 74</p> <p>Harvesting the Web 75</p> <p>Document Metadata 76</p> <p>Maltego 80</p> <p>Social Media Networks 81</p> <p>Shodan 83</p> <p>Protecting Against OSINT 85</p> <p>Summary 86</p> <p><b>Chapter 5 The Domain Name System 87</b></p> <p>The Implications of Hacking DNS 87</p> <p>A Brief History of DNS 88</p> <p>The DNS Hierarchy 88</p> <p>A Basic DNS Query 89</p> <p>Authority and Zones 92</p> <p>DNS Resource Records 92</p> <p>BIND9 95</p> <p>DNS Hacking Toolkit 98</p> <p>Finding Hosts 98</p> <p>WHOIS 98</p> <p>Brute-Forcing Hosts with Recon-ng 100</p> <p>Host 101</p> <p>Finding the SOA with Dig 102</p> <p>Hacking a Virtual Name Server 103</p> <p>Port Scanning with Nmap 104</p> <p>Digging for Information 106</p> <p>Specifying Resource Records 108</p> <p>Information Leak CHAOS 111</p> <p>Zone Transfer Requests 113</p> <p>Information-Gathering Tools 114</p> <p>Fierce 115</p> <p>Dnsrecon 116</p> <p>Dnsenum 116</p> <p>Searching for Vulnerabilities and Exploits 118</p> <p>Searchsploit 118</p> <p>Other Sources 119</p> <p>DNS Traffic Amplification 120</p> <p>Metasploit 121</p> <p>Carrying Out a Denial-of-Service Attack 125</p> <p>DoS Attacks with Metasploit 126</p> <p>DNS Spoofi ng 128</p> <p>DNS Cache Poisoning 129</p> <p>DNS Cache Snooping 131</p> <p>DNSSEC 131</p> <p>Fuzzing 132</p> <p>Summary 134</p> <p><b>Chapter 6 Electronic Mail 135</b></p> <p>The Email Chain 135</p> <p>Message Headers 137</p> <p>Delivery Status Notifications 138</p> <p>The Simple Mail Transfer Protocol 141</p> <p>Sender Policy Framework 143</p> <p>Scanning a Mail Server 145</p> <p>Complete Nmap Scan Results (TCP) 149</p> <p>Probing the SMTP Service 152</p> <p>Open Relays 153</p> <p>The Post Office Protocol 155</p> <p>The Internet Message Access Protocol 157</p> <p>Mail Software 158</p> <p>Exim 159</p> <p>Sendmail 159</p> <p>Cyrus 160</p> <p>PHP Mail 160</p> <p>Webmail 161</p> <p>User Enumeration via Finger 162</p> <p>Brute-Forcing the Post Office 167</p> <p>The Nmap Scripting Engine 169</p> <p>CVE-2014-0160: The Heartbleed Bug 172</p> <p>Exploiting CVE-2010-4345 180</p> <p>Got Root? 183</p> <p>Upgrading Your Shell 184</p> <p>Exploiting CVE-2017-7692 185</p> <p>Summary 188</p> <p><b>Chapter 7 The World Wide Web of Vulnerabilities 191</b></p> <p>The World Wide Web 192</p> <p>The Hypertext Transfer Protocol 193</p> <p>HTTP Methods and Verbs 195</p> <p>HTTP Response Codes 196</p> <p>Stateless 198</p> <p>Cookies 198</p> <p>Uniform Resource Identifiers 200</p> <p>LAMP: Linux, Apache, MySQL, and PHP 201</p> <p>Web Server: Apache 202</p> <p>Database: MySQL 203</p> <p>Server-Side Scripting: PHP 203</p> <p>Nginx 205</p> <p>Microsoft IIS 205</p> <p>Creepy Crawlers and Spiders 206</p> <p>The Web Server Hacker’s Toolkit 206</p> <p>Port Scanning a Web Server 207</p> <p>Manual HTTP Requests 210</p> <p>Web Vulnerability Scanning 212</p> <p>Guessing Hidden Web Content 216</p> <p>Nmap 217</p> <p>Directory Busting 218</p> <p>Directory Traversal Vulnerabilities 219</p> <p>Uploading Files 220</p> <p>WebDAV 220</p> <p>Web Shell with Weevely 222</p> <p>HTTP Authentication 223</p> <p>Common Gateway Interface 225</p> <p>Shellshock 226</p> <p>Exploiting Shellshock Using Metasploit 227</p> <p>Exploiting Shellshock with cURL and Netcat 228</p> <p>SSL, TLS, and Heartbleed 232</p> <p>Web Administration Interfaces 238</p> <p>Apache Tomcat 238</p> <p>Webmin 240</p> <p>phpMyAdmin 241</p> <p>Web Proxies 242</p> <p>Proxychains 243</p> <p>Privilege Escalation 245</p> <p>Privilege Escalation Using DirtyCOW 246</p> <p>Summary 249</p> <p><b>Chapter 8 Virtual Private Networks 251</b></p> <p>What is a VPN? 251</p> <p>Internet Protocol Security 253</p> <p>Internet Key Exchange 253</p> <p>Transport Layer Security and VPNs 254</p> <p>User Databases and Authentication 255</p> <p>SQL Database 255</p> <p>RADIUS 255</p> <p>LDAP 256</p> <p>PAM 256</p> <p>TACACS+ 256</p> <p>The NSA and VPNs 257</p> <p>The VPN Hacker’s Toolkit 257</p> <p>VPN Hacking Methodology 257</p> <p>Port Scanning a VPN Server 258</p> <p>Hping3 259</p> <p>UDP Scanning with Nmap 261</p> <p>IKE-scan 262</p> <p>Identifying Security Association Options 263</p> <p>Aggressive Mode 265</p> <p>OpenVPN 267</p> <p>LDAP 275</p> <p>OpenVPN and Shellshock 277</p> <p>Exploiting CVE-2017-5618 278</p> <p>Summary 281</p> <p><b>Chapter 9 Files and File Sharing 283</b></p> <p>What is Network-Attached Storage? 284</p> <p>File Permissions 284</p> <p>NAS Hacking Toolkit 287</p> <p>Port Scanning a File Server 288</p> <p>The File Transfer Protocol 289</p> <p>The Trivial File Transfer Protocol 291</p> <p>Remote Procedure Calls 292</p> <p>RPCinfo 294</p> <p>Server Message Block 295</p> <p>NetBIOS and NBT 296</p> <p>Samba Setup 298</p> <p>Enum4Linux 299</p> <p>SambaCry (CVE-2017-7494) 303</p> <p>Rsync 306</p> <p>Network File System 308</p> <p>NFS Privilege Escalation 309</p> <p>Searching for Useful Files 311</p> <p>Summary 312</p> <p><b>Chapter 10 UNIX 315</b></p> <p>UNIX System Administration 316</p> <p>Solaris 316</p> <p>UNIX Hacking Toolbox 318</p> <p>Port Scanning Solaris 319</p> <p>Telnet 320</p> <p>Secure Shell 324</p> <p>RPC 326</p> <p>CVE-2010-4435 329</p> <p>CVE-1999-0209 329</p> <p>CVE-2017-3623 330</p> <p>Hacker’s Holy Grail EBBSHAVE 331</p> <p>EBBSHAVE Version 4 332</p> <p>EBBSHAVE Version 5 335</p> <p>Debugging EBBSHAVE 335</p> <p>R-services 338</p> <p>The Simple Network Management Protocol 339</p> <p>Ewok 341</p> <p>The Common UNIX Printing System 341</p> <p>The X Window System 343</p> <p>Cron and Local Files 347</p> <p>The Common Desktop Environment 351</p> <p>EXTREMEPARR 351</p> <p>Summary 353</p> <p><b>Chapter 11 Databases 355</b></p> <p>Types of Databases 356</p> <p>Flat-File Databases 356</p> <p>Relational Databases 356</p> <p>Nonrelational Databases 358</p> <p>Structured Query Language 358</p> <p>User-Defined Functions 359</p> <p>The Database Hacker’s Toolbox 360</p> <p>Common Database Exploitation 360</p> <p>Port Scanning a Database Server 361</p> <p>MySQL 362</p> <p>Exploring a MySQL Database 362</p> <p>MySQL Authentication 373</p> <p>PostgreSQL 374</p> <p>Escaping Database Software 377</p> <p>Oracle Database 378</p> <p>MongoDB 381</p> <p>Redis 381</p> <p>Privilege Escalation via Databases 384</p> <p>Summary 392</p> <p><b>Chapter 12 Web Applications 395</b></p> <p>The OWASP Top 10 396</p> <p>The Web Application Hacker’s Toolkit 397</p> <p>Port Scanning a Web Application Server 397</p> <p>Using an Intercepting Proxy 398</p> <p>Setting Up Burp Suite Community Edition 399</p> <p>Using Burp Suite Over HTTPS 407</p> <p>Manual Browsing and Mapping 412</p> <p>Spidering 415</p> <p>Identifying Entry Points 418</p> <p>Web Vulnerability Scanners 418</p> <p>Zed Attack Proxy 419</p> <p>Burp Suite Professional 420</p> <p>Skipfish 421</p> <p>Finding Vulnerabilities 421</p> <p>Injection 421</p> <p>SQL Injection 422</p> <p>SQLmap 427</p> <p>Drupageddon 433</p> <p>Protecting Against SQL Injection 433</p> <p>Other Injection Flaws 434</p> <p>Broken Authentication 434</p> <p>Sensitive Data Exposure 436</p> <p>XML External Entities 437</p> <p>CVE-2014-3660 437</p> <p>Broken Access Controls 439</p> <p>Directory Traversal 440</p> <p>Security Misconfiguration 441</p> <p>Error Pages and Stack Traces 442</p> <p>Cross-Site Scripting 442</p> <p>The Browser Exploitation Framework 445</p> <p>More about XSS Flaws 450</p> <p>XSS Filter Evasion 450</p> <p>Insecure Deserialization 452</p> <p>Known Vulnerabilities 453</p> <p>Insufficient Logging and Monitoring 453</p> <p>Privilege Escalation 454</p> <p>Summary 455</p> <p><b>Chapter 13 Microsoft Windows 457</b></p> <p>Hacking Windows vs. Linux 458</p> <p>Domains, Trees, and Forests 458</p> <p>Users, Groups, and Permissions 461</p> <p>Password Hashes 461</p> <p>Antivirus Software 462</p> <p>Bypassing User Account Control 463</p> <p>Setting Up a Windows VM 464</p> <p>A Windows Hacking Toolkit 466</p> <p>Windows and the NSA 467</p> <p>Port Scanning Windows Server 467</p> <p>Microsoft DNS 469</p> <p>Internet Information Services 470</p> <p>Kerberos 471</p> <p>Golden Tickets 472</p> <p>NetBIOS 473</p> <p>LDAP 474</p> <p>Server Message Block 474</p> <p>ETERNALBLUE 476</p> <p>Enumerating Users 479</p> <p>Microsoft RPC 489</p> <p>Task Scheduler 497</p> <p>Remote Desktop 497</p> <p>The Windows Shell 498</p> <p>PowerShell 501</p> <p>Privilege Escalation with PowerShell 502</p> <p>PowerSploit and AMSI 503</p> <p>Meterpreter 504</p> <p>Hash Dumping 505</p> <p>Passing the Hash 506</p> <p>Privilege Escalation 507</p> <p>Getting SYSTEM 508</p> <p>Alternative Payload Delivery Methods 509</p> <p>Bypassing Windows Defender 512</p> <p>Summary 514</p> <p><b>Chapter 14 Passwords 517</b></p> <p>Hashing 517</p> <p>The Password Cracker’s Toolbox 519</p> <p>Cracking 519</p> <p>Hash Tables and Rainbow Tables 523</p> <p>Adding Salt 525</p> <p>Into the <i>/etc/shadow </i>526</p> <p>Different Hash Types 530</p> <p>MD5 530</p> <p>SHA-1 531</p> <p>SHA-2 531</p> <p>SHA256 531</p> <p>SHA512 531</p> <p>bcrypt 531</p> <p>CRC16/CRC32 532</p> <p>PBKDF2 532</p> <p>Collisions 533</p> <p>Pseudo-hashing 533</p> <p>Microsoft Hashes 535</p> <p>Guessing Passwords 537</p> <p>The Art of Cracking 538</p> <p>Random Number Generators 539</p> <p>Summary 540</p> <p><b>Chapter 15 Writing Reports 543</b></p> <p>What is a Penetration Test Report? 544</p> <p>Common Vulnerabilities Scoring System 545</p> <p>Attack Vector 545</p> <p>Attack Complexity 546</p> <p>Privileges Required 546</p> <p>User Interaction 547</p> <p>Scope 547</p> <p>Confidentiality, Integrity, and Availability Impact 547</p> <p>Report Writing as a Skill 549</p> <p>What Should a Report Include? 549</p> <p>Executive Summary 550</p> <p>Technical Summary 551</p> <p>Assessment Results 551</p> <p>Supporting Information 552</p> <p>Taking Notes 553</p> <p>Dradis Community Edition 553</p> <p>Proofreading 557</p> <p>Delivery 558</p> <p>Summary 559</p> <p>Index 561</p>
<p><b>MATTHEW HICKEY</b> is an expert in offensive security testing, discovering vulnerabilities used by malicious attackers, as well as a developer of exploits and security testing tools. He is a co-founder of Hacker House. <p><b>JENNIFER ARCURI</b> is an entrepreneur, public speaker and Certified Ethical Hacker. She is the CEO and founder of Hacker House.
<p><b>Leading cybersecurity expert Matthew Hickey and team teach you offensive hacking techniques!</b> <p>Cybersecurity threats are everywhere. The best way to identify the real-world risks to your computer networks and your data—and to defend against attacks—is to think like malicious hackers and understand their methods. <p><i>Hands on Hacking</i> is a crash-course on the techniques hackers use to attack and compromise organizations of all sizes with an emphasis on the practical elements of hacking. Virtual labs have been put together exclusively for this book, that readers can download for honing and testing their skills. Based on Hacker House's training courses, this book covers ethics and law, open-source intelligence gathering, domain name systems, email services, web servers, virtual private networks, file storage, database servers and web applications. We cover Linux, UNIX and the Microsoft Windows operating systems including tools and exploits used for hacking into them. <p>Requiring no previous experience in computer hacking and only an entry level understanding of computers and networking, this book will help you to develop the curiosity, creativity, and determination that every hacker possesses, whether you're a business leader, or someone getting started as an ethical hacker. You will examine a typical company's infrastructure, explore how to access its servers and data, probe for flaws, and search for vulnerabilities. You'll run exploits which have been developed by individual hackers and government agencies, learn how they work, and use them to hack into the accompanying lab. Finally, you'll learn how to report your findings and suggest remedial action to your client or team. <p>Written by information security expert Matthew Hickey, who has an established history of discovering critical security vulnerabilities and teaching others to do the same, <i>Hands on Hacking</i> helps you: <ul> <li>Learn theoretical <i>and</i> practical aspects of hacking</li> <li>Understand what hackers can do to and for a company while creating a positive hacker-aware culture in your organization</li> <li>Create Purple Teams – a mix of attackers and defenders that work together to identify and solve security issues</li> <li>Understand protocols that power networks and the Internet, learn and understand their flaws</li> <li>Hack into Linux, Unix and Microsoft Windows operating systems</li> <li>Assess web applications for critical vulnerabilities and exploit them</li> <li>Develop the mindset of an ethical hacker and learn the processes of professional hacking</li> </ul>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €