Hurley / Faircloth Penetration Tester's Open Source Toolkit

2. Auflage 2007
ISBN: 978-0-08-055607-9
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark

Häufig gestellte Fragen zu E-Books

E-Book, Englisch, 592 Seiten, Web PDF

Keine Vorlesefunktionen des Lesesystems deaktiviert (bis auf)
Navigierbares Inhaltsverzeichnis
Navigierbarer Index
Logische Lesereihenfolge eingehalten
Mathematische Inhalte in MathML
Seitennummerierung folgt dem gedruckten Werk
E-Mail eines vertrauenswürdigen Mittlers bei Fragen zur Barrierefreiheit: t.narup@elsevier.com
E-Mail des Verlages bei Fragen zur Barrierefreiheit: t.narup@elsevier.com

E-Book, Englisch, 592 Seiten, Web PDF

ISBN: 978-0-08-055607-9
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark

Häufig gestellte Fragen zu E-Books

47,95 €

(inkl. MwSt.)

versandkostenfreie Lieferung
sofort verfügbar

"Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

.Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
.Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
.Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
.Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
.Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
.Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
.Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
.Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
.Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab."

Hurley / Faircloth Penetration Tester's Open Source Toolkit jetzt bestellen!

Autoren/Hrsg.

Hurley, Chris

Faircloth, Jeremy

Weitere Infos & Material

Inhaltsverzeichnis

1;Front Cover;1
2;Penetration Tester's Open Source Toolkit;2
3;Copyright Page;4
4;Technical Editor and Contributing Author;6
5;Contributing Authors;7
6;Contents;12
7;Chapter 1: Reconnaissance;21
7.1;Objectives;22
7.2;Approach;24
7.2.1;A Methodology for Reconnaissance;25
7.2.1.1;Intelligence Gathering;26
7.2.1.2;Footprinting;36
7.2.1.3;Verification;43
7.3;Core Technologies;53
7.3.1;Intelligence Gathering;53
7.3.1.1;Search Engines;53
7.3.1.2;WHOIS;54
7.3.1.3;RWHOIS;55
7.3.1.4;Domain Name Registries and Registrars;55
7.3.1.5;Web Site Copiers;56
7.3.1.6;Social Networking Services;57
7.3.2;Footprinting;57
7.3.2.1;DNS;58
7.3.2.2;SMTP;61
7.3.3;Verification;62
7.3.3.1;Virtual Hosting;63
7.3.3.2;IP Subnetting;63
7.3.3.3;The Regional Internet Registries;63
7.4;Open Source Tools;66
7.4.1;Intelligence Gathering Tools;66
7.4.1.1;Web Resources;67
7.4.1.2;Linux/UNIX Command-Line Tools;71
7.4.1.3;Open Source Windows Tools;82
7.4.2;Footprinting Tools;86
7.4.2.1;Web Resources;87
7.4.2.2;Linux/UNIX Console Tools;88
7.4.2.3;Open Source Windows Tools;90
7.4.3;Verification Tools;92
7.4.3.1;Web Resources;92
7.4.3.2;Linux/UNIX Console Tools;96
7.5;Case Study: The Tools in Action;102
7.5.1;Intelligence Gathering, Footprinting, and Verification of an Internet-Connected Network;102
7.5.1.1;Footprinting;113
7.5.1.2;Verification;114
8;Chapter 2: Enumeration and Scanning;119
8.1;Introduction;120
8.2;Objectives;120
8.2.1;Before You Start;120
8.2.2;Why Do This?;121
8.3;Approach;122
8.3.1;Scanning;122
8.3.2;Enumeration;123
8.3.2.1;Notes and Documentation;123
8.3.2.2;Active versus Passive;124
8.3.2.3;Moving On;124
8.4;Core Technology;124
8.4.1;How Scanning Works;125
8.4.1.1;Port Scanning;126
8.4.2;Going behind the Scenes with Enumeration;127
8.4.2.1;Service Identifi cation;128
8.4.2.2;RPC Enumeration;128
8.4.2.3;Fingerprinting;129
8.4.3;Being Loud, Quiet, and All That Lies Between;129
8.4.3.1;Timing;130
8.4.3.2;Bandwidth Issues;130
8.4.3.3;Unusual Packet Formation;130
8.5;Open Source Tools;131
8.5.1;Scanning;131
8.5.1.1;Nmap;131
8.5.1.2;Netenum: Ping Sweep;139
8.5.1.3;Unicornscan: Port Scan and Fuzzing;140
8.5.1.4;Scanrand: Port Scan;141
8.5.2;Enumeration;143
8.5.2.1;Nmap: Banner Grabbing;143
8.5.2.2;Netcat;143
8.5.2.3;P0f: Passive OS Fingerprinting;146
8.5.2.4;Xprobe2: OS Fingerprinting;146
8.5.2.5;Httprint;148
8.5.2.6;Ike-scan: VPN Assessment;149
8.5.2.7;Amap: Application Version Detection;150
8.5.2.8;Windows Enumeration: Smbgetserverinfo/smbdumpusers/smbclient;151
8.5.2.9;Nbtscan;154
8.5.2.10;Smb-nat: Windows/Samba SMB Session Brute Force;154
8.6;Case Studies: The Tools in Action;156
8.6.1;External;156
8.6.2;Internal;158
8.6.3;Stealthy;163
8.6.4;Noisy (IDS) Testing;166
8.7;Further Information;168
9;Chapter 3: Hacking Database Services;173
9.1;Introduction;174
9.2;Objectives;174
9.3;Approach;174
9.4;Core Technologies;174
9.4.1;Basic Terminology;175
9.4.2;Database Installation;176
9.4.2.1;Default Users and New Users;177
9.4.2.2;Roles and Privileges;180
9.4.2.3;Technical Details;182
9.5;Case Studies: Using Open Source and Closed Source Tools;184
9.5.1;Microsoft SQL Server;184
9.5.1.1;Discovering Microsoft SQL Servers;184
9.5.1.2;Identifying Vulnerable Microsoft SQL Server Services;188
9.5.1.3;Attacking Microsoft SQL Server Authentication;194
9.5.1.4;Microsoft SQL Server Password Creation Guidelines;195
9.5.1.5;Microsoft SQL Default Usernames and Passwords;195
9.5.1.6;Creating Username and Dictionary Files;197
9.5.1.7;SQL Auditing Tools (SQLAT);197
9.5.1.8;Obtaining and Cracking Microsoft SQL Server Password Hashes;199
9.5.1.9;Analyzing the Database;204
9.5.1.10;Obtaining Access to the Host Operating System;206
9.5.1.11;SQLAT: SQLExec (Sqlquery), TFTP, and fgdump.exe;209
9.5.2;Oracle Database Management System;212
9.5.2.1;Identifying and Enumerating Oracle Database with Nmap;213
9.5.2.2;Penetration Testing Oracle Services with BackTrack;220
9.5.2.3;Cracking Oracle Database Hashes;228
9.5.2.4;Privilege Escalation in Oracle from TNS Listener, No Password;234
9.5.3;SQL Clients;237
9.5.3.1;Shell Usage and History;237
9.5.3.2;Arguments Viewable by All Users;238
9.5.3.3;History and Trace Logs;238
9.6;Further Information;238
10;Chapter 4: Web Server and Web Application Testing;241
10.1;Objectives;242
10.2;Introduction;242
10.2.1;Web Server Vulnerabilities: A Short History;242
10.2.2;Web Applications: The New Challenge;243
10.2.3;Chapter Scope;243
10.3;Approach;244
10.3.1;Web Server Testing;245
10.3.2;CGI and Default Pages Testing;246
10.3.3;Web Application Testing;247
10.4;Core Technologies;247
10.4.1;Web Server Exploit Basics;247
10.4.1.1;What Are We Talking About?;247
10.4.2;CGI and Default Page Exploitation;252
10.4.3;Web Application Assessment;254
10.4.3.1;Information Gathering Attacks;255
10.4.3.2;File System and Directory Traversal Attacks;255
10.4.3.3;Command Execution Attacks;255
10.4.3.4;Database Query Injection Attacks;255
10.4.3.5;Cross-site Scripting Attacks;256
10.4.3.6;Impersonation Attacks;256
10.4.3.7;Parameter Passing Attacks;257
10.5;Open Source Tools;257
10.5.1;Intelligence Gathering Tools;257
10.5.2;Scanning Tools;266
10.5.3;Assessment Tools;278
10.5.3.1;Authentication;282
10.5.3.2;Proxy;294
10.5.4;Exploitation Tools;297
10.5.4.1;Metasploit;297
10.5.4.2;SQL Injection Tools;300
10.6;Case Studies: The Tools in Action;308
10.6.1;Web Server Assessments;308
10.6.2;CGI and Default Page Exploitation;313
10.6.3;Web Application Assessment;322
11;Chapter 5: Wireless Penetration Testing Using BackTrack 2;343
11.1;Introduction;344
11.2;Approach;345
11.2.1;Understanding WLAN Vulnerabilities;345
11.2.2;Evolution of WLAN Vulnerabilities;346
11.3;Core Technologies;348
11.3.1;WLAN Discovery;348
11.3.1.1;Choosing the Right Antenna;350
11.3.2;WLAN Encryption;351
11.3.2.1;No Encryption;351
11.3.2.2;Wired Equivalent Privacy (WEP);352
11.3.2.3;Wi-Fi Protected Access (WPA/WPA2);352
11.3.2.4;Extensible Authentication Protocol (EAP);352
11.3.2.5;Virtual Private Network (VPN);353
11.3.3;WLAN Attacks;353
11.3.3.1;Attacks against WEP;353
11.3.3.2;Attacks against WPA;355
11.3.3.3;Attacks against LEAP;355
11.3.3.4;Attacks against VPN;355
11.4;Open Source Tools;356
11.4.1;Information Gathering Tools;356
11.4.1.1;Google (Internet Search Engines);357
11.4.1.2;WiGLE.net (Work Smarter, Not Harder);357
11.4.1.3;Usenet Newsgroups;357
11.4.2;Scanning Tools;358
11.4.2.1;Kismet;358
11.4.3;Footprinting Tools;362
11.4.4;Enumeration Tools;363
11.4.5;Vulnerability Assessment Tools;364
11.4.6;Exploitation Tools;366
11.4.6.1;MAC Address Spoofing;367
11.4.6.2;Deauthentication with Aireplay-ng;368
11.4.6.3;Cracking WEP with the Aircrack-ng Suite;369
11.4.6.4;Cracking WPA with CoWPAtty;379
11.4.7;Bluetooth Vulnerabilities;382
11.4.7.1;Bluetooth Discovery;383
11.4.7.2;Exploiting Bluetooth Vulnerabilities;384
11.4.7.3;The Future of Bluetooth;385
11.5;Case Studies;386
11.5.1;Case Study: Cracking WEP;386
11.5.2;Case Study: Cracking WPA-PSK;388
11.5.3;Case Study: Exploiting Bluetooth;390
11.6;Summary;392
12;Chapter 6: Network Devices;393
12.1;Objectives;394
12.2;Approach;394
12.3;Core Technologies;395
12.4;Open Source Tools;396
12.4.1;Footprinting Tools;396
12.4.1.1;Traceroute;396
12.4.1.2;DNS;396
12.4.1.3;Nmap;398
12.4.1.4;ICMP;399
12.4.1.5;ike-scan;400
12.4.2;Scanning Tools;402
12.4.2.1;Nmap;402
12.4.2.2;ASS;406
12.4.2.3;Cisco Torch;407
12.4.3;Enumeration Tools;409
12.4.3.1;SNMP;409
12.4.3.2;Finger;409
12.4.4;Vulnerability Assessment Tools;410
12.4.4.1;Nessus;410
12.4.5;Exploitation Tools;411
12.4.5.1;onesixtyone;411
12.4.5.2;Hydra;412
12.4.5.3;TFTP Brute Force;414
12.4.5.4;Cisco Global Exploiter;415
12.4.5.5;Internet Routing Protocol Attack Suite (IRPAS);417
12.4.5.6;Ettercap;419
12.5;Case Study: The Tools in Action;420
12.5.1;Obtaining a Router Configuration by Brute Force;421
12.5.1.1;Where to Go from Here?;428
12.6;Further Information;429
12.6.1;Common and Default Vendor Passwords;432
12.6.2;Modification of cge.pl;433
12.6.3;References;433
12.6.4;Software;434
13;Chapter 7: Customizing BackTrack 2;435
13.1;Introduction;436
13.2;Module Management;436
13.2.1;Locating Modules;436
13.2.2;Converting Modules from Different Formats;438
13.2.3;Creating a Module from Source;439
13.2.4;Adding Modules to Your BackTrack Live CD or HD Installation;439
13.3;Hard Drive Installation;441
13.3.1;Basic Hard Drive Installation;441
13.3.2;Dual Boot Installation (Windows XP and BackTrack);443
13.3.3;Other Configurations;446
13.4;USB Installation;446
13.4.1;USB Thumb Drive Installation;446
13.4.1.1;The Easiest Way to Install BackTrack to a USB Thumb Drive Using Windows;447
13.4.1.2;Alternative Directions to Install BackTrack on a USB Thumb Drive Using Windows;449
13.4.1.3;Installing BackTrack on a USB Thumb Drive Using Linux;453
13.4.2;Saving a USB Configuration;454
13.4.2.1;Directions to Save Your Changes on Your BackTrack USB Thumb Drive;454
13.4.2.2;Directions to Save Your New Changes (and Keep Your Old Ones) on Your BackTrack USB Thumb Drive;455
13.4.2.3;Directions to Write a Script to Save Your New Changes (and Keep Your Old Ones) on Your BackTrack USB Thumb Drive;455
13.4.3;External USB Hard Drive Installation;456
13.5;Installing Additional Open Source Tools;463
13.5.1;Updating Scripts;463
13.5.2;Installing aircrack-ptw;465
13.5.3;Installing Nessus;466
13.5.4;Installing Metasploit Framework 3.0 GUI;469
13.5.5;Installing VMWare Server;470
13.5.6;Installing Java for Firefox;471
13.6;Further Information;471
13.6.1;Quick Reference to Other Customizations;472
13.6.2;Remote-Exploit Forums and BackTrack Wiki;472
13.6.3;Credits;473
14;Chapter 8: Forensic Discovery and Analysis Using Backtrack;475
14.1;Introduction;476
14.2;Digital Forensics;478
14.3;Acquiring Images;478
14.3.1;Linux dd;480
14.3.2;Linux dcfldd;490
14.3.3;dd_rescue;493
14.4;Forensic Analysis;494
14.4.1;Autopsy;495
14.4.2;mboxgrep;498
14.4.3;memfetch;500
14.4.4;Memfetch Find;503
14.4.5;pasco;505
14.4.6;Rootkit Hunter;507
14.4.7;The Sleuth Kit;509
14.4.8;The Sleuth Kit Continued: Allin1 for The Sleuth Kit;514
14.4.9;Vinetto;518
14.5;File Carving;520
14.5.1;Foremost;523
14.5.2;Magicrescue;524
14.6;Case Studies: Digital Forensics with the Backtrack Distribution;527
14.7;Summary;538
15;Chapter 9: Building Penetration Test Labs;539
15.1;Introduction;540
15.2;Setting Up a Penetration Test Lab;540
15.2.1;Safety First;540
15.2.1.1;Isolating the Network;541
15.2.1.2;Concealing the Network Configuration;542
15.2.1.3;Securing Install Disks;543
15.2.1.4;Transferring Data;545
15.2.1.5;Labeling;546
15.2.1.6;Destruction and Sanitization;546
15.2.1.7;Reports of Findings;547
15.2.1.8;Final Word on Safety;549
15.2.2;Types of Pen-Test Labs;549
15.2.2.1;The Virtual Pen-Test Lab;549
15.2.2.2;The Internal Pen-Test Lab;550
15.2.2.3;The External Pen-Test Lab;551
15.2.2.4;The Project-Specific Pen-Test Lab;552
15.2.2.5;The Ad Hoc Lab;552
15.2.3;Selecting the Right Hardware;553
15.2.3.1;Focus on the “Most Common”;553
15.2.3.2;Use What Your Clients Use;554
15.2.3.3;Dual-Use Equipment;554
15.2.4;Selecting the Right Software;555
15.2.4.1;Open Source Tools;555
15.2.4.2;Commercial Tools;556
15.3;Running Your Lab;557
15.3.1;Managing the Team;557
15.3.1.1;Team “Champion”;557
15.3.1.2;Project Manager;557
15.3.1.3;Training and Cross-Training;558
15.3.1.4;Metrics;559
15.3.2;Selecting a Pen-Test Framework.;560
15.3.2.1;OSSTMM;560
15.3.2.2;NIST SP 800-42;561
15.3.2.3;ISSAF;562
15.4;Targets in the Penetration Test Lab;563
15.4.1;Foundstone;563
15.4.2;De-ICE.net;564
15.4.2.1;What Is a LiveCD?;564
15.4.2.2;Advantages of Pen-test LiveCDs;565
15.4.2.3;Disadvantages of Pen-test LiveCDs;565
15.4.3;Building a LiveCD Scenario;566
15.4.3.1;Difficulty Levels;566
15.4.3.2;Real-World Scenarios;567
15.4.3.3;Creating a Background Story;568
15.4.3.4;Adding Content;568
15.4.3.5;Final Comments on LiveCDs;569
15.4.4;Using a LiveCD in a Penetration Test Lab;569
15.4.4.1;Scenario;569
15.4.4.2;Network Setup;570
15.4.4.3;Open Source Tools;570
15.4.5;Other Scenario Ideas;573
15.4.5.1;Old Operating System Distributions;573
15.4.5.2;Vulnerable Applications;574
15.4.5.3;Capture the Flag Events;574
15.4.6;What’s Next?;575
15.4.6.1;Forensics;575
15.4.6.2;Training;575
15.5;Summary;577
16;Index;579

Produktsicherheit

Fragen zum Artikel?

Ihre Fragen, Wünsche oder Anmerkungen

Vorname*

Nachname*

Ihre E-Mail-Adresse*

Kundennr.

Ihre Nachricht*

Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.

Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.

47,95 € (inkl. MwSt.)

sofort verfügbar

Webcode: sack.de/p4ihw