Network Ethical Hacking and Penetration Testing. Version 2.0

Chapter 01 Introduction to Network Penetration Testing
Definition and Purpose
Information Security
Vulnerability, Threat, and Exploit
Risk Assessment and Impact Analysis
Types and Categories of Penetration Testing
Methodologies and Standards
	The Open Source Security Testing Methodology Manual (OSSTMM)
	Penetration Testing Execution Standard (PTES)
	Technical Guide to Information Security Testing and Assessment by NIST (National Institute of Standards and Technology)
	The Penetration Testing Framework
	Open Web Application Security Project (OWASP) Testing Guide
Module 02 Pre-Engagement Preparation
	The Scope and the Questionnaire
	Success Criteria
	Rules of Engagement
Module 03 Intelligence Gathering
Types of Intelligence Gathering
Types of Gathered Information
Levels of Intelligence Gathering
Practical Techniques
Manual Website Analysis
Accessing WHOIS Information
	Regional Internet Registries (RIR)
	Domain Registries
	WHOIS Command-Line Tool
	Online WHOIS
DNS Records
	Querying DNS Records
	DNS Name Guessing
	DNS Zone Transfer
Public Search Engine
	Google – Search Engine
	Shodan – IoT Search Engine
	Pipl – People Search
	RobTex – DNS Lookup Engine
	BuiltWith – Web Technology Mining
	Netcraft – Web Analyzer
How to Find Insecure Sensitive Files of your Target on the Internet
	Querying Google for Document Files
	Automatic Document Retrieval and Analysis with “Metagoofil”
Maltego Tool
	Running and Exploring Maltego
	Getting Information with Transforms
	Deeper Look into Entities and Transforms
Module 04 Network Traffic Manipulation
Network Traffic Sniffing
	Tcpdump
	Wireshark
Network Traffic Interception
	Hub vs. Switch
	ARP Poisoning
	Arpspoof
Bind and Reverse Shell with Netcat
	Overview
	Enter the Netcat
	Bind Shell
	Reverse Shell
	Summary
SSL/TLS Hijacking Using SSLstrip
	The HTTP 302 Redirect
	Exploiting the 302 Redirect
	Running SSLstrip
	Final Notes
Module 05 Network and System Scanning
Introduction
Host Discovery
	ICMP-Based Methods
	TCP-Based Methods
	UDP-Based Method
Port Scanning
	TCP Port Scanning
	UDP Port Scanning
Service Version Detection
Operating System (OS) Fingerprinting
Module 06 Vulnerability Analysis
Overview
Initial Discovery of Vulnerabilities
Reverse Engineering
Vulnerability Categories
	Insufficient Input Validation Vulnerabilities
	Cryptographic Vulnerabilities
	Configuration Vulnerabilities
	TCP/IP Protocol Vulnerabilities
	Authentication Vulnerabilities
	Authorization Vulnerabilities
	Availability Vulnerabilities
	Hardware Vulnerabilities
Vulnerability Tracking and Rating
	Common Vulnerabilities and Exposures (CVE) System
	Common Vulnerability Scoring System (CVSS)
Online Vulnerability Databases
Automated Vulnerability Scanners
Nessus Security Scanner
	Installing Nessus
	Scanning Templates
	Configuring a New Scan
	Scanning Metasploitable System
Module 07 Exploitation
Introduction
Impacts of Exploitation
	Remote Code Execution (RCE)
	Privilege Escalation
	Information Disclosure
	Denial of Service (DoS)
The Exploit vs. the Payload
Buffer Over Exploitation, an Introductory Demonstration
	The Instruction Pointer
	The Buffer and the Stack
	Input Validation
	Exploitation
	Mitigation Techniques
Types of Exploitation
	Remote Exploitation
	Local Exploitation (Local Privilege Escalation)
Types of Shell
	Direct Shell
	Bind Shell
	Reverse Shell
The Metasploit Framework
	Background
	Exploring Metasploit
	Running Metasploit
	Metasploit Exploitation Process
Exploiting Metasploitable Vulnerabilities
	Bind Shall (Rogue Shell) Backdoor Detection
	NFS Exported Share Information Disclosure
	“rexecd” Service Detection
	VNC Server ‘password’ Password
Exploiting EternalBlue (MS17-010) Vulnerability
	Historical Background
	Exploiting Windows 7 SP0
Exploiting Windows Media Center (WMC): MS15-100 Vulnerability
Exploiting OverlayFS in Linux Kernel < 3.19.0 (CVE-2015-1328)
Module 08 Post-Exploitation
About Meterpreter
How to Use Meterpreter
	First Method: Meterpreter as a Payload
	Second Method: Meterpreter as an Executable File
Post-Exploitation with Meterpreter
	Gaining Information
	Privilege Escalation
	Covering Tracks
	Operating System Interaction
	File System Interaction
	Persistent Backdoor
Pivots and Relays for Extreme Post-Exploitation Control
	Pivoting through the First Victim
	Relaying through the First Victim
Evading Anti-Virus Software with Veil Framework
	Introduction
	The Way of Evasion
	Enter the Veil
	Installing Veil Framework
	Running Veil
	Understanding Veil’s Payloads
	Generating the Trojan
	Launching the Attack
	Anti-Virus Strength Assessment
	Veil’s Payloads Assessment
Module 09 Password Attacks
Introduction
Tips for Password Attacks
Types of Password Attacks
	Password Guessing
	Password Cracking
Password Guessing with xHydra
Windows Password Hashes
	LM Hash Format
	NT Hash Format
Cracking Windows Hashes with Cain
Extracting Domain Password Hashes
	Copying the NTDS Database
	Exporting Information from the NTDS Database
	Extracting Hashes from Data and Link Tables
Linux Password Hashes
	Linux Hashing Algorithms
	The Use of Salts
	Hashing Iterations
Cracking Linux Hashes with John
Module 10 Wireless Attacks
Introduction
Wireless Technology
WLAN Modes of Operations
Service Sets and their Identifications
Wireless Card Modes
Wireless Security
Wireless DoS Attacks
Wired Equivalent Privacy (WEP) and its Insecurities
WiFi Protected Access (WPA 1 & 2)
Aircrack-NG Tool
Cracking WEP Using aircrack-ng
Cracking WPA1&2 Using aircrack-ng