Penetration Testing: A Survival Guide

Book Description

A complete pentesting guide facilitating smooth backtracking for working hackers

About This Book

• Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux
• Gain a deep understanding of the flaws in web applications and exploit them in a practical manner
• Pentest Android apps and perform various attacks in the real world using real case studies

Who This Book Is For

This course is for anyone who wants to learn about security. Basic knowledge of Android programming would be a plus.

What You Will Learn

• Exploit several common Windows network vulnerabilities
• Recover lost files, investigate successful hacks, and discover hidden data in innocent-looking files
• Expose vulnerabilities present in web servers and their applications using server-side attacks
• Use SQL and cross-site scripting (XSS) attacks
• Check for XSS flaws using the burp suite proxy
• Acquaint yourself with the fundamental building blocks of Android Apps in the right way
• Take a look at how your personal data can be stolen by malicious attackers
• See how developers make mistakes that allow attackers to steal data from phones

In Detail

The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices.

The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali’s top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.

The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.

In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.

This Learning Path is a blend of content from the following Packt products:

• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver
• Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari
• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

Style and approach

This course uses easy-to-understand yet professional language for explaining concepts to test your network’s security.

Table of Contents

Part I. Module 1
Chapter 1. Sharpening the Saw
Chapter 2. Information Gathering and Vulnerability Assessment
Chapter 3. Exploitation Tools (Pwnage)
Chapter 4. Web Application Exploitation
Chapter 5. Sniffing and Spoofing
Chapter 6. Password Attacks
Chapter 7. Windows Privilege Escalation
Chapter 8. Maintaining Remote Access
Chapter 9. Reverse Engineering and Stress Testing
Chapter 10. Forensics

Part II. Module 2
Chapter 1. Introduction to Penetration Testing and Web Applications
Chapter 2. Setting up Your Lab with Kali Linux
Chapter 3. Reconnaissance and Profiling the Web Server
Chapter 4. Major Flaws in Web Applications
Chapter 5. Attacking the Server Using Injection-based Flaws
Chapter 6. Exploiting Clients Using XSS and CSRF Flaws
Chapter 7. Attacking SSL-based Websites
Chapter 8. Exploiting the Client Using Attack Frameworks
Chapter 9. AJAX and Web Services – Security Issues
Chapter 10. Fuzzing Web Applications

Part III. Module 3
Chapter 1. Setting Up the Lab
Chapter 2. Android Rooting
Chapter 3. Fundamental Building Blocks of Android Apps
Chapter 4. Overview of Attacking Android Apps
Chapter 5. Data Storage and Its Security
Chapter 6. Server-Side Attacks
Chapter 7. Client-Side Attacks – Static Analysis Techniques
Chapter 8. Client-Side Attacks – Dynamic Analysis Techniques
Chapter 9. Android Malware
Chapter 10. Attacks on Android Devices

中文：

书名：Penetration Testing: A Survival Guide

一个完整的测试指南，便于工作的黑客流畅地回溯

About This Book

• 使用Kali Linux在MS Windows上进行网络测试、监视、笔测试和取证
• 深入了解Web应用程序中的缺陷，并以实际的方式加以利用
• Pentest Android apps and perform various attacks in the real world using real case studies

Who This Book Is For

本课程面向任何想要学习安全知识的人。具备Android编程基础知识者优先。

你将学到什么

• 利用几个常见的Windows网络漏洞
• 恢复丢失的文件，调查成功的黑客攻击，并发现看起来无害的文件中的隐藏数据
• 使用服务器端攻击暴露Web服务器及其应用程序中存在的漏洞
• 使用SQL和跨站点脚本(XSS)攻击
• 使用Burp套件代理检查XSS缺陷
• 以正确的方式熟悉Android应用程序的基本构建块
• Take a look at how your personal data can be stolen by malicious attackers
• 了解开发人员如何犯下允许攻击者从手机窃取数据的错误

In Detail

对渗透测试仪的需求已经远远超出了IT行业的预期。只运行漏洞扫描程序不再是确定企业是否真正安全的有效方法。此学习途径将帮助您开发最有效的渗透测试技能，以保护您的Windows、Web应用程序和Android设备。

第一个模块侧重于Windows平台，这是最常见的操作系统之一，管理其安全性催生了IT安全纪律。Kali Linux是测试和维护Windows安全的首选平台。使用最先进的工具和技术来复制老练黑客使用的方法。在本模块中，首先将向您介绍Kali的十大工具和其他有用的报告工具。然后，您将在目标网络中找到方法并确定已知漏洞，以便远程攻击系统。您不仅将学习如何穿透计算机，还将学习如何处理Windows权限提升。

第二个模块将帮助您掌握Kali Linux2.0中使用的与Web应用程序黑客相关的工具。您将了解脚本和输入验证缺陷、AJAX以及与AJAX相关的安全问题。您还将使用一种称为模糊的自动化技术，这样您就可以识别Web应用程序中的缺陷。最后，您将了解Web应用程序漏洞以及利用它们的方式。

在最后一个模块中，您将开始学习Android安全。Android作为拥有最大消费者基础的平台，显然是攻击者的首要目标。您将从绝对的基础知识开始这段旅程，然后慢慢熟悉Android根、应用程序安全评估、恶意软件、感染APK文件和Fuzze的概念。您将获得执行Android应用程序漏洞评估和创建Android安装测试实验室所需的技能。

本学习途径融合了以下Packt产品的内容：

• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver
• Kali Linux的Web渗透测试，Juned Ahmed Ansari第二版
• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

风格和方法

本课程使用简单易懂但又专业的语言解释概念，以测试您的网络安全。

目录表

Part I. Module 1
第一章.磨利锯子
第2章：信息收集和漏洞评估
第三章开发工具(Pwnage)
第4章.Web应用程序开发
第5章.嗅探和欺骗
第6章：密码攻击
第7章.Windows权限提升
第8章：维护远程访问
Chapter 9. Reverse Engineering and Stress Testing
第十章.取证

第二部分：模块2
Chapter 1. Introduction to Penetration Testing and Web Applications
第2章：使用Kali Linux设置您的实验室
第3章.侦测和分析Web服务器
第4章.Web应用程序中的主要缺陷
第5章：使用基于注入的漏洞攻击服务器
第6章.使用XSS和CSRF漏洞利用客户端
第7章：攻击基于SSL的网站
第8章：使用攻击框架利用客户端
第9章AJAX和Web服务-安全问题
第10章：模糊Web应用程序

第三部分模块3
Chapter 1. Setting Up the Lab
第二章：安卓扎根
第三章Android应用程序的基本构建块
第四章：Android应用攻击概述
第5章.数据存储及其安全性
第6章.服务器端攻击
第7章.客户端攻击-静态分析技术
第8章：客户端攻击-动态分析技术
第9章：Android恶意软件
Chapter 10. Attacks on Android Devices