Jump to content
Nytro

Professional Penetration Testing

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Professional Penetration Testing

Creating and Operating a Formal Hacking Lab

Thomas Wilhelm

Technical Editor

Jan Kanclirz Jr.

Pagini: 525

Acknowledgments ................................................................................ xvii
Foreword ............................................................................................. xix
PART 1 SETTING UP
CHAPTER 1 Introduction ......................................................................... 3
Introduction ....................................................................... 3
About the Book .................................................................. 4
Target Audience ............................................................. 4
How to Use This Book .................................................... 5
About the DVD ................................................................... 7
Course Material .............................................................. 8
Reference Material .......................................................... 8
LiveCDs ......................................................................... 8
Summary ......................................................................... 10
Solutions Fast Track .......................................................... 10
About the Book ............................................................ 10
About the DVD ............................................................. 11
Reference ......................................................................... 11
CHAPTER 2 Ethics and Hacking ............................................................. 13
Introduction ..................................................................... 13
Why Stay Ethical? .............................................................. 15
Black Hat Hackers ......................................................... 15
White Hat Hackers ........................................................ 17
Gray Hat Hackers .......................................................... 18
Ethical Standards ............................................................... 19
Certifications ................................................................ 19
Contractor .................................................................... 19
Employer ..................................................................... 20
Educational and Institutional Organizations ....................... 21
Computer Crime Laws ........................................................ 24
Types of Laws ............................................................... 24
Type of Computer Crimes and Attacks ............................. 24
International Laws ......................................................... 30
Safe Harbor and Directive 95/46/EC ................................ 31
Getting Permission to Hack ................................................ 32
Confidentiality Agreement .............................................. 32
Company Obligations .................................................... 33
Contractor Obligations ................................................... 34
Auditing and Monitoring ................................................ 35
Conflict Management ..................................................... 35
Summary ......................................................................... 36
Solutions Fast Track .......................................................... 36
Why Stay Ethical? .......................................................... 36
Ethical Standards ........................................................... 37
Computer Crime Laws .................................................... 37
Getting Permission to Hack ............................................ 37
Frequently Asked Questions ............................................... 38
Expand Your Skills ............................................................ 38
References ........................................................................ 40
CHAPTER 3 Hacking as a Career ............................................................ 43
Introduction ..................................................................... 43
Career Paths ..................................................................... 45
Network Architecture ..................................................... 46
System Administration ................................................... 47
Applications and Databases ............................................ 48
Certifications .................................................................... 49
High-Level Certifications ................................................. 51
Skill- and Vendor-Specific Certifications ............................ 65
Associations and Organizations ........................................... 84
Professional Organizations .............................................. 85
Conferences .................................................................. 85
Local Communities ........................................................ 92
Mailing Lists ................................................................. 93
Summary ......................................................................... 94
Solutions Fast Track .......................................................... 95
Career Paths ................................................................. 95
Certifications ................................................................ 95
Associations and Organizations ....................................... 96
Frequently Asked Questions ............................................... 96
Expand Your Skills ............................................................ 97
CHAPTER 4 Setting Up Your Lab ........................................................... 101
Introduction .................................................................... 101
Personal Lab ................................................................... 102
Keeping it Simple ........................................................ 102
Equipment .................................................................. 102
Software ..................................................................... 103
Lab for Book Exercises ................................................. 103
Corporate Lab ................................................................. 106
Internal Labs ............................................................... 107
External Labs .............................................................. 107
Equipment .................................................................. 107
Software ..................................................................... 108
Protecting Penetration Test Data ........................................ 108
Encryption Schemas ..................................................... 108
Securing PenTest Systems ............................................. 110
Mobile Security Concerns .............................................. 111
Wireless Lab Data ........................................................ 112
Additional Network Hardware ........................................... 112
Routers ...................................................................... 113
Firewalls .................................................................... 113
Intrusion Detection System/Intrusion Prevention System . . . 114
Summary ........................................................................ 114
Solutions Fast Track ......................................................... 115
Personal Lab ............................................................... 115
Corporate Lab ............................................................. 115
Protecting Penetration Test Data .................................... 115
Additional Network Hardware ....................................... 115
Frequently Asked Questions .............................................. 116
Expand Your Skills .......................................................... 116
Reference ....................................................................... 117
CHAPTER 5 Creating and Using PenTest Targets in Your Lab ...................... 119
Introduction .................................................................... 119
Turn-Key Scenarios versus Real-World Targets ..................... 120
Problems with Learning to Hack .................................... 120
Real-World Scenarios ................................................... 121
Turn-Key Scenarios .......................................................... 122
What is a LiveCD? ........................................................ 123
De-ICE ....................................................................... 123
Hackerdemia ............................................................... 127
pWnOS ...................................................................... 128
Foundstone ................................................................. 131
Open Web Application Security Project ........................... 132
Using Exploitable Targets ................................................. 136
Operating Systems ....................................................... 136
Applications ................................................................ 137
Analyzing Malware – Viruses and Worms ............................ 137
Setting up a Lab .......................................................... 138
Other Target Ideas ........................................................... 144
CTF Events ................................................................. 145
Web-Based Challenges ................................................. 145
Vulnerability Announcements ........................................ 146
Summary ........................................................................ 147
Solutions Fast Track ......................................................... 148
Turn-Key Scenarios versus Real-World Targets ................. 148
Turn-Key Scenarios ...................................................... 148
Using Exploitable Targets ............................................. 148
Analyzing Malware – Viruses and Worms ........................ 148
Other Target Ideas ....................................................... 149
Frequently Asked Questions .............................................. 149
Expand Your Skills .......................................................... 150
References ...................................................................... 151
CHAPTER 6 Methodologies .................................................................. 153
Introduction .................................................................... 153
Project Management Body of Knowledge ............................ 154
Introduction to PMBOK ................................................ 155
Initiating Process Group ............................................... 155
Planning Process Group ............................................... 157
Executing Process Group .............................................. 161
Closing Process Group ................................................. 163
Monitoring and Controlling Process Group ...................... 163
Information System Security Assessment Framework ............ 166
Planning and Preparation – Phase I ................................ 166
Assessment – Phase II .................................................. 166
Reporting, Clean-up, and Destroy Artifacts – Phase III ...... 170
Open Source Security Testing Methodology Manual .............. 171
Rules of Engagement ................................................... 172
Channels .................................................................... 173
Modules ..................................................................... 175
Summary ........................................................................ 176
viii Contents
Solutions Fast Track ......................................................... 177
Project Management Body of Knowledge ........................ 177
Information System Security Assessment Framework ........ 177
Open Source Security Testing Methodology Manual .......... 178
Frequently Asked Questions .............................................. 178
Expand Your Skills .......................................................... 179
References ...................................................................... 179
CHAPTER 7 PenTest Metrics ................................................................ 181
Introduction .................................................................... 181
Quantitative, Qualitative, and Mixed Methods ...................... 182
Quantitative Analysis .................................................... 182
Qualitative Analysis ...................................................... 183
Mixed Method Analysis ................................................. 185
Current Methodologies ..................................................... 186
Project Management Institute ........................................ 186
ISSAF ......................................................................... 191
OSSTMM .................................................................... 192
Tool-Generated Reports ................................................ 193
Summary ........................................................................ 194
Solutions Fast Track ......................................................... 195
Quantitative, Qualitative, and Mixed Methods .................. 195
Current Methodologies ................................................. 195
Frequently Asked Questions .............................................. 196
References ...................................................................... 196
CHAPTER 8 Management of a PenTest ................................................... 197
Introduction .................................................................... 197
Project Team Members ..................................................... 197
Roles and Responsibilities ............................................. 198
Organizational Structure ............................................... 202
Project Management ......................................................... 206
Initiating Stage ............................................................ 206
Planning Stage ............................................................ 208
Executing Stage ........................................................... 209
Monitoring and Controlling ........................................... 211
Closing Stage .............................................................. 211
Summary ........................................................................ 214
Solutions Fast Track ......................................................... 214
Project Team Members ................................................. 214
Project Management ..................................................... 214
Frequently Asked Questions .............................................. 215
Expand Your Skills .......................................................... 215
References ...................................................................... 216
PART 2 RUNNING A PENTEST
CHAPTER 9 Information Gathering ......................................................... 219
Introduction .................................................................... 219
Passive Information Gathering ........................................... 221
Web Presence ............................................................. 222
Corporate Data ............................................................ 231
WHOIS and DNS Enumeration ...................................... 233
Additional Internet Resources ........................................ 236
Active Information Gathering ............................................ 238
DNS Interrogation ....................................................... 238
E-mail Accounts ........................................................... 240
Perimeter Network Identification ................................... 242
Network Surveying ...................................................... 246
Project Management ......................................................... 247
Executing Process Phase ............................................... 248
Monitoring and Control Process ..................................... 250
Summary ........................................................................ 253
Solutions Fast Track ......................................................... 253
Passive Information Gathering ....................................... 253
Active Information Gathering ........................................ 254
Project Management ..................................................... 254
Frequently Asked Questions .............................................. 254
Expand Your Skills .......................................................... 255
References ...................................................................... 257
CHAPTER 10 Vulnerability Identification ................................................... 259
Introduction .................................................................... 259
Port Scanning .................................................................. 260
Target Verification ....................................................... 261
UDP Scanning ............................................................. 264
TCP Scanning .............................................................. 265
Perimeter Avoidance Scanning ....................................... 268
System Identification ........................................................ 272
Active OS Fingerprinting .............................................. 272
Passive OS Fingerprinting ............................................. 272
x Contents
Services Identification ...................................................... 275
Banner Grabbing ......................................................... 276
Enumerating Unknown Services .................................... 277
Vulnerability Identification ................................................ 278
Summary ........................................................................ 281
Solutions Fast Track ......................................................... 281
Port Scanning .............................................................. 281
System Identification .................................................... 282
Services Identification .................................................. 282
Vulnerability Identification ............................................ 282
Frequently Asked Questions .............................................. 282
Expand Your Skills .......................................................... 283
Reference ....................................................................... 284
CHAPTER 11 Vulnerability Verification ..................................................... 285
Introduction .................................................................... 285
Exploit Codes – Finding and Running ................................. 287
Internet Sites ............................................................... 287
Automated Tools ......................................................... 290
Exploit Codes – Creating Your Own ................................... 320
Fuzzing ...................................................................... 322
Code Review ............................................................... 324
Application Reversing .................................................. 324
Web Hacking .................................................................. 325
SQL Injection .............................................................. 326
Cross-Site Scripting ...................................................... 327
Web Application Vulnerabilities ..................................... 330
Project Management ......................................................... 332
Executing Process Phase ............................................... 332
Monitoring and Control Process ..................................... 333
Summary ........................................................................ 334
Solutions Fast Track ......................................................... 335
Exploit Codes – Finding and Running ............................. 335
Exploit Codes – Creating Your Own ............................... 335
Web Hacking .............................................................. 335
Project Management ..................................................... 335
Frequently Asked Questions .............................................. 336
Expand Your Skills .......................................................... 336
References ...................................................................... 338
CHAPTER 12 Compromising a System and Privilege Escalation ..................... 339
Introduction .................................................................... 339
System Enumeration ........................................................ 341
Internal Vulnerabilities ................................................. 341
Sensitive Data ............................................................. 347
Network Packet Sniffing ................................................... 348
Social Engineering ........................................................... 354
Baiting ....................................................................... 355
Phishing ..................................................................... 355
Pretexting ................................................................... 355
Wireless Attacks .............................................................. 356
Wi-Fi Protected Access Attack ........................................ 357
WEP Attack ................................................................. 362
Project Management ......................................................... 364
Executing Process Phase ............................................... 364
Monitoring and Control Process ..................................... 365
Summary ........................................................................ 365
Solutions Fast Track ......................................................... 366
System Enumeration .................................................... 366
Network Packet Sniffing ............................................... 367
Social Engineering ....................................................... 367
Wireless Attacks .......................................................... 367
Project Management ..................................................... 367
Frequently Asked Questions .............................................. 368
Expand Your Skills .......................................................... 368
References ...................................................................... 369
CHAPTER 13 Maintaining Access ........................................................... 371
Introduction .................................................................... 371
Shells and Reverse Shells .................................................. 372
Netcat Shell ................................................................ 372
Netcat Reverse Shell ..................................................... 376
Encrypted Tunnels ........................................................... 379
Adding a Host Firewall (Optional) ................................. 380
Setting Up the SSH Reverse Shell ................................... 381
Other Encryption and Tunnel Methods ............................... 386
Summary ........................................................................ 387
Solutions Fast Track ......................................................... 388
Shells and Reverse Shells .............................................. 388
Encrypted Tunnels ....................................................... 388
Other Encryption and Tunnel Methods ........................... 388
xii Contents
Frequently Asked Questions .............................................. 389
Expand Your Skills .......................................................... 389
Reference ....................................................................... 390
CHAPTER 14 Covering Your Tracks ......................................................... 391
Introduction .................................................................... 391
Manipulating Log Data ..................................................... 392
User Login .................................................................. 392
Application Logs .......................................................... 396
Hiding Files .................................................................... 397
Hiding Files in Plain Sight ............................................ 398
Hiding Files Using the File System ................................. 399
Hiding Files in Windows .............................................. 402
Summary ........................................................................ 404
Solutions Fast Track ......................................................... 405
Manipulating Log Data ................................................. 405
Hiding Files ................................................................ 405
Frequently Asked Questions .............................................. 405
Expand Your Skills .......................................................... 406
Reference ....................................................................... 406
PART 3 WRAPPING EVERYTHING UP
CHAPTER 15 Reporting Results .............................................................. 409
Introduction .................................................................... 409
What Should You Report? ................................................. 410
Out of Scope Issues ..................................................... 410
Findings ..................................................................... 411
Solutions .................................................................... 412
Manuscript Preparation ................................................ 412
Initial Report ................................................................... 414
Peer Reviews .............................................................. 415
Fact Checking ............................................................. 415
Metrics ....................................................................... 416
Final Report .................................................................... 425
Peer Reviews .............................................................. 425
Documentation ............................................................ 426
Summary ........................................................................ 437
Solutions Fast Track ......................................................... 438
What Should You Report? ............................................. 438
Initial Report ............................................................... 438
Final Report ................................................................ 438
Frequently Asked Questions .............................................. 439
Expand Your Skills .......................................................... 439
References ...................................................................... 441
CHAPTER 16 Archiving Data .................................................................. 443
Introduction .................................................................... 443
Should You Keep Data? .................................................... 443
Legal Issues ................................................................ 444
E-mail ........................................................................ 446
Findings and Reports ................................................... 446
Securing Documentation ................................................... 447
Access Controls ........................................................... 448
Archival Methods ......................................................... 448
Archival Locations ....................................................... 449
Destruction Policies ..................................................... 450
Summary ........................................................................ 450
Solutions Fast Track ......................................................... 451
Should You Keep Data? ................................................ 451
Securing Documentation ............................................... 451
Frequently Asked Questions .............................................. 451
Reference ....................................................................... 452
CHAPTER 17 Cleaning Up Your Lab ........................................................ 453
Introduction .................................................................... 453
Archiving Lab Data .......................................................... 454
Proof of Concepts ........................................................ 454
Malware Analysis ......................................................... 455
Creating and Using System Images ..................................... 455
License Issues ............................................................. 455
Virtual Machines .......................................................... 456
“Ghost” Images ........................................................... 456
Creating a “Clean Shop” ................................................... 457
Sanitization Methods .................................................... 458
Using Hashes .............................................................. 461
Change Management Controls ....................................... 461
Summary ........................................................................ 462
Solutions Fast Track ......................................................... 462
Archiving Lab Data ...................................................... 462
Creating and Using System Images ................................. 463
Creating a “Clean Shop” ............................................... 463
Frequently Asked Questions .............................................. 463
Reference ....................................................................... 463
xiv Contents
CHAPTER 18 Planning for Your Next PenTest ............................................ 465
Introduction .................................................................... 465
Risk Management Register ................................................ 466
Creating a Risk Management Register ............................. 466
Prioritization of Risks and Responses ............................. 467
Knowledge Database ........................................................ 468
Creating a Knowledge Database ..................................... 468
Sanitization of Findings ................................................ 469
Project Management Knowledge Database ....................... 469
After-Action Review ......................................................... 470
Project Assessments ..................................................... 470
Team Assessments ....................................................... 471
Training Proposals ....................................................... 471
Summary ........................................................................ 473
Solutions Fast Track ......................................................... 473
Risk Management Register ............................................ 473
Knowledge Database .................................................... 474
After-Action Review ..................................................... 474
Frequently Asked Questions .............................................. 474
Expand Your Skills .......................................................... 475
Reference ....................................................................... 476
Appendix A: Acronyms ............................................................................. 477
Appendix B: Definitions ........................................................................... 489
Index .................................................................................................. 495

Download:

http://rogunix.com/docs/Pentesting/Professional%20Penetration%20Testing:%20Creating%20and%20Operating%20a%20Formal%20Hacking%20Lab.pdf

Mirror:

http://www.megaupload.com/?d=Z7YUTFMR

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...