Thomas Wilhelm - Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab

Creating and Learning in a Hacking Lab

Second Edition

Thomas Wilhelm, Matthew Neely, Technical Editor

Acquiring Editor: Chris Katsaropoulos

Development Editor: Heather Scherer

Project Manager: Malathi Samayan

Designer: Matthew Limbert

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

First edition 2009

Copyright 2013 Elsevier, Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data

Wilhelm, Thomas.

Professional penetration testing / Thomas Wilhelm. Second edition.

volumes cm

Includes bibliographical references and index.

ISBN 978-1-59749-993-4 (alkaline paper)

1. Computer networksSecurity measures. 2. Penetration testing (Computer security) 3. Computer networksTesting. 4. Computer hackers. I. Title.

TK5105.59.W544 2013

005.8dc23

2013016650

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-1-59749-993-4

Printed in the United States of America

13 14 15 12 11 10 9 8 7 6 5 4 3 2 1

For information on all Syngress publications, visit our website at www.syngress.com

Thomas Wilhelm

It is amazing how much has changed in the few years since I wrote the first edition of this book! This revision includes a lot of new materialnot simply a patchwork of updated material extracted from the first edition. I listened to all my readers and reformatted quite a bit of the material so it reads better, and fattened quite a bit of the content to expand or add to the concepts discussed in the first edition. I hope you all enjoy it!

This edition is also different in that we did not include a companion DVD. All the additional material that would have been included is available at .

Enjoy!

Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst/Russian Linguist/Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects. Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through HackingDojo.com and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.

Matthew Neely (CISSP, CTGA) is the Director of Research, Innovation, and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState, Matt leads the Research and Innovation team which focuses on imagining, researching, and developing tools and methodologies which address the challenging problems of the information security industry. Prior to becoming the Director of Research, Innovation, and Strategic Initiatives, he served as the Vice President of Consulting and Manager of the Profiling Team. His research interests include the convergence of physical and logical security, lock and lock picking, cryptography, and all things wireless.

Although a revision is theoretically easier than writing a new book, the reality is there is really no reduction in effort. Again, my family has been fantastic in supporting my endeavor to update this book and provided me with additional guidance along the way. Again, I dedicate this new, revised book to my loving wife Crystal, who has been supportive in everything I do not just writing.

Since I migrated the learning material off Heorot.net to HackingDojo.com, I have met a lot of really neat people. I would like to thank them personally as well, since we learned a lot togetherthey have brought many new ideas and thoughts to the training sessions, which have pushed me to find new and innovative ways to perform pentests. Besides that, I consider most of them friends, since we have gone beyond the simple student-teacher relationship. Thanks to you all!

Although I would like to include everyone who has helped me along the way, in this edition I would like to thank all those people who have helped me make the Be the Match drive at DefCon the past few years become a real success. We have had such a turnout of people signing up to become potential stem cell donors that I would like to send out this special message to all those who have signed up or spread the wordthank you from the bottom of my heart. You are all doing something very special, and the world is a better place because of your willingness to help others.

This chapter introduces readers to the changes made during the revisions and explains the chapters and layout of the book. Information about support material for the book is provided, and link to the support Web site is identified.

Keywords

Hacking

Pentesting

Information gathering

Vulnerability identification

Vulnerability exploitation