Oriyano - Penetration Testing Essentials

Sean-Philip Oriyano

Development Editor: Kim Wimpsett
Technical Editor: Raymond Blockmon
Production Editor: Christine OConnor
Copy Editor: Elizabeth Welch
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Book Designer: Maureen Forys, Happenstance Type-O-Rama
Proofreader: Josh Chase, Word One New York
Indexer: Ted Laux
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: shutterstock.com/besfoto77

Copyright 2017 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-23530-9
ISBN: 978-1-119-32398-3 (ebk.)
ISBN: 978-1-119-23533-0 (ebk.)
Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2016958766

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

This book is for my Mom and Dad, who instilled in me my core values that have been so valuable in my development as an adult. Although my Dad is no longer with us, I can still feel his influence in everything I do and in fact feel myself sometimes laughing boldly and proudly just like he always used to do. My Mom is still around (and we are keeping it that way), and I am thankful for her support in pushing me to get into science and technology as well as instilling in me a love of sci-fi, bad jokes, and the desire to do the right thing. I love you both. And I first dedicate this book to you.

I also want to dedicate this to the military, which graciously blessed me with the opportunity to attend Officer Candidate School (OCS), even though I was immature and self-centered. While the hell and abuse they put me through sucked at the time, it helped get me on track with my life and realize that I was capable of so much more. It also helped me realize that its not you that is important; its the people whose lives you impact. I hope this is something that those of you reading this reflect on. COL K, LtCol A, CPT M, CPT D, CPT J, and CPT A, I am forever grateful for your patience, heart-to-hearts, and straight-up, blunt assessments of me. I hope I have turned into the CW2 that you are proud of. This book is also dedicated to you.

I finally also want to dedicate this book to my staff, who have shown that you can make chicken salad out of chicken poop. You guys have never ceased to amaze me over the last year. Youve made me look good, but I refuse to take credit. I didnt do the heavy lifting; you did. I didnt do the improvisation and creativity; you did. I didnt show that what others thought was impossible is indeed possible if you have your act together. I wish I could take credit and say I had something to do with it, but this is all you, and I expect great things from all of you. SSG E, SSG L, SSG S, and CW2 N, keep kicking ass and taking names. I should also take a moment to thank my commander Lt Col L for having faith in my abilities and giving me the support to get things done.

Finally, I want to dedicate this to Lisa. You know who you are and though I have said it many times, I do love you and appreciate you. So deal with it and no flowers or chocolate... dont make it weird.

Once again, there are so many people to thank. I sincerely hope I dont forget anyone.

First, thanks to Jim Minatel for the opportunity to do this book, and I look to others in the future.

Second, thanks to Kim Wimpsett. You are without a doubt the primary reason I dont look stupid because of poor language or unclear passages. I really dont know how to say how much I value you as part of the team, and I want you with me on all my future projects.

Third, I have to acknowledge all of the troops of the US military no matter where you are. Though not all of you will make it home (though I sincerely hope you all do), none of you will ever be forgotten, and when I put on my uniform, it is not only for my job but to commemorate your sacrifice.

Sean Oriyano is a longtime security professional and entrepreneur. Over the past 25 years he has divided his time between performing security research, consulting, and delivering training both in the field of general IT and cybersecurity. In addition, he has become a best-selling author with many years experience in both digital and print media. Sean has published several books over the last decade and has expanded his reach even further by appearing on shows on both TV and radio. To date, Sean has appeared on more than a dozen TV programs and radio shows discussing different cybersecurity topics and technologies. When in front of the camera, Sean has been noted for his casual demeanor and praised for his ability to explain complex topics in an easy-to-understand manner.