Contents
Copyright 2020.DR.PATRICK JEFF
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.
INTRODUCTION
Th gl f th bk t rvd gnrl knwldg that wll llw u t tkl advanced topics and bk. Once you hv a firm grasp f the b, u n lw g back and lrn the f details nd dvnd features f a tl. In addition, h htr wll end wth a lt of uggtd tl nd t tht are utd th of th book but can b used fr further tud nd t advance ur knowledge.
Beyond jut being wrttn fr beginners, th bk tull rnt the nfrmtn in a very unique w. All th tl and thnu w use in th book wll be rrd out n a f order gnt a mll numbr f related trgt (ll trgt mhn wll belong to th same subnet, nd th rdr wll b able to easily recreate th trgt network to fllw lng). Rdr wll be shown how t interpret tl utut nd hw t utlz tht utut t ntnu th ttk frm n chapter t th nxt. The bk will vr bth ll nd rmt attacks wll as a dun f when each is rrt.
Th u of a sequential and ngulr rolling xml throughout the bk wll help rdr the big tur nd better mrhnd how th vru tools nd h ft together. This is dffrnt thn mn thr bk n th mrkt td, whh ftn du vru tools nd attacks but fl t xln hw th tl n be fftvl chained tgthr. Prntng information n a w that hw th user hw t lrl move frm n h t nthr wll provide vlubl experience nd allow th rdr to mlt an entire ntrtn tt by ml following lng with the examples in th bk. Th nt huld llw th reader t get a clear undrtndng f th fundmntl knowledge while lrnng how the various tl nd h connect.
Wht Penetration Ttng?
Pntrtn ttng n be defined a legal nd uthrzd attempt t locate and ufull exploit computer tm for th ur of mkng those tm mr secure. The r includes probing fr vulnrblt wll as rvdng proof f nt ttk t demonstrate th vulnrblt are rl. Prr ntrtn ttng lw ends wth f rmmndtn for ddrng nd fxng the u tht wr dvrd during the test. On th whole, th r used to hl secure computers and networks gnt futur attacks. Th general d t find security u b using the m tools nd thnu an attacker. Th fndng n then b mtgtd bfr a rl hacker xlt them.
Penetration ttng l knwn as:
Pen ttng
PT
Hkng
Ethical hkng
White hat hacking
Offensive urt
Rd teaming.
It mrtnt t nd a few moments discussing the dffrn btwn ntrtn ttng nd vulnerability mnt. Mn people (and vndr) in th urt mmunt nrrtl u these terms interchangeably. A vulnerability mnt the r f rvwng rv nd tm fr potential urt u, whr a ntrtn tt actually performs xlttn nd Prf f Cnt (PC) ttk to rv that a urt u exists. Pntrtn tests g a t bnd vulnrblt mnt by multng hkr tvt nd dlvrng lv ld. In this bk, w will vr th process f vulnrblt mnt n f the steps utilized t mlt a penetration tt.
Setting th Stg
Undrtndng all th various lr nd positions in th wrld f hkng nd penetration testing ntrl t comprehending the bg tur. Lt u trt b painting the tur wth brd brush strokes. Pl undrtnd tht the fllwng a gross vrmlftn; however, t huld hl you see the dffrn btwn th various groups f l nvlvd.
It may help t consider th Star Wr unvr whr thr are two d f th force: Jd nd Sth. Good v Evl. Both d hv t n nrdbl power. On d uses t wr t protect and rv, whr th thr d u it for rnl gn nd xlttn.
Learning to hk muh lk learning t u the fr (r I imagine!). Th more you learn, th mr wr u hv. Evntull, u will hv t decide whether u wll use ur power for gd or bad. There a classic tr frm the Star Wars Episode I mv tht dt Ankn a ung boy. If you lk ll t Ankn hdw n th tr, you wll see t th utln f Drth Vdr. Tr searching th Intrnt fr Anakin Drth Vdr shadow to t. Understanding wh th tr h l is rtl. A a boy, Ankn hd n rtn of bmng Darth Vdr, but t hnd nonetheless.
It is probably f t assume tht vr fw people gt into hacking to become a ur vlln. Th rblm tht jurn t the dark d is a lr l. However, if you wnt t b grt, hv the respect f your peers, nd b gainfully employed in th security workforce, you nd t commit yourself t using ur powers to rtt nd serve. Hvng a fln n ur record is a n-w tkt t nthr profession. It true tht thr currently a hrtg of qualified security experts, but vn so, nt mn employers td are wllng t tk a chance, ll if th rm nvlv computers. The rules nd rtrtn bm even mr stringent f you want a computer jb whh rur a urt clearance.
In the n testing world, it not uncommon to hr th trm wht ht and black ht t drb the Jd and Siths. Thrughut th bk, the trm wht hat, ethical hacker, r penetration ttr wll b used ntrhngbl t drb th Jd or gd guys. Th Siths wll be rfrrd t blk ht, rkr, r mlu attackers.
It is important t nt tht thl hkr mlt mn f the same tvt wth many f th same tl malicious ttkr. In nrl every tutn, an thl hkr huld trv t act and thnk like a real blk ht hkr. The lr th ntrtn tt mult a real-world attack, th mr vlu t rvd t th utmr ng fr the ntrtn ttng (PT).
Pl nt hw the rvu paragraph says n nrl every situation. Evn thugh white hats complete mn of th same tasks wth mn f the m tl, thr is a world f dffrn btwn th two sides. At its core, th dffrn can b bld dwn t thr k nt: authorization, mtvtn, nd ntnt. It huld b stressed tht th points are nt all nluv, but th n b useful in dtrmnng f an tvt is thl r not.
The first nd simplest way to dffrntt btwn wht ht nd blk hats is authorization. Authrztn th r f btnng rvl before ndutng any tt r ttk. Once uthrztn obtained, bth th ntrtn tester and th mn being udtd need t gr un the of th tt. Th scope nlud f nfrmtn but th resources and tm t be included in th test. The scope xltl dfn the uthrzd targets fr the penetration tester. It is mrtnt tht bth d fully undrtnd the uthrztn nd scope of th PT. Wht ht must lw rt th uthrztn nd rmn wthn the f the test. Blk ht wll hv n such constraints n th target lt.
Nt: Clearly defining nd undrtndng th f th tt rul. Th scope frmll dfn the rules f nggmnt fr both th penetration ttr and the lnt. It should include a target list wll fll listing n tm r ttk whh th lnt does not wnt t b nludd in the tt. Th should b written down nd gnd by uthrzd rnnl frm bth th ttng tm nd th lnt. Onll, th scope wll nd to b mndd durng a ntrtn tt. When th ur, b ur t udt th nd resign bfr rdng t tt the nw trgt.
The nd w t dffrntt between n ethical hkr nd a mlu hkr thrugh xmntn f th ttkr motivation. If th ttkr is mtvtd or driven by personal gn, nludng rft thrugh extortion r thr devious mthd of collecting money frm the vtm, rvng, fm, r the like, he or she huld be ndrd a blk ht. However, if th ttkr ruthrzd and h r hr mtvtn t hl the organization and mrv their urt, he r h n b considered a wht hat. In ddtn, a blk hat hkr may hv a significant munt of tm fud n ttkng the organization. In mt , a PT m lt 1 week t vrl wk. Bd n th tm allotted durng th PT, a white ht m not hv dvrd more dvnd tm-ntnv xur.
Fnll, if the ntnt is to provide the rgnztn a rlt ttk simulation that th mn n mrv t urt through rl dvr and mtgtn f vulnrblt, th ttkr should b considered a white ht. It l important t mrhnd th rtl ntur f keeping PT fndng confidential. Ethical hkr will nvr share sensitive nfrmtn dvrd durng th r f a ntrtn ttng wth nn thr thn th lnt. Hwvr, f th ntnt t lvrg nfrmtn fr rnl rft r gain, th ttkr huld b ndrd a blk hat.
It l important to undrtnd tht nt all ntrtn tt are rrd out n th m mnnr or hv the m ur. Wht bx ntrtn ttng, l known as vrt testing, vr thrugh and comprehensive. The gl f th tt t xmn vr nook nd rnn of th targets system r network. This type of test vlubl n ng the vrll urt of n rgnztn. Bu tlth is not a concern, mn f the tools w wll examine throughout this bk can be run n vrb md. B drgrdng stealth n fvr f thrughn th penetration ttr ftn able t dvr mr vulnerabilities. The dwnd to th type f tt tht t d not rvd a vr urt multn f hw mt modern day, skilled attackers xlt networks. It also d nt rvd a hn fr the rgnztn t tt its ndnt response r rl-lrt tm. Remember, th tester nt trng t be tlth. Th ttr ttmtng to be thrugh.
