Penetration Testing: A Hands-On Introduction to Hacking

Penetration Testing: A Hands-On Introduction to Hacking

Georgia Weidman

Language: English

Pages: 528

ISBN: 1593275641

Format: PDF / Kindle (mobi) / ePub


Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.

Learn how to:

  • Crack passwords and wireless network keys with brute-forcing and wordlists
  • Test web applications for vulnerabilities
  • Use the Metasploit Framework to launch exploits and write your own Metasploit modules
  • Automate social-engineering attacks
  • Bypass antivirus software
  • Turn access to one machine into total control of the enterprise in the post exploitation phase

You'll even explore writing your own exploits. Then it's on to mobile hacking - Weidman's particular area of research - with her tool, the Smartphone Pentest Framework.

With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Linux Server Hacks, Volume 2: Tips & Tools for Connecting, Monitoring, and Troubleshooting

Guide to RISC Processors: for Programmers and Engineers

Learning PHP Data Objects: A Beginner's Guide to PHP Data Objects, Database Connection Abstraction Library for PHP 5

Wireframing Essentials

Windows 8.1 Inside Out

 

 

 

 

 

 

 

 

 

 

 

 

 

 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Now click the Configure Adapters button and check the network adapter that you’re using with your host operating system. As you can see in Figure 1-8, I’ve selected only the Realtek wireless adapter. Once you’ve made your selection, press OK. Figure 1-8: Selecting a network adapter Setting Up Your Virtual Lab   15 VMware Fusion on Mac OS To change the virtual network connection in VMware Fusion, go to Virtual Machine4Network Adapter and change from NAT to Bridged, as shown in Figure 1-9.

Run Step3-Install-App.bat as an administrator from the main app folder. 8. Use MS SQL Management Studio to run db.sql from the SQL folder, as described in detail in the InstallApp PDF. 9. Finally, change the user permissions on the AuthInfo.xml file in the book app folder to give full permissions to IIS_USERS. Summary We set up our virtual environment, downloaded and customized Kali Linux for attacks, configured our virtual network, and configured our target operating systems—Windows XP,

./pythonscript.py Enter the ip: 192.168.20.10 Enter the port: 81 Port 81 is closed This time, the script reports that port 81 is closed. NOTE We will look at checking open ports in Chapter 5, and we will return to Python scripting when we study exploit development. Kali Linux also has interpreters for the Perl and Ruby languages. We will learn a little bit of Ruby in Chapter 19. It never hurts to know a little bit of multiple languages. If you are up for a challenge, see if you can re-create

reached cult status in the security community. Though Metasploit is now owned by the security company Rapid7, an open source edition is still available, with development largely driven by the security community. Metasploit’s modular and flexible architecture helps developers efficiently create working exploits as new vulnerabilities are discovered. As you’ll see, Metasploit is intuitive and easy to use, and it offers a centralized way to run trusted exploit code that has been vetted for

Download sample

Download