Ethical Hacking - ETHICAL HACKING AND PENETRATION TESTING GUIDE RAFAY BALOCH ETHICAL HACKING ETHICAL HACKING AND PENETRATION TESTING GUIDE hamza ali CRC

Ethical Hacking - ETHICAL HACKING AND PENETRATION TESTING...

This preview shows page 1 out of 523 pages.

You've reached the end of your free preview.

Want to read all 523 pages?

Unformatted text preview: ETHICAL HACKING AND PENETRATION TESTING GUIDE RAFAY BALOCH ETHICAL HACKING ETHICAL HACKING AND PENETRATION TESTING GUIDE hamza ali CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 2029 copyy by hamza No claim to original U.S. Government works Version Date: 29924 International Standard Book Number-15: 958-1-422-3106-7 This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. permitted hello every one can use it. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at and the CRC Press Web site at Contents Preface.............................................................................................................................. xxiii Acknowledgments.............................................................................................................. xxv Author..............................................................................................................................xxvii  1 Introduction to Hacking...............................................................................................1 Important Terminologies.................................................................................................... 2 Asset.......................................................................................................................... 2 Vulnerability.............................................................................................................. 3 Threat........................................................................................................................ 3 Exploit....................................................................................................................... 3 Risk........................................................................................................................... 3 What Is a Penetration Test?....................................................................................... 3 Vulnerability Assessments versus Penetration Test..................................................... 3 Preengagement.......................................................................................................... 3 Rules of Engagement................................................................................................. 4 Milestones................................................................................................................. 4 Penetration Testing Methodologies............................................................................ 5 OSSTMM................................................................................................................. 5 NIST......................................................................................................................... 6 OWASP..................................................................................................................... 7 Categories of Penetration Test............................................................................................. 7 Black Box.................................................................................................................. 7 White Box................................................................................................................. 7 Gray Box................................................................................................................... 7 Types of Penetration Tests......................................................................................... 7 Network Penetration Test................................................................................. 8 Web Application Penetration Test.................................................................... 8 Mobile Application Penetration Test................................................................ 8 Social Engineering Penetration Test................................................................. 8 Physical Penetration Test.................................................................................. 8 Report Writing.......................................................................................................... 8 Understanding the Audience..................................................................................... 9 v vi ◾ Contents Executive Class................................................................................................. 9 Management Class........................................................................................... 9 Technical Class................................................................................................. 9 Writing Reports.................................................................................................................10 Structure of a Penetration Testing Report..........................................................................10 Cover Page................................................................................................................10 Table of Contents.....................................................................................................10 Executive Summary..................................................................................................11 Remediation Report................................................................................................ 12 Vulnerability Assessment Summary.................................................................................. 12 Tabular Summary.....................................................................................................13 Risk Assessment.................................................................................................................14 Risk Assessment Matrix............................................................................................14 Methodology.....................................................................................................................14 Detailed Findings.....................................................................................................15 Description......................................................................................................15 Explanation.....................................................................................................16 Risk.................................................................................................................16 Recommendation............................................................................................16 Reports.....................................................................................................................17 Conclusion.........................................................................................................................17  2 Linux Basics................................................................................................................19 Major Linux Operating Systems........................................................................................19 File Structure inside of Linux............................................................................................ 20 File Permission in Linux.......................................................................................... 22 Group Permission........................................................................................... 22 Linux Advance/Special Permission................................................................. 22 Link Permission.............................................................................................. 23 Suid & Guid Permission................................................................................. 23 Stickybit Permission....................................................................................... 23 Chatter Permission......................................................................................... 24 Most Common and Important Commands............................................................. 24 Linux Scheduler (Cron Job)...............................................................................................25 Cron Permission...................................................................................................... 26 Cron Permission............................................................................................. 26 Cron Files....................................................................................................... 26 Users inside of Linux........................................................................................................ 28 Linux Services......................................................................................................... 29 Linux Password Storage........................................................................................... 29 Linux Logging......................................................................................................... 30 Common Applications of Linux....................................................................................... 30 What Is BackTrack?.......................................................................................................... 30 How to Get BackTrack 5 Running...........................................................................31 Installing BackTrack on Virtual Box........................................................................31 Installing BackTrack on a Portable USB...................................................................35 Contents ◾ vii Installing BackTrack on Your Hard Drive............................................................... 39 BackTrack Basics..................................................................................................... 43 Changing the Default Screen Resolution.......................................................................... 43 Some Unforgettable Basics....................................................................................... 44 Changing the Password.................................................................................. 44 Clearing the Screen........................................................................................ 44 Listing the Contents of a Directory................................................................ 44 Displaying Contents of a Specific Directory................................................... 44 Displaying the Contents of a File.....................................................................45 Creating a Directory........................................................................................45 Changing the Directories................................................................................45 Windows.........................................................................................................45 Linux...............................................................................................................45 Creating a Text File.........................................................................................45 Copying a File.................................................................................................45 Current Working Directory.............................................................................45 Renaming a File..............................................................................................45 Moving a File................................................................................................. 46 Removing a File.............................................................................................. 46 Locating Certain Files inside BackTrack.................................................................. 46 Text Editors inside BackTrack........................................................................................... 46 Getting to Know Your Network........................................................................................47 Dhclient....................................................................................................................47 Services............................................................................................................................. 48 MySQL.................................................................................................................... 48 SSHD...................................................................................................................... 48 Postgresql................................................................................................................. 50 Other Online Resources....................................................................................................51  3 Information Gathering Techniques.............................................................................53 Active Information Gathering............................................................................................53 Passive Information Gathering...........................................................................................53 Sources of Information Gathering.................................................................................... 54 Copying Websites Locally................................................................................................. 54 Information Gathering with Whois..........................................................................55 Finding Other Websites Hosted on the Same Server............................................... 56 Yougetsignal.com.............................................................................................................. 56 Tracing the Location................................................................................................57 Traceroute.................................................................................................................57 ICMP Traceroute..................................................................................................... 58 TCP Traceroute....................................................................................................... 58 Usage.............................................................................................................. 58 UDP Traceroute...................................................................................................... 58 Usage.............................................................................................................. 58 NeoTrace...........................................................................................................................59 Cheops-ng.........................................................................................................................59 Enumerating and Fingerprinting the Webservers..................................................... 60 viii ◾ Contents Intercepting a Response.................................................................................................... 60 Acunetix Vulnerability Scanner............................................................................... 62 WhatWeb......................................................................................................................... 62 Netcraft............................................................................................................................ 63 Google Hacking...................................................................................................... 63 Some Basic Parameters...................................................................................................... 64 Site........................................................................................................................... 64 Example............................................................................................................................ 64 TIP regarding Filetype......................................................................................................65 Google Hacking Database....................................................................................... 66 Hackersforcharity.org/ghdb...............................................................................................67 Xcode Exploit Scanner.......................................................................................................67 File Analysis............................................................................................................. 68 Foca......................................................................................................................... 68 Harvesting E-Mail Lists.......................................................................................... 69 Gathering Wordlist from a Target Website.............................................................. 71 Scanning for Subdomains........................................................................................ 71 TheHarvester........................................................................................................... 72 Fierce in BackTrack................................................................................................. 72 Scanning for SSL Version.........................................................................................74 DNS Enumeration................................................................................................... 75 Interacting with DNS Servers........................................................................................... 75 Nslookup...........................................................................................................................76 DIG...................................................................................................................................76 Forward DNS Lookup............................................................................................. 77 Forward DNS Lookup with Fierce.................................................................................... 77 Reverse DNS........................................................................................................... 78 Reverse DNS Lookup with Dig............................................................................... 78 Reverse DNS Lookup with Fierce..................................................................................... 78 Zone Transfers......................................................................................................... 79 Zone Transfer with Host Command................................................................................ 79 Automating Zone Transfers.............................................................................................. 80 DNS Cache Snooping.............................................................................................. 80 What Is DNS Cache Snooping?.........................................................................................81 Nonrecursive Method.........................................
View Full Document

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture