did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781597490214

Penetration Tester's Open Source Toolkit

by ; ; ; ; ;
  • ISBN13:

    9781597490214

  • ISBN10:

    1597490210

  • Format: Paperback
  • Copyright: 8/1/2005
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $61.95

Summary

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science. The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing. * Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers * The book is authored by many of the tool developers themselves * This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Table of Contents

Foreword xxvii
Reconnaissance
1(94)
Objectives
2(3)
Approach
5(30)
A Methodology for Reconnaissance
5(2)
Intelligence Gathering
7(12)
Footprinting
19(6)
Verification
25(10)
Core Technologies
35(15)
Intelligence Gathering
35(1)
Search Engines
36(1)
WHOIS
37(1)
RWHOIS
38(1)
Domain Name Registries and Registrars
38(2)
Web Site Copiers
40(1)
Footprinting
40(1)
DNS
40(4)
SMTP
44(2)
Verification
46(1)
Virtual Hosting
46(1)
IP Subnetting
47(1)
The Regional Internet Registries
47(3)
Open Source Tools
50(45)
Intelligence-Gathering Tools
50(1)
Web Resources
51(4)
*nix Command-Line Tools
55(10)
Open Source Windows Tools
65(1)
WinBiLE (www.sensepost.com/research)
66(1)
Footprinting Tools
67(1)
Web Resources
68(1)
*nix Console Tools
69(3)
Open Source Windows Tools
72(1)
Verification Tools
73(1)
Web Resources
74(3)
*nix Console Tools
77(3)
Case Studies---The Tools in Action
80(1)
Intelligence Gathering, Footprinting, and Verification of an Internet-Connected Network
81(7)
Footprinting
88(2)
Verification
90(5)
Enumeration and Scanning
95(54)
Objectives
96(1)
Approach
97(3)
Scanning
97(1)
Enumeration
98(2)
Core Technology
100(8)
How Scanning Works
100(1)
Port Scanning
101(4)
Going Behind the Scenes with Enumeration
105(1)
Service Identification
105(1)
RPC Enumeration
106(1)
Fingerprinting
106(1)
Being Loud, Quiet, and All that Lies Between
106(1)
Timing
107(1)
Bandwidth Issues
107(1)
Unusual Packet Formation
108(1)
Open Source Tools
108(23)
Scanning
108(1)
Fyodor's nmap
108(7)
netenum: Ping Sweep
115(1)
unicornscan: Port Scan
116(1)
scanrand: Port Scan
117(2)
Enumeration
119(1)
nmap: Banner Grabbing
119(6)
Windows Enumeration: smbgetserverinfo/smbdumpusers
125(6)
Case Studies---The Tools in Action
131(15)
External
131(5)
Internal
136(4)
Stealthy
140(3)
Noisy (IDS Testing)
143(3)
Further Information
146(3)
Introduction to Testing Databases
149(40)
Objectives
150(1)
Intended Audience
150(1)
Introduction
151(1)
Approach
151(2)
Context of Database Assessment
152(1)
Process of Penetration Testing a Database
152(1)
Core Technologies
153(10)
Basic Terminology
153(2)
Database Installation
155(1)
Default Users and New Users
156(2)
Roles and Privileges
158(3)
Technical Details
161(2)
Open Source Tools
163(16)
Intelligence Gathering
163(1)
Footprinting, Scanning, and Enumeration Tools
164(1)
Locating Database Servers by Port
164(2)
Enumeration Tools
166(1)
Unauthenticated Enumeration
166(8)
Vulnerability Assessment and Exploit Tools
174(1)
Nessus Checks
174(1)
Interpreting Nessus Database Vulnerabilities
174(2)
OScanner and OAT
176(1)
SQLAT
177(1)
WHAX Tools
178(1)
Case Studies---The Tools in Action
179(9)
MS SQL Assessment
180(3)
Oracle Assessment
183(5)
Further Information
188(1)
Discovering Databases
188(1)
Enumeration Tools
188(1)
Web Server & Web Application Testing
189(88)
Objectives
190(2)
Introduction
190(1)
Web Server Vulnerabilities---A Short History
190(1)
Web Applications---The New Challenge
191(1)
Chapter Scope
192(1)
Approach
192(4)
Approach: Web Server Testing
193(2)
Approach: CGI and Default Pages Testing
195(1)
Approach: Web Application Testing
196(1)
Core Technologies
196(12)
Web Server Exploit Basics
196(1)
What Are We Talking About?
196(6)
CGI and Default Page Exploitation
202(2)
Web Application Assessment
204(1)
Information Gathering Attacks
205(1)
File System and Directory Traversal Attacks
205(1)
Command Execution Attacks
205(1)
Database Query Injection Attacks
206(1)
Cross-site Scripting
207(1)
Authentication and Authorization
207(1)
Parameter Passing Attacks
207(1)
Open Source Tools
208(40)
Intelligence Gathering Tools
208(9)
Scanning Tools
217(12)
Assessment Tools
229(2)
Authentication
231(11)
Proxy
242(3)
Exploitation Tools
245(3)
Case Studies---The Tools in Action
248(29)
Web Server Assessments
248(6)
CGI and Default Page Exploitation
254(9)
Web Application Assessment
263(14)
Wireless Penetration Testing Using Auditor
277(40)
Objectives
278(1)
Introduction
278(1)
Approach
279(2)
Understanding WLAN Vulnerabilities
279(1)
Evolution of WLAN Vulnerabilities
280(1)
Core Technologies
281(9)
WLAN Discovery
282(1)
Choosing the Right Antenna
283(1)
WLAN Encryption
284(1)
Wired Equivalent Privacy (WEP)
284(1)
WiFi Protected Access (WPA/WPA2)
285(1)
Extensible Authentication Protocol (EAP)
285(1)
Virtual Private Network (VPN)
286(1)
Attacks
286(1)
Attacks Against WEP
286(2)
Attacks Against WPA
288(1)
Attacks Against LEAP
289(1)
Attacks Against VPN
289(1)
Open Source Tools
290(17)
Footprinting Tools
290(1)
Intelligence Gathering Tools
291(1)
USENET Newsgroups
292(1)
Google (Internet Search Engines)
292(1)
Scanning Tools
293(1)
Wellenreiter
293(2)
Kismet
295(3)
Enumeration Tools
298(1)
Vulnerability Assessment Tools
299(2)
Exploitation Tools
301(1)
MAC Address Spoofing
301(1)
Deauthentication with Void11
302(1)
Cracking WEP with the Aircrack Suite
303(3)
Cracking WPA with the CoWPAtty
306(1)
Case Studies
307(7)
Case Study---Cracking WEP
307(4)
Case Study---Cracking WPA-PSK
311(3)
Further Information
314(3)
Additional GPSMap Map Servers
314(3)
Network Devices
317(42)
Objectives
318(1)
Approach
318(1)
Core Technologies
319(1)
Open-Source Tools
320(24)
Foot Printing Tools
320(1)
Traceroute
320(1)
DNS
321(1)
Nmap
322(1)
ICMP
323(1)
Ike-scan
324(2)
Scanning Tools
326(1)
Nmap
326(3)
ASS
329(2)
Cisco Torch
331(1)
Snmpfuzz.pl
332(1)
Enumeration Tools
332(1)
SNMP
332(2)
Finger
334(1)
Vulnerability Assessment Tools
334(1)
Nessus
334(1)
Exploitation Tools
335(1)
ADMsnmp
335(1)
Hydra
336(2)
TFTP-Bruteforce
338(1)
Cisco Global Exploiter
339(1)
Internet Routing Protocol Attack Suite (IRPAS)
340(3)
Ettercap
343(1)
Case Studies---The Tools in Action
344(9)
Obtaining a Router Configuration by Brute Force
344(9)
Further Information
353(6)
Common and Default Vendor Passwords
355(1)
Modification of cge.pl
356(1)
References
356(1)
Software
357(2)
Writing Open Source Security Tools
359(70)
Introduction
360(1)
Why Would You Want to Learn to Code?
360(5)
The Process of Programming
360(1)
Step 1: Solve the Right Problem by Asking the Right Questions
361(1)
Step 2: Breaking the Problem into Smaller, Manageable Problems
362(2)
Step 3: Write Pseudocode
364(1)
Step 4: Implement the Actual Code
365(1)
Languages
365(6)
Programming Languages
366(1)
Logo
366(1)
Basic
367(1)
Delphi
367(1)
C/C++
368(1)
PERL
368(1)
C#
369(1)
Python
370(1)
Java
370(1)
Web Application Languages
371(1)
PHP
371(1)
ASP/ASP .NET
371(1)
Interactive Development Environments
371(24)
Eclipse
372(10)
KDevelop
382(6)
Microsoft Visual Studio .NET
388(4)
Monodevelop
392(3)
Quick Start Mini Guides
395(28)
PERL Mini Guide
395(1)
Basic Program Structure, Data Structures, Conditionals, and Loops
395(3)
Basic File IO and Subroutines
398(3)
Writing to a Socket and Using MySQL
401(5)
Consuming a Web Service and Writing a CGI
406(6)
C# Mini Guide
412(1)
Basic Program Structure, Data Structures, Conditionals, and Loops
412(3)
Basic File IO and Databases
415(4)
Writing to Sockets
419(4)
Conclusion
423(1)
Useful functions and code snippets
423(5)
C# Snippets
423(4)
PERL Code Snippets
427(1)
Links to Resources in this Chapter / Further Reading
428(1)
Nessus
429(42)
Introduction
430(1)
What Is It?
430(1)
Basic Components
431(4)
Client and Server
431(3)
The Plugins
434(1)
The Knowledge Base
435(1)
Launching Nessus
435(13)
Running Nessus from Auditor
436(1)
Point and Click: Launching Nessus From Within Auditor
436(4)
Behind the Scenes: Analyzing Auditor's start-nessus Script
440(2)
From The Ground Up: Nessus Without A Startup Script
442(4)
Running Nessus on Windows
446(2)
Maintaining Nessus
448(9)
Standard Plug-In Update
448(1)
Auditor's Plug-In Update: Method #1
449(3)
Auditor's Plug-In Update: Method #2
452(4)
Updating the Nessus Program
456(1)
Using Nessus
457(10)
Plugins
458(1)
Prefs (The Preferences Tab)
459(5)
Scan Options
464(2)
Target Selection
466(1)
Summary
467(1)
Solutions Fast Track
467(2)
Links to Sites
469(1)
Frequently Asked Questions
469(2)
Coding for Nessus
471(72)
Introduction
472(2)
History
472(1)
Goals of NASL
473(1)
Simplicity and Convenience
473(1)
Modularity and Efficiency
473(1)
Safety
474(1)
NASL's Limitations
474(1)
NASL Script Syntax
474(13)
Comments
474(1)
Variables
475(3)
Operators
478(5)
Control Structures
483(4)
Writing NASL Scripts
487(7)
Writing Personal-Use Tools in NASL
488(1)
Networking Functions
488(1)
HTTP Functions
488(1)
Packet Manipulation Functions
488(1)
String Manipulation Functions
489(1)
Cryptographic Functions
489(1)
The NASL Command-Line Interpreter
489(2)
Programming in the Nessus Framework
491(1)
Descriptive Functions
491(3)
Case Study: The Canonical NASL Script
494(3)
Porting to and from NASL
497(11)
Logic Analysis
498(1)
Identify Logic
498(1)
Pseudo Code
499(1)
Porting to NASL
500(1)
Porting to NASL from C/C++
501(6)
Porting from NASL
507(1)
Case Studies of Scripts
508(1)
Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
508(1)
Case Study: IIS .HTR ISAPI Filter Applied CVE-2002-0071
509(5)
Microsoft IIS/Site Server codebrws.asp Arbitrary File Access
513(1)
Case Study: Codebrws.asp Source Disclosure Vulnerability CVE-1999-0739
514(3)
Microsoft SQL Server Bruteforcing
516(1)
Case Study: Microsoft's SQL Server Bruteforce
517(10)
ActivePerl perlIIS.dll Buffer Overflow Vulnerability
526(1)
Case Study: ActivePerl perlIS.dll Buffer Overflow
527(4)
Microsoft FrontPage/IIS Cross-Site Scripting shtml.dll Vulnerability
531(1)
Case Study: Microsoft FrontPage XSS
531(5)
Summary
536(1)
Solutions FastTrack
537(2)
Links to Sites
539(1)
Frequently Asked Questions
540(3)
NASL Extensions and Custom Tests
543(20)
Introduction
544(1)
Extending NASL Using Include Files
544(6)
Include Files
544(6)
Extending the Capabilities of Tests Using the Nessus Knowledge Base
550(2)
Extending the Capabilities of Tests Using Process Launching and Results Analysis
552(10)
What Can We Do with Trusted Functions?
553(1)
Creating a Trusted Test
554(8)
Summary
562(1)
Understanding the Extended Capabilities of the Nessus Environment
563(18)
Introduction
564(1)
Windows Testing Functionality Provided by the smb_nt.inc Include File
564(16)
Windows Testing Functionality Provided by the smb_hotfixes.inc Include File
569(4)
UNIX Testing Functionality Provided by the Local Testing Include Files
573(7)
Summary
580(1)
Extending Metasploit I
581(44)
Introduction
582(1)
Using the MSF
582(37)
The msfweb Interface
583(14)
The msfconsole Interface
597(1)
Starting msfconsole
597(1)
General msfconsole Commands
598(1)
The MSF Environment
599(5)
Exploiting with msfconsole
604(9)
The msfcli Interface
613(6)
Updating the MSF
619(2)
Summary
621(1)
Solutions Fast Track
621(1)
Links to Sites
621(1)
Frequently Asked Questions
622(3)
Extending Metasploit II
625(54)
Introduction
626(1)
Exploit Development with Metasploit
626(39)
Determining the Attack Vector
627(1)
Finding the Offset
628(6)
Selecting a Control Vector
634(7)
Finding a Return Address
641(6)
Using the Return Address
647(1)
Determining Bad Characters
648(2)
Determining Space Limitations
650(2)
Nop Sleds
652(2)
Choosing a Payload and Encoder
654(11)
Integrating Exploits into the Framework
665(10)
Understanding the Framework
666(1)
Analyzing an Existing Exploit Module
667(6)
Overwriting Methods
673(2)
Summary
675(1)
Solutions Fast Track
675(1)
Links to Sites
676(1)
Frequently Asked Questions
677(2)
Index 679

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program