You are previewing Conducting Network Penetration and Espionage in a Global Environment.
O'Reilly logo
Conducting Network Penetration and Espionage in a Global Environment

Book Description

When it’s all said and done, penetration testing remains the most effective way to identify security vulnerabilities in computer networks. Conducting Network Penetration and Espionage in a Global Environment provides detailed guidance on how to perform effective penetration testing of computer networks—using free, open source, and commercially available tools, including Backtrack, Metasploit, Wireshark, Nmap, Netcat, and Nessus. It also considers exploits and other programs using Python, PERL, BASH, PHP, Ruby, and Windows PowerShell.

The book taps into Bruce Middleton’s decades of experience with computer security, including penetration testing of military networks, the White House, utilities, manufacturing facilities, CIA headquarters, the Defense Information Systems Agency, and NASA. Mr. Middleton begins with a chapter on defensive measures/privacy issues and then moves on to describe a cyber-attack on one of his labs and how he responded to the attack.

Next, the book explains how to research a target without directly "touching" that target. Once you’ve learned all you can, the text describes how to gather even more information using a more direct approach. From there, it covers mathematical analysis, considers target exploitation, and discusses Chinese and Syrian cyber-attacks.

Providing authoritative guidance on cyberforensics, reverse engineering, and penetration testing, the book categorizes testing tools according to their use within the standard penetration testing framework. For each of the above-mentioned categories, you will find basic and advanced tools and procedures to help you identify security vulnerabilities in today’s networks.

After reading this book, you will understand how to perform an organized and efficient penetration test. You will also learn techniques used to bypass anti-virus software and capture keystrokes of remote systems. Explaining how to put together your own penetration testing lab, the text concludes by describing how to utilize various iPhone apps to perform reconnaissance activities on wireless networks.

Table of Contents

  1. Preface
  2. About the Author
  3. Chapter 1 - What You Need to Know First
    1. MATLAB® and SimuLink (MathSoft.com)
    2. Recommended Defensive Measures
    3. Google News Groups
    4. Typical PT Process
    5. Recommended Books/Classes
    6. Last But Not Least—A Pet Peeve
    7. Training
    8. Minimal Paperwork
  4. Chapter 2 - Attack from Christmas Island
  5. Chapter 3 - Indirect Target Information Acquisition (ITIA)
    1. Shodan
    2. Using Google to Obtain Information
    3. TheHarvester
    4. Nslookup
    5. Dig
    6. Dnsenum
    7. Dnswalk
    8. Dnsrecon
    9. Fierce
    10. Smtp-user-enum
    11. Dnsmap
    12. Dmitry
    13. Itrace
    14. Tcptraceroute
    15. Tctrace
    16. Goorecon
    17. Snmpenum
    18. Snmpwalk
    19. Snmpcheck
  6. Chapter 4 - Direct Target Information Acquisition (DTIA)
    1. Target Discovery
      1. Ping
      2. #ping -c 2 <target>
      3. #ping -c 3 -s 1000 IP
      4. Fping
      5. Genlist
      6. Hping
      7. Nbtscan
      8. Nping
      9. Onesixtyone
      10. P0f
      11. Xprobe2
    2. Enumerating Target
    3. Some Miscellaneous Items to Keep in Mind (Refer to as Needed)
      1. Start Networks
      2. Create Videos
      3. Whois xumpidhjns.it.cx
      4. Whois 95.141.28.91
      5. Whois nucebeb.changeip.name
      6. Whois 64.120.252.74
      7. Netcraft
      8. Host
      9. DNS Tools (More)
      10. Nslookup
  7. Chapter 5 - Nmap
    1. Nmap -T0 -O -sTV -vv -p- -PN IP
    2. Nmap -O -sSV -vv -p- -PN IP
    3. Nmap–script http-enum,http-headers,http-methods,http-php-version -p 80 IP
    4. Nmap -A -vvv -p- -PN -iL IPlist.txt
    5. Nmap -f -f -vvv -p- -PN IP
    6. Nmap -sP -PA IP.0/24
    7. Nmap -sS -sU -p U:53,T:22,134-139 IP
    8. Nmap -O -sUV -vvv -p- -PN IP
    9. Nmap -O -sXV -vvv -p- -PN IP
    10. Nmap -O -sNV -vvv -p- -PN IP
    11. Nmap -mtu 16 -vvv -p- -PN IP
    12. Nmap -sM -vvv -p- -PN IP
    13. Nmap -sC -p- -PN IP
    14. Nmap -p 139,445 IP
    15. Nmap -scanflags PSH -p- -PN IP
    16. Nmap -scanflags PSH -p135 IP
    17. Nmap -scanflags SYN -p135 IP
    18. Nmap -sA -scanflags PSH -p- -PN IP
    19. Nmap -sP IP.0/24 -oA Results
    20. Nmap -sP -PA -oN Results IP.0/24
    21. Nmap -n -sP 192.168.4.1-20
    22. Nmap -sP -oG Results IP.0/24
    23. Nmap -v -sP 192.168.0.0/16 10.0.0.0/8
    24. Nmap -sP -PN -PS -reason IP
    25. Nmap -sL IP.1-255
    26. Nmap -sS -sV -O -v IP
    27. Nmap -T0 -vv -b FTP_IP TARGET_IP -oA Results
    28. Nmap -sF -PN -p22 IP
    29. Nmap -sU -p0-65535 IP
    30. Nmap -sU -v -p 1-65535 IP
    31. Nmap -sU -p 161
    32. Nmap -sU -T5 -p 69, 123, 161, 1985 IP
    33. Nmap -PP -PM IP
      1. Nmap -sO IP
      2. Nmap -O IP
      3. Nmap -sV IP
  8. Chapter 6 - MATLAB, SimuLink, and R
  9. Chapter 7 - Metasploit Pro
    1. Now Verify Database Connectivity with Metasploit
    2. Perform an Nmap Scan within Metasploit
    3. Using Auxiliary Modules in Metasploit
    4. Using Metasploit to Exploit
      1. No Options to Set
      2. See Lots of Them
      3. Did We Obtain a Command Shell?
      4. See the Active Driver, such as postgresql
    5. If You Get an Error While Connecting to the DB
    6. Using the DB to Store Pen Test Results
    7. Analyzing Stored Results of DB
    8. Unfiltered Port
    9. Using Metasploit Auxiliary Module for Scans
      1. Use
      2. Set
      3. Run
    10. To Make the Scan Faster across Multiple Devices
    11. Target Services Scanning with Auxiliary Modules
    12. Vulnerability Scan with Metasploit Using Nessus
    13. Scanning with Nexpose within Metasploit:
    14. Note about Exploit-db
    15. Some Metasploit Exploit Commands
    16. Microsoft Exploit
    17. Exploiting a Windows 2003 Server
    18. Exploiting Windows 7/Server 2008 R2 SMB Client
    19. Exploiting Linux Ubuntu System
    20. Client Side Exploitation and A/V Bypass
    21. Msfpayload Can Be Used to Generate Binary and Shellcode
    22. To Set Up a Listener for the Reverse Connection
    23. Run Some Linux PPC Payloads against the FSB
    24. Generate Shellcode in C
    25. Meterpreter Commands
    26. Executive Summary
    27. Detailed Findings
      1. Tools Utilized
    28. Recommendations to Resolve Issues
  10. Chapter 8 - China, Syria, and the American Intelligence Community
    1. The Burning
    2. China
    3. Syria
  11. Chapter 9 - Building a Penetration Testing Lab
  12. Chapter 10 - Vendor Default Passwords and Default Unix Ports
  13. Chapter 11 - Oldies but Goodies If You Have Physical Access
    1. SafeBack
      1. New Technologies, Inc.
    2. GetTime
      1. New Technologies, Inc.
    3. FileList and FileCnvt and Excel
      1. New Technologies, Inc.
    4. GetFree
      1. New Technologies, Inc.
    5. Swap Files and GetSwap
      1. New Technologies, Inc.
        1. General Information
    6. GetSlack
      1. New Technologies, Inc.
    7. Temporary Files
    8. Filter_I
      1. New Technologies, Inc.
        1. Filter
        2. Intel
        3. Names
        4. Words
    9. Keyword Generation
      1. New Technologies, Inc.
    10. TextSearch Plus
      1. New Technologies, Inc.
    11. Crcmd5
      1. New Technologies, Inc.
    12. DiskSig
      1. New Technologies, Inc.
    13. Doc
      1. New Technologies, Inc.
    14. Mcrypt
      1. New Technologies, Inc.
    15. Micro-Zap
      1. New Technologies, Inc.
    16. Map
      1. New Technologies, Inc.
    17. M-Sweep
      1. New Technologies, Inc.
    18. Net Threat Analyzer
      1. New Technologies, Inc.
    19. AnaDisk
      1. New Technologies, Inc.
    20. Seized
      1. New Technologies, Inc.
    21. Scrub
      1. New Technologies, Inc.
    22. Spaces
      1. New Technologies, Inc.
    23. NTFS FileList
      1. New Technologies, Inc.
        1. Example
        2. General Information
    24. NTFS GetFree
      1. New Technologies, Inc.
        1. Example
        2. General Information
    25. NTFS GetSlack
      1. New Technologies, Inc.
        1. Example
        2. General Information
    26. NTFS VIEW
      1. New Technologies, Inc.
        1. Example
    27. NTFS Check
      1. New Technologies, Inc.
        1. Example
    28. NTIcopy
      1. New Technologies, Inc.
    29. Disk Search 32
      1. New Technologies, Inc.
        1. Example
  14. Chapter 12 - Order of Operations for Your Tools
    1. Reconnaissance
    2. Enumeration
    3. Exploitation
    4. Wireless Networks
    5. VOIP Networks
    6. Reporting
    7. Scripting/Programming/Debugging
  15. Chapter 13 - Using Your iPhone as a Network Scanner
    1. IP Scanner
    2. NetPro
    3. WiFi Scanner
    4. iNet
    5. Net Detective
    6. Net Swiss Army Knife
    7. Ping Analyzer
    8. WiFi Net Info
    9. TraceRoute
    10. PortScan
    11. Net Utility
    12. zTools