O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Basics of Hacking and Penetration Testing, 2nd Edition

Book Description

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security.

Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class.

This book is an ideal resource for security consultants, beginning InfoSec professionals, and students.

  • Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
  • Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
  • Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgments
    1. My Wife
    2. My Girls
    3. My Family
    4. Dave Kennedy
    5. Jared DeMott
    6. To the Syngress Team
  7. About the Author
  8. Introduction
    1. What is New in This Edition?
    2. Who is the Intended Audience for This Book?
    3. How is This Book Different from Book ‘x’?
    4. Why Should I Buy This Book?
    5. What Do I Need to Follow Along?
  9. Chapter 1. What is Penetration Testing?
    1. Information in This Chapter:
    2. Introduction
    3. Setting the Stage
    4. Introduction to Kali and Backtrack Linux: Tools. Lots of Tools
    5. Working with Your Attack Machine: Starting the Engine
    6. The Use and Creation of a Hacking Lab
    7. Phases of a Penetration Test
    8. Where Do I Go from Here?
    9. Summary
  10. Chapter 2. Reconnaissance
    1. Information in This Chapter:
    2. Introduction
    3. HTTrack: Website Copier
    4. Google Directives: Practicing Your Google-Fu
    5. The Harvester: Discovering and Leveraging E-mail Addresses
    6. Whois
    7. Netcraft
    8. Host
    9. Extracting Information from DNS
    10. nslookup
    11. Dig
    12. Fierce: What to Do When Zone Transfers Fail
    13. Extracting Information from E-mail Servers
    14. MetaGooFil
    15. ThreatAgent: Attack of the Drones
    16. Social Engineering
    17. Sifting Through the Intel to Find Attackable Targets
    18. How Do I Practice This Step?
    19. Where Do I Go from Here?
    20. Summary
  11. Chapter 3. Scanning
    1. Information in This Chapter:
    2. Introduction
    3. Pings and Ping Sweeps
    4. Port Scanning
    5. The Three-Way Handshake
    6. Using Nmap to Perform a TCP Connect Scan
    7. Using Nmap to Perform an SYN Scan
    8. Using Nmap to Perform UDP Scans
    9. Using Nmap to Perform an Xmas Scan
    10. Using Nmap to Perform Null Scans
    11. The Nmap Scripting Engine: From Caterpillar to Butterfly
    12. Port Scanning Wrap Up
    13. Vulnerability Scanning
    14. How Do I Practice This Step?
    15. Where Do I Go from Here?
    16. Summary
  12. Chapter 4. Exploitation
    1. Information in This Chapter:
    2. Introduction
    3. Medusa: Gaining Access to Remote Services
    4. Metasploit: Hacking, Hugh Jackman Style!
    5. JtR: King of the Password Crackers
    6. Local Password Cracking
    7. Remote Password Cracking
    8. Linux Password Cracking and a Quick Example of Privilege Escalation
    9. Password Resetting: The Building and the Wrecking Ball
    10. Wireshark: Sniffing Network Traffic
    11. Macof: Making Chicken Salad Out of Chicken Sh∗t
    12. Armitage: Introducing Doug Flutie of Hacking
    13. Why Learn Five Tools When One Works Just as Well?
    14. How Do I Practice This Step?
    15. Where Do I Go from Here?
    16. Summary
  13. Chapter 5. Social Engineering
    1. Information in This Chapter:
    2. Introduction
    3. The Basics of SET
    4. Website Attack Vectors
    5. The Credential Harvester
    6. Other Options Within SET
    7. Summary
  14. Chapter 6. Web-Based Exploitation
    1. Information in This Chapter:
    2. Introduction
    3. The Basics of Web Hacking
    4. Nikto: Interrogating Web Servers
    5. w3af: More than Just a Pretty Face
    6. Spidering: Crawling Your Target’s Website
    7. Intercepting Requests with Webscarab
    8. Code Injection Attacks
    9. Cross-Site Scripting: Browsers that Trust Sites
    10. ZED Attack Proxy: Bringing It All Together Under One Roof
    11. Intercepting in ZAP
    12. Spidering in ZAP
    13. Scanning in ZAP
    14. How Do I Practice This Step?
    15. Where Do I Go from Here?
    16. Additional Resources
    17. Summary
  15. Chapter 7. Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter
    1. Information in This Chapter:
    2. Introduction
    3. Netcat: The Swiss Army Knife
    4. Netcat’s Cryptic Cousin: Cryptcat
    5. Rootkits
    6. Hacker Defender: It is Not What You Think
    7. Detecting and Defending Against Rootkits
    8. Meterpreter: The Hammer that Turns Everything into a Nail
    9. How Do I Practice This Step?
    10. Where Do I Go from Here?
    11. Summary
  16. Chapter 8. Wrapping Up the Penetration Test
    1. Information in This Chapter:
    2. Introduction
    3. Writing the Penetration Testing Report
    4. Executive Summary
    5. Detailed Report
    6. Raw Output
    7. You Do Not Have to Go Home but You Cannot Stay Here
    8. Where Do I Go from Here?
    9. Wrap Up
    10. The Circle of Life
    11. Summary
  17. Index