Telegram Channel : @IRFaraExam Table of Contents Cover Title Page Introduction What Does This Book Cover? Companion Download Files How to Contact the Publisher How to Contact the Author CHAPTER 1: Mastering the Terminal Window Kali Linux File System Managing Users and Groups in Kali Files and Folders Management in Kali Linux Remote Connections in Kali Kali Linux System Management Networking in Kali Linux Summary CHAPTER 2: Bash Scripting Basic Bash Scripting Printing to the Screen in Bash Variables Script Parameters User Input Functions Conditions and Loops Summary CHAPTER 3: Network Hosts Scanning Basics of Networking Network Scanning DNS Enumeration Telegram Channel : @IRFaraExam Summary CHAPTER 4: Internet Information Gathering Passive Footprinting and Reconnaissance Summary CHAPTER 5: Social Engineering Attacks Spear Phishing Attacks Payloads and Listeners Social Engineering with the USB Rubber Ducky Summary CHAPTER 6: Advanced Enumeration Phase Transfer Protocols E‐mail Protocols Database Protocols CI/CD Protocols Web Protocols 80/443 Graphical Remoting Protocols File Sharing Protocols Summary CHAPTER 7: Exploitation Phase Vulnerabilities Assessment Services Exploitation Summary CHAPTER 8: Web Application Vulnerabilities Web Application Vulnerabilities Summary CHAPTER 9: Web Penetration Testing and Secure Software Development Lifecycle Web Enumeration and Exploitation Secure Software Development Lifecycle Summary CHAPTER 10: Linux Privilege Escalation Telegram Channel : @IRFaraExam Introduction to Kernel Exploits and Missing Configurations Kernel Exploits SUID Exploitation Overriding the Passwd Users File CRON Jobs Privilege Escalation sudoers Exploiting Running Services Automated Scripts Summary CHAPTER 11: Windows Privilege Escalation Windows System Enumeration File Transfers Windows System Exploitation Summary CHAPTER 12: Pivoting and Lateral Movement Dumping Windows Hashes Pivoting with Port Redirection Summary CHAPTER 13: Cryptography and Hash Cracking Basics of Cryptography Cracking Secrets with Hashcat Summary CHAPTER 14: Reporting Overview of Reports in Penetration Testing Scoring Severities Report Presentation Summary CHAPTER 15: Assembly Language and Reverse Engineering CPU Registers Assembly Instructions Telegram Channel : @IRFaraExam Data Types Memory Segments Addressing Modes Reverse Engineering Example Summary CHAPTER 16: Buffer/Stack Overflow Basics of Stack Overflow Stack Overflow Exploitation Summary CHAPTER 17: Programming with Python Basics of Python Running Python Scripts Debugging Python Scripts Practicing Python Python Basic Syntaxes Variables More Techniques in Python Summary CHAPTER 18: Pentest Automation with Python Penetration Test Robot Summary APPENDIX A: APPENDIX AKali Linux Desktop at a Glance Downloading and Running a VM of Kali Linux Kali Xfce Desktop Summary APPENDIX B: APPENDIX BBuilding a Lab Environment Using Docker Docker Technology Summary Index Copyright Telegram Channel : @IRFaraExam About the Author About the Technical Editor Acknowledgments End User License Agreement List of Tables Chapter 1 Table 1.1 Tmux Keyboard Shortcuts Chapter 2 Table 2.1 Numerical Conditions Table 2.2 String Conditions Table 2.3 File/Directory Conditions Chapter 3 Table 3.1 OSI Layers Table 3.2 Subnets and CIDR Table 3.3 Common Port Numbers Table 3.4 Nmap Version Intensity Chapter 4 Table 4.1 The Most Common Query Criteria Used on the Shodan Site Table 4.2 Google Dorks Common Queries Chapter 14 Table 14.1 CVSS Score Rating Chapter 15 Table 15.1 Flag Registers Table 15.2 Assembly Instructions Table 15.3 Assembly Jump Instructions Table 15.4 Assembly Instructions Telegram Channel : @IRFaraExam Table 15.5 Data Types Table 15.6 Addressing Modes Chapter 17 Table 17.1 Arithmetic Operators Table 17.2 String Formatters Table 17.3 String Functions Table 17.4 Comparision Operators Table 17.5 Python Escape Characters List of Illustrations Chapter 1 Figure 1.1 Tmux New Window Figure 1.2 New Tmux Highlighted Tab Figure 1.3 Tmux Vertical Windows Side by Side Figure 1.4 Tmux Horizontal Windows Figure 1.5 Kali Linux OS Security Commands Figure 1.6 Kali Linux – Files and Folders Commands Figure 1.7 USB Mount Figure 1.8 Mount Using the Command Line Figure 1.9 “Windows Login” Figure 1.10 SSH with MobaXterm on Windows Figure 1.11 SSH Root Connection Figure 1.12 SSH Service Status Figure 1.13 SSH Key Generation Figure 1.14 Kali System Management Commands Figure 1.15 HTOP Figure 1.16 Kali Networking Commands Telegram Channel : @IRFaraExam Figure 1.17 Kali Network Interfaces Figure 1.18 Static IP Configs Figure 1.19 Testing Internet Connection Chapter 2 Figure 2.1 Bash Scripting Figure 2.2 Export Config Figure 2.3 Script Sections Figure 2.4 Conditions and Loops Chapter 3 Figure 3.1 TCP Handshake Figure 3.2 Wireshark Network Interface Selection Figure 3.3 Wireshark Capture Figure 3.4 Wireshark ICMP Filter Chapter 4 Figure 4.1 Shodan Figure 4.2 Google Dork Site Filter Figure 4.3 Google Dork Site Filter with Description Figure 4.4 Google Hacking Database Figure 4.5 Kali Menu – Information Gathering Figure 4.6 Maltego Transform Hub Figure 4.7 Maltego Entities Figure 4.8 Maltego Transforms Figure 4.9 Maltego To Domains Tranform Figure 4.10 Maltego Domain Name / DNS Figure 4.11 Domain Name Tansforms Figure 4.12 Maltego Subdomains Graph Chapter 5 Telegram Channel : @IRFaraExam Figure 5.1 Admin E‐mail Figure 5.2 Bind Shell Figure 5.3 Reverse Shell Figure 5.4 Virus Total Figure 5.5 USB Rubber Ducky Figure 5.6 USB Rubber Ducky with MicroSD Figure 5.7 Running PowerShell in Admin Mode Chapter 6 Figure 6.1 Jenkins Web Portal Figure 6.2 Jenkins Error Message Figure 6.3 Firefox Network Settings Figure 6.4 Kali Menu ‐ Burp Suite Figure 6.5 Burp Suite Proxy Figure 6.6 Burp Suite – Send to Repeater Figure 6.7 POST Contents Chapter 7 Figure 7.1 OpenVAS Web Portal Figure 7.2 OpenVAS New Target Figure 7.3 OpenVAS Target Options Figure 7.4 OpenVAS Task Options Figure 7.5 OpenVAS Run A Task Figure 7.6 OpenVAS Report Results Figure 7.7 OpenVAS – Vulnerability Results Sample Figure 7.8 OpenVAS‐ Report References Figure 7.9 Google Search for Exploit Figure 7.10 FileZilla FTP Connect Figure 7.11 FileZilla FTP Connection Established Telegram Channel : @IRFaraExam Figure 7.12 Google Search – FTP Exploit Figure 7.13 Wireshark Interface Selection Figure 7.14 Wireshark Capture Results Figure 7.15 Wireshark – Follow TCP Stream Figure 7.16 Wireshark – Cleartext Capture Figure 7.17 Receiving Email Settings Figure 7.18 Sending Email Settings Figure 7.19 Email Inbox Figure 7.20 Docker Host Design Figure 7.21 Jenkins Homepage Figure 7.22 Jenkins ‐ New Project Figure 7.23 Jenkins – Add Build Step Figure 7.24 Jenkins – Reverse Shell Figure 7.25 SMB Connect Figure 7.26 SMB Connection Established Chapter 8 Figure 8.1 Mutillidae Home Page Figure 8.2 Mutillidae – DNS Lookup Figure 8.3 Mutillidae – Script Alert Figure 8.4 Mutillidae – Blog Entry Figure 8.5 Mutillidae ‐ Logs Figure 8.6 Burp suite – Proxy Intercept Figure 8.7 Burp Suite – User‐Agent Edit Figure 8.8 Mutillidae – Bad Characters Error Message Figure 8.9 Burp Suite – Intercept Payload Figure 8.10 Burp Suite – Target Host Script Figure 8.11 Accounts Table Telegram Channel : @IRFaraExam Figure 8.12 Accounts Table ‐ SQL Query Figure 8.13 Login SQLi Figure 8.14 Login SQLi Query Figure 8.15 Login SQLi Results Figure 8.16 Mutillidae – Login SQLi Figure 8.17 Mutillidae – Login SQLi Results Figure 8.18 SQLi ‐ Union Select Syntax Figure 8.19 SQLi – Union Select Figure 8.20 SQLi – Union Select with DB Version Figure 8.21 Schema Table – Credit Cards Field Figure 8.22 Credit Cards Table Query Figure 8.23 Extract Credit Cards Table Data Figure 8.24 SQL Query – Write To System Figure 8.25 SQLi Error Figure 8.26 Mutillidae – Command Injection Figure 8.27 Mutillidae – Extracting Passwd File Figure 8.28 Mutillidae – Remote File Inclusion Figure 8.29 Mutillidae Blog Page Figure 8.30 Burp Suite – Generate CSRF PoC Figure 8.31 Burp Suite – Generate CSRF Copy HTML Figure 8.32 CSRF PoC Victim Figure 8.33 CSRF PoC Results Figure 8.34 Mutillidae File Upload Figure 8.35 Mutillidae – File Upload Results Figure 8.36 File Upload POST Data Figure 8.37 File Upload Post Data Payloads Figure 8.38 Burp Suite – Intercept Hex Tab Telegram Channel : @IRFaraExam Figure 8.39 Burp Suite Encoding Chapter 9 Figure 9.1 Burp Suite Certificate Figure 9.2 Importing the Burp Suite Certificate Figure 9.3 Burp Suite Proxy Tab, Options Section Figure 9.4 Burp Suite Target Figure 9.5 Burp Suite Add To Scope Option Figure 9.6 Burp Suite In‐Scope Filter Figure 9.7 Burp Suite In‐Scope Filter Applied Figure 9.8 Burp Suite Discover Content Menu Item Figure 9.9 Burp Suite Running Discover Content Feature Figure 9.10 Burp Suite Active Scan Figure 9.11 Burp Suite Send To Repeater Menu Item Figure 9.12 Changing the UID Param Figure 9.13 Burp Suite Intruder Positions Subtab Figure 9.14 Burp Suite Intruder Payload Figure 9.15 Burp Suite Intruder Payload Option Figure 9.16 Burp Suite Intruder Attack Figure 9.17 Burp Suite Extender Tab Figure 9.18 BApp Store Figure 9.19 Creating Reports in Burp Suite Figure 9.20 Report Sample in Burp Suite Figure 9.21 Software Development Lifecycle Figure 9.22 Secure Development Lifecycle Figure 9.23 Network Diagram Figure 9.24 Data Flow Diagram Chapter 10 Telegram Channel : @IRFaraExam Figure 10.1 Google Search – Dirty COW Exploit Chapter 11 Figure 11.1 Windows Permissions Figure 11.2 Iperius Backup Figure 11.3 Iperius About Tab Figure 11.4 Exploit‐DB – Iperius Exploitation Figure 11.5 Iperius – Evil.bat Config Chapter 12 Figure 12.1
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages593 Page
-
File Size-