ETHICAL HACKING AND PENETRATION TESTING GUIDE

ETHICAL HACKINGAND PENETRATIONTESTING GUIDERAFAY BALOCH

CRC PressTaylor & Francis Group6000 Broken Sound Parkway NW, Suite 300Boca Raton, FL 33487-2742 2015 by Taylor & Francis Group, LLCCRC Press is an imprint of Taylor & Francis Group, an Informa businessNo claim to original U.S. Government worksPrinted on acid-free paperVersion Date: 20140320International Standard Book Number-13: 978-1-4822-3161-8 (Paperback)This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have beenmade to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyrightholders of all material reproduced in this publication and apologize to copyright holders if permission to publish in thisform has not been obtained. If any copyright material has not been acknowledged please write and let us know so we mayrectify in any future reprint.Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from thepublishers.For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923,978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. Fororganizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only foridentification and explanation without intent to infringe.Library of Congress Cataloging‑in‑Publication DataBaloch, Rafay.Ethical hacking and penetration testing guide / Rafay Baloch.pages cmIncludes bibliographical references and index.ISBN 978-1-4822-3161-8 (paperback)1. Penetration testing (Computer security) I. Title.QA76.9.A25B356 2014005.8--dc23Visit the Taylor & Francis Web site athttp://www.taylorandfrancis.comand the CRC Press Web site athttp://www.crcpress.com2014006695

ContentsPreface. xxiiiAcknowledgments. xxvAuthor.xxvii1 Introduction to Hacking.1Important Terminologies. 2Asset. 2Vulnerability. 3Threat. 3Exploit. 3Risk. 3What Is a Penetration Test?. 3Vulnerability Assessments versus Penetration Test. 3Preengagement. 3Rules of Engagement. 4Milestones. 4Penetration Testing Methodologies. 5OSSTMM. 5NIST. 6OWASP. 7Categories of Penetration Test. 7Black Box. 7White Box. 7Gray Box. 7Types of Penetration Tests. 7Network Penetration Test. 8Web Application Penetration Test. 8Mobile Application Penetration Test. 8Social Engineering Penetration Test. 8Physical Penetration Test. 8Report Writing. 8Understanding the Audience. 9v

vi ContentsExecutive Class. 9Management Class. 9Technical Class. 9Writing Reports.10Structure of a Penetration Testing Report.10Cover Page.10Table of Contents.10Executive Summary.11Remediation Report. 12Vulnerability Assessment Summary. 12Tabular Summary.13Risk Assessment.14Risk Assessment Matrix.14Methodology.14Detailed mmendation.16Reports.17Conclusion.172 Linux Basics.19Major Linux Operating Systems.19File Structure inside of Linux. 20File Permission in Linux. 22Group Permission. 22Linux Advance/Special Permission. 22Link Permission. 23Suid & Guid Permission. 23Stickybit Permission. 23Chatter Permission. 24Most Common and Important Commands. 24Linux Scheduler (Cron Job).25Cron Permission. 26Cron Permission. 26Cron Files. 26Users inside of Linux. 28Linux Services. 29Linux Password Storage. 29Linux Logging. 30Common Applications of Linux. 30What Is BackTrack?. 30How to Get BackTrack 5 Running.31Installing BackTrack on Virtual Box.31Installing BackTrack on a Portable USB.35

Contents viiInstalling BackTrack on Your Hard Drive. 39BackTrack Basics. 43Changing the Default Screen Resolution. 43Some Unforgettable Basics. 44Changing the Password. 44Clearing the Screen. 44Listing the Contents of a Directory. 44Displaying Contents of a Specific Directory. 44Displaying the Contents of a File.45Creating a Directory.45Changing the Directories.45Windows.45Linux.45Creating a Text File.45Copying a File.45Current Working Directory.45Renaming a File.45Moving a File. 46Removing a File. 46Locating Certain Files inside BackTrack. 46Text Editors inside BackTrack. 46Getting to Know Your Network.47Dhclient.47Services. 48MySQL. 48SSHD. 48Postgresql. 50Other Online Resources.513 Information Gathering Techniques.53Active Information Gathering.53Passive Information Gathering.53Sources of Information Gathering. 54Copying Websites Locally. 54Information Gathering with Whois.55Finding Other Websites Hosted on the Same Server. 56Yougetsignal.com. 56Tracing the Location.57Traceroute.57ICMP Traceroute. 58TCP Traceroute. 58Usage. 58UDP Traceroute. 58Usage. 58NeoTrace.59Cheops-ng.59Enumerating and Fingerprinting the Webservers. 60

viii ContentsIntercepting a Response. 60Acunetix Vulnerability Scanner. 62WhatWeb. 62Netcraft. 63Google Hacking. 63Some Basic Parameters. 64Site. 64Example. 64TIP regarding Filetype.65Google Hacking Database. 66Hackersforcharity.org/ghdb.67Xcode Exploit Scanner.67File Analysis. 68Foca. 68Harvesting E-Mail Lists. 69Gathering Wordlist from a Target Website. 71Scanning for Subdomains. 71TheHarvester. 72Fierce in BackTrack. 72Scanning for SSL Version.74DNS Enumeration. 75Interacting with DNS Servers. 75Nslookup.76DIG.76Forward DNS Lookup. 77Forward DNS Lookup with Fierce.

Ethical hacking and penetration testing guide / Rafay Baloch. pages cm Includes bibliographical references and index. ISBN 978-1-4822-3161-8 (paperback) 1. Penetration testing (Computer security) I. Title. QA76.9.A25B356 2014 005.8--d