The Basics Of Hacking And Penetration Testing
Download from Wow! eBook www.wowebook.com The Basics of hackingand penetration testing
This page intentionally left blank
The Basics of Hackingand Penetration TestingEthical Hacking and PenetrationTesting Made EasyPatrick EngebretsonTechnical EditorJames BroadAmsterdam Boston Heidelberg London New YorkOxford Paris San Diego San FranciscoSingapore Sydney TokyoSyngress Press is an imprint of Elsevier
Acquiring Editor: Angelina WardDevelopment Editor: Heather SchererProject Manager: Jessica VaughanDesigner: Alisa AndreolaSyngress is an imprint of Elsevier225 Wyman Street, Waltham, MA 02451, USA 2011 Elsevier Inc. All rights reservedNo part of this publication may be reproduced or transmitted in any form or by any means, electronicor mechanical, including photocopying, recording, or any information storage and retrieval system,without permission in writing from the publisher. Details on how to seek permission, furtherinformation about the Publisher’s permissions policies and our arrangements with organizations suchas the Copyright Clearance Center and the Copyright Licensing Agency, can be found at ourwebsite: www.elsevier.com/permissions.This book and the individual contributions contained in it are protected under copyright by thePublisher (other than as may be noted herein).NoticesKnowledge and best practice in this field are constantly changing. As new research and experiencebroaden our understanding, changes in research methods or professional practices, may become necessary.Practitioners and researchers must always rely on their own experience and knowledge in evaluatingand using any information or methods described herein. In using such information or methods they should bemindful of their own safety and the safety of others, including parties for whom they have a professionalresponsibility.To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assumeany liability for any injury and/or damage to persons or property as a matter of products liability,negligence or otherwise, or from any use or operation of any methods, products, instructions, orideas contained in the material herein.Library of Congress Cataloging-in-Publication DataEngebretson, Pat (Patrick Henry), 1974 The basics of hacking and penetration testing : ethical hacking and penetration testing made easy / PatrickEngebretson.p. cm. – (Syngress basics series)Includes bibliographical references and index.ISBN 978-1-59749-655-1 (alk. paper)1. Computer security. 2. Computer hackers. 3. Computer software–Testing. 4. Computer crimes–Prevention. I. Title.QA76.9.A25E5443 2010005.8–dc232011018388British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British LibraryISBN: 978-1-59749-655-1Printed in the United States of America11 12 13 14 15 10 9 8 7 6 5 4 3 2 1For information on all Syngress publications visit our website at www.syngress.com
DedicationvThis book is dedicated to God, Lorianna, Maggie, and Molly. You are the steelcables that bind me. I love you.
This page intentionally left blank
ContentsviiACKNOWLEDGMENTS.ixABOUT THE AUTHOR.xiABOUT THE TECHNICAL EDITOR. xiiiINTRODUCTION. R1234567What is Penetration .65Web-based Exploitation.107Maintaining Access with Backdoors and Rootkits.127Wrapping Up the Penetration Test.145INDEX.157
This page intentionally left blank
AcknowledgmentsixLike most people, I have a list. The list is made up of life goals and dreams—things I would like to accomplish at some point in my life. Some of theitems on the list are big, some small, some well-defined, stable, and concrete,whereas others are more transient and ambiguous—like early morning fogon the Lutsen Mountains, constantly changing and moving, sometimes evendisappearing altogether only to reappear at a later date and time. Obviously,the list is not a stone tablet; it changes and updates as I move through life. Afew things, however, have never moved off the list; they stand as the MountRushmore’s in my life. Hundreds of feet high, carved into solid granite. Neverchanging. Always there. They gracefully weather the storms and vicissitudes oflife and simply wait to be crossed off. Some are nobler, some are egotistical,and some are even whimsical. I have had the good fortune in my life to be ableto cross off many of the items on my list. Even the big ones. This book represents the crossing off of one of my “Rushmore” items. A presidential face to besure (although I am not sure which face it actually represents!).As with most things in life, this book, the end product that you see, is the culmination of many people’s efforts and energies. So while I do get to cross thisoff my list, and while my name appears on the cover, please do not take thatto mean that this book is my sole creation. Without the dedication, support,help, and advice from everyone involved, there is no doubt you would not bereading these words right now. Writing a proper “Acknowledgments” sectionby truly listing everyone involved would fill many, many pages—below youwill find a simple attempt to say thanks. I apologize in advance if I forgot tomention anyone.My WifeWhat can I say that would justify or somehow verbalize what you mean to me?There is no doubt that this book is as much an effort on your part as mine. Yougave me the wings of encouragement to fly and the dedication of long lonelydays and nights while I worked on it. You never complained, never resisted,and were never upset when I needed more from you. Every man should be solucky. I am who I am because of you. Thank you.My GirlsTo my little Liebchens—you are the light of my life! I apologize for all earlymornings, late nights, and long weekends. Bring on the sunroom, Little People,
xAcknowledgmentsMary and Joseph, princesses, Barbie’s, and the Pirate Ship! Daddy loves youmore than life itself.My FamilyThanks to my mother and father for the gift of education and teaching me tounderstand the value of hard work and dedication to a project. Thanks also tomy other mother, who dedicated countless hours to reading and correcting myinitial rough drafts.To the Syngress TeamThanks for the opportunity! Thanks to the editing team; I appreciate all thehard work and dedication you gave to this project. Special thanks to AngelinaWard who ultimately earned a green light for the project, to Heather Scherer,my editor, for the countless hours and assistance, and to James Broad for theexcellent eye and great suggestions throughout the technical review process.To keep up with news and happenings about the book, or other securityrelated content, feel free to follow: pengebretson on Twitter or visit my home page: http://homepages.dsu.edu/pengebretson
About the AuthorxiDr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in information security from Dakota State University. He currentlyserves as an assistant professor of information assurance and also works as asenior penetration tester for a security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation,honey pots, and malware. In the past several years, he has published manypeer-reviewed journal and conference papers in these areas. He has beeninvited by the Department of Homeland Security to share his research at theSoftware Assurance Forum in Washington, DC, and has also spoken at BlackHat in Las Vegas. He regularly attends advanced exploitation and penetrationtesting trainings from industry-recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.
Download from Wow! eBook www.wowebook.com This page intentionally left blank
About theTechnical EditorxiiiJames Broad (CISSP, C EH, C)PTS, Security , MBA) is the President andowner of Cyber-Recon, LLC, where he and his team of consultants specialize in Information Security, Information Assurance, and Certification andAccreditation and offer other security consultancy services to corporate and government clients.As a security professional with over 20 years of real-world IT experience, Jamesis an expert in many areas of IT security, specializing in security engineering,penetration testing, and vulnerability analysis and research. He has providedsecurity services in the Nation’s most critical sectors including defense, lawenforcement, intelligence, finance, and healthcare.James has a Master’s of Business Administration degree with specialization inInformation Technology (MBA/IT) from the Ken Blanchard College of Business,Bachelor’s degrees in Computer Programming and Security Management fromSouthwestern University and is currently a Doctoral Learner pursuing a Ph.D.in Information Security from Capella University. He is a member of ISSA and(ISC) 2 . James currently resides in Stafford, Virginia with his family: Deanne,Micheal, and Temara.
This page intentionally left blank
IntroductionxvI suppose there are several questions that may be running through your headas you contemplate reading this book: Who is the intended audience for thisbook? How is this book different from book ‘x’ (insert your favorite title here)?Why should I buy it? Because these are all fair questions and I am asking youto plunk down your hard-earned cash, it is important to provide some answersto these questions.For people who are interested in learning about hacking and penetration testing, walking into a well-stocked bookstore can be as confusing as searchingfor “hacking” books at amazon.com. Initially, there appears to be an almostendless selection to choose from. Most large bookstores have several shelvesdedicated to computer security books. They include books on programmingsecurity, web application security, rootkits and malware, penetration testing,and, of course, hacking. However, even the hacking books seem to vary in content and subject matter. Some books focus on using tools but do not discusshow these tools fit together. Other books focus on hacking a particular subjectbut lack the broad picture.This book is intended to address these issues. It is meant to be a single startingpoint for anyone interested in the topics of hacking or penetration testing. Thebook will certainly cover specific tools and topics but will also examine howthe tools fit together and how they rely on one another to be successful.Who is the intended audience for this book?This book is meant to be a very gentle yet thorough guide to the world of hacking and penetration testing. It is specifically aimed at helping you master thebasic steps needed to complete a hack or penetration test without overwhelming you. By the time you finish this book, you will have a solid understandingof the penetration testing process and you will be comfortable with the basictools needed to complete the job.Specifically, this book is aimed at people who are new to the world of hacking and penetration testing, for those with little or no previous experience, forthose who are frustrated by the inability to see the big picture (how the varioustools and phases fit together), or for those looking to expand their knowledgeof offensive security.In short this book is written for anyone who is interested in computer security, hacking, or penetration testing but has no prior experience and is not surewhere to begin. A colleague and I call this concept “zero entry hacking” (ZEH),
xviIntroductionmuch like modern-day swimming pools. Zero entry pools gradually slope fromthe dry end to the deep end, allowing swimmers to wade in without feelingoverwhelmed or without having a fear of drowning. The “zero entry” conceptallows everyone the ability to use the pool regardless of age or swimming ability. This book employs a similar technique. ZEH is designed to expose you tothe basic concepts without overwhelming you. Completion of ZEH will prepare you for advanced courses and books.How is this book different from book ‘x’?When not spending time with my family, there are two things I enjoy doing:reading and hacking. Most of the time, I combine these hobbies by readingabout hacking. As a professor and a penetration tester, you can imagine that mybookshelf is lined with many books on hacking, security, and penetration testing. As with most things in life, the quality and value of every book is different.Some books are excellent resources that have been used so many times that thebindings are literally falling apart. Others are less helpful and remain in nearlynew condition. A book that does a good job of explaining the details withoutlosing the reader is worth its weight in gold. Unfortunately, most of my personal favorites, those that are worn and tattered, are either very lengthy (500 pages) or very focused (an in-depth guide to a single topic). Neither of these isa bad thing; in fact, quite the opposite, it is the level of detail and the clarity ofthe authors’ explanation that make them so great. But at the same time,
and, of course, hacking. However, even the hacking books seem to vary in con-tent and subject matter. some books focus on using tools but do not discuss how these tools fit together. other books focus on hacking a particular subject but lack the broad picture. this book is intended to address these issues. it is meant to be a single starting
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
private sectors is ethical hacking. Hacking and Ethical Hacking Ethical hacking can be conceptualized through three disciplinary perspectives: ethical, technical, and management. First, from a broad sociocultural perspective, ethical hacking can be understood on ethical terms, by the intentions of hackers. In a broad brush, ethical
