I wanted me to keep track of myself and for others, books I read while getting some cyber security education to better understand the industry and what it takes to be a hat or painter for a while is. Of course, to date I have read many security books, but have not documented them in a blog or anywhere else.
I’ll close things:
“The Basics of Hacking and Penetration Testing” by jdsingh
If anyone reads this blog, note that I still recommend that the book be read, as I will only write here what is a good idea to do, and that I did not consider it before reading the book:
Chapter 2 Quick Notes – Reconnaissance:
– This is the lowest technical phase
– New people in the world of hacking are believed to be a big mistake
– Keep a strategy while reconciling
– You can install HTTrack in Kali with the command:
# apt-get install webhttrack
, So know that running a tool against a website is considered to be easily detectable and aggressive
– Read / learn about Google hacking (see Johnny Long’s Defcon video presentation)
– Always use the latest version of Harvester (to collect email and subdomains)
– Dedicate as much as possible a dedicated angle to gather and practice information
– Use tools / commands like Whois, Netcraft, Host, nslookup, digger, Metagoofil
– Do not forget about gathering DNS information
– Learn social engineering (for example: call someone on leave and resort to call or email technology to reset your password in the email account to gain access to the email account)
– You can intentionally leave a USB thumb drive around, with a malicious code, and wait for someone to gain access to the person’s computer or the company’s computer, hence the network.
– Always protect the data you collect in this process, stay within the boundaries of the Pentest, or ask for the Pentest scope to be broadened to include new findings.
– Look into the Maltego paterva tool that collects information from the public database with details about the target company
– Happy reconnaissance !!!
Chapter 3 – Scanning
-Using a ping-sweep Fping and dump the result into a file
fping -a -g 172.16.128.1 172.16.128.254> host.txt
– Always scan intentionally for UDP and TCP ports
ex: nmap -sT and -sU
Use scan switch to scan all ports ‘-p -‘
– If ping requests are prevented from using the ‘switch -PN’ switch
– Scan for all TCP ports even if there is a ping block
nmap -sT -p- -PN 192.168.1.1-254
– To find the version of UDP protocol services:
nmap -sUV 192.168.1.5
– For vulnerability scanning use:
Remember to use Nessus, and plug-ins (a small block of code that is sent to the target machine to check for a known vulnerability).
Chapter 4 – Exploitation
An exploitation is a perception of vulnerability.
Lack of order and structure in an entrance exam often leads to frustration and failure!
Always collect data in the information gathering phase. Spend most of the time in this phase.
Tools for online password cracking: Medusa and Hydra.
Medusa-h target-ip -u username-path-to-dictionary-m authentication-service-to-crack
In the old days, prior to Metasploit, security researchers had only available canvass absorbent frameworks of core Impact and immunities.
Chapter 5 – Web Based Exploitation
perl nikto.pl -h 172.16.45.129 -p 1-1000
windows / adduser = Create a new user in the local admin group on the target machine
Windows / execution = execute a windows binary (.exe) on the target machine
windows / shell_bind_tcp = Open a command shell on the target machine and wait for the connection
Windows / shell_brave_tcap = target machine connects back to the attacker and opens the command shell (on target)
windows / meterpreter / bind_tcp = target machine installs the meterter and waits for a connection
windows / meterpreter / reverse_tcp = installs Metpreter on the target machine then creates a connection for the attacker
Windows / vncinject / bind_tcp = Install VNC on target machine and wait for connection
Windows / vncinject / reverse_tcp = Installs VNC on target machine and sends VNC connection back to target
Instead of throwing indiscriminate exploits at a target, find a way to match known system vulnerabilities with prepackaged exploits in Metasploit.
Use Nessus as a vulnerability scanner.
Build your understanding of buffer overflow and exploitation. Commit yourself to truly understanding exploitation.
VNC injection, rarely used in PT (penetration test).
Run programs with the most restrictive privileges, and avoid running anything as root or administrator.
Older systems threaten your entire network.
./unshadow / etc / passwd / etc / shadow> /tmp/linux_hashes.txt
By default most network cards operate in nonprocessor mode. Nonpromiscuous mode of nausea.