Penetration Testing Practice Guide: required tools and methods

Penetration Testing Practice Guide: required tools and methods
Basic Information
Original Title: the basics of hacking and penetration testing: Ethical Hacking and penetration testing made easy
Author: (US) Patrick engebretson
Translator: min Lun, Ying, Cai jindong
Press: Machinery Industry Press
ISBN: 9787111401414
Mounting time:
Published on: February 1, January 2013
Start: 16
Page number: 1
Version: 1-1
Category: Computer> Security> network security/Firewall/hacker

More about, penetration testing practice guide: required tools and methods
Introduction
Books
Computer books
Penetration Testing Practice Guide: required tools and methods is an authoritative and Practical Guide to penetration testing. Amazon has a best-selling five stars and is recommended by the Director of the National Security Administration of America, it is hailed as one of the books required for learning penetration testing. The original zeh method, combined with cutting-edge and practical open-source tools, uses a scientific and orderly four-step model to fully explain the penetration testing technology, tools, and methods, combined with a large number of demo instances, detailed operation steps and graphic explanations are provided. This is a reference for system learning penetration testing.
The guide to penetration testing practices: Tools and methods required for penetration testing are divided into seven chapters: Chapter 1st introduces the concept of penetration testing, common tools (backtrack, etc.), and the establishment of the testing environment, and the four-step model method. Chapter 2nd describes httrack, Google search commands, and the harvester (email address Reconnaissance) detection tools and techniques such as DNS and email server information extraction, metagoofil, and information filtering techniques; chapter 2 describes practical tools and parameter settings for ping commands, Ping scans, and port scans, such as NMAP and Nessus ~ Chapter 5 describes the process, tools, and skills of exploits, including obtaining remote service access permissions, password resetting and cracking, sniffing network traffic, automated vulnerability attacks and web vulnerability scanning, web server scanning, blocking requests, code injection, cross-site scripting, and other popular hacker technology and tools; chapter 2 introduces the methods and precautions for using backdoors and rootkit, and focuses on the use, detection, and defense technologies of Netcat, cryptcat, NetBus, and common rootkit; chapter 2 focuses on how to compile the penetration test report. The end of each chapter is extended reading, including the introduction of some tools and related in-depth topics, so that interested readers can find the direction of self-improvement.
Directory
Penetration Testing Practice Guide: required tools and methods
Translator's preface
Preface
Thank you
Chapter 1 Penetration Test 1
1.1 Introduction 1
1.2 introduction to backtrack Linux 3
1.3 Use backtrack: Start Engine 7
1.4 setup and use of the hacker lab environment 10
1.5 Step 11 of Penetration Testing
1.6 review of this Chapter 15
1.7 Conclusion 15
Chapter 1 reconnaissance 17
2.1 Introduction 17
2.2 httrack: 21
2.3 Google instructions-Google search practices 24
2.4 The harvester: mines and uses the email address 29
2.5 whois31
2.6 netcraft34
2.7 host tool 35
2.8 extract information from DNS 36
2.8.1 NS lookup 37
2.8.2 dig 39
2.9 extract information from email server 39
2.10 metagoofil40
2.11 social engineering 42
2.12 filter information to find attack targets 43
2.13 how to practice 44
2.14 what to do next 44
2.15 summary 45
Chapter 4 scanning 47
3.1 Overview 47
3.2 Ping and Ping scan 50
Port 3.3 scan 52
3.3.1 three-way handshake 53
3.3.2 use NMAP for TCP connection scanning 54
3.3.3 use NMAP for SYN scan 55
3.3.4 use NMAP for UDP scan 57
3.3.5 use NMAP to perform XMAS scan 60
3.3.6 use NMAP to perform null scan 61
3.3.7 Port Scan summary 62
3.4 vulnerability scan 63
3.5 how to practice 66
3.6 what to do next 68
3.7 summary 68
Chapter 1 exploitation of vulnerabilities 69
4.1 overview 69
4.2 Use Medusa to obtain remote service access 71
4.3 metasploit74
4.4 John the Ripper: password cracking King 87
4.5 Password Reset: 96 for broken walls
4.6 sniffing network traffic 99
4.7 macof: Flood attack switch 100
4.8 fast-track autopwn: Automated vulnerability attack 104
4.9 how to practice 108
4.10 what to do next 110
4.11 conclusion 112
Chapter 1 web-based vulnerability exploitation 5th
5.1 Introduction 115
5.2 Scan Web server: nikto116
5.3 websecurify: automated Web vulnerability scan 117
5.4 web crawler: capture the target website 119
5.5 use webscarab to intercept requests 122
5.6 code injection attacks 125
5.7 cross-site scripting: trust the web browser 129
5.8 how to practice 133
5.9 what to do next 134
5.10 conclusion 135
Chapter 4 Use a backdoor and rootkit to maintain access 6th
6.1 Introduction 137
6.2 Netcat: Swiss Army Knife 138
6.3 Netcat mysterious family member: cryptcat144
6.4 NetBus: a classic tool 145
6.5 rootkit146
6.6 rootkit detection and defense 152
6.7 how to practice 154
6.8 what to do next 155
6.9 conclusion 156
Chapter 2 penetration testing summary 7th
7.1 Introduction 157
7.2 prepare the penetration test report 158
7.2.1 comprehensive report 159
7.2.2 detailed report 159
7.2.3 Original output 161
7.3 continue 164
7.4 what to do next 166
7.5 Conclusion 168
7.6 endless learning 169
7.7 conclusion 169

Source of this book: China Interactive publishing network