TY - BOOK AU - Davis Royce TI - The art of penetration testing: how to take over any company in the world SN - 9781617296826 AV - TK51051.59 DAV PY - 2020/// PB - Manning Publications Company KW - Penetration testing (Computer security) KW - Computer networks KW - Security measures KW - Information resources KW - Computer security N1 - Includes bibliography and index; Intro The Art of Network Penetration Testing Copyright contents front matter preface acknowledgments about this book Who should read this book How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustration 1 Network penetration testing 1.1 Corporate data breaches 1.2 How hackers break in 1.2.1 The defender role 1.2.2 The attacker role 1.3 Adversarial attack simulation: Penetration testing 1.3.1 Typical INPT workflow 1.4 When a penetration test is least effective 1.4.1 Low-hanging fruit 1.4.2 When does a company really need a penetration test? 1.5 Executing a network penetration test 1.5.1 Phase 1: Information gathering 1.5.2 Phase 2: Focused penetration 1.5.3 Phase 3: Post-exploitation and privilege escalation 1.5.4 Phase 4: Documentation 1.6 Setting up your lab environment 1.6.1 The Capsulecorp Pentest project 1.7 Building your own virtual pentest platform 1.7.1 Begin with Linux 1.7.2 The Ubuntu project 1.7.3 Why not use a pentest distribution? Summary Phase 1. Information gathering 2 Discovering network hosts 2.1 Understanding your engagement scope 2.1.1 Black-box, white-box, and grey-box scoping 2.1.2 Capsulecorp 2.1.3 Setting up the Capsulecorp Pentest environment 2.2 Internet Control Message Protocol 2.2.1 Using the ping command 2.2.2 Using bash to pingsweep a network range 2.2.3 Limitations of using the ping command 2.3 Discovering hosts with Nmap 2.3.1 Primary output formats 2.3.2 Using remote management interface ports 2.3.3 Increasing Nmap scan performance 2.4 Additional host-discovery methods 2.4.1 DNS brute-forcing 2.4.2 Packet capture and analysis 2.4.3 Hunting for subnets Summary 3 Discovering network services 3.1 Network services from an attacker's perspective 3.1.1 Understanding network service communication 3.1.2 Identifying listening network services 3.1.3 Network service banners 3.2 Port scanning with Nmap 3.2.1 Commonly used ports 3.2.2 Scanning all 65,536 TCP ports 3.2.3 Sorting through NSE script output 3.3 Parsing XML output with Ruby 3.3.1 Creating protocol-specific target lists Summary 4 Discovering network vulnerabilities 4.1 Understanding vulnerability discovery 4.1.1 Following the path of least resistance 4.2 Discovering patching vulnerabilities 4.2.1 Scanning for MS17-010 Eternal Blue 4.3 Discovering authentication vulnerabilities 4.3.1 Creating a client-specific password list 4.3.2 Brute-forcing local Windows account passwords 4.3.3 Brute-forcing MSSQL and MySQL database passwords 4.3.4 Brute-forcing VNC passwords 4.4 Discovering configuration vulnerabilities 4.4.1 Setting up Webshot 4.4.2 Analyzing output from Webshot 4.4.3 Manually guessing web server passwords N2 - Teaching you how to take over an enterprise network from the inside, this book lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage. -- Edited summary from book ER -