Title Page

Copyright

• Improving your Penetration Testing Skills

About Packt

• Why subscribe?
• Packt.com

Contributors

• About the authors
• Packt is searching for authors like you

Preface

• Who this book is for
• What this book covers
• To get the most of this book
• Get in touch

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

• Proactive security testing
• Considerations when performing penetration testing
• Kali Linux
• A web application overview for penetration testers

2. Setting Up Your Lab with Kali Linux

• Kali Linux
• Important tools in Kali Linux
• Vulnerable applications and servers to practice on

3. Reconnaissance and Profiling the Web Server

• Reconnaissance
• Information gathering
• Scanning – probing the target

4. Authentication and Session Management Flaws

• Authentication schemes in web applications
• Session management mechanisms
• Common authentication flaws in web applications
• Detecting and exploiting improper session management
• Preventing authentication and session attacks

5. Detecting and Exploiting Injection-Based Flaws

• Command injection
• SQL injection
• XML injection
• NoSQL injection
• Mitigation and prevention of injection vulnerabilities

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

• An overview of Cross-Site Scripting
• Exploiting Cross-Site Scripting
• Scanning for XSS flaws
• Preventing and mitigating Cross-Site Scripting

7. Cross-Site Request Forgery, Identification, and Exploitation

• Testing for CSRF flaws
• Exploiting a CSRF flaw
• Preventing CSRF

8. Attacking Flaws in Cryptographic Implementations

• A cryptography primer
• Secure communication over SSL/TLS
• Identifying weak implementations of SSL/TLS
• Custom encryption protocols
• Common flaws in sensitive data storage and transmission
• Preventing flaws in cryptographic implementations

9. Using Automated Scanners on Web Applications

• Considerations before using an automated scanner
• Web application vulnerability scanners in Kali Linux
• Content Management Systems scanners
• Fuzzing web applications
• Post-scanning actions

10. Metasploit Quick Tips for Security Professionals

• Introduction
• Installing Metasploit on Windows
• Installing Linux and macOS
• Installing Metasploit on macOS
• Using Metasploit in Kali Linux
• Setting up a penetration-testing lab
• Setting up SSH connectivity
• Connecting to Kali using SSH
• Configuring PostgreSQL
• Creating  workspaces
• Using the database
• Using the hosts command
• Understanding the services command

11. Information Gathering and Scanning

• Introduction
• Passive information gathering with Metasploit
• Active information gathering with Metasploit
• Port scanning—the Nmap way
• Port scanning—the db_nmap way
• Host discovery with ARP Sweep
• UDP Service Sweeper
• SMB scanning and enumeration
• Detecting SSH versions with the SSH Version Scanner
• FTP scanning
• SMTP enumeration
• SNMP enumeration
• HTTP scanning
• WinRM scanning and brute forcing
• Integrating with Nessus
• Integrating with NeXpose
• Integrating with OpenVAS

12. Server-Side Exploitation

• Introduction
• Exploiting a Linux server
• SQL injection
• Types of shell
• Exploiting a Windows Server machine
• Exploiting common services
• MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
• MS17-010 EternalRomance/EternalSynergy/EternalChampion
• Installing backdoors
• Denial of Service

13. Meterpreter

• Introduction
• Understanding the Meterpreter core commands
• Understanding the Meterpreter filesystem commands
• Understanding Meterpreter networking commands
• Understanding the Meterpreter system commands
• Setting up multiple communication channels with the target
• Meterpreter anti-forensics
• The getdesktop and keystroke sniffing
• Using a scraper Meterpreter script
• Scraping the system using winenum
• Automation with AutoRunScript
• Meterpreter resource scripts
• Meterpreter timeout control
• Meterpreter sleep control
• Meterpreter transports
• Interacting with the registry
• Loading framework plugins
• Meterpreter API and mixins
• Railgun—converting Ruby into a weapon
• Adding DLL and function definitions to Railgun
• Injecting the VNC server remotely
• Enabling Remote Desktop

14. Post-Exploitation

• Introduction
• Post-exploitation modules
• Bypassing UAC
• Dumping the contents of the SAM database
• Passing the hash
• Incognito attacks with Meterpreter
• Using Mimikatz
• Setting up a persistence with backdoors
• Becoming TrustedInstaller
• Backdooring Windows binaries
• Pivoting with Meterpreter
• Port forwarding with Meterpreter
• Credential harvesting
• Enumeration modules
• Autoroute and socks proxy server
• Analyzing an existing post-exploitation module
• Writing a post-exploitation module

15. Using MSFvenom

• Introduction
• Payloads and payload options
• Encoders
• Output formats
• Templates
• Meterpreter payloads with trusted certificates

16. Client-Side Exploitation and Antivirus Bypass

• Introduction
• Exploiting a Windows 10 machine
• Bypassing antivirus and IDS/IPS
• Metasploit macro exploits
• Human Interface Device attacks
• HTA attack
• Backdooring executables using a MITM attack
• Creating a Linux trojan
• Creating an Android backdoor

17. Social-Engineer Toolkit

• Introduction
• Getting started with the Social-Engineer Toolkit
• Working with the spear-phishing attack vector
• Website attack vectors
• Working with the multi-attack web method
• Infectious media generator

18. Working with Modules for Penetration Testing

• Introduction
• Working with auxiliary modules
• DoS attack modules
• Post-exploitation modules
• Understanding the basics of module building
• Analyzing an existing module
• Building your own post-exploitation module
• Building your own auxiliary module

1. Other Books You May Enjoy

• Leave a review - let other readers know what you think