Trùng The basics of hacking and penetration testing

Ebook "The basics of hacking and penetration testing" includes content: What is penetration testing; reconnaissance; scanning; exploitation; web based exploitation; maintaining access with backdoors and rootkits; wrapping up the penetration test.
Nội dung trích xuất từ tài liệu:
Trùng The basics of hacking and penetration testing The Basics of hacking and penetration testing This page intentionally left blank The Basics of Hacking and Penetration Testing Ethical Hacking and Penetration Testing Made Easy Patrick Engebretson Technical Editor James Broad Amsterdam • Boston • Heidelberg • London • New York Oxford • Paris • San Diego • San Francisco Singapore • Sydney • Tokyo Syngress Press is an imprint of Elsevier Acquiring Editor: Angelina Ward Development Editor: Heather Scherer Project Manager: Jessica Vaughan Designer: Alisa Andreola Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA © 2011 Elsevier Inc. All rights reserved No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Engebretson, Pat (Patrick Henry), 1974-  The basics of hacking and penetration testing : ethical hacking and penetration testing made easy / Patrick Engebretson.    p. cm. – (Syngress basics series)  Includes bibliographical references and index.  ISBN 978-1-59749-655-1 (alk. paper)   1. Computer security. 2. Computer hackers. 3. Computer software–Testing. 4. Computer crimes– Prevention. I. Title.   QA76.9.A25E5443 2010   005.8–dc23 2011018388 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-1-59749-655-1 Printed in the United States of America 11 12 13 14 15  10 9 8 7 6 5 4 3 2 1 For information on all Syngress publications visit our website at www.syngress.com Dedication v This book is dedicated to God, Lorianna, Maggie, and Molly. You are the steel cables that bind me. I love you. This page intentionally left blank Contents vii ACKNOWLEDGMENTS...............................................................................ix ABOUT THE AUTHOR................................................................................xi ABOUT THE TECHNICAL EDITOR............................................................. xiii INTRODUCTION....................................................................................... xv CHAPTER 1 What is Penetration Testing?.................................................1 CHAPTER 2 Reconnaissance..................................................................15 CHAPTER 3 Scanning.............................................................................43 CHAPTER 4 Exploitation.........................................................................65 CHAPTER 5 Web-based Exploitation.....................................................107 CHAPTER 6 Maintaining Access with Backdoors and Rootkits...............127 CHAPTER 7 Wrapping Up the Penetration Test......................................145 INDEX...................................................................................................157 This page intentionally left blank Acknowledgments ix Like most people, I have a list. The list is made up of life goals and dreams— things I would like to accomplish at some point in my life. Some of the items on the list are big, some small, some well-defined, stable, and concrete, whereas others are more transient and ambiguous—like early morning fog on the Lutsen Mountains, constantly changing and moving, sometimes even disappearing altogether only to reappear at a later date and time. Obviously, the list is not a stone tablet; it changes and updates as I move through life. A few things, however, have never moved off the list; they stand as the Mount Rushmore’s in my life. Hundreds of feet high, carved into solid granite. Never changing. Always there. They gracefully weather the storms and vic ...