0%

Book Description

Learn how to hack systems like black hat hackers and secure them like security experts

Key Features

  • Understand how computer systems work and their vulnerabilities
  • Exploit weaknesses and hack into machines to test their security
  • Learn how to secure systems from hackers

Book Description

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You'll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices.

Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections.

The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.

What you will learn

  • Understand ethical hacking and the different fields and types of hackers
  • Set up a penetration testing lab to practice safe and legal hacking
  • Explore Linux basics, commands, and how to interact with the terminal
  • Access password-protected networks and spy on connected clients
  • Use server and client-side attacks to hack and control remote computers
  • Control a hacked system remotely and use it to hack other systems
  • Discover, exploit, and prevent a number of web application vulnerabilities such as XSS and SQL injections

Who this book is for

Learning Ethical Hacking from Scratch is for anyone interested in learning how to hack and test the security of systems like professional hackers and security experts.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Learn Ethical Hacking from Scratch
  3. Dedication
  4. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  5. Contributors
    1. About the author
    2. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Conventions used
    4. Get in touch
      1. Reviews
  7. Introduction
    1. What's in this book?
      1. Preparation
      2. Penetration testing
        1. Network penetration testing
        2. Gaining access
        3. Post exploitation
        4. Website penetration testing
      3. Protecting your system
    2. What is hacking?
    3. Why should we learn about hacking?
    4. A glimpse of hacking
      1. Browser exploitation framework
      2. Accessing the target computer's webcam
    5. Summary
  8. Setting Up a Lab
    1. Lab overview
      1. VirtualBox
        1. Installation of VirtualBox
    2. Installing Kali Linux
    3. Installing Metasploitable
    4. Installing Windows
    5. Creating and using snapshots 
    6. Summary
  9. Linux Basics
    1. Overview of Kali Linux
      1. Status bar icons
      2. Connecting the wireless card
    2. Linux commands
      1. Commands
        1. The ls command
        2. The man command
        3. The help command
        4. The Tab button
    3. Updating resources
    4. Summary
  10. Network Penetration Testing
    1. What is a network?
    2. Network basics
    3. Connecting to a wireless adapter
    4. MAC addresses
    5. Wireless modes – managed and monitor
    6. Enabling monitor mode manually
    7. Enabling monitor mode using airmon-ng
    8. Summary
  11. Pre-Connection Attacks
    1. Packet sniffing basics
    2. Targeted packet sniffing 
    3. Deauthentication attack
    4. What is a fake access point?
    5. Creating fake access points with the MANA Toolkit
    6. Summary
  12. Network Penetration Testing - Gaining Access
    1. WEP theory
    2. Basic web cracking
    3. Fake authentication attack
    4. ARP request replay
    5. WPA introduction
    6. WPS cracking
    7. Handshake theory
    8. Capturing the handshake
    9. Creating a wordlist
    10. Wordlist cracking
    11. Securing network from attacks
    12. Summary
  13. Post-Connection Attacks
    1. Post-connection attacks
      1. The netdiscover tool
      2. The AutoScan tool
      3. Zenmap
    2. Summary 
  14. Man-in-the-Middle Attacks
    1. Man-in-the–middle attacks
      1. ARP spoofing using arpspoof
      2. ARP spoofing using MITMf
      3. Bypassing HTTPS
      4. Session hijacking
      5. DNS spoofing
      6. MITMf screenshot keylogger
      7. MITMf code injection
      8. MITMf against a real network
    2. Wireshark
      1. Wireshark basics 
      2. Wireshark filters
    3. Summary
  15. Network Penetration Testing, Detection, and Security
    1. Detecting ARP poisoning
    2. Detecting suspicious behavior
    3. Summary
  16. Gaining Access to Computer Devices
    1. Introduction to gaining access
      1. Server side
      2. Client side
      3. Post-exploitation
    2. Sever-side attacks
    3. Server-side attack basics
    4. Server-side attacks – Metasploit basics
    5. Metasploit remote code execution
    6. Summary
  17. Scanning Vulnerabilities Using Tools
    1. Installing MSFC
    2. MSFC scan
    3. MSFC analysis
    4. Installing Nexpose
    5. Running Nexpose
    6. Nexpose analysis
    7. Summary
  18. Client-Side Attacks
    1. Client-side attacks
    2. Installing Veil
    3. Payloads overview
    4. Generating a Veil backdoor
    5. Listening for connections
    6. Testing the backdoor
    7. Fake bdm1 updates
    8. Client-side attacks using the bdm2 BDFProxy
    9. Protection against delivery methods
    10. Summary
  19. Client-Side Attacks - Social Engineering
    1. Client-side attacks using social engineering 
    2. Maltego overview
    3. Social engineering – linking accounts
    4. Social engineering – Twitter
    5. Social engineering – emails
    6. Social engineering – summary
    7. Downloading and executing AutoIt 
    8. Changing the icon and compiling the payload
    9. Changing extensions
    10. Client-side attacks – TDM email spoofing
    11. Summary
  20. Attack and Detect Trojans with BeEF
    1. The BeEF tool
    2. BeEF – hook using a MITMf
    3. BeEF – basic commands
    4. BeEF – Pretty Theft
    5. BeEF – Meterpreter 1
    6. Detecting Trojans manually
    7. Detecting Trojans using a sandbox
    8. Summary
  21. Attacks Outside the Local Network
    1. Port forwarding
    2. External backdoors
    3. IP forwarding
    4. External BeEF
    5. Summary
  22. Post Exploitation
    1. An introduction to post exploitation
    2. Meterpreter basics
    3. Filesystem commands
    4. Maintaining access by using simple methods
    5. Maintaining access by using advanced methods
    6. Keylogging
    7. An introduction to pivoting
    8. Pivoting autoroutes
    9. Summary 
  23. Website Penetration Testing
    1. What is a website?
    2. Attacking a website
    3. Summary
  24. Website Pentesting - Information Gathering
    1. Information gathering using tools
      1. The Whois Lookup
      2. Netcraft
      3. Robtex
    2. Websites on the same server
    3. Information gathering from target websites
      1. Finding subdomains
      2. Information gathering using files
      3. Analyzing file results 
    4. Summary
  25. File Upload, Code Execution, and File Inclusion Vulnerabilities
    1. File upload vulnerabilities
      1. Getting started with Weevely
    2. Code execution vulnerabilities
    3. Local file inclusion vulnerabilities
    4. Remote file inclusion using Metasploitable
    5. Basic mitigation
    6. Summary
  26. SQL Injection Vulnerabilities
    1. What is SQL?
    2. The dangers of SQLi
    3. Discovering SQLi
    4. SQLi authorization bypass
    5. Discovering an SQLi using the GET method
    6. Basic SELECT statements
    7. Discovering tables
    8. Reading columns and their data
    9. Reading and writing files on the server
    10. The sqlmap tool
    11. Preventing SQLi 
    12. Summary 
  27. Cross-Site Scripting Vulnerabilities
    1. Introduction to XSS
    2. Reflected XSS
    3. Stored XSS
    4. XSS BeEF exploitation
    5. XSS protection
    6. Summary 
  28. Discovering Vulnerabilities Automatically Using OWASP ZAP
    1. OWASP ZAP start
    2. OWASP ZAP results
    3. Summary
  29. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
35.169.107.177