1st Edition

Conducting Network Penetration and Espionage in a Global Environment

By Bruce Middleton Copyright 2014
    599 Pages 687 B/W Illustrations
    by Auerbach Publications

    599 Pages 687 B/W Illustrations
    by Auerbach Publications

    When it’s all said and done, penetration testing remains the most effective way to identify security vulnerabilities in computer networks. Conducting Network Penetration and Espionage in a Global Environment provides detailed guidance on how to perform effective penetration testing of computer networks—using free, open source, and commercially available tools, including Backtrack, Metasploit, Wireshark, Nmap, Netcat, and Nessus. It also considers exploits and other programs using Python, PERL, BASH, PHP, Ruby, and Windows PowerShell.

    The book taps into Bruce Middleton’s decades of experience with computer security, including penetration testing of military networks, the White House, utilities, manufacturing facilities, CIA headquarters, the Defense Information Systems Agency, and NASA. Mr. Middleton begins with a chapter on defensive measures/privacy issues and then moves on to describe a cyber-attack on one of his labs and how he responded to the attack.

    Next, the book explains how to research a target without directly "touching" that target. Once you’ve learned all you can, the text describes how to gather even more information using a more direct approach. From there, it covers mathematical analysis, considers target exploitation, and discusses Chinese and Syrian cyber-attacks.

    Providing authoritative guidance on cyberforensics, reverse engineering, and penetration testing, the book categorizes testing tools according to their use within the standard penetration testing framework. For each of the above-mentioned categories, you will find basic and advanced tools and procedures to help you identify security vulnerabilities in today’s networks.

    After reading this book, you will understand how to perform an organized and efficient penetration test. You will also learn techniques used to bypass anti-virus software and capture keystrokes of remote systems. Explaining how to put together your own penetration testing lab, the text concludes by describing how to utilize various iPhone apps to perform reconnaissance activities on wireless networks.

    What You Need to Know First
    MatLab and SimuLink (MathSoft.com)
    Recommended Defensive Measures
    Google News Groups
    Typical PT Process
    Recommended Books/Classes
    Last but Not Least—A Pet Peeve
    Training
    Minimal Paperwork

    Attack from Christmas Island

    Indirect Target Information Acquisition (ITIA)
    Shodan
    Using Google to Obtain Information
    ;TheHarvester
    Nslookup
    Dig
    Dnsenum
    Dnswalk
    Dnsrecon
    Fierce
    Smtp-user-enum
    Dnsmap
    Dmitry
    Itrace
    Tcptraceroute
    Tctrace
    Goorecon
    Snmpenum
    Snmpwalk
    Snmpcheck

    Direct Target Information Acquisition (DTIA)
    Target Discovery
         Ping
         # ping -c 2 <target>
         #ping -c 3 -s 1000 IP
         Fping
         Genlist
         Hping
         Nbtscan
         Nping
         Onesixtyone
         P0f
         Xprobe2
    Enumerating Target
    Some Miscellaneous Items to Keep in Mind (Refer to as Needed)
         Start Networks
         Create Videos
         Whois xumpidhjns.it.cx
         Whois 95.141.28.91
         Whois nucebeb.changeip.name
         Whois 64.120.252.74
         Netcraft
         Host
         DNS Tools (More)
         Nslookup

    Nmap
    Nmap -T0 -O -sTV -vv -p- -PN IP
    Nmap -O -sSV -vv -p- -PN IP
    Nmap–script http-enum, http-headers, http-methods, http-php-version-p 80 IP
    Nmap -A -vvv -p- -PN -iL IPlist.txt
    Nmap -f -f -vvv -p- -PN IP
    Nmap -sP -PA IP.0/24
    Nmap -sS -sU -p U:53,T:22,134-139 IP
    Nmap -O -sUV -vvv -p- -PN IP
    Nmap -O -sXV -vvv -p- -PN IP
    Nmap -O -sNV -vvv -p- -PN IP
    Nmap -mtu 16 -vvv -p- -PN IP
    Nmap -sM -vvv -p- -PN IP
    Nmap -sC -p- -PN IP
    Nmap -p 139,445 IP
    Nmap -scanflags PSH -p- -PN IP
    Nmap -scanflags PSH -p135 IP
    Nmap -scanflags SYN -p135 IP
    Nmap -sA -scanflags PSH -p- -PN IP
    Nmap -sP IP.0/24 -oA Results
    Nmap -sP -PA -oN Results IP.0/24
    Nmap -n -sP 192.168.4.1-20
    Nmap -sP -oG Results IP.0/24
    Nmap -v -sP 192.168.0.0/16 10.0.0.0/8
    Nmap -sP -PN -PS -reason IP
    Nmap -sL IP.1-255
    Nmap -sS -sV -O -v IP
    Nmap -T0 -vv -b FTP_IP TARGET_IP -oA Results
    Nmap -sF -PN -p22 IP
    Nmap -sU -p0-65535 IP
    Nmap -sU -v -p 1-65535 IP
    Nmap -sU -p 161
    Nmap -sU -T5 -p 69, 123, 161, 1985 IP
    Nmap -PP -PM IP
         Nmap -sO IP
         Nmap -O IP
         Nmap -sV IP

    MatLab, SimuLink, and R

    Metasploit Pro
    Now Verify Database Connectivity with Metasploit
    Perform an Nmap Scan within Metasploit
    Using Auxiliary Modules in Metasploit
    Using Metasploit to Exploit
         No Options to Set
         See Lots of Them
         Did We Obtain a Command Shell?
         See the Active Driver, such as postgresql
    If You Get an Error While Connecting to the DB
    Using the DB to Store Pen Test Results
    Analyzing Stored Results of DB
    Unfiltered Port
    Using Metasploit Auxiliary Module for Scans
         Use
         Set
         Run
    To Make the Scan Faster across Multiple Devices
    Target Services Scanning with Auxiliary Modules
    Vulnerability Scan with Metasploit Using Nessus
    Scanning with Nexpose within Metasploit
    Note about Exploit-db
    Some Metasploit Exploit Commands
    Microsoft Exploit
    Exploiting a Windows 2003 Server
    Exploiting Windows 7/Server 2008 R2 SMB Client
    Exploiting Linux Ubuntu System
    Client Side Exploitation and A/V Bypass
    Msfpayload Can Be Used to Generate Binary and Shellcode
    To Set Up a Listener for the Reverse Connection
    Run Some Linux PPC Payloads against the FSB
    Generate Shellcode in C
    Meterpreter Commands
    Executive Summary
    Detailed Findings
         Tools Utilized
    Recommendations to Resolve Issues

    China, Syria, and the American Intelligence Community
    The Burning
    China
    Syria

    Building a Penetration Testing Lab

    Vendor Default Passwords and Default Unix Ports

    Oldies but Goodies if You Have Physical Access
    SafeBack
    GetTime.
    FileList and FileCnvt and Excel.
    GetFree.
    Swap Files and GetSwap
    GetSlack
    Temporary Files
    Filter_I
    Keyword Generation
    TextSearch Plus
    Crcmd5
    DiskSig
    Doc
    Mcrypt
    Micro-Zap
    Map
    M-Sweep
    Net Threat Analyzer
    AnaDisk
    Seized
    Scrub
    Spaces
    NTFS FileList
    NTFS GetFree
    NTFS GetSlack
    NTFS VIEW
    NTFS Check
    NTIcopy
    Disk Search 32

    Order of Operations for Your Tools
    Reconnaissance
    Enumeration
    Exploitation
    Wireless Networks
    VOIP Networks
    Reporting
    Scripting/Programming/Debugging

    Using Your iPhone as a Network Scanner
    IP Scanner
    NetPro
    WiFi Scanner
    iNet
    Net Detective
    Net Swiss Army Knife
    Ping Analyzer
    WiFi Net Info
    TraceRoute
    PortScan
    Net Utility
    zTools

    Index

    Biography

    Bruce Middleton is a graduate of the University of Houston and has been involved with the security of electronic communications systems since 1972, when he enlisted in the military (U.S. Army Security Agency) during the Vietnam conflict and worked overseas in the field for NSA. Since that time he has worked with various government, military, and commercial entities such as NASA (Space Station Freedom communications systems design team), CIA, NAVSEA, and Boeing (ground station-to-aircraft communications systems).

    Mr. Middleton has been the keynote speaker at select national and international industry events and a trusted advisor in both the government and commercial sectors. He has written multiple books, e-books, and magazine articles in the fields of communications security, cybercrime, and computer network penetration.