1st Edition
Conducting Network Penetration and Espionage in a Global Environment
When it’s all said and done, penetration testing remains the most effective way to identify security vulnerabilities in computer networks. Conducting Network Penetration and Espionage in a Global Environment provides detailed guidance on how to perform effective penetration testing of computer networks—using free, open source, and commercially available tools, including Backtrack, Metasploit, Wireshark, Nmap, Netcat, and Nessus. It also considers exploits and other programs using Python, PERL, BASH, PHP, Ruby, and Windows PowerShell.The book taps into Bruce Middleton’s decades of experience with computer security, including penetration testing of military networks, the White House, utilities, manufacturing facilities, CIA headquarters, the Defense Information Systems Agency, and NASA. Mr. Middleton begins with a chapter on defensive measures/privacy issues and then moves on to describe a cyber-attack on one of his labs and how he responded to the attack.
Next, the book explains how to research a target without directly "touching" that target. Once you’ve learned all you can, the text describes how to gather even more information using a more direct approach. From there, it covers mathematical analysis, considers target exploitation, and discusses Chinese and Syrian cyber-attacks.
Providing authoritative guidance on cyberforensics, reverse engineering, and penetration testing, the book categorizes testing tools according to their use within the standard penetration testing framework. For each of the above-mentioned categories, you will find basic and advanced tools and procedures to help you identify security vulnerabilities in today’s networks.
After reading this book, you will understand how to perform an organized and efficient penetration test. You will also learn techniques used to bypass anti-virus software and capture keystrokes of remote systems. Explaining how to put together your own penetration testing lab, the text concludes by describing how to utilize various iPhone apps to perform reconnaissance activities on wireless networks.
What You Need to Know First
MatLab and SimuLink (MathSoft.com)
Recommended Defensive Measures
Google News Groups
Typical PT Process
Recommended Books/Classes
Last but Not Least—A Pet Peeve
Training
Minimal Paperwork
Attack from Christmas Island
Indirect Target Information Acquisition (ITIA)
Shodan
Using Google to Obtain Information
;TheHarvester
Nslookup
Dig
Dnsenum
Dnswalk
Dnsrecon
Fierce
Smtp-user-enum
Dnsmap
Dmitry
Itrace
Tcptraceroute
Tctrace
Goorecon
Snmpenum
Snmpwalk
Snmpcheck
Direct Target Information Acquisition (DTIA)
Target Discovery
Ping
# ping -c 2 <target>
#ping -c 3 -s 1000 IP
Fping
Genlist
Hping
Nbtscan
Nping
Onesixtyone
P0f
Xprobe2
Enumerating Target
Some Miscellaneous Items to Keep in Mind (Refer to as Needed)
Start Networks
Create Videos
Whois xumpidhjns.it.cx
Whois 95.141.28.91
Whois nucebeb.changeip.name
Whois 64.120.252.74
Netcraft
Host
DNS Tools (More)
Nslookup
Nmap
Nmap -T0 -O -sTV -vv -p- -PN IP
Nmap -O -sSV -vv -p- -PN IP
Nmap–script http-enum, http-headers, http-methods, http-php-version-p 80 IP
Nmap -A -vvv -p- -PN -iL IPlist.txt
Nmap -f -f -vvv -p- -PN IP
Nmap -sP -PA IP.0/24
Nmap -sS -sU -p U:53,T:22,134-139 IP
Nmap -O -sUV -vvv -p- -PN IP
Nmap -O -sXV -vvv -p- -PN IP
Nmap -O -sNV -vvv -p- -PN IP
Nmap -mtu 16 -vvv -p- -PN IP
Nmap -sM -vvv -p- -PN IP
Nmap -sC -p- -PN IP
Nmap -p 139,445 IP
Nmap -scanflags PSH -p- -PN IP
Nmap -scanflags PSH -p135 IP
Nmap -scanflags SYN -p135 IP
Nmap -sA -scanflags PSH -p- -PN IP
Nmap -sP IP.0/24 -oA Results
Nmap -sP -PA -oN Results IP.0/24
Nmap -n -sP 192.168.4.1-20
Nmap -sP -oG Results IP.0/24
Nmap -v -sP 192.168.0.0/16 10.0.0.0/8
Nmap -sP -PN -PS -reason IP
Nmap -sL IP.1-255
Nmap -sS -sV -O -v IP
Nmap -T0 -vv -b FTP_IP TARGET_IP -oA Results
Nmap -sF -PN -p22 IP
Nmap -sU -p0-65535 IP
Nmap -sU -v -p 1-65535 IP
Nmap -sU -p 161
Nmap -sU -T5 -p 69, 123, 161, 1985 IP
Nmap -PP -PM IP
Nmap -sO IP
Nmap -O IP
Nmap -sV IP
MatLab, SimuLink, and R
Metasploit Pro
Now Verify Database Connectivity with Metasploit
Perform an Nmap Scan within Metasploit
Using Auxiliary Modules in Metasploit
Using Metasploit to Exploit
No Options to Set
See Lots of Them
Did We Obtain a Command Shell?
See the Active Driver, such as postgresql
If You Get an Error While Connecting to the DB
Using the DB to Store Pen Test Results
Analyzing Stored Results of DB
Unfiltered Port
Using Metasploit Auxiliary Module for Scans
Use
Set
Run
To Make the Scan Faster across Multiple Devices
Target Services Scanning with Auxiliary Modules
Vulnerability Scan with Metasploit Using Nessus
Scanning with Nexpose within Metasploit
Note about Exploit-db
Some Metasploit Exploit Commands
Microsoft Exploit
Exploiting a Windows 2003 Server
Exploiting Windows 7/Server 2008 R2 SMB Client
Exploiting Linux Ubuntu System
Client Side Exploitation and A/V Bypass
Msfpayload Can Be Used to Generate Binary and Shellcode
To Set Up a Listener for the Reverse Connection
Run Some Linux PPC Payloads against the FSB
Generate Shellcode in C
Meterpreter Commands
Executive Summary
Detailed Findings
Tools Utilized
Recommendations to Resolve Issues
China, Syria, and the American Intelligence Community
The Burning
China
Syria
Building a Penetration Testing Lab
Vendor Default Passwords and Default Unix Ports
Oldies but Goodies if You Have Physical Access
SafeBack
GetTime.
FileList and FileCnvt and Excel.
GetFree.
Swap Files and GetSwap
GetSlack
Temporary Files
Filter_I
Keyword Generation
TextSearch Plus
Crcmd5
DiskSig
Doc
Mcrypt
Micro-Zap
Map
M-Sweep
Net Threat Analyzer
AnaDisk
Seized
Scrub
Spaces
NTFS FileList
NTFS GetFree
NTFS GetSlack
NTFS VIEW
NTFS Check
NTIcopy
Disk Search 32
Order of Operations for Your Tools
Reconnaissance
Enumeration
Exploitation
Wireless Networks
VOIP Networks
Reporting
Scripting/Programming/Debugging
Using Your iPhone as a Network Scanner
IP Scanner
NetPro
WiFi Scanner
iNet
Net Detective
Net Swiss Army Knife
Ping Analyzer
WiFi Net Info
TraceRoute
PortScan
Net Utility
zTools
Index
Biography
Bruce Middleton is a graduate of the University of Houston and has been involved with the security of electronic communications systems since 1972, when he enlisted in the military (U.S. Army Security Agency) during the Vietnam conflict and worked overseas in the field for NSA. Since that time he has worked with various government, military, and commercial entities such as NASA (Space Station Freedom communications systems design team), CIA, NAVSEA, and Boeing (ground station-to-aircraft communications systems).
Mr. Middleton has been the keynote speaker at select national and international industry events and a trusted advisor in both the government and commercial sectors. He has written multiple books, e-books, and magazine articles in the fields of communications security, cybercrime, and computer network penetration.