BackTrack 4: Assuring Security by Penetration Testing -- BackTrack 4: Assuring Security by Penetration Testing -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- I. Lab Preparation and Testing Procedures -- 1. Beginning with BackTrack -- History -- BackTrack purpose -- Getting BackTrack -- Using BackTrack -- Live DVD -- Installing to hard disk -- Installation in real machine -- Installation in VirtualBox -- Portable BackTrack -- Configuring network connection -- Ethernet setup -- Wireless setup -- Starting the network service -- Updating BackTrack -- Updating software applications -- Updating the kernel -- Installing additional weapons -- Nessus vulnerability scanner -- WebSecurify -- Customizing BackTrack -- Summary -- 2. Penetration Testing Methodology -- Types of penetration testing -- Black-box testing -- White-box testing -- Vulnerability assessment versus penetration testing -- Security testing methodologies -- Open Source Security Testing Methodology Manual (OSSTMM) -- Key features and benefits -- Information Systems Security Assessment Framework (ISSAF) -- Key features and benefits -- Open Web Application Security Project (OWASP) Top Ten -- Key features and benefits -- Web Application Security Consortium Threat Classification (WASC-TC) -- Key features and benefits -- BackTrack testing methodology -- Target scoping -- Information gathering -- Target discovery -- Enumerating target -- Vulnerability mapping -- Social engineering -- Target exploitation -- Privilege escalation -- Maintaining access -- Documentation and reporting.

The ethics -- Summary -- II. Penetration Testers Armory -- 3. Target Scoping -- Gathering client requirements -- Customer requirements form -- Deliverables assessment form -- Preparing the test plan -- Test plan checklist -- Profiling test boundaries -- Defining business objectives -- Project management and scheduling -- Summary -- 4. Information Gathering -- Public resources -- Document gathering -- Metagoofil -- DNS information -- dnswalk -- dnsenum -- dnsmap -- dnsmap-bulk -- dnsrecon -- fierce -- Route information -- 0trace -- dmitry -- itrace -- tcpraceroute -- tctrace -- Utilizing search engines -- goorecon -- theharvester -- All-in-one intelligence gathering -- Maltego -- Documenting the information -- Dradis -- Summary -- 5. Target Discovery -- Introduction -- Identifying the target machine -- ping -- arping -- arping2 -- fping -- genlist -- hping2 -- hping3 -- lanmap -- nbtscan -- nping -- onesixtyone -- OS fingerprinting -- p0f -- xprobe2 -- Summary -- 6. Enumerating Target -- Port scanning -- AutoScan -- Netifera -- Nmap -- Nmap target specification -- Nmap TCP scan options -- Nmap UDP scan options -- Nmap port specification -- Nmap output options -- Nmap timing options -- Nmap scripting engine -- Unicornscan -- Zenmap -- Service enumeration -- Amap -- Httprint -- Httsquash -- VPN enumeration -- ike-scan -- Summary -- 7. Vulnerability Mapping -- Types of vulnerabilities -- Local vulnerability -- Remote vulnerability -- Vulnerability taxonomy -- Open Vulnerability Assessment System (OpenVAS) -- OpenVAS integrated security tools -- Cisco analysis -- Cisco Auditing Tool -- Cisco Global Exploiter -- Cisco Passwd Scanner -- Fuzzy analysis -- BED -- Bunny -- JBroFuzz -- SMB analysis -- Impacket Samrdump -- Smb4k -- SNMP analysis -- ADMSnmp -- Snmp Enum -- SNMP Walk -- Web application analysis -- Database assessment tools -- DBPwAudit -- Pblind.

SQLbrute -- SQLiX -- SQLMap -- SQL Ninja -- Application assessment tools -- Burp Suite -- Grendel Scan -- LBD -- Nikto2 -- Paros Proxy -- Ratproxy -- W3AF -- WAFW00F -- WebScarab -- Summary -- 8. Social Engineering -- Modeling human psychology -- Attack process -- Attack methods -- Impersonation -- Reciprocation -- Influential authority -- Scarcity -- Social relationship -- Social Engineering Toolkit (SET) -- Targeted phishing attack -- Gathering user credentials -- Common User Passwords Profiler (CUPP) -- Summary -- 9. Target Exploitation -- Vulnerability research -- Vulnerability and exploit repositories -- Advanced exploitation toolkit -- MSFConsole -- MSFCLI -- Ninja 101 drills -- Scenario #1 -- Scenario #2 -- SNMP community scanner -- VNC blank authentication scanner -- IIS6 WebDAV unicode auth bypass -- Scenario #3 -- Bind shell -- Reverse shell -- Meterpreter -- Scenario #4 -- Scenario #5 -- Generating binary backdoor -- Automated browser exploitation -- Writing exploit module -- Summary -- 10. Privilege Escalation -- Attacking the password -- Offline attack tools -- Rainbowcrack -- Samdump2 -- John -- Ophcrack -- Crunch -- Wyd -- Online attack tools -- BruteSSH -- Hydra -- Network sniffers -- Dsniff -- Hamster -- Tcpdump -- Tcpick -- Wireshark -- Network spoofing tools -- Arpspoof -- Ettercap -- Summary -- 11. Maintaining Access -- Protocol tunneling -- DNS2tcp -- Ptunnel -- Stunnel4 -- Proxy -- 3proxy -- Proxychains -- End-to-end connection -- CryptCat -- Sbd -- Socat -- Summary -- 12. Documentation and Reporting -- Documentation and results verification -- Types of reports -- Executive report -- Management report -- Technical report -- Network penetration testing report (sample contents) -- Table of Contents -- Presentation -- Post testing procedures -- Summary -- A. Supplementary Tools -- Vulnerability scanner -- NeXpose community edition.

NeXpose installation -- Starting NeXpose community -- Login to NeXpose community -- Using NeXpose community -- Web application fingerprinter -- WhatWeb -- BlindElephant -- Network Ballista -- Netcat -- Open connection -- Service banner grabbing -- Simple server -- File transfer -- Portscanning -- Backdoor Shell -- Reverse shell -- Summary -- B. Key Resources -- Vulnerability Disclosure and Tracking -- Paid Incentive Programs -- Reverse Engineering Resources -- Network ports.