Table of Contents
Ethical Hacking - A Hands-on Introduction to Breaking In
Return to CEH, Ethical Hacking, Ethical Hacker, Pentesting, Pentester, Cybersecurity Topics, Bibliography
A hands-on guide to hacking computer systems from the ground up, from capturing traffic to crafting sneaky, successful trojans.
A crash course in modern hacking techniques, Ethical Hacking is already being used to prepare the next generation of offensive security experts. In its many hands-on labs, you’ll explore crucial skills for any aspiring penetration tester, security researcher, or malware analyst. You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network. You’ll work with a wide range of professional penetration testing tools—and learn to write your own tools in Python—as you practice tasks like:
- Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
- Capturing passwords in a corporate Windows network using Mimikatz
- Scanning (almost) every device on the internet to find potential victims
- Installing Linux rootkits that modify a victim’s operating system
- Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads
Along the way, you’ll gain a foundation in the relevant computing technologies. Discover how advanced fuzzers work behind the scenes, learn how internet traffic gets encrypted, explore the inner mechanisms of nation-state malware like Drovorub, and much more. Developed with feedback from cybersecurity students, Ethical Hacking addresses contemporary issues in the field not often covered in other books and will prepare you for a career in penetration testing. Most importantly, you’ll be able to think like an ethical hacker: someone who can carefully analyze systems and creatively gain access to them.
Author
About the Author:
Dr. Daniel G. Graham is an assistant professor of computer science at the University of Virginia in Charlottesville. His research interests include secure embedded systems and networks. Before teaching at UVA, Dr. Graham was a program manager at Microsoft. He publishes in IEEE journals relating to sensors and networks.
About the Technical Reviewer:
Dr. Ed Novak is an assistant professor of computer science at Franklin and Marshall College in Lancaster, Pennsylvania. He received a PhD from The College of William and Mary in 2016. His research interests revolve around security and privacy in smart mobile devices.
Product details
- ASIN : B08Y5LH95M
- ISBN-10 : 1718501870
- ISBN-13 : 978-1718501874
- Publisher : No Starch Press
- Publication date : September 21, 2021
- Print length : 376 pages
Table of Contents
Brief Contents
PART I: NETWORK FUNDAMENTALS
Chapter 2: Capturing Traffic with ARP Spoofing
Chapter 3: Analyzing Captured Traffic
Chapter 4: Crafting TCP Shells and Botnets
PART II: CRYPTOGRAPHY
Chapter 5: Cryptography and Ransomware
Chapter 6: TLS and Diffie-Hellman
PART III: SOCIAL ENGINEERING
Chapter 7: Phishing and Deepfakes
PART IV: EXPLOITATION
Chapter 9: Fuzzing for Zero-Day Vulnerabilities
Chapter 11: Building and Installing Linux Rootkits
Chapter 12: Stealing and Cracking Passwords
Chapter 13: Serious Cross-Site Scripting Exploitation
PART V: CONTROLLING THE NETWORK
Chapter 14: Pivoting and Privilege Escalation
Chapter 15: Moving Through the Corporate Windows Network
ACKNOWLEDGMENTS
What Is in the Book?
Part I: Networking Fundamentals
Part II: Cryptography
Part III: Social Engineering
Part IV: Exploitation
Part V: Controlling the Network
Reaching Out
1
SETTING UP
Setting Up the Internal Network
Setting Up the Ubuntu Linux Desktop
Your First Hack: Exploiting a Backdoor in Metasploitable
Getting the IP Address of the Metasploitable Server
Using the Backdoor to Gain Access
PART I
2
CAPTURING TRAFFIC WITH ARP SPOOFING
How the Internet Transmits Data
Performing an ARP Spoofing Attack
Detecting an ARP Spoofing Attack
Implement an ARP Spoofer in Python
3
Packets and the Internet Protocol Stack
The Five-Layer Internet Protocol Stack
Analyzing Packets Collected by Your Firewall
Capturing Traffic on Port 80
Exploring Packets in Wireshark
4
CRAFTING TCP SHELLS AND BOTNETS
Sockets and Process Communication
Exploiting a Vulnerable Service
Writing a Reverse Shell Client
Writing a TCP Server That Listens for Client Connections
Loading the Reverse Shell onto the Metasploitable Server
PART II
5
One-Time Pad
Encrypting and Decrypting a File
Public]]-Key Cryptography
Rivest–Shamir–Adleman Theory
Optimal Asymmetric Encryption Padding
The Ransomware Server
Extending the Ransomware Client
Unsolved Codes
6
TLS AND DIFFIE-HELLMAN
Certificate Authorities and Signatures
Using Diffie-Hellman to Compute a Shared Key
Step 1: Generating the Shared Parameters
Step 2: Generating the Public]]–Private Key Pair
Why Can’t a Hacker Calculate the Private Key?
Step 3: Exchanging Key Shares and Nonces
Step 4: Calculating the Shared Secret Key
Elliptic-Curve Diffie-Hellman
The Math of Elliptic Curves
Why Can’t a Hacker Use Gxy and axy to Calculate the Private Key A?
Exercise: Add Encryption to your Ransomware Server
PART III
7
A Sophisticated and Sneaky Social Engineering Attack
Faking Emails
Performing a DNS Lookup of a Mail Server
Communicating with SMTP
Faking Websites
Importing the Machine Learning Models
Voice Cloning
8
Maltego
SIM Jacking
Google Dorking
Masscan
Shodan
Internet Protocol Version 6 (IPv6)
Discover
PART IV
9
FUZZING FOR ZERO-DAY VULNERABILITIES
Case Study: Exploiting the Heartbleed OpenSSL Vulnerability
Writing the Client Hello Message
Crafting the Malicious Heartbeat Request
Reading the Leaked Memory Contents
Putting It Together
A Simplified Example
American Fuzzy Lop
Symbolic Execution
A Symbolic Execution of the Test Program
Limitations of Symbolic Execution
Installing and Running Angr
The Angr Program
Capture the Flag Games with Angr
Fuzzing an Open Source Project
Implement Your Own Concolic Execution Engine
10
Case Study: Re-Creating Drovorub by Using Metasploit
Building the Attacker’s Server
Why We Need a Victim Kernel Module
Hiding an Implant in a Legitimate File
Controlling the Implant
Evading Antivirus by Using Encoders
Hiding the Trojan in Minesweeper
Hiding the Trojan in a Word Document (or Another Innocent File)
Deconstructing the APK to View the Implant
Rebuilding and Signing the APK
Writing Your Own Python Implant
Build a Platform-Specific Executable
11
BUILDING AND INSTALLING LINUX ROOTKITS
Backing Up Your Kali Linux Virtual Machine
Compiling and Running Your Kernel Module
How System Calls Work
The linux_dirent struct
Using Armitage to Exploit a Host and Install a Rootkit
The Keylogger
12
STEALING AND CRACKING PASSWORDS
Stealing Passwords from a Website’s Database
Enumerating Reachable Files on the Web Server
Writing Your Own SQL Injection Tool
Understanding HTTP Requests
Using SQLMap
Salting Hashes with a Nonce
Building a Salted Hash Cracker
Popular Hash Cracking and Brute-Forcing Tools
13
SERIOUS CROSS-SITE SCRIPTING EXPLOITATION
How JavaScript Can Be Malicious
Finding Vulnerabilities with OWASP Zed Attack Proxy
Using Browser Exploitation Framework Payloads
Performing a Social Engineering Attack
Moving from Browser to Machine
Case Study: Exploiting an Old Version of the Chrome Browser
Installing Rootkits via Website Exploitation
Exercise: Hunting for Bugs in a Bug Bounty Program
PART V
CONTROLLING THE NETWORK
14
PIVOTING AND PRIVILEGE ESCALATION
Pivoting from a Dual-Homed Device
Configuring a Dual-Homed Device
Connecting a Machine to Your Private Network
Extracting Password Hashes on Linux
Where Linux Stores Usernames and Passwords
Performing a Dirty COW Privilege Escalation Attack
Adding NAT to Your Dual-Homed Device
Suggested Reading on Windows Privilege Escalation
15
MOVING THROUGH THE CORPORATE WINDOWS NETWORK
Creating a Windows Virtual Lab
Extracting Password Hashes with Mimikatz
Passing the Hash with NT LAN Manager
Exploring the Corporate Windows Network
Attacking the DNS Service
Attacking Active Directory and LDAP Services
Using SharpHound and Bloodhound for LDAP Enumeration
The Golden Ticket and DC Sync Attacks
16
NEXT STEPS
Setting Up a Hardened Hacking Environment
Remaining Anonymous with Tor and Tails
Setting Up a Virtual Private Server
Installing Your Hacking Tools
Auditing Your Hardened Server
Other Topics
Attacking Cellular Infrastructure
Connect with Others