Kim, Peter. The Hacker Playbook. 2014

The Hacker Playbook: Practical Guide To Penetration Testing
The Hacker Playbook 1 Peter Kim

  1. Preface
  2. Introduction
    1. Additional Information about this Book
    2. Disclaimer
  3. Pregame – The Setup
    1. Setting Up a Penetration Testing Box
    2. Hardware
      1. Basic hardware requirements are:
      2. Optional hardware discussed later within the book:
    3. Commercial Software
    4. Kali Linux (http://www.kali.org/)
      1. High level tools additional to Kali
      2. Setting up Kali
      3. Once your Kali VM is Up and Running:
    5. Windows VM Host
      1. High level tools list addition to Windows:
      2. Setting up Windows
    6. Summary
  4. Before the Snap – Scanning the Network
    1. External Scanning
      1. Passive Discovery
    2. Discover Scripts (Previously Backtrack Scripts) (Kali Linux)
      1. How to Run Passive Discovery
      2. Using Compromised Lists to Find Email and Addresses and Credentials
    3. External/Internal Active Discovery
      1. The Process for Web Scanning
      2. Web Application Scanning
        1. Configuring your Network Proxy and Browser
        2. Spider Application
        3. Discover Content
        4. Running the Active Scanner
    4. Summary
  5. The Drive – Exploiting Scanner Finidngs
    1. Metasploit (http://www.metasploit.com) (Windows/Kali Linux)
      1. Basic Steps when configuring Metasploit Remote Attacks:
      2. Searching via Metasploit (using the good ol’ MS08-067 vulnerability):
    2. Scripts
      1. WarFTP Example
    3. Summary
  6. The Throw – Manual Web Application Findings
    1. Web Application Penetration testing
      1. SQL Injections
        1. SQLmap (http://sqlmap.org) (Kali Linux)
        2. Sqlmimja (http://sqlninja.sourceforge.net/) (Kali Linux)
        3. Executing Sqlninja
      2. Cross-Sote Scripting (XSS)
        1. BeEF Exploitation Framework (http://beefproject.com/) (Kali Linux)
        2. Cross-Site Scripting Obfuscation:
        3. Crowd Sourcing
        4. OWASP Cheat Sheet
      3. Cross-Site Request Forgery (CSRF)
        1. Using Burp for CSRF Replay Attacks
      4. Sessions Tokens
      5. Additional Fuzzing/Input Validation
      6. Functional/Business Logic Testing
    2. Conclusion
  7. The Lateral Pass – Moving Through the Network
    1. On the Network without Credentials:
      1. Responder.py (https://github.com/SpiderLabs/Responder) (Kali Linux)
    2. With any Domain Credentials (Non-Admin)
      1. Group Policy Preferences
      2. Pulling Clear Text Credentials
        1. WCE – Windows Credential Editor (http://www.apliasecurity.com/research/wcefaq.html) (Windows)
        2. Mimikatz (http://blog.gentilkiwi.com/mimikats) (Windows)
      3. Post Exploitation Tips
      4. Post Exploitation Lists from Room362.com
    3. With Any Local Administrative or Domain Admin Account:
      1. Owning the Network wth Credentials and PSExec:
        1. PSExec and Veil (Kali Linux)
        2. PSExec Commands Across Multiple IPs (Kali Linux)
      2. Attack the Domain Controller
        1. SMBExec (https://github.com/brav)hax/smbexec) (Kali Linux)
    4. Post Exploitation with PowerSploit (https://github.com/mattifestation/PowerSploit) (Windows)
      1. Commands:
    5. Power Exploitation with PowerShell (https://code.google.com/p/nishang/) (Windows)
    6. ARP (Address Resolution Protocol) Poisoning
      1. IPv4
        1. Cain and Abel (Wiindows)
        2. Ettercap (Kali Linux)
      2. IPv6
        1. The tool is able to do different attackes such as:
      3. Steps After ARP Spoofing
      4. SideJacking:
      5. Hamster/Ferret (Kali Linux)
        1. Firesheep
        2. DNS Redirection:
        3. SSLStrip:
        4. Commands on Kali:
      6. Proxy Between Hosts
      7. Conclusion
  8. The Screen – Social Engineering
    1. Doppelganger Domains
      1. SMTP Attack
      2. SSH Attack
        1. To Extract OpenSSH
      3. Spear Phishing
        1. Metaspoit Pro – Phishing Module
        2. Social Engineering Toolkit (Kali Linux)
          1. Credential Harvester
          2. To generate a fskr page, go through the follow:
          3. Using SET JAVA Attack
        3. Sending Out Massive Spear Phishing Campaigns
        4. Social Engineering with Microsoft Excel
    2. Conclusion
  9. The Onside Kick – Attacks that Require Physical Access
    1. Exploiting Wireless
      1. Passive – Identification and Reconnaissance
      2. Active Attacks
        1. WEP – Wired Equivalent Piracy
        2. How to Crack WEP in Kali:
        3. WPA Enterprise – Fake Radius Attack
        4. Configuring a Radius Server
        5. Karmetasploit
    2. Physical
      1. Card Cloning
      2. Pentesting Drop Box
        1. Odroid U2
      3. Physical Social Engineering
    3. Conclusion
  10. The Quarterback Sneak – Evading AV
    1. Evading AV
      1. Hiding WCE from AV (Windows)
      2. Python
        1. Python Shell
        2. Python Keylogger
        3. Veil Example (Kali Linux)
        4. SMBExec (Kali Linux)
    2. Conclusion
  11. Special Teams – Cracking, Exploits, Tricks
    1. Password Cracking
      1. John the Ripper (JtR)
        1. Cracking MD5 Hashes
      2. oclHashcat:
        1. Cracking WPAv2
        2. Cracking NTLMv2
        3. Cracking Smarter
    2. Vulnerability Searching
      1. Searchploit (Kali Linux)
      2. BugTraq
      3. Exploit-DB
      4. Querying Metasploit
    3. Tips and Tricks
      1. RC Scripts within Metasploit
      2. Bypass UAC
      3. Web Filtering Bypass forYour Domains
      4. Windows XP – Old School FTP trick
      5. Hiding your Files (Windows)
      6. Keeping those Files Hidden (Windows)
      7. Windows 7/8 Uploading Files to the Host
  12. Post Game Analysis – Reporting
    1. Reporting
      1. List of My Best Practices and Concepts for Reporting:
  13. Continuing Education
    1. Major Conference:
      1. The cons that I highly recommed from my own personal experience:
    2. Training Courses
    3. Books
      1. Technical Reading
      2. Fun Security Related Reading
    4. Vulnerable Penetration Testing Frameworks
    5. Capture the Flag
    6. Keeping Up-To-Date
      1. RSS Feed/Site List
      2. Email List
      3. Twitter List
  14. Final Notes
  15. Special Thanks