Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Hands-On Penetration Testing on Windows
  • Toc
  • feedback
Hands-On Penetration Testing on Windows

Hands-On Penetration Testing on Windows

By : Phil Bramwell
5 (3)
close
Hands-On Penetration Testing on Windows

Hands-On Penetration Testing on Windows

5 (3)
By: Phil Bramwell

Overview of this book

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients. In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode. We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
Table of Contents (19 chapters)
close
close
Free Chapter
1
Bypassing Network Access Control
Bypassing Network Access Control
Technical requirements
Bypassing MAC filtering – considerations for the physical assessor
Design weaknesses – exploiting weak authentication mechanisms
Bypassing validation checks
Breaking out of jail – masquerading the stack
Summary
Questions
Further reading
2
Sniffing and Spoofing
Sniffing and Spoofing
Technical requirements
Advanced Wireshark – going beyond simple captures
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Ettercap filters – fine-tuning your analysis
Getting better – spoofing with BetterCAP
Summary
Questions
Further reading
3
Windows Passwords on the Network
Windows Passwords on the Network
Technical requirements
Understanding Windows passwords
Capturing Windows passwords on the network
Let it rip – cracking Windows hashes
Summary
Questions
Further reading
4
Advanced Network Attacks
chevron up
Advanced Network Attacks
Technical requirements
Binary injection with BetterCAP proxy modules
HTTP downgrading attacks with sslstrip
The evil upgrade – attacking software update mechanisms
IPv6 for hackers
Summary
Questions
Further reading
5
Cryptography and the Penetration Tester
Cryptography and the Penetration Tester
Technical requirements
Flipping the bit – integrity attacks against CBC algorithms
Sneaking your data in – hash length extension attacks
Busting the padding oracle with PadBuster
Summary
Questions
Further reading
6
Advanced Exploitation with Metasploit
Advanced Exploitation with Metasploit
Technical requirements
How to get it right the first time – generating payloads
Modules – the bread and butter of Metasploit
Efficiency and attack organization with Armitage
Social engineering attacks with Metasploit payloads
Summary
Questions
Further reading
7
Stack and Heap Memory Management
Stack and Heap Memory Management
Technical requirements
An introduction to debugging
Stack smack – introducing buffer overflows
Introducing shellcoding
Summary
Questions
Further Reading
8
Windows Kernel Security
Windows Kernel Security
Technical requirements
Kernel fundamentals – understanding how kernel attacks work
Pointing out the problem – pointer issues
Practical kernel attacks with Kali
Summary
Questions
Further reading
9
Weaponizing Python
Weaponizing Python
Technical requirements
Incorporating Python into your work
Python network analysis
Antimalware evasion in Python
Python and Scapy – a classy pair
Summary
Questions
Further reading
10
Windows Shellcoding
Windows Shellcoding
Technical requirements
Taking out the guesswork – heap spraying
Understanding Metasploit shellcode delivery
Injection with Backdoor Factory
Summary
Questions
Further reading
11
Bypassing Protections with ROP
Bypassing Protections with ROP
Technical requirements
DEP and ASLR – the intentional and the unavoidable
Introducing return-oriented programming
Getting hands-on with the return-to-PLT attack
Summary
Questions
Further reading
12
Fuzzing Techniques
Fuzzing Techniques
Technical requirements
Network fuzzing – mutation fuzzing with Taof proxying
Hands-on fuzzing with Kali and Python
Fuzzy registers – the low-level perspective
Summary
Questions
Further reading
13
Going Beyond the Foothold
Going Beyond the Foothold
Technical requirements
Gathering goodies – enumeration with post modules
Network pivoting with Metasploit
Escalating your pivot – passing attacks down the line
Summary
Questions
Further reading
14
Taking PowerShell to the Next Level
Taking PowerShell to the Next Level
Technical requirements
Power to the shell – PowerShell fundamentals
Post-exploitation with PowerShell
Offensive PowerShell – introducing the Empire framework
Summary
Questions
Further reading
15
Escalating Privileges
Escalating Privileges
Technical requirements
Climb the ladder with Armitage
When the easy way fails—local exploits
Escalation with WMIC and PS Empire
Dancing in the shadows – looting domain controllers with vssadmin
Summary
Questions
Further reading
16
Maintaining Access
Maintaining Access
Technical requirements
Persistence with Metasploit and PowerShell Empire
Hack tunnels – netcat backdoors on the fly
Maintaining access with PowerSploit
Summary
Questions
Further reading
17
Tips and Tricks
Tips and Tricks
Getting familiar with VMware Workstation
Building your attack lab
Network configuration tricks
Further reading
18
Assessment
Assessment
Chapter 1: Bypassing Network Access Control
Chapter 2: Sniffing and Spoofing
Chapter 3: Windows Passwords on the Network
Chapter 4: Advanced Network Attacks
Chapter 5: Cryptography and the Penetration Tester
Chapter 6: Advanced Exploitation with Metasploit
Chapter 7: Stack and Heap Memory Management
Chapter 8: Windows Kernel Security
Chapter 9: Weaponizing Python
Chapter 10: Windows Shellcoding
Chapter 11: Bypassing Protections with ROP
Chapter 12: Fuzzing Techniques
Chapter 13: Going Beyond the Foothold
Chapter 14: Taking PowerShell to the Next Level
Chapter 15: Escalating Privileges
Chapter 16: Maintaining Access
19
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Binary injection with BetterCAP proxy modules

In Chapter 2Sniffing and Spoofing, we explored custom filters in Ettercap to manipulate traffic on the fly. The possibilities are exciting: redirecting traffic to capture credentials; manipulating POST messages; even the possibility of delivering executables. BetterCAP, however, can do this with its powerful built-in proxy, and we can finely control this functionality with Ruby modules. In this exercise, we're going to prepare a malicious executable for a Windows target and call it setup.exe. We'll then set up a man-in-the-middle proxy attack that will intercept an HTTP request for an installer and invisibly replace the downloaded binary with ours. We'll be covering these concepts and tools in more detail later on in the book, so consider this an introduction to the power of custom modules in advanced man-in-the-middle attacks.

The Ruby file injection proxy module – replace_file.rb

A crash-course in Ruby is beyond the scope of the discussion...

End of Chapter 4
Next Chapter
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete