The Hacker Playbook 2: Practical Guide To Penetration Testing
Format: PDF / Kindle (mobi) / ePub
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.
Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.
From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.
Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
use Burp and SQLMap, you start an SQLMap API on your Kali box; meanwhile, Burp Proxy Pro can be running anywhere. When Burp finds an SQL injection, it will connect to SQLMap’s running API to automatically attack the vulnerable parameters. Let’s now start the SQLMap API listener. Start SQLMap API: ● cd /opt/sqlmap ● python sqlmapapi.py -s [IP] -p [PORT] SQLMap API Burp and SQLMap LAB: To demonstrate how to use Burp and SQLMap, we can run a quick demo with the OWBWA VM we
create a database, and print out the hash: ● sudo -u postgres psql ● create user thp createdb createuser password 'thp'; ● create database thp owner thp; ● select (usename,passwd) FROM pg_shadow; ● Grab the created hash password for the “thp” user ● Run the example above, but instead of the user “postgres” use “thp” Pulling Cached Credentials Did you ever try to log onto your laptop while you weren’t on the network? How can you authenticate without being
from the image below, we were successful in importing the hashes for the user “lab”. WCE - Access Hosts Using Hashes With the “lab’s” hashes imported, we can try to access the domain controller’s C-drive. When trying to connect to the domain controller (dc) via “dir \\dc\c$”, we get an access denied message. This is due to the fact that it is not using the “lab” account. We can mount the domain controller’s C-drive using the imported credentials with the following command: ● net use *
tool like Cain and Abel, which will only work on one operating system. Remember, all of the PowerShell attacks will require you to run the commands on your Windows hosts. The point is to always be prepared because you will save yourself a lot of time and trouble having multiple operating systems available. High level tools list addition to Windows ● HxD (Hex Editor) ● Evade (Used for AV Evasion) ● Hyperion (Used for AV Evasion) ● Metasploit ● Nexpose/Nessus ● Nmap
Linux: With Any Local Administrative or Domain Admin Account: Owning The Network With Credentials And Psexec: Psexec Commands Across Multiple IPS (Kali Linux) Move Laterally With WMI (windows) Kerberos - MS14-068: Pass-The-Ticket Lateral Movement With Postgres SQL Pulling Cached Credentials Attacking The Domain Controller: SMBExec PSExec_NTDSgrab Persistence Veil And Powershell Persistence With Schedule Tasks Golden Ticket