(Reference Guide) Hands-On Penetration Testing on Windows eBook

Book Description

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offi ces to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients.

In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode.

We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits.

By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.

What You Will Learn

• Get to know advanced pen testing techniques with Kali Linux
• Gain an understanding of Kali Linux tools and methods from behind the scenes
• See how to use Kali Linux at an advanced level
• Understand the exploitation of Windows kernel drivers
• Understand advanced Windows concepts and protections, and how to bypass them using Kali Linux
• Discover Windows exploitation techniques, such as stack and heap overflows and kernel exploitation, through coding principles

Table of Contents

1: Bypassing Network Access Control

• Technical requirements
• Bypassing MAC filtering – considerations for the physical assessor
• Design weaknesses – exploiting weak authentication mechanisms
• Bypassing validation checks
• Breaking out of jail – masquerading the stack
• Summary
• Questions
• Further reading

2: Sniffing and Spoofing

• Technical requirements
• Advanced Wireshark – going beyond simple captures
• Advanced Ettercap – the man-in-the-middle Swiss Army Knife
• Ettercap filters – fine-tuning your analysis
• Getting better – spoofing with BetterCAP
• Summary
• Questions
• Further reading

3: Windows Passwords on the Network

• Technical requirements
• Understanding Windows passwords
• Capturing Windows passwords on the network
• Let it rip – cracking Windows hashes
• Summary
• Questions
• Further reading

4: Advanced Network Attacks

• Technical requirements
• Binary injection with BetterCAP proxy modules
• HTTP downgrading attacks with sslstrip
• The evil upgrade – attacking software update mechanisms
• IPv6 for hackers
• Summary
• Questions
• Further reading

5: Cryptography and the Penetration Tester

• Technical requirements
• Flipping the bit – integrity attacks against CBC algorithms
• Sneaking your data in – hash length extension attacks
• Busting the padding oracle with PadBuster
• Summary
• Questions
• Further reading

6: Advanced Exploitation with Metasploit

• Technical requirements
• How to get it right the first time – generating payloads
• Modules – the bread and butter of Metasploit
• Efficiency and attack organization with Armitage
• Social engineering attacks with Metasploit payloads
• Summary
• Questions
• Further reading

7: Stack and Heap Memory Management

• Technical requirements
• An introduction to debugging
• Stack smack – introducing buffer overflows
• Introducing shellcoding
• Summary
• Questions
• Further Reading

8: Windows Kernel Security

• Technical requirements
• Kernel fundamentals – understanding how kernel attacks work
• Pointing out the problem – pointer issues
• Practical kernel attacks with Kali
• Summary
• Questions
• Further reading

9: Weaponizing Python

• Technical requirements
• Incorporating Python into your work
• Python network analysis
• Antimalware evasion in Python
• Python and Scapy – a classy pair
• Summary
• Questions
• Further reading

10: Windows Shellcoding

• Technical requirements
• Taking out the guesswork – heap spraying
• Understanding Metasploit shellcode delivery
• Injection with Backdoor Factory
• Summary
• Questions
• Further reading

11: Bypassing Protections with ROP

• Technical requirements
• DEP and ASLR – the intentional and the unavoidable
• Introducing return-oriented programming
• Getting hands-on with the return-to-PLT attack
• Summary
• Questions
• Further reading

12: Fuzzing Techniques

• Technical requirements
• Network fuzzing – mutation fuzzing with Taof proxying
• Hands-on fuzzing with Kali and Python
• Fuzzy registers – the low-level perspective
• Summary
• Questions
• Further reading

13: Going Beyond the Foothold

• Technical requirements
• Gathering goodies – enumeration with post modules
• Network pivoting with Metasploit
• Escalating your pivot – passing attacks down the line
• Summary
• Questions
• Further reading

14: Taking PowerShell to the Next Level

• Technical requirements
• Power to the shell – PowerShell fundamentals
• Post-exploitation with PowerShell
• Offensive PowerShell – introducing the Empire framework
• Summary
• Questions
• Further reading

15: Escalating Privileges

• Technical requirements
• Climb the ladder with Armitage
• When the easy way fails—local exploits
• Escalation with WMIC and PS Empire
• Dancing in the shadows – looting domain controllers with vssadmin
• Summary
• Questions
• Further reading

16: Maintaining Access

• Technical requirements
• Persistence with Metasploit and PowerShell Empire
• Hack tunnels – netcat backdoors on the fly
• Maintaining access with PowerSploit
• Summary
• Questions
• Further reading

17: Tips and Tricks

• Getting familiar with VMware Workstation
• Building your attack lab
• Network configuration tricks
• Further reading