Workshop's eBook: PenTest Advanced Training. Reconnaissance and information gathering, network scanning, SQL Injection, Cross-Site Scripting

 Table of Contents:

Reconnaissance and Information Gathering

At the moment, it is impossible to imagine of a company that works entirely without the use of information technology. And some of the corporate information is confidential and the company would not want it revealed to the public. In this module, we’ll talk about the methods that can be used to get as much information as possible about a company using widespread tools and services.

In this module, we will discuss and develop innovative ways for information gathering approaches (Active and passive), how to collect confidential information using DNS, search engines and more.

Network Scanning

Today’s Internet is based on a protocol stack called TCP / IP and UDP-diagrams. This architecture allows you to interact with remote services by forwarding a special package containing various kinds of data.

But what if we want to know what services are running remotely from the Internet on a specific host or hosts which contain specific open ports? For these purposes, there are quite a number of utilities that can be used to scan networks and individual remote hosts.

In this module, we will discuss the major scanning utilities such as SYN scanning, TCP scanning, UDP scanning, ACK scanning, Null scanning and etc in addition to the major networking scanning tools provided with the practical usages commands.

Exploitation

The Metasploit Framework, MSF, is a collection of programs and tools for network penetration testing. Metasploit has a collection of exploits, payloads, libraries and interfaces that can be used to exploit computers.

In this module, we will develop exploits in msfconsole, discuss the general database commands and Using Meterpreter for research purpose compromised. All in all, we will present How to detect the presence of still meterpreter and to get valuable information's from victim and more.

Post exploitation

Today, it isn’t so difficult to find vulnerable services during pentesting as was about 7 years ago. For any medium-sized company, IT services have turned into one big zoo. Every year, they become more and more, on pleasure to researchers of safety and a headache for system administrators together with programmers.

But, to find vulnerability and to operate it is only a half pentest, since after all it depends on possibilities of post-operation. In this module, we will discuss what is the Post exploitation means and how we can increase our privileges after a successful exploit.

Basics of SQL Injection for different databases

SQLi is one of the most critical and common attacks that hackers always employ to take advantage of the user inputs in the database applications. In this module, we will introduce the basics of SQL Injection for different databases.