Professional Documents
Culture Documents
Jeremy Faircloth
Jeremy Faircloth
This page intentionally left blank
Contents
About the Author......................................................................................................xiii
Acknowledgments..................................................................................................... xv
Introduction.............................................................................................................xvii
vii
viii Contents
Verification..................................................................................... 84
Core Technologies..................................................................... 85
Approach.................................................................................... 86
Open Source Tools..................................................................... 93
Verification Summary................................................................ 96
Case Study: The Tools in Action................................................... 97
Intelligence Gathering, Footprinting, and Verification of an
Internet-Connected Network.....................................................97
Case Study Summary............................................................... 104
Hands-On Challenge.................................................................... 105
Summary...................................................................................... 106
Endnote........................................................................................ 106
CHAPTER 3 Scanning and enumeration................................................107
Introduction.................................................................................. 107
Objectives.................................................................................... 107
Before You Start....................................................................... 108
Why Do Scanning and Enumeration?...................................... 109
Scanning...................................................................................... 109
Approach.................................................................................. 110
Core Technology...................................................................... 110
Open Source Tools................................................................... 112
Enumeration................................................................................. 122
Approach.................................................................................. 122
Core Technology...................................................................... 123
Open Source Tools................................................................... 127
Case Studies: The Tools in Action............................................... 141
External.................................................................................... 141
Internal..................................................................................... 142
Stealthy.................................................................................... 145
Noisy (IDS) Testing................................................................. 146
Hands-On Challenge.................................................................... 148
Summary...................................................................................... 149
CHAPTER 4 Network devices..................................................................... 151
Objectives.................................................................................... 151
Approach...................................................................................... 152
Core Technologies....................................................................... 152
Switches................................................................................... 153
Routers..................................................................................... 155
Firewalls................................................................................... 156
IPv6.......................................................................................... 158
Contents ix
Index....................................................................................................................... 401
This page intentionally left blank
About the Author
Jeremy Faircloth (CISSP, Security+, CCNA, MCSE, MCP+I, A+) is an IT prac-
titioner with a background in a wide variety of technologies as well as experience
in managing technical teams at multiple Fortune 50 companies. He is a member of
the Society for Technical Communication and frequently acts as a technical resource
for other IT professionals through teaching and writing, using his expertise to help
others expand their knowledge. Described as a “Renaissance man of IT” with over
20 years of real-world IT experience, he has become an expert in many areas includ-
ing Web development, database administration, enterprise security, network design,
large enterprise applications, and project management. Jeremy is also an author who
has contributed to over a dozen technical books covering a variety of topics and
teaches courses on many of those topics.
xiii
This page intentionally left blank
Acknowledgments
It is an honor to write another edition of this guide to open source tools used by the
penetration testing community. This edition took over 2 years to complete from start
to finish and burned through more hardware than I like to think about. It also involved
a tremendous amount of bandwidth and many late nights trying to get a tool to do
exactly what it’s supposed to when the technology involved is conspiring to make
things difficult.
Just as with the last edition, this effort was supported by a huge number of people
and I appreciate them all tremendously. First on the list, as always, is my ever-patient
and understanding wife, Christina. Her support of my work is and always has been
the gift that keeps me going. I couldn’t do it without you, Chris, and I thank you
for putting up with me spending so much time beating my hands and head against a
keyboard. I promise I’ll get the lawn done soon.
Thank you also to Chris Katsaropoulos and Anna Valutkevich with Syngress for
giving me the opportunity to do this project and providing help, advice, feedback,
and support throughout the entire process. This wouldn’t be possible without pub-
lishers like Syngress who allow us technical authors the chance to get our words on
paper and out to the world. I have been contributing to Syngress books since 2001
and the experiences I’ve had doing this over the last decade and a half have always
been outstanding.
At its foundation, this book is about open source tools. A huge thank you has to
go out to the open source community and the security researchers who contribute
their knowledge and time to that community. In the distant past, security profession-
als held their secrets close to the chest and didn’t share because they were afraid
that they’d lose their technical edge if they shared their knowledge. Fortunately, as
a community, we’ve learned that sharing doesn’t diminish us but instead gives the
opportunity for others to enhance what we’ve done and improve on our work. So to
everyone in the open source community, thank you. This book wouldn’t exist without
you. The same applies to anyone who freely shares their knowledge and helps people
to learn through their blog posts, newsgroup responses, and articles. The technical
world is a better place because of you.
In this fourth edition, I feel like I’m still standing on the shoulders of giants. All
of the material in this book is based off of the ideas from those who came before me
in the first and second editions. To those authors and editors, I thank you for laying
the foundation for these last two editions and providing the groundwork for me to
enhance with the technological improvements and changes which have occurred over
the years. A thank you also to Mike Rogers for all of his efforts in performing the
technical editing of my work. Rerunning someone else’s commands, double-checking
their grammar, and making sure their work is accurate is not the most exciting work,
but it is critical to getting a good book on the market and I appreciate it.
xv
xvi Acknowledgments
With all the people I’ve been in contact with and talked to about this book over
these last 2 years, I know I’ve missed some in this acknowledgment. I apologize if
I missed you and I thank you from the bottom of my heart for all for the support that
you have provided.
Introduction
INFORMATION IN THIS CHAPTER:
● Book Overview and Key Learning Points
● Book Audience
● How This Book Is Organized
● Conclusion
BOOK AUDIENCE
This book is primarily intended for people who either have an interest in penetration
testing or perform penetration testing as a professional. The level of detail provided
is intentionally set so that anyone new to the technologies used for penetration testing
can understand what is being done and learn while not boring individuals who do this
work on a daily basis. It is our intent for our entire audience, new or old, to be able to
gain valuable insights into the technologies, techniques, and open source tools used
for performing penetration testing.
In addition, anyone working in the areas of database, network, system, or applica-
tion administration as well as architects will be able to gain some knowledge of how
penetration testers perform testing in their individual areas of expertise and learn what to
expect from a penetration test. This can help to improve the overall security of a compa-
ny’s applications and infrastructure and lead to a safer and better protected environment.
Aside from penetration testers specifically, any security or audit professional
should be able to use this book as a reference for tasks associated with ensuring
the security of an environment. Even if you are not performing penetration testing
xvii
xviii Introduction
yourself, knowing what we as penetration testers are looking at can help you to
ensure that you have technology and policies in place to cover the most critical areas
in your business from a security perspective.
CHAPTER 2: RECONNAISSANCE
The most valuable thing for any penetration tester isn’t a tool, but information. By
gathering information about our target, we position ourselves to be able to do our
job effectively and conduct a thorough penetration test. The chapter covers this
area by focusing on reconnaissance and learning as much about your target as pos-
sible before you actually interact with it. This is typically a very stealthy part of
Another random document with
no related content on Scribd:
Ja miksi rakastetaan? Ja miksi murhataan?… Miksi saavat meissä
vallan tunteet, jotka tuottavat pahaa muille ja itsellemme?…
*****
Tuskin hän oli sen tehnyt, kun oven saranat päästivät surkean
ulvahduksen, mikä kaikui sydämessäni kuin kuolevan voihkaisu.
Kiraa värisytti, hänen silmänsä salamoivat ja heittäytyen sohvalle
minun oikealle puolelleni hän kuiskasi korvaani:
*****
»Saanko kysyä, miksi lähdette ulos näin varhain?» kysyi hän hyvin
kunnioittavasti turkinkielellä.
»Abu Hassan, me pelkäämme poliisia ja isäämme», vastasi Kira
samalla kielellä.
En koskaan ole päässyt selville siitä, mikä hän oli miehiään, enkä
hänen suhteestaan äitini perheeseen; sen vain tiedän, ettei kukaan
häirinnyt meitä hänen luonaan eikä isästäni näkynyt jälkeäkään. Ja
kun pelkomme oli haihtunut, etäännyimme talosta kiellosta
huolimatta. Silloin alkoi tuo kaunis ja surunvoittoinen elämä, jota
kesti kuukauden, ja joka oli niin täynnä aurinkoa ja joutilasta
harhailua.
*****
»Jos joskus haluat purjehtia joko yksin tai sisaresi kanssa, tarjoan
mielihyvällä veneeni käytettäväksenne».
»Sinä et ole kiltti!» sanoi hän. »Sinä huvittelet ja jätät minut yksin
ikävään!»
Kira juoksi laituria pitkin ja hypähti notkeana kuin nuori hirvi alas
veneeseen. Seuratessani häntä minä kuulin erään soutajan sanovan
takanani nämä sanat, jotka myöhemmin muistin onnettomuudessani:
*****
DRAGOMIR
Neljä vuotta oli kulunut siitä päivästä, jolloin Adrien oli kuullut
Stavrolta Kiran tarinan. Huolimatta hänen etsiskelyistään ja
ponnistuksistaan onnettoman mehukauppiaan löytämiseksi, jolle hän
tahtoi vakuuttaa kiintymystään ja ystävyyttään, pysyi tämä kateissa.
Hän luuli hänen jo kuolleen. Ja kiihkomielisen nuorukaisemme
elämä, joka nyt oli hyvin häilähtelevää, kulki kohtalon sille
määräämää rataa.