The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Second Edition (2013)
It is hard to believe that it has already been two years since the first edition of this book. Given the popularity and (mostly positive) feedback I received on the original manuscript, I admit I was anxious to get the second edition on the shelves. It is not that the material has changed drastically. The basics of hacking and penetration testing are largely still “the basics”. However, after completing the first edition, interacting with readers, and listening to countless suggestions for improvement from family, friends, and colleagues, I am confident that this edition will outshine the original in nearly every facet. Some old (out-of-date) material has been removed, some new material has been added, and the entire book received a proper polishing. As with most people in the security community, I have continued to learn, my teaching methods have continued to evolve, and my students have continued to push me to provide them with ever more material. Because of this, I have got some great new tools and additions that I am really excited to share with you this time around. I am grateful for all the feedback I received for the first edition and I have worked hard to make sure the second edition is even better.
As I began to prepare the second edition, I looked closely at each chapter to ensure that only the best and most relevant material was included. As with many second editions, in some instances, you will find the material identical to the original, whereas in others, the material has been updated to include new tools or remove out-of-date ones. But most important to many of you, I have included plenty of new topics, tools, and material to cover the questions which I get asked about most often. As a matter of quality control, both Dave Kennedy and I worked through each example and tool in the book and updated each of the screenshots. The book has also been written with full Kali Linux support.
I would like to thank all the previous readers who sent in questions and corrections. I have been sure to include these updates. Regardless of whether you are picking this book up for the first time or you are returning to pick up some additional tools, I am confident that you will enjoy the new edition.
As I mentioned at the beginning of the first edition, I suppose there are several questions that may be running through your head as you contemplate reading this book: Who is the intended audience for this book? How this book is different than book ‘x’ (insert your favorite title here)? Why should I buy it? What exactly will I need to set up in order to follow along with the examples? Because these are all fair questions and because I am asking you to spend your time and cash, it is important to provide some answers to these questions.
For people who are interested in learning about hacking and penetration testing, walking into a well-stocked book store can be as confusing as searching for “hacking” tutorials on the Internet. Initially, there appears to be an almost endless selection to choose from. Most large bookstores have several shelves dedicated to computer security books. They include books on programming security, network security, web application security, mobile security, rootkits, malware, penetration testing, vulnerability assessment, exploitation, and of course, hacking. However, even the hacking books seem to vary in content and subject matter. Some books focus on using tools but do not discuss how these tools fit together. Other books focus on hacking a particular subject but lack the broad picture.
This book is intended to address these issues. It is meant to be a single, simple starting point for anyone interested in the topic of hacking or penetration testing. The text you are about to read will not only cover specific tools and topics but also examine how each of the tools fit together and how they rely on one another to be successful. You will need to master both the tools and the proper methodology (i.e. “order”) for using the tools in order to be successful in your initial training. In other words, as you begin your journey, it is important to understand not only how to run each tool but also how the various tools relate to each other and what to do when the tool you are using fails.
What is New in This Edition?
As I mentioned earlier, I spent a significant amount of time attempting to address each of the valid criticisms and issues that previous readers brought to my attention. I worked through all the examples from each chapter in order to ensure that they were consistent and relevant. In particular, this edition does a much better job of structuring, ordering, organizing, and classifying each attack and tool. A good deal of time was spent clearly labeling attacks as “local” or “remote” so that readers would have a better understanding of the purpose, posture, and mindset of each topic. Furthermore, I invested significantly in reorganizing the examples so that readers could more easily complete the discussed attacks against a single target (Metasploitable). The lone exception to this is our reconnaissance phase. The process of digital recon often requires the use of “live” targets, in order to be effective.
In addition to the structural changes, several of the tools from the original book have been removed and new ones have been added in their place including ThreatAgent, DNS interrogation tools, the Nmap Scripting Engine, Social-Engineer Toolkit, Armitage, Meterpreter, w3af, ZAP and more. Along with the updated individual tools (as I mentioned), the book and examples work with Kali Linux as well.
Last, I have updated the Zero Entry Hacking (ZEH) methodology to include Post Exploitation activities, tools, and processes.
Who is the Intended Audience for This Book?
This book is meant to be a very gentle yet thorough guide to the world of hacking and penetration testing. It is specifically aimed at helping you master the basic steps needed to complete a hack or penetration test without overwhelming you. By the time you finish this book, you will have a solid understanding of the penetration testing process and you will be comfortable with the basic tools needed to complete the job.
To be clear, this book is aimed at people who are new to the world of hacking and penetration testing, for those with little or no previous experience, for those who are frustrated by the inability to see the big picture (how the various tools and phases fit together), for a person who wants to quickly get up-to-speed on with the seminal tools and methods for penetration testing, or for anyone looking to expand their knowledge of offensive security.
In short, this book is written for anyone who is interested in computer security, hacking, or penetration testing but has no prior experience and is not sure where to begin. A colleague and I call this concept “zero entry hacking” (ZEH), much like modern-day swimming pools. Zero entry pools gradually slope from the dry end to the deep end, allowing swimmers to wade in without feeling overwhelmed or have a fear of drowning. The “zero entry” concept allows everyone the ability to use the pool regardless of age or swimming ability. This book employs a similar technique. ZEH is designed to expose you to the basic concepts without overwhelming you. Completion of this book utilizing the ZEH process will prepare you for advanced courses, topics, and books.
How is This Book Different from Book ‘x’?
When not spending time with my family, there are two things I enjoy doing: reading and hacking. Most of the time, I combine these hobbies by reading about hacking. As a professor and a penetration tester, you can imagine that my book shelf is lined with many books on hacking, security, and penetration testing. As with most things in life, the quality and value of each book is different. Some books are excellent resources which have been used so many times the bindings are literally falling apart. Others are less helpful and remain in nearly new condition. A book that does a good job of explaining the details without losing the reader is worth its weight in gold. Unfortunately most of my personal favorites, those that are worn and tattered, are either very lengthy (500+ pages) or very focused (an in-depth guide to a single topic). Neither of these is a bad thing; in fact, quite the opposite, it is the level of detail and the clarity of the authors’ explanation that make them so great. But at the same time, a very large tome focused on a detailed subject of security can seem overwhelming to newcomers.
Unfortunately, as a beginner trying to break into the security field and learn the basics of hacking, tackling one of these books can be both daunting and confusing. This book is different from other publications in two ways. First, it is meant for beginners; recall the concept of “zero entry”. If you have never performed any type of hacking or you have used a few tools but are not quite sure what to do next (or how to interpret the results of the tool), this book is for you. The goal is not to bury you with details but to present a broad overview of the entire field. Ultimately this book is not designed to make you an expert on every angle of penetration testing; however, it will get you up-to-speed by covering everything you need to know in order to tackle more advanced material.
As a result of this philosophy, this book will still cover each of the major tools needed to complete the steps in a penetration test, but it will not stop to examine all of the in-depth or additional functionality for each of these tools. This will be helpful from the standpoint that it will focus on the basics, and in most cases, allow us to avoid confusion caused by advanced features or minor differences in tool versions. Once you have completed the book, you will have enough knowledge to teach yourself the “advanced features” or “new versions” of the tools discussed.
For example, when we discuss port scanning, the chapter will discuss how to run several basic scans with the very popular port scanner Nmap. Because this book focuses on the basics, it becomes less important exactly which version of Nmap the user is running. Running an SYN scan using Nmap is exactly the same regardless of whether you are conducting your scan with Nmap version 2 or version 5. This technique will be employed as often as possible; doing so should allow the reader to learn Nmap (or any tool) without having to worry about the changes in functionality that often accompany advanced features in version changes. As an added bonus, writing the book with this philosophy should extend its shelf life.
Recall the goal of this book is to provide general knowledge that will allow you to tackle advanced topics and books. Once you have a firm grasp of the basics, you can always go back and learn the specific details and advanced features of a tool. In addition, each chapter will end with a list of suggested tools and topics that are outside the scope of this book but can be used for further study and to advance your knowledge.
Beyond just being written for beginners, this book actually presents the information in a very unique way. All the tools and techniques we use in this book will be carried out in a specific order against a small number of related targets (all target machines will belong to the same subnet, and the reader will be able to easily recreate this “target” network to follow along). Readers will be shown how to interpret tool output and how to utilize that output to continue the attack from one chapter to the next. The book will cover both local and remote attacks as well as a discussion of when each is appropriate.
The use of a sequential and singular rolling example throughout the book will help readers see the big picture and better comprehend how the various tools and phases fit together. This is different than many other books on the market today, which often discuss various tools and attacks but fail to explain how those tools can be effectively chained together. Presenting information in a way that shows the user how to clearly move from one phase to another will provide valuable experience and allow the reader to complete an entire penetration test by simply following along with the examples in the book. This concept should allow the reader to get a clear understanding of the fundamental knowledge while learning how the various tools and phases connect.
Why Should I Buy This Book?
Even though the immediate answers to this question are highlighted in the preceding sections, below you will find a condensed list of reasons:
• You want to learn more about hacking and penetration testing but you are unsure of where to start.
• You have dabbled in hacking and penetration testing but you are not sure how all of the pieces fit together.
• You want to learn more about the tools and processes that are used by hackers and penetration testers to gain access to networks and systems.
• You are looking for a good place to start building offensive security knowledge.
• You have been tasked with performing a security audit for your organization.
• You enjoy a challenge.
What Do I Need to Follow Along?
While it is entirely possible to read the book from beginning to end without recreating any of the examples, I highly recommend getting your hands dirty and trying each of the tools and techniques discussed. There is no substitute for hands-on experience. All the examples can be done utilizing free tools and software including VMWare player and Linux. However, if possible, you should try to get a copy of Windows XP (preferably without any Service Packs applied) in order to create a Windows based target. In reality, any version of Windows from 2000 through 8 will work, but the older, nonpatched versions make the best targets when starting out.
In the event that you cannot find a copy of Windows to create a vulnerable target, you can still participate and practice each phase by creating or downloading a vulnerable version of Linux. Throughout this book, we will utilize an intentionally vulnerable version of Ubuntu called “Metasploitable”. Metasploitable makes for a perfect practice target and best-of-all is completely free. At the time of this writing Metasploitable could be downloaded from Sourceforge at http://sourceforge.net/projects/metasploitable/.
Throughout the book you will find web links like the one above. Because the web is constantly changing, many web addresses tend to be transient. If you find one of the referenced links does not work, try using Google to locate the resource.
We will discuss more details on setting up your own “hacking lab” in Chapter 1 but below you will find a quick list of everything that you need to get yourself up and running, so that you can follow along with all of the examples in the book:
• VMware Player or any software capable of running a virtual machine.
• A Kali Linux or BackTrack Linux virtual machine or a version of Linux to serve as your attack machine.
• The Metaploitable virtual machine, or any unpatched version of Windows (preferably Windows XP) to serve as your target.