Glen E. Clarke

CompTIA Pentest+ Certification For Dummies


Скачать книгу

8FIGURE 8-1: Identifying vulnerabilities with Nessus.FIGURE 8-2: Searching Metasploit for an exploit.FIGURE 8-3: Exploiting a Windows system to get a meterpreter session.FIGURE 8-4: The core commands in a meterpreter session.FIGURE 8-5: Retrieving information about the current context.FIGURE 8-6: Using run winenum to enumerate the target system and network.FIGURE 8-7: Viewing the logs generated by the run winenum command.FIGURE 8-8: Gaining shell access from a meterpreter session.FIGURE 8-9: Retrieving the password hashes.FIGURE 8-10: Attaching to another process with the migrate command.FIGURE 8-11: Using VNC to view a victim’s activity.FIGURE 8-12: Capturing keystrokes from the compromised system.FIGURE 8-13: Lateral movement from a compromised system.FIGURE 8-14: Dumping the hashes to use in pass the hash.FIGURE 8-15: Locating other systems with arp_scanner.FIGURE 8-16: Lateral movement with telnet.FIGURE 8-17: Viewing user accounts on a laterally compromised system.FIGURE 8-18: Creating a backdoor user account.FIGURE 8-19: Covering your tracks with the clearev command.

      9 Chapter 9FIGURE 9-1: Using Nikto to do a web application vulnerability scan.FIGURE 9-2: Using w3af to perform different types of vulnerability checks on a ...FIGURE 9-3: Using SQLmap to automate SQL injection attacks.FIGURE 9-4: Inspecting the http post request.FIGURE 9-5: Using Hydra to crack credentials for the website.FIGURE 9-6: Using John the Ripper to crack password hashes.FIGURE 9-7: Using Wifite to automate wireless attacks.FIGURE 9-8: OWASP ZAP finds vulnerabilities in web applications.FIGURE 9-9: SET is a social engineering tool that makes it easy to create diffe...FIGURE 9-10: Using Nmap to locate systems (left) and then using Hydra to attemp...FIGURE 9-11: Using xHydra — the GUI version of Hydra.FIGURE 9-12: Cracking password hashes with John the Ripper.FIGURE 9-13: Dumping the hashes to use with a password cracker.FIGURE 9-14: Using Ncat (left) and Netcat (right) to create a bind shell.

      10 Chapter 11FIGURE 11-1: Risk rating scores for vulnerabilities.

      Guide

      1  Cover

      2  Title Page

      3  Copyright

      4 Table of Contents

      5  Begin Reading

      6  Appendix A: PenTest+ Exam Details

      7  Appendix B: CompTIA PenTest+ Exam Reference Matrix

      8  Appendix C: Lab Setup

      9  Index

      10  About the Author

      Pages

      1  i

      2  iii

      3  iv

      4  1

      5  2

      6  3

      7  4

      8  5

      9 6

      10  7

      11  8

      12 9

      13  10

      14  11

      15 12

      16  13

      17  14

      18  15

      19  16

      20  17

      21  18

      22  19

      23  20

      24  21

      25 22

      26  23

      27 24

      28  25

      29  26

      30  27

      31  28

      32  29

      33 30

      34 31

      35  32

      36  33

      37  34

      38  35

      39  36

      40  37

      41  39

      42  40

      43  41

      44