Book Title: The Basics of Hacking and Penetration Testing
Subtitle: Ethical Hacking and Penetration Testing Made Easy
Author(s): Patrick Engebretson
Publisher: Syngress
Date of Publishing: August 2011
ISBN(13): 9781597496551
Price (UK&US): £13.20, $18.23
URL of Publisher Site: Syngress
URL of Amazon UK web page: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
URL of Amazon UK (Kindle) web page: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
URL of Amazon US web page: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
URL of Amazon US (Kindle) web page: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
At only 160 pages this book seemed a little too concise to contain the depth of detail I was expecting for such a complex a subject. However, I have been far from disappointed. The book is well organised and comprises seven descriptive chapters that take the reader through a structured methodology of ethical hacking. Each chapter ends with a useful review that adequately summarises the main points.Chapter 1: (What is Penetration Testing?). This chapter explains the differences between vulnerability scanning and penetration testing and accurately points out that both security people and vendors often incorrectly use these terms interchangeably. The reader is then introduced to a specialist Linux distribution called ‘BackTrack’, which provides a plethora of penetration-testing tools in a graphical menu-driven format. The author gives full details of how to obtain the latest release of this distribution and even recommends a number of Virtual Machine (VM) applications to host it. Since some aspects of penetration testing can be destructive, the setting up of a ‘Hacking Lab’ is advocated in order to constrain all testing to a secure environment. The use of VMs as target machines is highly recommended to assist in securely ‘sandboxing’ the environment. Finally, the phases of a penetration test are broken down into four basic stages. The output from one stage feeds into the next, providing a sound methodology that should be followed to completion for the best results. Running various security tools in an ad-hoc manner is something that many busy security specialists are comfortable with. Running them in a planned sequence however, separates the professional from the gifted amateur.Of note in this chapter is the Star Wars ‘Anakin/Darth Vader’ analogy, which highlights, with delightful simplicity, the stark differences between ‘Blackhat’ and ‘Whitehat’ hackers. Chapter 2: (Reconnaissance). Reconnaissance is the first stage of the pen-testing methodology and focuses on information gathering: the more you can learn about your target, the greater your chances of successful exploitation during the later stages of a selective attack. This chapter provides detailed methods of active and passive investigation of targets, along with the utilities required to perform such research (all of which are available on BackTrack, referenced in Chapter 1). The uses to which you should put this intelligence are explained, along with the importance of reducing your digital footprint on the target’s servers. Chapter 3: (Scanning). This is stage two of the methodology and is where the intelligence gathered previously becomes useful. The objective is now to determine if the target’s systems are alive and, if so, to scan all open ports and determine what services are presented on each. A useful step-by-step scanning exercise using Nmap (port scanning) and Nessus (vulnerability scanning) is detailed in this section. Although both can be run from the command line, the full functionality of Nessus is best appreciated using a browser with the latest Adobe Flash plug-in. My Firefox browser had issues with this plug-in and I found that installing the Google Chrome provided a useful alternative.Chapter 4: (Exploitation). Stage three is the exploitation phase and where useful tools such as Medusa and Metasploit are utilised against your target. Metasploit is provided by Rapid7 but, thanks to a collaboration exercise with the Open Source community, has become the defacto application for maintaining known exploits of software vulnerabilities. Using Metasploit, I managed to take advantage of a Samba share weakness on my Unix server (previously detected by Nessus) and successfully add a new unauthorised user to the system. It is at this point that one begins to realise the full potential behind the methodology being followed.Chapter 5: (Web-Based Exploitation). This is supplementary to stage three and focuses more on the vulnerabilities of the web services now supporting the wide variety of interactive websites on the Internet. In this chapter, the reader is introduced to Nikto, an Open Source web scanner. Running Nikto against my personal site I found that, although authentication is required to access my pages, Nikto was still able to interrogate my webserver and reveal useful information. Also contained in this chapter are details of WebScarab (spidering software) and an excellent discussion on code injection and cross-site scripting attacks (XSS). Chapter 6: (Maintaining Access with Backdoors and Rootkits). At stage four of the methodology, the author opens with a discussion on the questionable activity of maintaining access to a remote system following a successful penetration test. On the assumption that your client requires such access to be obtained as proof of effective testing and, on the further assumption that the target system has been successfully exploited, the author provides an excellent example of how to use Open Source tools to maintain access. This chapter ends with an explanation of rootkits and takes the reader through the downloading, installation and configuration of Hacker Defender to perfectly illustrate the stealth with which rootkits operate.
Chapter 7: (Wrapping Up the Penetration Test). From a professional perspective the Penetration Test report is arguably one of the most significant aspects of the test. Your client will judge the output of a completed testing programme on the basis of the quality of your report, and it is important that your findings are presented in an organised manner. The author provides a simple template that, if completed correctly, will allow you to formulate just such a high-quality report.
Although this book is ideal for beginners, most security professionals will have been involved with penetration testing during some point in their career. This book is thus an excellent refresher for those of us who fondly recall Nmap, Nessus and Netcat as being the tools of choice for both whitehat and blackhat hackers but have long-since forgotten the full command-line syntax and would benefit from a refresh. Patrick Engebretson gets the reader involved in the art of hacking from page one and makes this book a fascinating and productive read.
Marks: 5 out of 5
*****