The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy [NOOK Book]

Overview

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you  to gain a solid understanding ...

See more details below
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$29.95
BN.com price

Overview

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you  to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.



  • Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
  • Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases.
  • Writen by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
  • Utilizes the Backtrack Linus distribution and focuses on the seminal tools required to complete a penetration test.
Read More Show Less

Editorial Reviews

From the Publisher
"There are lots of how-to examples and exercises and each covers the main tools in their respective spaces…The books are meant as a starting guide and do meet that goal. For the serious beginner interested in the topics, these are two good guides to get you on your way."—RSAConference.com, May 13, 2014 "I would say that this book is by far one of the best books I have read on the topic of introducing penetration testing to those looking to make a career of it… it would be a great reference title to keep on your shelf for not only aspiring network penetration testers but also for those internal employees tasked with either hiring an outside firm or performing their own annual test."—The Ethical Hacker Network online, December 19, 2013 "Although this book is ideal for beginners, most security professionals will have been involved with penetration testing during some point in their career. This book is thus an excellent refresher for those of us who fondly recall Nmap, Nessus and Netcat as being the tools of choice for both whitehat and blackhat hackers, but have long-since forgotten the full command-line syntax and would benefit from a refresh. Patrick Engebretson gets the reader involved in the art of hacking from page one and makes this book a fascinating and productive read."—Best Hacking and Pen Testing Books in InfoSecReviews Book Awards "Have you heard of penetration testing but have no idea what it entails? This is the perfect book to get you started, easy to read, does not assume prior knowledge, and is up-to-date. I strongly recommend Pat’s latest work."—Jared DeMott, Principle Security Researcher, Crucial Security, Inc. "If you are searching for a book to get you started with penetration testing, ‘The Basics of Hacking and Penetration Testing’ is the right one. It assumes little and gives a lot, and doesn't require huge amounts of technical knowledge in order to be read or understood. As complex the subject may sound to novices, the author does a great job explaining it. He eschews techno-babble and when he repeatedly returns to some issues, it's because he has more to say about them, not because he can't think about what to right next."—Help Net Security "This book offers a broad overview of basic concepts of hacking and penetration testing for readers with no previous background. It outlines a four-phase model of conducting a penetration test, or an 'ethical hack,' and shows how to use such hacking tools as Backtrack Linux, Hacker Defender, and MetGooFil. A sequential example throughout the book demonstrates how the tools and phases work together. The book includes chapter introductions and summaries, b&w screenshots, examples and exercises, and recommended resources."—SciTech Book News "If you are an information security beginner with some experience in computer technology, especially networking, I would recommend this book. If you are an intermediate level pen tester or an advanced tester, you might not find this book as useful. That being said, it never hurts to browse through the book and see if any new tools or technology are mentioned here that warrant a closer look. As mentioned earlier, penetration testing is an ever growing field and it is quite possible that as an expert, you might have missed something new. This book introduces you to just enough tools and technology to get your feet wet. If this kind of testing gives you a thrill, then you might want to look into more advanced topics and resources. If this is the only resource you used to escalate your interest in pen testing, then you have no one else but the author to thank for it."—PenTest Extra Magazine Vol. 2, No. 3, June
Read More Show Less

Product Details

  • ISBN-13: 9780124116412
  • Publisher: Elsevier Science
  • Publication date: 6/24/2013
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 2
  • Pages: 225
  • Sales rank: 261,085
  • File size: 4 MB

Meet the Author

Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest.

Read More Show Less

Read an Excerpt

The Basics of Hacking and Penetration Testing

Ethical Hacking and Penetration Testing Made Easy
By Patrick Engebretson

SYNGRESS

Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-656-8


Chapter One

What Is penetration Testing?

Information in This Chapter:

* Introduction to Backtrack Linux: Tools. Lots of Tools

* Working with Backtrack: Starting the Engine

* The Use and Creation of a Hacking Lab

* Phases of a Penetration Test

INTRODUCTION

Penetration testing can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure. The process includes probing for vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate the vulnerabilities are real. Proper penetration testing always ends with specific recommendations for addressing and fixing the issues that were discovered during the test. On the whole, this process is used to help secure computers and networks against future attacks.

Penetration testing is also known as

* Pen testing

* Pt

* Hacking

* ethical Hacking

* white Hat Hacking

It is important to spend a few moments discussing the difference between penetration testing and vulnerability assessment. Many people (and vendors) in the security community incorrectly use these terms interchangeably. A vulnerability assessment is the process of reviewing services and systems for potential security issues, whereas a penetration test actually performs exploitation and POC attacks to prove that a security issue exists. Penetration tests go a step beyond vulnerability assessments by simulating hacker activity and delivering live payloads. In this book, we will cover the process of vulnerability assessment as one of the steps utilized to complete a penetration test.

Setting the Stage

Understanding all the various players and positions in the world of hacking and penetration testing is central to comprehending the big picture. Let us start by painting the picture with broad brush strokes. Please understand that the following is a gross oversimplification; however, it should help you see the differences between the various groups of people involved.

It may help to consider the Star Wars universe where there are two sides of the "force": Jedis and Siths. Good vs. Evil. Both sides have access to an incredible power. One side uses its power to protect and serve, whereas the other side uses it for personal gain and exploitation.

Learning to hack is much like learning to use the force (or so I imagine!). The more you learn, the more power you have. Eventually, you will have to decide whether you will use your power for good or bad. There is a classic poster from the Star Wars episode I movie that depicts Anakin as a young boy. If you look closely at Anakin's shadow in the poster, you will see it is the outline of Darth Vader. Try searching the internet for "Anakin darth Vader shadow" to see it. Understanding why this poster has appeal is critical. As a boy, Anakin had no aspirations of becoming Darth Vader, but it happened nonetheless.

It is probably safe to assume that very few people get into hacking to become a super villain. The problem is that journey to the darkside is a slippery slope. However, if you want to be great, have the respect of your peers, and be gainfully employed in the security workforce, you need to commit yourself to using your powers to protect and serve. Having a felony on your record is a one-way ticket to another profession. It is true that there is currently a shortage of qualified security experts, but even so, not many employers today are willing to take a chance, especially if those crimes involve computers.

In the pen testing world, it is not uncommon to hear the terms "white hat" and "black hat" to describe the Jedis and Siths. Throughout this book, the terms "white hat," "ethical hacker," or "penetration tester" will be used interchangeably to describe the Jedis. The Siths will be referred to as "black hats," "crackers," or "malicious attackers."

It is important to note that ethical hackers complete many of the same activities with many of the same tools as malicious attackers. In nearly every situation, an ethical hacker should strive to act and think like a real black hat hacker. The closer the penetration test simulates a real-world attack, the more value it provides to the customer paying for the PT.

Please note how the previous paragraph says "in nearly every situation." even though white hats complete many of the same tasks with many of the same tools, there is a world of difference between the two sides. At its core, these differences can be boiled down to three key points: authorization, motivation, and intent. It should be stressed that these points are not all inclusive, but they can be useful in determining if an activity is ethical or not.

The first and simplest way to differentiate between white hats and black hats is authorization. Authorization is the process of obtaining approval before conducting any tests or attacks. Once authorization is obtained, both the penetration tester and the company being audited need to agree upon the scope of the test. The scope includes specific information about the resources and systems to be included in the test. The scope explicitly defines the authorized targets for the penetration tester. It is important that both sides fully understand the authorization and scope of the PT. white hats must always respect the authorization and remain within the scope of the test. Black hats will have no such constraints on the target list.

The second way to differentiate between an ethical hacker and a malicious hacker is through examination of the attacker's motivation. If the attacker is motivated or driven by personal gain, including profit through extortion or other devious methods of collecting money from the victim, revenge, fame, or the like, he or she should be considered a black hat. However, if the attacker is preauthorized and his or her motivation is to help the organization and improve their security, he or she can be considered a white hat.

Finally, if the intent is to provide the organization a realistic attack simulation so that the company can improve its security through early discovery and mitigation of vulnerabilities, the attacker should be considered a white hat. it is also important to comprehend the critical nature of keeping PT findings confidential. Ethical hackers will never share sensitive information discovered during the process of a penetration testing with anyone other than the client. However, if the intent is to leverage information for personal profit or gain, the attacker should be considered a black hat.

INTRODUCTION TO BACKTRACK LINUX: TOOLS. LOTS Of TOOLS

A few years back, the open discussion or teaching of hacking techniques was considered a bit taboo. Fortunately, times have changed and people are beginning to understand the value of offensive security. Offensive security is now being embraced by organizations regardless of size or industries. Governments are also getting serious about offensive security. Many governments have gone on record stating they are actively building and developing offensive security capabilities.

Ultimately, penetration testing should play an important role in the overall security of your organization. Just as policies, risk assessments, business continuity planning, and disaster recovery have become integral components in keeping your organization safe and secure, penetration testing needs to be included in your overall security plan as well. Penetration testing allows you to view your organization through the eyes of the enemy. This process can lead to many surprising discoveries and give you the time needed to patch your systems before a real attacker can strike.

One of the great things about learning how to hack today is the plethora and availability of good tools to perform your craft. Not only are the tools readily available, but many of them are stable with several years of development behind them. Maybe even more important to many of you is the fact that most of these tools are available free of charge. For the purpose of this book, every tool covered will be free.

It is one thing to know a tool is free, it is another to find, compile, and install each of the tools required to complete even a basic penetration test. Although this process is quite simple on today's modern Linux OS's, it can still be a bit daunting for newcomers. Most people who start are usually more interested in learning how to use the tools than they are in searching the vast corners of the internet locating and installing tools.

To be fair, you really should learn how to manually compile and install software on a Linux machine; or at the very least, you should become familiar with apt-get (or the like).

A basic understanding of Linux will be beneficial and will pay you mountains of dividends in the long run. For the purpose of this book, there will be no assumption that you have prior Linux experience, but do yourself a favor and commit yourself to becoming a Linux guru someday. Take a class, read a book, or just explore on your own. Trust me, you will thank me later. If you are interested in penetration testing or hacking, there is no way of getting around the need to know Linux.

Fortunately, the security community is a very active and very giving group. there are several organizations that have worked tirelessly to create various security-specific Linux distributions. A distribution, or "distro" for short, is basically a flavor, type, or brand of Linux.

Among the most well known of these penetration testing distributions is one called "Backtrack." Backtrack Linux is your one-stop shop for learning hacking and performing penetration testing. Backtrack Linux reminds me of that scene in the first Matrix movie where Tank asks Neo "What do you need besides a miracle?" Neo responds with "guns. Lots of guns." At this point in the movie, rows and rows of guns slide into view. Every gun imaginable is available for neo and trinity: handguns, rifles, shotguns, semiautomatic, automatic, big and small from pistols to explosives, an endless supply of different weapons from which to choose. That is a similar experience most newcomers have when they first boot up Backtrack. "tools. Lots of tools."

Backtrack Linux is a hacker's dream come true. The entire distribution is built from the ground up for penetration testers. The distribution comes preloaded with hundreds of security tools that are installed, configured, and ready to be used. Best of all, Backtrack is free! You can get your copy at http://www. Backtrack-Linux.org/downloads/.

Navigating to the Backtrack link will allow you to choose from either an .iso or a VMware image. If you choose to download the .iso, you will need to burn the .iso to a DVD. If you are unsure of how to complete this process, please google "burning an iso." once you have completed the burning process, you will have a bootable DVD. In most cases, starting Backtrack from a bootable DVD is as simple as putting the DVD into the drive and restarting the machine. In some instances, you may have to change the boot order in the BIOS so that the optical drive has the highest boot priority.

If you choose to download the VMware image, you will also need software capable of opening and deploying or running the image. Luckily enough, there are several good tools for accomplishing this task. Depending on your preference, you can use VMware's VMware Player, Sun Microsystem's VirtualBox, or microsoft's Virtual Pc. In reality, if you do not like any of those options, there are many other software options capable of running a VM image. You simply need to choose one that you are comfortable with.

Each of the three virtualization options listed above are available free of charge and will provide you with the ability to run VM images. You will need to decide which version is best for you. This book will rely heavily on the use of a Backtrack VMware image and VMware Player. At the time of writing, Vmware Player was available at: http://www.vmware.com/products/player/. You will need to register for an account to download the software, but the registration process is simple and free.

If you are unsure of which option to choose, it is suggested that you go the VMware route. Not only is this another good technology to learn, but using VMs will allow you to set up an entire penetration testing lab on a single machine. If that machine is a laptop, you essentially have a "traveling" PT lab so you can practice your skills anytime, anywhere.

(Continues...)



Excerpted from The Basics of Hacking and Penetration Testing by Patrick Engebretson Copyright © 2011 by Elsevier Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1. What is Penetration Testing? Chapter 2. Reconnaissance Chapter 3. Scanning Chapter 4. Exploitation Chapter 5. Web Based Exploitation Chapter 6. Maintaining Access with Backdoors and Rootkits Chapter 7. Trapping Up the Penetration Test

Read More Show Less

Customer Reviews

Average Rating 3.5
( 6 )
Rating Distribution

5 Star

(2)

4 Star

(2)

3 Star

(0)

2 Star

(2)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 6 Customer Reviews
  • Posted October 1, 2011

    VERY VERY HIGHLY RECOMMENDED!!

    Are you interested in learning about hacking and penetration testing? If you are, then this book is for you! Author Patrick Engebretson , has done an outstanding job of writing a book that is meant to be a single starting point for anyone interested in the topics of hacking and penetration testing. Engebretson, begins by introducing the concept of penetration testing and ethical hacking. In addition, the author focuses on reconnaissance, also known as information gathering. He then presents a brief overview of pings and ping sweeps before moving into the specifics of scanning. The author then, focuses on exploitation, which is the process most newcomers associate directly with hacking. He continues by reviewing techniques and tools for interrogating web servers. In addition, the author focuses on the use and implementation of backdoors and rootkits. Finally, he discusses the importance of writing the penetration testing report and examined specific details about what needs to be included and the potential pitfalls for hackers who have never written a penetration testing report. This most excellent book certainly covers specific tools and topics. Perhaps more importantly, this book examines how the tools fit together and how they rely on one another to be successful.

    2 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Posted January 1, 2013

    Good For getting started

    This is a great book for those who are looking to get into the field and don't have an idea or a mentor to help them.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 19, 2012

    Sample is sadly lacking

    I wanted to check it out before i bought it, but of the 35 pages included in the sample, 32 were acknowledgements, the table of contents, etc. The other 3 (really just over 2) pages were definitions of pen testing. If that is any indication of the rest of the book, its mostly fluff.

    1 out of 4 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 24, 2013

    Good

    For those of you planning to be a black hat hacker, no luck for you!

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted June 23, 2012

    Great book

    This book taught me alot of the things i need to know about ethical hacking. This is a great book just to keep by your bed and flip through. 5 stars!

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 6, 2012

    No text was provided for this review.

Sort by: Showing all of 6 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)