Welcome to Manning India!

We are pleased to be able to offer regional eBook pricing for Indian residents.
All eBook prices are discounted 40% or more!
The Art of Network Penetration Testing
Taking over any company in the world
Royce Davis
  • MEAP began August 2019
  • Publication in Spring 2020 (estimated)
  • ISBN 9781617296826
  • 375 pages (estimated)
  • printed in black & white

If you're interested in understanding what a pen test is, and what it's not, you need to read this book.

Chris Heneghan
Penetration testing, also called pentesting, is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage.
Table of Contents detailed table of contents

1 Network penetration testing

1.1 Corporate data breaches

1.2 How hackers break in

1.2.1 The defender role

1.2.2 The attacker role

1.3 Adversarial attack simulation: penetration testing

1.3.1 Typical INPT workflow

1.4 When a penetration test is least effective

1.4.1 Low-hanging fruit

1.4.2 When does a company really need a penetration test?

1.5 Executing a network penetration test

1.5.1 Information-gathering

1.5.2 Focused penetration

1.5.3 Privilege escalation

1.5.4 Documentation

1.6 Summary

2 Building a virtual pentest platform

2.1 Begin with Linux

2.1.1 The Ubuntu project

2.1.2 Why not use a pentest distribution?

2.1.3 Create an Ubuntu virtual machine

2.2 Additional operating system dependencies

2.2.1 Managing Ubuntu packages with apt

2.2.2 Customizing your terminal look and feel

2.3 Installing Nmap

2.3.1 NSE: The Nmap scripting engine

2.3.2 Operating system dependencies

2.3.3 Compiling and installing from source

2.3.4 Exploring the documentation

2.4 The Ruby scripting language

2.4.1 Installing Ruby Version Manager

2.4.2 Writing an obligatory Hello World example

2.5 The Metasploit framework

2.5.1 Operating system dependencies

2.5.2 Necessary Ruby gems

2.5.3 Setting up PostgreSQL for Metasploit

2.5.4 Navigating the msfconsole

2.6 Summary

Part 1: Information-gathering (Phase 1)

3 Discovering network hosts

3.1 Understanding your engagement scope

3.1.1 Black, white, and grey box scoping

3.1.2 The Capsule Corporation

3.2 Internet control message protocol

3.2.1 Using the ping command

3.2.2 Using Bash to pingsweep a network range

3.2.3 Limitations of using the ping command

3.3 Discovering hosts with Nmap

3.3.1 ICMP echo discovery probe

3.3.2 Primary output formats

3.3.3 Using remote management interface ports

3.3.4 Increasing Nmap scan performance

3.4 Additional host discovery methods

3.4.1 DNS brute forcing

3.4.2 Packet capture and analysis

3.4.3 Hunting for subnets

3.5 Summary

4 Discovering network services

4.1 Network services from an attacker’s perspective

4.1.1 Understanding network service communication

4.1.2 Identifying listening network services

4.1.3 Network service banners

4.2 Port scanning with Nmap

4.2.1 Commonly used ports

4.2.2 Scanning all 65,536 TCP ports

4.2.3 Sorting through NSE script output

4.3 Parsing XML output with Ruby

4.3.1 Creating protocol specific target lists

4.4 Summary

5 Discovering network vulnerabilities

5.1 Understanding vulnerability discovery

5.1.1 Following the path of least resistance

5.2 Discovering patching vulnerabilities

5.2.1 Scanning for MS17-010 Eternal Blue

5.3 Discovering authentication vulnerabilities

5.3.1 Creating a client-specific password list

5.3.2 Brute-forcing local Windows account passwords

5.3.3 Brute-forcing MSSQL and MySQL database passwords

5.3.4 Brute-forcing VNC passwords

5.4 Discovering configuration vulnerabilities

5.4.1 Setting up Webshot

5.4.2 Analyzing output from Webshot

5.4.3 Manually guessing web server passwords

5.4.4 Preparing for focused penetration

5.5 Summary

Part 2: Focused penetration (Phase 2)

6 Chapter 6: Attacking vulnerable web services

6.1 Understanding phase 2: focused-penetration

6.1.1 Deploying backdoor web shells

6.1.2 Accessing remote management services

6.1.3 Exploiting missing software patches

6.2 Gaining an initial foothold

6.3 Compromising a vulnerable Tomcat server

6.3.1 Creating a malicious WAR file

6.3.2 Deploying the WAR file

6.3.3 Accessing the web shell from a browser

6.4 Interactive versus non-interactive shells

6.5 Upgrading to an interactive shell

6.5.1 Backing up sethc.exe

6.5.2 Modifying file ACLs with cacls.exe

6.5.3 Launching Sticky Keys via RDP

6.6 Compromising a vulnerable Jenkins server

6.6.1 Groovy script console execution

6.7 Summary

7 Attacking vulnerable database services

8 Exploiting unpatched software

9 Leveraging administrator credentials

Part 3: Post-exploitation & privilege escalation (Phase 3)

10 Windows post-exploitation

11 Linux/UNIX post-exploitation

12 Getting the keys to the kingdom (domain admin)

Part 4: Documentation & Delivery (Phase 4)

13 The final report

Appendixes

Appendix A: Essential Linux commands

A.1 CLI commands

A.2 tmux

A.2.1 Using tmux commands

A.2.2 Saving a tmux session

About the Technology

Packed with valuable personal and financial data, business computer systems are attractive targets to cyber criminals. As a penetration tester, your job is to attack an organization’s IT applications and infrastructure to find the vulnerabilities a real intruder would exploit. Master pentesters need the skill to identify internal security flaws that would allow a bad actor to compromise file systems, email, databases, and other core components of a modern connected enterprise.

About the book

The Art of Network Penetration Testing is a hands-on guide to running your own penetration test on an enterprise network. After setting up a virtual environment to use as your lab, you’ll work step-by-step through every stage of a professional pentest, from information gathering to seizing control of a vulnerable system. You’ll learn a repeatable process you can use to identify valuable targets within a typical enterprise environment, perform controlled exploitation of critical security weaknesses, elevate network level privileges, and pivot laterally through the network. Finally, you’ll learn how to write up your findings in a clear and actionable report, to ensure a system can be protected against the weaknesses you’ve identified.

What's inside

  • Set up a virtual pentest lab using Ubuntu Linux
  • Identify internal weaknesses on compromised systems
  • Exploit network vulnerabilities to compromise Windows and Linux
  • Establish persistent re-entry back into compromised targets
  • Elevate your privileges to become a domain administrator

About the reader

For system administrators, network professionals, beginning pentesters, and security consultants.

About the author

Royce Davis is a security consultant with over a decade of professional experience. He has orchestrated hundreds of penetration tests, helping to secure many of the largest companies in the world.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $49.99 pBook + eBook + liveBook
MEAP eBook $39.99 pdf + ePub + kindle + liveBook
Prices displayed in rupees will be charged in USD when you check out.

placing your order...

Don't refresh or navigate away from the page.

FREE domestic shipping on three or more pBooks