فهرست مطالب

• Cover
• Title Page
• Copyright
• About the Authors
• About the Technical Reviewer
• Brief Contents
• Contents in Detail
• Acknowledgments
• Introduction
• Chapter 1: Bash Basics
• Environmental Setup
• Exploring the Shell
• Elements of a Bash Script
• Basic Syntax
• Exercise 1: Recording Your Name and the Date
• Summary
• Chapter 2: Flow Control and Text Processing
• Test Operators
• if Conditions
• Functions
• Loops and Loop Controls
• case Statements
• Text Processing and Parsing
• Job Control
• Bash Customizations for Penetration Testers
• Exercise 2: Pinging a Domain
• Summary
• Chapter 3: Setting Up a Hacking Lab
• Security Lab Precautions
• Installing Kali
• The Target Environment
• The Network Architecture
• Managing the Lab
• Accessing Individual Lab Machines
• Installing Additional Hacking Tools
• Assigning Aliases to Hacking Tools
• Summary
• Chapter 4: Reconnaissance
• Creating Reusable Target Lists
• Host Discovery
• Exercise 3: Receiving Alerts About New Hosts
• Port Scanning
• Exercise 4: Organizing Scan Results
• Detecting New Open Ports
• Banner Grabbing
• Summary
• Chapter 5: Vulnerability Scanning and Fuzzing
• Scanning Websites with Nikto
• Exercise 5: Exploring Non-indexed Endpoints
• Brute-Forcing Directories with dirsearch
• Exploring Git Repositories
• Vulnerability Scanning with Nuclei
• Exercise 6: Parsing Nuclei’s Findings
• Fuzzing for Hidden Files
• Assessing SSH Servers with Nmap’s Scripting Engine
• Exercise 7: Combining Tools to Find FTP Issues
• Summary
• Chapter 6: Gaining a Web Shell
• Arbitrary File Upload Vulnerabilities
• Staging Web Shells
• Executing Web Shell Commands
• Exercise 8: Building a Web Shell Interface
• Limitations of Web Shells
• OS Command Injection
• Exercise 9: Building a Command Injection Interface
• Bypassing Command Injection Restrictions
• Summary
• Chapter 7: Reverse Shells
• How Reverse Shells Work
• Executing a Connection
• Bypassing Security Controls
• Spawning TTY Shells with Pseudo-terminal Devices
• Post-exploitation Binary Staging
• Exercise 10: Maintaining a Continuous Reverse Shell Connection
• Initial Access with Brute Force
• Exercise 11: Brute-Forcing an SSH Server
• Summary
• Chapter 8: Local Information Gathering
• The Filesystem Hierarchy Standard
• The Shell Environment
• Users and Groups
• Processes
• The Operating System
• Exercise 12: Writing a Linux Operating System Detection Script
• Login Sessions and User Activity
• Networking
• Software Installations
• Storage
• Logs
• Exercise 13: Recursively Searching for Readable Logfiles
• Kernels and Bootloaders
• Configuration Files
• Scheduled Tasks
• Exercise 14: Writing a Cron Job Script to Find Credentials
• Hardware
• Virtualization
• Automating Information Gathering with LinEnum
• Exercise 15: Adding Custom Functionality to LinEnum
• Summary
• Chapter 9: Privilege Escalation
• What Is Privilege Escalation?
• Linux File and Directory Permissions
• Finding Files Based on Permissions
• Exploiting a SetUID Misconfiguration
• Scavenging for Credentials
• Exercise 16: Brute-Forcing GnuPG Key Passphrases
• Examining the sudo Configuration
• Hijacking Executables via PATH Misconfigurations
• Exercise 17: Maliciously Modifying a Cron Job
• Finding Kernel Exploits
• Attacking Adjacent Accounts
• Privilege Escalation with GTFOBins
• Exercise 18: Mapping GTFOBins Exploits to Local Binaries
• Automating Privilege Escalation
• Summary
• Chapter 10: Persistence
• The Enemies of Persistent Access
• Modifying Service Configurations
• Hooking into Pluggable Authentication Modules
• Exercise 19: Coding a Malicious pam_exec Bash Script
• Generating Rogue SSH Keys
• Repurposing Default System Accounts
• Poisoning Bash Environment Files
• Exercise 20: Intercepting Data via Profile Tampering
• Credential Theft
• Exercise 21: Hijacking Password Utilities
• Distributing Malicious Packages
• Exercise 22: Writing a Malicious Package Installer
• Summary
• Chapter 11: Network Probing and Lateral Movement
• Probing the Corporate Network
• Exercise 23: Scanning Ports Based on Frequencies
• Exploiting Cron Scripts on Shared Volumes
• Exercise 24: Gaining a Reverse Shell on the Backup Server
• Exploiting a Database Server
• Exercise 25: Executing Shell Commands via WordPress
• Compromising a Redis Server
• Exposed Database Files
• Summary
• Chapter 12: Defense Evasion and Exfiltration
• Defensive Controls
• Exercise 26: Auditing Hosts for Landmines
• Concealing Malicious Processes
• Exercise 27: Rotating Process Names
• Dropping Files in Shared Memory
• Disabling Runtime Security Controls
• Manipulating History
• Tampering with Session Metadata
• Concealing Data
• Exercise 28: Writing Substitution Cipher Functions
• Exfiltration
• Sharding Files
• Exercise 29: Sharding and Scheduling Exfiltration
• Summary
• Index
• Back Cover