Kali Linux CTF Blueprints build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux
Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux In Detail As attackers develop more effective and complex ways to compromise computerized systems, penetration testing skills and tools are in high demand. A tester must...
Otros Autores: | |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Birmingham, England :
[Packt] Publishing
2014.
|
Edición: | 1st edition |
Colección: | Community experience distilled.
|
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628252106719 |
Tabla de Contenidos:
- Intro
- Kali Linux CTF Blueprints
- Table of Contents
- Kali Linux CTF Blueprints
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Support files, eBooks, discount offers, and more
- Why subscribe?
- Free access for Packt account holders
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Reading guide
- A warning
- Conventions
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- 1. Microsoft Environments
- Creating a vulnerable machine
- Securing a machine
- Creating a secure network
- Basic requirements
- Setting up a Linux network
- Setting up a Windows network
- Hosting vulnerabilities
- Scenario 1 - warming Adobe ColdFusion
- Setup
- Variations
- Scenario 2 - making a mess with MSSQL
- Setup
- Variations
- Scenario 3 - trivializing TFTP
- Vulnerabilities
- Flag placement and design
- Testing your flags
- Making the flag too easy
- Making your finding too hard
- Alternate ideas
- Post-exploitation and pivoting
- Exploitation guides
- Scenario 1 - traverse the directories like it ain't no thing
- Scenario 2 - your database is bad and you should feel bad
- Scenario 3 - TFTP is holier than the Pope
- Challenge modes
- Summary
- 2. Linux Environments
- Differences between Linux and Microsoft
- The setup
- Scenario 1 - learn Samba and other dance forms
- Setup
- Configuration
- Testing
- Variations
- Information disclosure
- File upload
- Scenario 2 - turning on a LAMP
- Setup
- The PHP
- Variations
- Out-of-date versions
- Login bypass
- SQL injection
- Dangerous PHP
- PHPMyAdmin
- Scenario 3 - destructible distros
- Setup
- Variations
- Scenario 4 - tearing it up with Telnet
- Setup
- Variations
- Default credentials
- Buffer overflows
- Flag placement and design.
- Exploitation guides
- Scenario 1 - smashing Samba
- Scenario 2 - exploiting XAMPP
- Scenario 3 - like a privilege
- Scenario 4 - tampering with Telnet
- Summary
- 3. Wireless and Mobile
- Wireless environment setup
- Software
- Hardware
- Scenario 1 - WEP, that's me done for the day
- Code setup
- Network setup
- Scenario 2 - WPA-2
- Setup
- Scenario 3 - pick up the phone
- Setup
- Important things to remember
- Exploitation guides
- Scenario 1 - rescue the WEP key
- Scenario 2 - potentiating partial passwords
- Scenario 3.1 - be a geodude with geotagging
- Scenario 3.2 - ghost in the machine or man in the middle
- Scenario 3.3 - DNS spoof your friends for fun and profit
- Summary
- 4. Social Engineering
- Scenario 1 - maxss your haxss
- Code setup
- Scenario 2 - social engineering: do no evil
- Setup
- Variations
- Scenario 3 - hunting rabbits
- Core principles
- Potential avenues
- Connecting methods
- Creating an OSINT target
- Scenario 4 - I am a Stegosaurus
- Visual steganography
- Exploitation guides
- Scenario 1 - cookie theft for fun and profit
- Scenario 2 - social engineering tips
- Scenario 3 - exploitation guide
- Scenario 4 - exploitation guide
- Summary
- 5. Cryptographic Projects
- Crypto jargon
- Scenario 1 - encode-ageddon
- Generic encoding types
- Random encoding types
- Scenario 2 - encode + Python = merry hell
- Setup
- Substitution cipher variations
- Scenario 3 - RC4, my god, what are you doing?
- Setup
- Implementations
- Scenario 4 - Hishashin
- Setup
- Hashing variations
- Scenario 5 - because Heartbleed didn't get enough publicity as it is
- Setup
- Variations
- Exploitation guides
- Scenario 1 - decode-alypse now
- Scenario 2 - trans subs and other things that look awkward in your history
- Automatic methods
- Scenario 3 - was that a 1 or a 0 or a 1?.
- Scenario 4 - hash outside of Colorado
- Scenario 5 - bleeding hearts
- Summary
- 6. Red Teaming
- Chapter guide
- Scoring systems
- Setting scenarios
- Reporting
- Reporting example
- Reporting explanation
- CTF-style variations
- DEFCON game
- Physical components
- Attack and defense
- Jeopardy
- Scenario 1 - ladders, why did it have to be ladders?
- Network diagram
- Brief
- Setting up virtual machines
- DMZ
- missileman
- secret1
- secret2
- secret3
- Attack guide
- Variations
- Dummy devices
- Combined OSINT trail
- The missile base scenario summary
- Scenario 2 - that's no network, it's a space station
- Network diagram
- Brief
- Setting up a basic network
- Attack of the clones
- Customizing cloned VMs
- Workstation1
- Workstation2
- Workstation3
- Workstation4
- Workstation5
- Attack guide
- Variations
- The network base scenario summary
- Summary
- A. Appendix
- Further reading
- Recommended competitions
- Existing vulnerable VMs
- Index.