PowerShell for Penetration Testing: Explore the capabilities of PowerShell for pentesters across multiple platforms / PowerShell для тестирования на проникновение: Изучите возможности PowerShell для пентестеров на нескольких платформах. Год издания: 2024 Автор: Blyth Andrew / Блит Эндрю Издательство: Packt Publishing ISBN: 978-1-83508-245-4 Язык: Английский Формат: PDF/EPUB Качество: Издательский макет или текст (eBook) Интерактивное оглавление: Да Количество страниц: 298 Описание: A practical guide to vulnerability assessment and mitigation with PowerShell Key Features Leverage PowerShell's unique capabilities at every stage of the Cyber Kill Chain, maximizing your effectiveness Perform network enumeration techniques and exploit weaknesses with PowerShell's built-in and custom tools Learn how to conduct penetration testing on Microsoft Azure and AWS environments Book Description PowerShell for Penetration Testing is a comprehensive guide designed to equip you with the essential skills you need for conducting effective penetration tests using PowerShell. You'll start by laying a solid foundation by familiarizing yourself with the core concepts of penetration testing and PowerShell scripting. In this part, you'll get up to speed with the fundamental scripting principles and their applications across various platforms. You'll then explore network enumeration, port scanning, exploitation of web services, databases, and more using PowerShell tools. Hands-on exercises throughout the book will solidify your understanding of concepts and techniques. Extending the scope to cloud computing environments, particularly MS Azure and AWS, this book will guide you through conducting penetration tests in cloud settings, covering governance, reconnaissance, and networking intricacies. In the final part, post-exploitation techniques, including command-and-control structures and privilege escalation using PowerShell, will be explored. This section encompasses post-exploitation activities on both Microsoft Windows and Linux systems. By the end of this book, you'll have covered concise explanations, real-world examples, and exercises that will help you seamlessly perform penetration testing techniques using PowerShell. What you will learn Get up to speed with basic and intermediate scripting techniques in PowerShell Automate penetration tasks, build custom scripts, and conquer multiple platforms Explore techniques to identify and exploit vulnerabilities in network services using PowerShell Access and manipulate web-based applications and services with PowerShell Find out how to leverage PowerShell for Active Directory and LDAP enumeration and exploitation Conduct effective pentests on cloud environments using PowerShell's cloud modules Who this book is for This book is for aspiring and intermediate pentesters as well as other cybersecurity professionals looking to advance their knowledge. Anyone interested in PowerShell scripting for penetration testing will also find this book helpful. A basic understanding of IT systems and some programming experience will help you get the most out of this book. Практическое руководство по оценке уязвимостей и смягчению их последствий с помощью PowerShell Kлючевые функции Используйте уникальные возможности PowerShell на каждом этапе цепочки кибератак, повышая свою эффективность Применяйте методы сетевого учета и устраняйте слабые места с помощью встроенных и пользовательских инструментов PowerShell Узнайте, как проводить тестирование на проникновение в средах Microsoft Azure и AWS Описание книги PowerShell для тестирования на проникновение - это подробное руководство, разработанное для того, чтобы дать вам необходимые навыки для проведения эффективных тестов на проникновение с помощью PowerShell. Вы начнете с создания прочного фундамента, ознакомившись с основными концепциями тестирования на проникновение и написания сценариев PowerShell. В этой части вы познакомитесь с основными принципами создания сценариев и их применением на различных платформах. Затем вы познакомитесь с перечислением сетей, сканированием портов, использованием веб-служб, баз данных и многим другим с помощью инструментов PowerShell. Практические упражнения, приведенные в книге, укрепят ваше понимание концепций и методов. В этой книге, расширяющей сферу применения облачных вычислительных сред, в частности MS Azure и AWS, вы узнаете о проведении тестов на проникновение в облачные среды, а также о тонкостях управления, разведки и сетевого взаимодействия. В заключительной части будут рассмотрены методы постэксплуатации, в том числе структуры управления и переподготовки, а также повышение привилегий с помощью PowerShell. В этом разделе описываются действия после эксплуатации в системах Microsoft Windows и Linux. К концу этой книги вы ознакомитесь с краткими объяснениями, примерами из реальной жизни и упражнениями, которые помогут вам без проблем выполнять методы тестирования на проникновение с помощью PowerShell. Чему вы научитесь Познакомьтесь с основными и промежуточными методами написания сценариев в PowerShell Автоматизируйте задачи проникновения, создавайте пользовательские сценарии и покоряйте различные платформы Изучите методы выявления и использования уязвимостей в сетевых службах с помощью PowerShell Получите доступ к веб-приложениям и службам и управляйте ими с помощью PowerShell Узнайте, как использовать PowerShell для перечисления и использования Active Directory и LDAP Проводите эффективные пентесты в облачных средах с использованием облачных модулей PowerShell Для кого предназначена эта книга Эта книга предназначена для начинающих пентестеров и тестировщиков среднего уровня, а также для других специалистов в области кибербезопасности, желающих расширить свои знания. Эта книга также будет полезна всем, кто интересуется разработкой сценариев PowerShell для тестирования на проникновение. Базовые знания об ИТ-системах и некоторый опыт программирования помогут вам извлечь максимальную пользу из этой книги.
Примеры страниц (скриншоты)
Оглавление
Preface xix Part 1: Introduction to Penetration Testing and PowerShell 1 Introduction to Penetration Testing 3 What is penetrating testing? 3 Stakeholders 4 Ethical, legal, and regulatory requirements 5 Managing and executing a penetration test 7 Using the cyber kill chain 8 Standards in penetration testing 9 Report writing 10 Summary 11 2 Programming Principles in PowerShell 13 Basic concepts of PowerShell and pipelines in PowerShell 14 JSON in PowerShell 19 Retrieving JSON data from web APIs 19 Parsing JSON data 19 JSON manipulation for payloads 20 Interacting with JSON from files 20 Web scraping and data extraction 21 XML in PowerShell 21 Reading and parsing XML files 22 Extracting information from XML nodes 22 Modifying XML data 23 Crafting XML payloads 23 XML injection testing 24 COM, WMI, and .NET in PowerShell 24 Using WMI for system information gathering 25 Querying WMI for network information 25 Interacting with COM objects 26 Using .NET for cryptographic operations 26 Using .NET for network operations 27 Analyzing .NET assemblies for vulnerabilities 27 Summary 28 Part 2: Identification and Exploitation 3 Network Services and DNS 31 Network services 31 TCP/IP network services 32 The IP addresses 32 The TCP/UDP port numbers 33 The OSI stack 33 DNS and types of DNS queries 34 DNS overview 34 Types of DNS queries 35 DNS and PowerShell 36 Summary 42 4 Network Enumeration and Port Scanning 43 Network enumeration using PowerShell 43 TCP port scanning using PowerShell 44 Single port scanning with Test-NetConnection 45 Multiple port scanning with Test-NetConnection 45 Enumerating open ports with Test-NetConnection 46 Single port scanning with .NET 46 Multiple port scanning with .NET 47 Enumerating all open ports with .NET 47 UDP port scanning using PowerShell 48 Using PowerShell tools for port scanning 48 Summary 49 5 The WEB, REST, and SOAP 51 PowerShell and the web 51 Web application security testing with PowerShell 52 REST application security testing with PowerShell 53 SOAP application security testing with PowerShell 53 Encoding JSON and XML in PowerShell 54 Encoding JSON in PowerShell 54 Decoding JSON in PowerShell 55 Encoding XML in PowerShell 55 Decoding XML in PowerShell 56 PowerShell and REST 56 OWASP analysis – injection 56 OWASP analysis – broken authentication 57 OWASP analysis – sensitive data exposure 57 OWASP analysis – XML External Entities (XXE) 57 OWASP analysis – broken access control 57 OWASP analysis – security misconfiguration 58 OWASP analysis – Cross-Site Scripting (XSS) 58 OWASP analysis – Cross-Site Request Forgery (CSRF) 58 OWASP analysis – unvalidated redirects and forwards 59 OWASP analysis – insecure deserialization 59 PowerShell and SOAP 59 OWASP analysis – injection 59 OWASP analysis – XXE 60 OWASP analysis – authentication bypass 61 OWASP analysis – insecure deserialization 61 OWASP analysis – unvalidated redirects and forwards 62 Summary 63 6 SMB, Active Directory, LDAP and Kerberos 65 PowerShell and SMB 66 Enumerating SMB shares 66 An SMB version assessment 66 Testing for weak passwords 66 SMB vulnerability scanning 67 Assessing SMB signing and encryption 67 The enumeration of active SMB sessions 68 Checking for guest access 68 Evaluating share permissions 68 SMB session monitoring 68 Automated ransomware detection 69 PowerShell, AD, and LDAP 69 The enumeration of active directory objects 70 Assessing user account security 70 Identifying inactive user accounts 70 Auditing group memberships 71 Identifying privileged accounts 71 Auditing password policy 71 Assessing LDAP permissions 71 Testing LDAP authentication 72 Identifying unsecured LDAP ports 72 Monitoring LDAP traffic 72 Testing LDAP with LDAPS 73 Identifying anomalies with PowerShell scripts 73 PowerShell and Kerberos 73 The enumeration of Kerberos tickets 74 Service Principal Name (SPN) enumeration 74 Credential harvesting with Mimikatz 74 Detecting golden ticket attacks 75 Kerberos ticket renewal analysis 75 Analyzing event logs 75 Password spray attacks 75 Summary 76 7 Databases: MySQL, PostgreSQL, and MSSQL 77 Accessing SQL databases using PowerShell 78 PowerShell and MySQL 78 Introduction to PowerShell and MySQL 78 Connecting to MySQL with PowerShell 78 Vulnerability assessment 81 Penetration testing 81 Access control verification 82 Security policy testing 83 Data protection and encryption 83 Logging and monitoring 84 PowerShell and PostgreSQL 84 Introduction to PowerShell and PostgreSQL 85 Connecting to PostgreSQL with PowerShell 85 Vulnerability assessment 89 Penetration testing 91 Access control verification 92 Security policy testing 94 Data protection and encryption 96 Logging and monitoring 98 PowerShell and Microsoft SQL (MSSQL) 99 Vulnerability assessment 100 Penetration testing 101 Access control verification 105 Security policy testing 106 Data protection and encryption 107 Logging and monitoring 108 Summary 109 8 Email Services: Exchange, SMTP, IMAP, and POP 111 PowerShell and Exchange 112 Enumeration with PowerShell 113 Autodiscover enumeration 113 Exploitation with PowerShell 113 PowerShell and SMTP 115 Enumeration with PowerShell 115 Exploitation with PowerShell 116 PowerShell and IMAP 118 Vulnerabilities in IMAP servers 118 Establishing an IMAP connection 119 Scanning for IMAP servers 119 PowerShell and POP 121 Port identification 121 Authentication checks 121 Brute-forcing 122 Banner grabbing 123 Summary 123 9 PowerShell and FTP, SFTP, SSH, and TFTP 125 PowerShell and FTP 126 Banner grabbing for FTP 126 Connecting to an FTP server 126 Brute-forcing authentication of an FTP connection 127 Anonymous access check 127 SSL/TLS support for an FTP server 127 Listing files on the FTP server 128 Uploading a file to an FTP server 128 Downloading a file from an FTP server 128 Strong password policies for FTP 129 Firewall and access control lists for FTP 130 PowerShell and TFTP 130 Identifying the TFTP server 130 Enumerating a TFTP server configuration 130 Verifying access controls for TFTP 131 PowerShell and SSH, SCP, and SFTP 131 SSH server configuration assessment 131 Brute-forcing authentication for SSH 132 SSH server access control 132 Reviewing user access 133 SCP server configuration assessment 133 SFTP server configuration assessment 133 Reviewing SFTP configuration 133 Security auditing tools for SSH 134 User authentication and authorization 134 Monitoring and logging 134 Modules 134 Summary 137 10 Brute Forcing in PowerShell 139 Brute forcing, in general, using PowerShell 140 Automated scripting 140 Password list attacks 141 Dictionary attacks 141 Credential stuffing 141 Rate limiting and stealth 141 Brute forcing FTP using PowerShell 142 Setting up the environment 142 Creating credential lists 142 FTP login attempt script 142 Handling FTP server responses 143 Rate limiting and stealth 144 Logging and reporting 144 Brute forcing SSH using PowerShell 145 Setting up the environment 145 Creating credential lists 145 SSH login attempt script 145 Handling SSH server responses 146 Rate limiting and stealth 146 Logging and reporting 147 Brute forcing web services using PowerShell 147 Understanding the web service 147 Setting up the environment 148 Installing required modules 148 Creating credential lists 148 Web service authentication 148 Handling web service responses 150 Rate limiting and stealth 151 Logging and reporting 151 Adapting to web service specifics 151 Handling CAPTCHA and multifactor authentication 152 Iterating and refining 152 Bruteforcing a hash 152 Understanding hash brute forcing 152 Setting up the environment 152 Hash types and hashcat 152 PowerShell script for hash brute forcing 153 Customization for different hash algorithms 154 Salting 154 Handling larger character sets and optimizing 154 Summary 154 11 PowerShell and Remote Control and Administration 157 Remote access and PowerShell 157 Enabling PowerShell remoting 158 Configuring WinRM 158 Connecting to a remote machine 158 Executing commands on remote machines 158 Remoting with credentials 159 Configuring trusted hosts 159 Session configuration 160 Parallel remoting 160 PowerShell and remote administration 160 Establishing remote sessions 160 Executing commands on remote machines 161 Remote variable usage 161 Remote script execution 161 Handling background jobs 161 Parallel remoting 162 Remote registry manipulation 162 Remote event log retrieval 162 Remote service management 163 Remote software installation 163 Remoting to Azure virtual machines 163 Remote network configuration 163 Remote user management 164 Security considerations 164 Remote file copy 164 Using PowerShell for SNMP 164 SNMP module installation 165 SNMP agent query 165 SNMP walking 165 SNMP settings 165 SNMP trap handling 166 SNMP bulk requests 166 SNMP monitoring with PowerShell 166 SNMP and PowerShell integration 167 SNMP and graphical interfaces 167 SNMP and logging 168 Summary 168 Part 3: Penetration Testing on Azure and AWS cloud Environments 12 Using PowerShell in Azure 171 Introduction to Azure 172 Azure architecture and governance 172 Azure Policy enforcement 174 Role-based access control (RBAC) 175 Resource tagging 175 Resource locking 175 Azure blueprint deployment 175 Compliance reporting 176 Accessing Azure 176 Install and import the Azure PowerShell module 176 Authenticate and connect to Azure 176 Networking in Azure 177 Resource discovery 178 Virtual network enumeration 178 Subnet analysis 178 Network security group exploration 178 Public IP address enumeration 178 Azure Active Directory (AAD) reconnaissance 179 Service principal enumeration 179 Constructing the network map 179 Identity Management and Role-Based Access Control 180 Gathering information about users and Identity Management 180 Exploring RBAC assignments 180 Reviewing access control settings for resources 180 Modifying RBAC assignments for simulation 181 Automating Identity Management and RBAC analysis 181 Azure Data Storage and permissions 182 Analyzing Azure Data Storage 182 Investigating data permissions 182 Checking RBAC settings 183 Analyzing data security with Azure Key Vault 183 Automating Data Storage and permissions analysis 183 Azure and SQL 184 Analyzing Azure Identity 184 Analyzing Azure SQL 185 Automating Identity and SQL analysis 185 Azure and key vaults 186 Analyzing Azure resources 187 Analyzing Azure Key Vaults 187 Automating the analysis of Azure resources and Key Vaults 188 Azure and virtual machines 188 Azure and Web Services 189 Analyzing Azure resources 190 Analyzing Web Services in Azure 191 Automating the analysis of Azure resources and Web Services 191 Summary 192 13 Using PowerShell in AWS 193 AWS governance and components 194 Accessing AWS and reconnaissance 195 AWS CLI and PowerShell integration 196 AWS Tools for PowerShell 196 AWS service enumeration 196 AWS resource profiling 196 Security group analysis 196 AWS Lambda function assessment 197 CloudTrail analysis 197 AWS credential validation 197 Continuous monitoring 197 Reporting and documentation 197 Networking in AWS 198 Amazon VPC enumeration 198 Subnet discovery 198 Security group assessment 198 Network ACL inspection 198 Elastic load balancer profiling 198 Route table analysis 199 VPN connection assessment 199 Direct Connect 199 Network flow logging 199 DNS configuration inspection 199 S3 bucket access check 200 Monitoring for anomalies 200 Continuous network scanning 200 Reporting and documentation 200 Data storage and S3 buckets 200 Listing all S3 buckets 200 Retrieving the bucket policy 201 Checking bucket permissions 201 Object listing and metadata 201 Downloading objects 201 Versioning checking 201 Server-side encryption assessment 202 Logging configuration 202 S3 bucket replication status 202 Cross-origin resource sharing (CORS) configuration 202 Intelligent-tiering configuration 203 Data classification and tagging 203 Continuous monitoring 203 Reporting and documentation 203 AWS and databases 203 Amazon RDS enumeration 204 Database configuration details 204 Security group analysis 204 IAM database authentication status 204 Database snapshots 204 Amazon Aurora cluster profiling 204 Database parameter groups 205 Database events 205 Encryption assessment 205 Database log files 205 Connection pooling configuration 205 Continuous monitoring 205 Reporting and documentation 206 AWS and security 206 AWS security group analysis 206 IAM user permissions assessment 206 KMS audit 206 AWS CloudTrail analysis 207 Amazon GuardDuty findings 207 AWS Inspector assessment 207 S3 bucket permissions 207 NACL inspections 207 Continuous monitoring 207 Reporting and documentation 208 AWS and containers 208 Amazon Elastic Container Registry (ECR) enumeration 208 Docker image analysis 208 ECS task definition examinations 208 Kubernetes cluster information 209 kubeconfig file validation 209 ECS service analysis 209 Kubernetes Pod inspection 209 Container security scanning 209 ECS task log retrieval 209 Kubernetes RBAC assessment 210 Continuous monitoring 210 ECS Container Insights 210 Reporting and documentation 210 AWS and web services 210 AWS API Gateway enumeration 210 Lambda function analysis 211 CloudFront distribution profiling 211 Amazon S3 website configuration 211 Route 53 DNS record inspection 211 AWS Certificate Manager (ACM) certificates 212 Application Load Balancer (ALB) profiling 212 AWS WAF Web ACL configuration 212 Amazon RDS for web application databases 212 WAF logging 212 AWS X-Ray for tracing 212 Continuous monitoring 213 Reporting and documentation 213 Security headers inspection 213 SSL/TLS configuration assessment 213 Cross-site scripting (XSS) vulnerability testing 213 SQL injection testing 213 Summary 214 Part 4: Post Exploitation and Command and Control 14 Command and Control 217 Post-exploitation, C2, and the cyber kill chain 218 PowerShell components used for C2 218 Cmdlets for network communication 218 Scripting for payload delivery 219 Encoded payloads to evade detection 219 Dynamic code loading with functions 219 DNS tunneling for covert communication 220 Living-off-the-land techniques 220 Using Empire for C2 221 An introduction to PowerShell Empire 221 Generating and delivering payloads 222 Executing commands on compromised systems 222 Post-exploitation modules for advanced tasks 222 Exfiltrating data 223 Web drive-by attacks 223 Evading antivirus detection 223 Dynamic scripting 224 Defensive measures 224 Using Meterpreter and PowerShell for C2 224 An introduction to Meterpreter 224 Setting up the attack environment 225 Exploiting a vulnerability 225 Utilizing Meterpreter 225 Post-exploitation with Meterpreter 225 Integrating PowerShell for enhanced capabilities 226 Obfuscating PowerShell commands 227 Using PowerShell for C2 227 Defensive measures 228 Summary 228 15 Post-Exploitation in Microsoft Windows 229 The role of post-exploitation in Microsoft Windows on a penetration test 230 Post-exploitation on Microsoft Windows 231 Privilege escalation 231 Credential dumping 231 Persistence 231 Lateral movement 232 Data exfiltration 232 Covering tracks 232 Profiling a user with PowerShell on Microsoft Windows 233 User information 233 Running processes 233 Network connections 233 File and directory access 234 Installed software 234 Recent activities 234 File permissions in Microsoft Windows 234 Viewing file permissions 235 Granting file permissions 235 Modifying file permissions 235 Revoking file permissions 236 Using PowerShell for privilege escalation on Microsoft Windows 236 Checking the current user’s privileges 236 Enumerating local administrators 237 Exploiting unquoted service paths 237 Exploiting insecure service permissions 237 DLL hijacking 238 Registry manipulation 238 Exploiting weak folder permissions 239 Scheduled task exploitation 239 Exploiting unattended installations 239 Summary 240 16 Post-Exploitation in Linux 241 The role of post-exploitation in Linux on a penetration test 242 Post-exploitation on Linux 243 Establishing persistence 243 Privilege escalation 243 Enumerating users and groups 243 Network enumeration 244 File and directory enumeration 244 Data exfiltration 244 Covering tracks 245 Profiling a user with PowerShell in Linux 245 User information 245 Running processes 245 Network connections 246 File and directory access 246 Installed software 246 Recent activities 246 Data exfiltration 247 File permissions in Linux 247 Viewing file permissions 247 Granting file permissions 248 Modifying file permissions 248 Revoking file permissions 248 Changing ownership 249 Checking effective permissions 249 Inheriting permissions 249 Checking Access Control Lists (ACLs) 249 Using PowerShell for privilege escalation in Linux 250 Checking the current user’s privileges 250 Enumerating local groups and users 250 Checking sudo configuration 251 Checking executable file permissions 251 Exploiting weak service configurations 251 Exploiting crontab entries 252 Exploiting world-writable directories 252 DLL hijacking 252 Password files and sensitive information 253 Exploiting wildcard injection 253 Exploiting setuid and setgid binaries 253 Exploiting environment variables 253 Index 255 Other Books You May Enjoy 272
Blyth Andrew / Блит Эндрю - PowerShell for Penetration Testing / PowerShell для тестирования на проникновение [2024, PDF/EPUB, ENG] download torrent for free and without registration
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}
