module:1 (information gathering: port scanning)2 module:2 ... · stored (persistent).....65...

Module:1 (Information Gathering: Port Scanning)..........................21- Nmap................................................................2

Introduction.................................................................2Getting Practical............................................................3

2- Netdiscover.........................................................63- Netcat..............................................................84- Masscan.............................................................8

Module:2 (File Transfer Techniques).....................................10Why...................................................................101- FTP................................................................112- TFTP...............................................................123- Netcat.............................................................134- SMB................................................................155- RDP................................................................15

Module:3 (The Metasploit Framework).....................................161- Structure..........................................................162- Information Gathering..............................................173- Vulnerability Scanning.............................................204- Payloads...........................................................215- Exploitation.......................................................226- Meterpreter........................................................23

Functionalities :...........................................................23Module:4 (MITM: Sniffing and Interception)..............................25

1- Wireshark..........................................................252- Ettercap...........................................................30

Information Gathering :.....................................................30Exploitation :..............................................................32

Module:5 (Client Side Attacks)..........................................341- Information Gathering..............................................34

BeEF Framework..............................................................342- Exploitation.......................................................37

Using Public Exploits.......................................................37Metasploit's browser/autopwn................................................37

Module:6 (Privileges Escalation, Persistence & Pivoting)................39Privileges Escalation.................................................391- Unquoted Service Paths.............................................392- Vulnerable Services................................................413- AlwaysInstallElevated..............................................42Persistence...........................................................431- Meterpreter........................................................432- Regular shell......................................................45Pivoting..............................................................461- Static Port Redirection............................................462- Dynamic Port Redirection...........................................48

Module:7 (Password Cracking)............................................53Password Cracking.....................................................531- Online.............................................................532- Dictionary Based (Using Hashcat)...................................53

Module:8 (Web Application Hacking)......................................551- SQL Injection......................................................55

Error based.................................................................55Union based.................................................................56Blind injection.............................................................60

2- Cross-Site Scripting (XSS).........................................62Reflected...................................................................62Detection...................................................................63Exploitation (Stealing the Session ID)......................................64

1

Stored (Persistent).........................................................65Detection...................................................................65Exploitation................................................................66

3- Cross-Site Request Forgery (CSRF)..................................67Detection & Exploitation....................................................67

Module:9 (Buffer Overflows).............................................701- Direct EIP overwrite...............................................702- SEH Bypass.........................................................803- Egg Hunter.........................................................88

Module:10 (Working With Public Exploits)................................921- Bad Return Address.................................................922- Payload Replacement................................................95

Module:11 (Antivirus Evasion & File Backdooring Techniques).............971- Metasploit.........................................................972- Hex...............................................................1003- Assembly Encryption...............................................115

Module:12 (Hacking Embedded Devices)...................................1231- Firmware Extraction and Inspection................................1232- Vulnerability & Exploitation......................................1233- Backdooring.......................................................123

Module:13 (WIFI Cracking)..............................................1241- WEP...............................................................1242- WPA...............................................................1243- WPS...............................................................1244- MAC filtering.....................................................1245- Hidden SSID.......................................................124

2