وبلاگ بلیان

MostUsedWords.com German Frequency Dictionary - Book 4

معرفی کتاب «MostUsedWords.com German Frequency Dictionary - Book 4» نوشتهٔ MostUsedWords.com، منتشرشده توسط نشر 2019 در سال 2019. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more! In the hands of the penetration tester, bash scripting becomes a powerful offensive security tool. In Black Hat Bash, you’ll learn how to use bash to automate tasks, develop custom tools, uncover vulnerabilities, and execute advanced, living-off-the-land attacks against Linux servers. You’ll build a toolbox of bash scripts that will save you hours of manual work. And your only prerequisite is basic familiarity with the Linux operating system. You’ll learn the basics of bash syntax, then set up a Kali Linux lab to apply your skills across each stage of a penetration test—from initial access to data exfiltration. Along the way, you’ll learn how to perform OS command injection, access remote machines, gather information stealthily, and navigate restricted networks to find the crown jewels. Hands-on exercises throughout will have you applying your newfound skills. Key topics covered include: • Bash scripting essentials: From control structures, functions, loops, and text manipulation with grep, awk, and sed. • How to set up your lab: Create a hacking environment with Kali and Docker and install additional tools. • Reconnaissance and vulnerability scanning: Learn how to perform host discovery, fuzzing, and port scanning using tools like Wfuzz, Nmap, and Nuclei. • Exploitation and privilege escalation: Establish web and reverse shells, and maintain continuous access. • Defense evasion and lateral movement: Audit hosts for landmines, avoid detection, and move through networks to uncover additional targets. Whether you’re a pentester, a bug bounty hunter, or a student entering the cybersecurity field, Black Hat Bash will teach you how to automate, customize, and optimize your offensive security strategies quickly and efficiently, with no true sorcery required. Cover Title Page Copyright About the Authors About the Technical Reviewer Brief Contents Contents in Detail Acknowledgments Introduction What Is in This Book The Scripting Exercises How to Use This Book 1. Bash Basics Environmental Setup Accessing the Bash Shell Installing a Text Editor Exploring the Shell Checking Environment Variables Running Linux Commands Elements of a Bash Script The Shebang Line Comments Commands Execution Debugging Basic Syntax Variables Arithmetic Operators Arrays Streams Control Operators Redirection Operators Positional Arguments Input Prompting Exit Codes Exercise 1: Recording Your Name and the Date Summary 2. Flow Control and Text Processing Test Operators if Conditions Linking Conditions Testing Command Success Checking Subsequent Conditions Functions Returning Values Accepting Arguments Loops and Loop Controls while until for break and continue case Statements Text Processing and Parsing Filtering with grep Filtering with awk Editing Streams with sed Job Control Managing the Background and Foreground Keeping Jobs Running After Logout Bash Customizations for Penetration Testers Placing Scripts in Searchable Paths Shortening Commands with Aliases Customizing the ~/.bashrc Profile Importing Custom Scripts Capturing Terminal Session Activity Exercise 2: Pinging a Domain Summary 3. Setting Up a Hacking Lab Security Lab Precautions Installing Kali The Target Environment Installing Docker and Docker Compose Cloning the Book’s Repository Deploying Docker Containers Testing and Verifying the Containers The Network Architecture The Public Network The Corporate Network Kali Network Interfaces The Machines Managing the Lab Shutting Down Removing Rebuilding Accessing Individual Lab Machines Installing Additional Hacking Tools WhatWeb RustScan Nuclei dirsearch Linux Exploit Suggester 2 Gitjacker pwncat LinEnum unix-privesc-check Assigning Aliases to Hacking Tools Summary 4. Reconnaissance Creating Reusable Target Lists Consecutive IP Addresses Possible Subdomains Host Discovery ping Nmap arp-scan Exercise 3: Receiving Alerts About New Hosts Port Scanning Nmap RustScan Netcat Exercise 4: Organizing Scan Results Detecting New Open Ports Banner Grabbing Using Active Banner Grabbing Detecting HTTP Responses Using Nmap Scripts Detecting Operating Systems Analyzing Websites and JSON Summary 5. Vulnerability Scanning and Fuzzing Scanning Websites with Nikto Building a Directory Indexing Scanner Identifying Suspicious robots.txt Entries Exercise 5: Exploring Non-indexed Endpoints Brute-Forcing Directories with dirsearch Exploring Git Repositories Cloning the Repository Viewing Commits with git log Filtering git log Information Inspecting Repository Files Vulnerability Scanning with Nuclei Understanding Templates Writing a Custom Template Applying the Template Running a Full Scan Exercise 6: Parsing Nuclei’s Findings Fuzzing for Hidden Files Creating a Wordlist of Possible Filenames Fuzzing with ffuf Fuzzing with Wfuzz Assessing SSH Servers with Nmap’s Scripting Engine Exercise 7: Combining Tools to Find FTP Issues Summary 6. Gaining a Web Shell Arbitrary File Upload Vulnerabilities Fuzzing for Arbitrary File Uploads Bypassing File Upload Controls Uploading Files with Burp Suite Staging Web Shells Finding Directory Traversal Vulnerabilities Uploading Malicious Payloads Executing Web Shell Commands Exercise 8: Building a Web Shell Interface Limitations of Web Shells Lack of Persistence Lack of Real-Time Responses Limited Functionality OS Command Injection Exercise 9: Building a Command Injection Interface Bypassing Command Injection Restrictions Obfuscation and Encoding Globbing Summary 7. Reverse Shells How Reverse Shells Work Ingress vs. Egress Controls Shell Payloads and Listeners The Communication Sequence Executing a Connection Setting Up a Netcat Listener Crafting a Payload Delivering and Initializing the Payload Executing Commands Listening with pwncat Bypassing Security Controls Encrypting and Encapsulating Traffic Alternating Between Destination Ports Spawning TTY Shells with Pseudo-terminal Devices Python’s pty Module socat Post-exploitation Binary Staging Serving Netcat Uploading Files with pwncat Downloading Binaries from Trusted Sites Exercise 10: Maintaining a Continuous Reverse Shell Connection Initial Access with Brute Force Exercise 11: Brute-Forcing an SSH Server Summary 8. Local Information Gathering The Filesystem Hierarchy Standard The Shell Environment Environment Variables Sensitive Information in Bash Profiles Users and Groups Local Accounts Local Groups Home Folder Access Valid Shells Processes Viewing Process Files Running ps Examining Root Processes The Operating System Exercise 12: Writing a Linux Operating System Detection Script Login Sessions and User Activity Collecting User Sessions Investigating Executed Commands Networking Network Interfaces and Routes Connections and Neighbors Firewall Rules Network Interface Configuration Files Domain Resolvers Software Installations Storage Block Devices The Filesystem Tab File Logs System Logs Application Logs Exercise 13: Recursively Searching for Readable Logfiles Kernels and Bootloaders Configuration Files Scheduled Tasks Cron At Exercise 14: Writing a Cron Job Script to Find Credentials Hardware Virtualization Using Dedicated Tools Living Off the Land Automating Information Gathering with LinEnum Exercise 15: Adding Custom Functionality to LinEnum Summary 9. Privilege Escalation What Is Privilege Escalation? Linux File and Directory Permissions Viewing Permissions Setting Permissions Creating File Access Control Lists Viewing SetUID and SetGID Setting the Sticky Bit Finding Files Based on Permissions Exploiting a SetUID Misconfiguration Scavenging for Credentials Passwords and Secrets Private Keys Exercise 16: Brute-Forcing GnuPG Key Passphrases Examining the sudo Configuration Abusing Text Editor Tricks Downloading Malicious sudoers Files Hijacking Executables via PATH Misconfigurations Exercise 17: Maliciously Modifying a Cron Job Finding Kernel Exploits SearchSploit Linux Exploit Suggester 2 Attacking Adjacent Accounts Privilege Escalation with GTFOBins Exercise 18: Mapping GTFOBins Exploits to Local Binaries Automating Privilege Escalation LinEnum unix-privesc-check MimiPenguin Linuxprivchecker Bashark Summary 10. Persistence The Enemies of Persistent Access Modifying Service Configurations System V systemd Hooking into Pluggable Authentication Modules Exercise 19: Coding a Malicious pam_exec Bash Script Generating Rogue SSH Keys Repurposing Default System Accounts Poisoning Bash Environment Files Exercise 20: Intercepting Data via Profile Tampering Credential Theft Hooking a Text Editor Streaming Executed Commands Forging a Not-So-Innocent sudo Exercise 21: Hijacking Password Utilities Distributing Malicious Packages Understanding DEB Packages Packaging Innocent Software Converting Package Formats with alien Exercise 22: Writing a Malicious Package Installer Summary 11. Network Probing and Lateral Movement Probing the Corporate Network Service Mapping Port Frequencies Exercise 23: Scanning Ports Based on Frequencies Exploiting Cron Scripts on Shared Volumes Verifying Exploitability Checking the User Context Exercise 24: Gaining a Reverse Shell on the Backup Server Exploiting a Database Server Port Forwarding Brute-Forcing with Medusa Backdooring WordPress Running SQL Commands with Bash Exercise 25: Executing Shell Commands via WordPress Compromising a Redis Server Raw CLI Commands Metasploit Exposed Database Files Dumping Sensitive Information Uploading a Web Shell with SQL Summary 12. Defense Evasion and Exfiltration Defensive Controls Endpoint Security Application and API Security Network Security Honeypots Log Collection and Aggregation Exercise 26: Auditing Hosts for Landmines Concealing Malicious Processes Library Preloading Process Hiding Process Masquerading Exercise 27: Rotating Process Names Dropping Files in Shared Memory Disabling Runtime Security Controls Manipulating History Tampering with Session Metadata Concealing Data Encoding Encryption Exercise 28: Writing Substitution Cipher Functions Exfiltration Raw TCP DNS Text Storage Sites Slack Webhooks Sharding Files Number of Lines Size Chunks Exercise 29: Sharding and Scheduling Exfiltration Summary Index Back Cover Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more!Bash is one of the first building blocks that expert penetration testers learn. But every hacker, regardless of experience level, should know their way around a bash shell—its powerful scripting language lets you scale your attacks and write your own tools when others aren’t available. Black Hat Bash will teach you how to harness this essential pentesting skill set through hands-on exercises that use bash scripting to chain commands together, automate critical tasks, craft successful living-off-the-land attacks, and more.Early chapters cover the bash scripting language’s syntax and help you set up a lab environment to test your newfound bash abilities during all stages of the penetration testing process. You’ll soon be automating reconnaissance tasks, performing OS command injection, parsing tool output to extract important information, and maneuvering a restricted network using bash techniques that make your offensive engagements more efficient.This book makes bash easy to learn. And, with its focus on presenting bash in the context of pentesting, you’ll not only learn the language but you’ll also pick up lots of hacking tricks that allow you to use bash right away as your go-to offensive security tool.
دانلود کتاب MostUsedWords.com German Frequency Dictionary - Book 4