Penetration Testing: A Survival Guide

Penetration Testing: A Survival Guide

by Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran
Released January 2017
Publisher(s): Packt Publishing
ISBN: 9781787287839

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

A complete pentesting guide facilitating smooth backtracking for working hackers

About This Book

  • Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux

  • Gain a deep understanding of the flaws in web applications and exploit them in a practical manner

  • Pentest Android apps and perform various attacks in the real world using real case studies

    • Who This Book Is For

    This course is for anyone who wants to learn about security. Basic knowledge of Android programming would be a plus.

    What You Will Learn

  • Exploit several common Windows network vulnerabilities

  • Recover lost files, investigate successful hacks, and discover hidden data in innocent-looking files

  • Expose vulnerabilities present in web servers and their applications using server-side attacks

  • Use SQL and cross-site scripting (XSS) attacks

  • Check for XSS flaws using the burp suite proxy

  • Acquaint yourself with the fundamental building blocks of Android Apps in the right way

  • Take a look at how your personal data can be stolen by malicious attackers

  • See how developers make mistakes that allow attackers to steal data from phones

    • In Detail

    The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices.

    The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you'll be introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You'll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.

    The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you'll understand the web application vulnerabilities and the ways they can be exploited.

    In the last module, you'll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You'll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You'll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.

    This Learning Path is a blend of content from the following Packt products:

  • Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver

  • Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari

  • Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

    • Style and approach

    This course uses easy-to-understand yet professional language for explaining concepts to test your network's security.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of contents

    1. Penetration Testing: A Survival Guide
      1. Table of Contents
      2. Penetration Testing: A Survival Guide
      3. Penetration Testing: A Survival Guide
      4. Credits
      5. Preface
        1. What this learning path covers
        2. What you need for this learning path
        3. Who this learning path is for
        4. Reader feedback
        5. Customer support
        6. Downloading the example code
        7. Errata
        8. Piracy
        9. Questions
      6. I. Module 1
        1. 1. Sharpening the Saw
          1. Installing Kali Linux to an encrypted USB drive
            1. Prerequisites for installation
            2. Booting Up
            3. Installing configuration
            4. Setting up the drive
            5. Booting your new installation of Kali
          2. Running Kali from the live CD
          3. Installing and configuring applications
            1. Gedit – the Gnome text editor
            2. Terminator – the terminal emulator for multitasking
            3. EtherApe – the graphical protocol analysis tool
          4. Setting up and configuring OpenVAS
          5. Reporting the tests
            1. KeepNote – the standalone document organizer
            2. Dradis – the web-based document organizer
          6. Running services on Kali Linux
          7. Exploring the Kali Linux Top 10 and more
          8. Summary
        2. 2. Information Gathering and Vulnerability Assessment
          1. Footprinting the network
            1. Exploring the network with Nmap
            2. Zenmap
            3. The difference verbosity makes
            4. Scanning a network range
          2. Where can you find instructions on this thing?
          3. A return to OpenVAS
          4. Using Maltego
          5. Using Unicorn-Scan
          6. Monitoring resource use with Htop
          7. Monkeying around the network
          8. Summary
        3. 3. Exploitation Tools (Pwnage)
          1. Choosing the appropriate time and tool
          2. Choosing the right version of Metasploit
          3. Starting Metasploit
          4. Creating workspaces to organize your attack
          5. Using the hosts and services commands
          6. Using advanced footprinting
            1. Interpreting the scan and building on the result
            2. Exploiting poor patch management
            3. Finding out whether anyone is home
          7. Using the pivot
            1. Mapping the network to pivot
          8. Creating the attack path
            1. Grabbing system on the target
            2. Setting Up the route
            3. Exploring the inner network
            4. Abusing the Windows NET USE command
              1. Adding a Windows user from the command line
          9. Summary
        4. 4. Web Application Exploitation
          1. Surveying the webscape
            1. Concept of Robots.txt
            2. Concept of .htaccess
            3. Quick solutions to cross-site scripting
            4. Reducing buffer overflows
            5. Avoiding SQL injection
          2. Arm yourself with Armitage
            1. Working with a single known host
            2. Discovering new machines with NMap
          3. Zinging Windows servers with OWASP ZAP
            1. Using ZAP as an attack proxy
            2. Reading the ZAP interface
          4. Search and destroy with Burp Suite
            1. Targeting the test subject
            2. Using Burp Suite as a Proxy
              1. Installing the Burp Suite security certificate
            3. Spidering a site with Burp Spider
          5. Summary
        5. 5. Sniffing and Spoofing
          1. Sniffing and spoofing network traffic
          2. Sniffing network traffic
            1. Basic sniffing with tcpdump
            2. More basic sniffing with WinDump (Windows tcpdump)
            3. Packet hunting with Wireshark
              1. Dissecting the packet
              2. Swimming with Wireshark
          3. Spoofing network traffic
            1. Ettercap
              1. Using Ettercap on the command line
          4. Summary
        6. 6. Password Attacks
          1. Password attack planning
            1. Cracking the NTLM code (Revisited)
            2. Password lists
            3. Cleaning a password list
          2. My friend Johnny
          3. John the Ripper (command line)
          4. xHydra
          5. Adding a tool to the main menu in Kali 2.x
          6. Summary
        7. 7. Windows Privilege Escalation
          1. Gaining access with Metasploit
          2. Replacing the executable
          3. Local privilege escalation with a standalone tool
          4. Escalating privileges with physical access
            1. Robbing the Hives with samdump2
            2. Owning the registry with chntpw
          5. Weaseling in with Weevely
            1. Preparing to use Weevely
            2. Creating an agent
            3. Testing Weevely locally
            4. Testing Weevely on a Windows server
              1. Getting help in Weevely
              2. Getting the system info
              3. Using filesystem commands in Weevely
              4. Writing into files
          6. Summary
        8. 8. Maintaining Remote Access
          1. Maintaining access
            1. Covering our tracks
          2. Maintaining access with Ncat
            1. Phoning Home with Metasploit
          3. The Dropbox
          4. Cracking the NAC (Network Access Controller)
          5. Creating a Spear-Phishing Attack with the Social Engineering Toolkit
          6. Using Backdoor-Factory to Evade Antivirus
          7. Summary
        9. 9. Reverse Engineering and Stress Testing
          1. Setting up a test environment
            1. Creating your victim machine(s)
            2. Testing your testing environment
          2. Reverse engineering theory
            1. One general theory of reverse engineering
          3. Working with Boolean logic
            1. Reviewing a while loop structure
            2. Reviewing the for loop structure
              1. Understanding the decision points
          4. Practicing reverse engineering
            1. Demystifying debuggers
              1. Using the Valgrind Debugger to discover memory leaks
              2. Translating your app to assembler with the EDB-Debugger
              3. EDB-Debugger symbol mapper
              4. Running OllyDbg
            2. Introduction to disassemblers
              1. Running JAD
              2. Create your own disassembling code with Capstone
            3. Some miscellaneous reverse engineering tools
              1. Running Radare2
            4. Additional members of the Radare2 tool suite
              1. Running rasm2
              2. Running rahash2
              3. Running radiff2
              4. Running rafind2
              5. Running rax2
          5. Stresstesting Windows
            1. Dealing with Denial
            2. Putting the network under Siege
            3. Configuring your Siege engine
          6. Summary
        10. 10. Forensics
          1. Getting into Digital Forensics
          2. Exploring Guymager
            1. Starting Kali for Forensics
            2. Acquiring a drive to be legal evidence
            3. Cloning With Guymager
          3. Diving into Autopsy
          4. Mounting image files
          5. Summary
      7. II. Module 2
        1. 1. Introduction to Penetration Testing and Web Applications
          1. Proactive security testing
            1. Who is a hacker?
            2. Different testing methodologies
              1. Ethical hacking
              2. Penetration testing
              3. Vulnerability assessment
              4. Security audits
          2. Rules of engagement
            1. Black box testing or Gray box testing
            2. Client contact details
            3. Client IT team notifications
            4. Sensitive data handling
            5. Status meeting
          3. The limitations of penetration testing
          4. The need for testing web applications
          5. Social engineering attacks
            1. Training employees to defeat social engineering attacks
          6. A web application overview for penetration testers
            1. HTTP protocol
            2. Request and response header
              1. The request header
              2. The response header
            3. Important HTTP methods for penetration testing
              1. The GET/POST method
              2. The HEAD method
              3. The TRACE method
              4. The PUT and DELETE methods
              5. The OPTIONS method
            4. Session tracking using cookies
              1. Cookie
              2. Cookie flow between server and client
              3. Persistent and non-persistent cookies
              4. Cookie parameters
            5. HTML data in HTTP response
            6. Multi-tier web application
          7. Summary
        2. 2. Setting up Your Lab with Kali Linux
          1. Kali Linux
            1. Improvements in Kali Linux 2.0
            2. Installing Kali Linux
              1. USB mode
              2. VMware and ARM images of Kali Linux
              3. Kali Linux on Amazon cloud
              4. Installing Kali Linux on a hard drive
            3. Kali Linux-virtualizing versus installing on physical hardware
          2. Important tools in Kali Linux
            1. Web application proxies
              1. Burp proxy
                1. Customizing client interception
                2. Modifying requests on the fly
                3. Burp proxy with SSL-based websites
              2. WebScarab and Zed Attack Proxy
              3. ProxyStrike
            2. Web vulnerability scanner
              1. Nikto
              2. Skipfish
              3. Web Crawler – Dirbuster
              4. OpenVAS
              5. Database exploitation
            3. CMS identification tools
            4. Web application fuzzers
          3. Using Tor for penetration testing
            1. Steps to set up Tor and connect anonymously
            2. Visualization of a web request through Tor
            3. Final words for Tor
          4. Summary
        3. 3. Reconnaissance and Profiling the Web Server
          1. Reconnaissance
            1. Passive reconnaissance versus active reconnaissance
            2. Reconnaissance – information gathering
              1. Domain registration details
                1. Whois – extracting domain information
              2. Identifying hosts using DNS
                1. Zone transfer using dig
                2. Brute force DNS records using Nmap
              3. The Recon-ng tool – a framework for information gathering
                1. Domain enumeration using recon-ng
                  1. Sub-level and top-level domain enumeration
                2. Reporting modules
          2. Scanning – probing the target
            1. Port scanning using Nmap
              1. Different options for port scan
              2. Evading firewalls and IPS using Nmap
              3. Spotting a firewall using back checksum option in Nmap
            2. Identifying the operating system using Nmap
            3. Profiling the server
              1. Application version fingerprinting
                1. The Nmap version scan
                2. The Amap version scan
              2. Fingerprinting the web application framework
                1. The HTTP header
                2. The Whatweb scanner
              3. Identifying virtual hosts
                1. Locating virtual hosts using search engines
                2. The virtual host lookup module in Recon-ng
              4. Identifying load balancers
                1. Cookie-based load balancer
                2. Other ways of identifying load balancers
              5. Scanning web servers for vulnerabilities and misconfigurations
                1. Identifying HTTP methods using Nmap
                2. Testing web servers using auxiliary modules in Metasploit
                3. Automating scanning using the WMAP web scanner plugin
                4. Vulnerability scanning and graphical reports – the Skipfish web application scanner
              6. Spidering web applications
                1. The Burp spider
                2. Application login
          3. Summary
        4. 4. Major Flaws in Web Applications
          1. Information leakage
            1. Directory browsing
              1. Directory browsing using DirBuster
              2. Comments in HTML code
              3. Mitigation
          2. Authentication issues
            1. Authentication protocols and flaws
              1. Basic authentication
              2. Digest authentication
              3. Integrated authentication
              4. Form-based authentication
            2. Brute forcing credentials
              1. Hydra – a brute force password cracker
          3. Path traversal
            1. Attacking path traversal using Burp proxy
              1. Mitigation
          4. Injection-based flaws
            1. Command injection
            2. SQL injection
          5. Cross-site scripting
            1. Attack potential of cross-site scripting attacks
          6. Cross-site request forgery
          7. Session-based flaws
            1. Different ways to steal tokens
              1. Brute forcing tokens
              2. Sniffing tokens and man-in-the-middle attacks
              3. Stealing session tokens using XSS attack
              4. Session token sharing between application and browser
            2. Tools to analyze tokens
            3. Session fixation attack
            4. Mitigation for session fixation
          8. File inclusion vulnerability
            1. Remote file include
            2. Local file include
            3. Mitigation for file inclusion attacks
          9. HTTP parameter pollution
            1. Mitigation
          10. HTTP response splitting
            1. Mitigation
          11. Summary
        5. 5. Attacking the Server Using Injection-based Flaws
          1. Command injection
            1. Identifying parameters to inject data
            2. Error-based and blind command injection
            3. Metacharacters for command separator
            4. Scanning for command injection
              1. Creating a cookie file for authentication
              2. Executing Wapiti
            5. Exploiting command injection using Metasploit
              1. PHP shell and Metasploit
            6. Exploiting shellshock
              1. Overview of shellshock
              2. Scanning – dirb
              3. Exploitation – Metasploit
          2. SQL injection
            1. SQL statements
              1. The UNION operator
              2. The SQL query example
            2. Attack potential of the SQL injection flaw
            3. Blind SQL injection
            4. SQL injection testing methodology
              1. Scanning for SQL injection
              2. Information gathering
            5. Sqlmap – automating exploitation
            6. BBQSQL – the blind SQL injection framework
            7. Sqlsus – MySQL injection
            8. Sqlninja – MS SQL injection
          3. Summary
        6. 6. Exploiting Clients Using XSS and CSRF Flaws
          1. The origin of cross-site scripting
            1. Introduction to JavaScript
          2. An overview of cross-site scripting
          3. Types of cross-site scripting
            1. Persistent XSS
            2. Reflected XSS
            3. DOM-based XSS
              1. Defence against DOM-based XSS
            4. XSS using the POST Method
          4. XSS and JavaScript – a deadly combination
            1. Cookie stealing
            2. Key logger
            3. Website defacing
          5. Scanning for XSS flaws
            1. Zed Attack Proxy
              1. Scoping and selecting modes
              2. Modes of operation
              3. Scan policy and attack
            2. Xsser
              1. Features
            3. W3af
              1. Plugins
              2. Graphical interface
          6. Cross-site request forgery
            1. Attack dependencies
            2. Attack methodology
            3. Testing for CSRF flaws
            4. CSRF mitigation techniques
          7. Summary
        7. 7. Attacking SSL-based Websites
          1. Secure socket layer
            1. SSL in web applications
            2. SSL encryption process
            3. Asymmetric encryption versus symmetric encryption
              1. Asymmetric encryption algorithms
              2. Symmetric encryption algorithm
            4. Hashing for message integrity
            5. Identifying weak SSL implementations
              1. OpenSSL command-line tool
              2. SSLScan
              3. SSLyze
              4. Testing SSL configuration using Nmap
            6. SSL man-in-the-middle attack
              1. SSL MITM tools in Kali Linux
                1. SSLsplit
                2. SSLstrip
                  1. SSL stripping limitations
          2. Summary
        8. 8. Exploiting the Client Using Attack Frameworks
          1. Social engineering attacks
          2. Social engineering toolkit
          3. Spear-phishing attack
          4. Website attack
            1. Java applet attack
            2. Credential harvester attack
            3. Web jacking attack
            4. Metasploit browser exploit
            5. Tabnabbing attack
          5. Browser exploitation framework
            1. Introducing BeEF
            2. BeEF hook injection
              1. Browser reconnaissance
              2. Exploit modules
              3. Host information gathering
              4. Persistence module
              5. Network recon
              6. Inter-protocol exploitation and communication
            3. Exploiting the mutillidae XSS flaw using BeEF
            4. Injecting the BeEF hook using MITM
          6. Summary
        9. 9. AJAX and Web Services – Security Issues
          1. Introduction to AJAX
            1. Building blocks of AJAX
            2. The AJAX workflow
            3. AJAX security issues
              1. Increase in attack surface
              2. Exposed programming logic of the application
              3. Insufficient access control
            4. Challenges of pentesting AJAX applications
            5. Crawling AJAX applications
              1. AJAX crawling tool
              2. Sprajax
              3. AJAX spider – OWASP ZAP
            6. Analyzing client-side code – Firebug
              1. The Script panel
              2. The Console panel
              3. The Network panel
          2. Web services
            1. Introducing SOAP and RESTful web services
            2. Securing web services
              1. Insecure direct object reference vulnerability
          3. Summary
        10. 10. Fuzzing Web Applications
          1. Fuzzing basics
          2. Types of fuzzing techniques
            1. Mutation fuzzing
            2. Generation fuzzing
            3. Applications of fuzzing
              1. Network protocol fuzzing
              2. File fuzzing
              3. User interface fuzzing
              4. Web application fuzzing
              5. Web browser fuzzing
            4. Fuzzer frameworks
            5. Fuzzing steps
            6. Testing web applications using fuzzing
              1. Fuzzing input in web applications
                1. Request URI
                2. Headers
                3. Form fields
              2. Detecting result of fuzzing
            7. Web application fuzzers in Kali Linux
              1. Fuzzing using Burp intruder
              2. PowerFuzzer tool
          3. Summary
      8. III. Module 3
        1. 1. Setting Up the Lab
          1. Installing the required tools
            1. Java
          2. Android Studio
          3. Setting up an AVD
            1. Real device
            2. Apktool
            3. Dex2jar/JD-GUI
            4. Burp Suite
          4. Configuring the AVD
            1. Drozer
              1. Prerequisites
            2. QARK (No support for windows)
              1. Getting ready
            3. Advanced REST Client for Chrome
            4. Droid Explorer
            5. Cydia Substrate and Introspy
            6. SQLite browser
            7. Frida
              1. Setting up Frida server
              2. Setting up frida-client
                1. Testing the setup
            8. Vulnerable apps
            9. Kali Linux
          5. ADB Primer
            1. Checking for connected devices
            2. Getting a shell
            3. Listing the packages
            4. Pushing files to the device
            5. Pulling files from the device
            6. Installing apps using adb
            7. Troubleshooting adb connections
          6. Summary
        2. 2. Android Rooting
          1. What is rooting?
            1. Why would we root a device?
            2. Advantages of rooting
              1. Unlimited control over the device
              2. Installing additional apps
              3. More features and customization
            3. Disadvantages of rooting
              1. It compromises the security of your device
              2. Bricking your device
              3. Voids warranty
          2. Locked and unlocked boot loaders
            1. Determining boot loader unlock status on Sony devices
            2. Unlocking boot loader on Sony through a vendor specified method
            3. Rooting unlocked boot loaders on a Samsung device
          3. Stock recovery and Custom recovery
            1. Prerequisites
          4. Rooting Process and Custom ROM installation
            1. Installing recovery softwares
              1. Using Odin
              2. Using Heimdall
          5. Rooting a Samsung Note 2
          6. Flashing the Custom ROM to the phone
          7. Summary
        3. 3. Fundamental Building Blocks of Android Apps
          1. Basics of Android apps
            1. Android app structure
              1. How to get an APK file?
            2. Storage location of APK files
              1. /data/app/
              2. /system/app/
              3. /data/app-private/
                1. Example of extracting preinstalled apps
                2. Example of extracting user installed apps
          2. Android app components
            1. Activities
            2. Services
            3. Broadcast receivers
            4. Content providers
            5. Android app build process
          3. Building DEX files from the command line
          4. What happens when an app is run?
            1. ART – the new Android Runtime
          5. Understanding app sandboxing
            1. UID per app
            2. App sandboxing
            3. Is there a way to break out of this sandbox?
          6. Summary
        4. 4. Overview of Attacking Android Apps
          1. Introduction to Android apps
            1. Web Based apps
            2. Native apps
            3. Hybrid apps
          2. Understanding the app's attack surface
            1. Mobile application architecture
          3. Threats at the client side
          4. Threats at the backend
          5. Guidelines for testing and securing mobile apps
            1. OWASP Top 10 Mobile Risks (2014)
            2. M1: Weak Server-Side Controls
            3. M2: Insecure Data Storage
            4. M3: Insufficient Transport Layer Protection
            5. M4: Unintended Data Leakage
            6. M5: Poor Authorization and Authentication
            7. M6: Broken Cryptography
            8. M7: Client-Side Injection
            9. M8: Security Decisions via Untrusted Inputs
            10. M9: Improper Session Handling
            11. M10: Lack of Binary Protections
          6. Automated tools
            1. Drozer
            2. Performing Android security assessments with Drozer
              1. Installing testapp.apk
              2. Listing out all the modules
              3. Retrieving package information
          7. Identifying the attack surface
            1. Identifying and exploiting Android app vulnerabilities using Drozer
              1. Attacks on exported activities
                1. What is the problem here?
          8. QARK (Quick Android Review Kit)
            1. Running QARK in interactive mode
              1. Reporting
            2. Running QARK in seamless mode:
          9. Summary
        5. 5. Data Storage and Its Security
          1. What is data storage?
            1. Android local data storage techniques
              1. Shared preferences
              2. SQLite databases
              3. Internal storage
              4. External storage
          2. Shared preferences
            1. Real world application demo
          3. SQLite databases
          4. Internal storage
          5. External storage
          6. User dictionary cache
          7. Insecure data storage – NoSQL database
            1. NoSQL demo application functionality
          8. Backup techniques
            1. Backup the app data using adb backup command
            2. Convert .ab format to tar format using Android backup extractor
            3. Extracting the TAR file using the pax or star utility
            4. Analyzing the extracted content for security issues
          9. Being safe
          10. Summary
        6. 6. Server-Side Attacks
          1. Different types of mobile apps and their threat model
          2. Mobile applications server-side attack surface
            1. Mobile application architecture
          3. Strategies for testing mobile backend
            1. Setting up Burp Suite Proxy for testing
              1. Proxy setting via APN
              2. Proxy setting via Wi-Fi
              3. Bypass certificate warnings and HSTS
                1. HSTS – HTTP Strict Transport Security
            2. Bypassing certificate pinning
            3. Bypass SSL pinning using AndroidSSLTrustKiller
              1. Setting up a demo application
                1. Installing OWASP GoatDroid
            4. Threats at the backend
              1. Relating OWASP top 10 mobile risks and web attacks
              2. Authentication/authorization issues
                1. Authentication vulnerabilities
                2. Authorization vulnerabilities
              3. Session management
              4. Insufficient Transport Layer Security
              5. Input validation related issues
              6. Improper error handling
              7. Insecure data storage
              8. Attacks on the database
          4. Summary
        7. 7. Client-Side Attacks – Static Analysis Techniques
          1. Attacking application components
            1. Attacks on activities
              1. What does exported behavior mean to an activity?
              2. Intent filters
            2. Attacks on services
              1. Extending the Binder class:
              2. Using a Messenger
              3. Using AIDL
              4. Attacking AIDL services
            3. Attacks on broadcast receivers
            4. Attacks on content providers
              1. Querying content providers:
              2. Exploiting SQL Injection in content providers using adb
                1. Querying the content provider
                2. Writing a where condition:
            5. Testing for Injection:
              1. Finding the column numbers for further extraction
              2. Running database functions
              3. Finding out SQLite version:
              4. Finding out table names
          2. Static analysis using QARK:
          3. Summary
        8. 8. Client-Side Attacks – Dynamic Analysis Techniques
          1. Automated Android app assessments using Drozer
            1. Listing out all the modules
            2. Retrieving package information
            3. Finding out the package name of your target application
            4. Getting information about a package
            5. Dumping the AndroidManifes.xml file
            6. Finding out the attack surface:
            7. Attacks on activities
            8. Attacks on services
            9. Broadcast receivers
            10. Content provider leakage and SQL Injection using Drozer
            11. Attacking SQL Injection using Drozer
            12. Path traversal attacks in content providers
              1. Reading /etc/hosts
              2. Reading kernel version
            13. Exploiting debuggable apps
          2. Introduction to Cydia Substrate
          3. Runtime monitoring and analysis using Introspy
          4. Hooking using Xposed framework
          5. Dynamic instrumentation using Frida
            1. What is Frida?
              1. Prerequisites
              2. Steps to perform dynamic hooking with Frida
          6. Logging based vulnerabilities
          7. WebView attacks
            1. Accessing sensitive local resources through file scheme
            2. Other WebView issues
          8. Summary
        9. 9. Android Malware
          1. What do Android malwares do?
          2. Writing Android malwares
            1. Writing a simple reverse shell Trojan using socket programming
          3. Registering permissions
            1. Writing a simple SMS stealer
              1. The user interface
                1. Code for MainActivity.java
                2. Code for reading SMS
                3. Code for the uploadData() method
                4. Complete code for MainActivity.java
              2. Registering permissions
              3. Code on the server
              4. A note on infecting legitimate apps
          4. Malware analysis
            1. Static analysis
              1. Disassembling Android apps using Apktool
                1. Exploring the AndroidManifest.xml file
                2. Exploring smali files
              2. Decompiling Android apps using dex2jar and JD-GUI
            2. Dynamic analysis
              1. Analyzing HTTP/HTTPS traffic using Burp
              2. Analysing network traffic using tcpdump and Wireshark
          5. Tools for automated analysis
            1. How to be safe from Android malwares?
          6. Summary
        10. 10. Attacks on Android Devices
          1. MitM attacks
          2. Dangers with apps that provide network level access
          3. Using existing exploits
          4. Malware
          5. Bypassing screen locks
            1. Bypassing pattern lock using adb
              1. Removing the gesture.key file
              2. Cracking SHA1 hashes from the gesture.key file
            2. Bypassing password/PIN using adb
            3. Bypassing screen locks using CVE-2013-6271
          6. Pulling data from the sdcard
          7. Summary
      9. A. Bibliography
      10. Index

    Product information

    • Title: Penetration Testing: A Survival Guide
    • Author(s): Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran
    • Release date: January 2017
    • Publisher(s): Packt Publishing
    • ISBN: 9781787287839