and Communication
Communicating During a PenTest
Findings and Remediations
Focusing Your Remediation Strategies
Writing and Handling the Pentest Report
Delivering the Report and Post-Report Activities
Lab Exercises
Reviewing Key Concepts
Prep Test
Answers
9 Part 4: Appendixes Appendix A: PenTest+ Exam Details CompTIA PenTest+ Certification and Why You Need It Checking Out the Exam and Its Objectives Using This Book to Prepare for the Exam Making Arrangements to Take the Exam The Day the Earth Stood Still: Exam Day Appendix B: CompTIA PenTest+ Exam Reference Matrix 2018 PenTest+ Exam Objectives — PT0-001 Appendix C: Lab Setup Setting Up the Virtual Machines Obtaining the Software Needed
10 Index
List of Tables
1 Chapter 1TABLE 1-1 PCI DSS Best Practices Requirements
2 Chapter 2TABLE 2-1 A Sample Pentest Schedule
3 Chapter 4TABLE 4-1 Values of the Access Vector (AV) MetricTABLE 4-2 Values of the Attack Complexity (AC) MetricTABLE 4-3 Values of the Authentication (Au) MetricTABLE 4-4 Values of the Confidentiality (C) MetricTABLE 4-5 Values of the Integrity (I) MetricTABLE 4-6 Values of the Availability (A) Metric
4 Chapter 5TABLE 5-1 Metasploit Exploit Rankings
5 Chapter 6TABLE 6-1 2.4 GHz Frequency RangesTABLE 6-2 Wireless Network Standards
6 Chapter 7TABLE 7-1 A Sample Race ConditionTABLE 7-2 Synchronized Logic to Prevent a Race Condition
7 Chapter 10TABLE 10-1 Comparison Operators in Different Scripting Languages
8 Appendix ATABLE A-1 PenTest+ Exam InformationTABLE A-2 CompTIA PenTest+ Exam Domains (PT0-001)
List of Illustrations
1 Chapter 1FIGURE 1-1: The adversary tier. FIGURE 1-2: The CompTIA penetration testing process.
2 Chapter 2FIGURE 2-1: Encrypting a file in Windows Explorer with Gpg4win.
3 Chapter 3FIGURE 3-1: Using Network Solutions to perform a Whois search.FIGURE 3-2: Performing a Whois search in Kali Linux.FIGURE 3-3: Using theHarvester in Kali Linux to collect contact information.FIGURE 3-4: Using Shodan to identify systems and devices on the Internet.FIGURE 3-5: A sample recon-ng HTML report.FIGURE 3-6: Using Censys search to identify hosts and ports open.FIGURE 3-7: Using nslookup to resolve an FQDN to an IP address.FIGURE 3-8: Using nslookup to locate mail servers.FIGURE 3-9: Using dig to query DNS.FIGURE 3-10: Adding +short in dig keeps the output clean.FIGURE 3-11: Retrieving the email server list with dig.FIGURE 3-12: Using netdiscover to identify hosts on the network.FIGURE 3-13: Using Nmap switch -sP to do a ping sweep.FIGURE 3-14: Performing a full connect scan with the -sT switch.FIGURE 3-15: Identifying the version of software with the -sV switch.FIGURE 3-16: Performing OS fingerprinting with Nmap switch -O.FIGURE 3-17: Using Zenmap to identify hosts on the network.
4 Chapter 4FIGURE 4-1: Choosing a vulnerability scan type in Nessus.FIGURE 4-2: Download the 64-bit Kali Linux edition.FIGURE 4-3: Installing Nessus on Kali Linux.FIGURE 4-4: Starting the Nessus dameon.FIGURE 4-5: Entering the activation code for Nessus.FIGURE 4-6: The Nessus main screen.FIGURE 4-7: Choosing a scan template.FIGURE 4-8: Credentials can be supplied to perform a scan within a security con...FIGURE 4-9: Plug-ins specify the types of checks to perform.FIGURE 4-10: Viewing the vulnerability scan results.FIGURE 4-11: Viewing the list of vulnerabilities for a host.FIGURE 4-12: Reading the details of a specific vulnerability.FIGURE 4-13: Viewing the remediation steps to a vulnerability.FIGURE 4-14: Determining if exploits exist for a vulnerability.FIGURE 4-15: Determining what exploit to use.FIGURE 4-16: CVSS base score metrics.
5 Chapter 5FIGURE 5-1: Identifying the tool to use to exploit a vulnerability.FIGURE 5-2: Metasploit has a number of preinstalled exploits.FIGURE 5-3: Searching for an exploit.FIGURE 5-4: Selecting an exploit.FIGURE 5-5: Using the show options command to see a list of options.FIGURE 5-6: Verifying your settings.FIGURE 5-7: Running the exploit.FIGURE 5-8: You have shell access to the system.FIGURE 5-9: Setting up a reverse TCP listener.FIGURE 5-10: Taking a screenshot of the victim’s system.FIGURE 5-11: Using SET to clone a website.FIGURE 5-12: Viewing credentials collected using SET.FIGURE 5-13: Launching BeEF and the hook URL.FIGURE 5-14: Using the BeEF UI to execute exploits.FIGURE 5-15: Looking at the captured logon information.FIGURE 5-16: Using an exploit database.FIGURE 5-17: Looking at exploit details.FIGURE 5-18: SSL stripping to bypass HTTPS.FIGURE 5-19: Using SETH to capture RDP credentials.FIGURE 5-20: Cracking Windows passwords with John the Ripper.
6 Chapter 6FIGURE 6-1: Overlapping frequencies in the 2.4 GHz frequency range.FIGURE 6-2: A wireless access point is used to allow wireless client to connect...FIGURE 6-3: A BSS is a wireless network with a single access point configured w...FIGURE 6-4: Wireless clients can roam the network when the network is an ESS co...FIGURE 6-5: Using Aireplay-ng to deauthenticate a wireless client.FIGURE 6-6: Discovering wireless networks with Airodump-ng.FIGURE 6-7: Capturing traffic on the wireless network.FIGURE 6-8: Associating with the access point.FIGURE 6-9: Using Aircrack-ng.FIGURE 6-10: Using wash to identify WPS devices.FIGURE 6-11: Using Reaver to crack WPS pin.FIGURE 6-12: Using Wifite to crack wireless networks.
7 Chapter 7FIGURE 7-1: Logon screens
