Book Review: "Penetration Testing: A Hands-On Introduction to Hacking"
"Penetration Testing: A Hands-On Introduction to Hacking" By Georgia Weidman, is an introduction to the tools and procedures used in the phases of penetration testing and program exploitation. This is an entry level book, which carefully explains each procedure described, making it understandable and repeatable, with industry tools. This book is not a light read however, at roughly 500 pages, it covers a whole lot, from setting up a pen-test lab, the scope of a typical penetration test, social engineering, and even exploit development. The book has high level overviews of the theory of each phase as well as some basic walkthroughs with tools you will use to get the job done. It covers many well known examples, so I think if your already well versed in any particular area you can skip that chapter without too much loss, for example The 'Using Kali Linux' chapter, exploiting ms08_067, or WEP. Overall this is a fantastic introduction to many of the subjects in penetration testing, I'd recommend this for those looking to get into penetration and largly unfamiliar with many of the techniques. This book is probably a little too slow for a penetration tester with experience in these subjects, as it starts off very slow but does get into some fascinating topics by the end. I give this book 5 / 10 stars, despite being a long introductory read, the amount of content that is covered is done in a well explained and easy to repeat manner.
Part 1: The Basics
If you are familiar with these topics I would highly recommend skipping this part of the book, as it is extremely introductory material.
Chapter 1: Introduction and Setup
It covers setting up a complete penetration testing environment and lab, which you will use throughout the book.
Chapter 2: Using Kali Linux
This chapter covers the general linux structure and the special structure Kali. It also includes many command line basics, such as: ls, pwd, cd, man, adduser, su, sudo, touch, mkdir, cp, echo, cat, chmod, nano, vi, grep, sed, awk, apt-get, service, ifconfig, route, netstat, nc, and crontab.
Chapter 3: Programming
This chapter covers simple programs in Bash, Python and C. It goes over examples such as ping sweeping, connecting to a port, and passing variables.
Chapter 4: Using the Metasploit Framework
This chapter goes over the basic use and options of the Metasploit command line. It is likely for total newcomers to MSF, as it goes over the very basics such as selecting an exploit module, options, the payload and launching your first exploit.
Part 2: Assessment
Chapter 5: Information Gathering
This chapter covers general OSINT, port scanning, and gathering key information about the target. It uses such tools as: whois, nslookup, host, The Harvester, Maltego, nc, and nmap.
Chapter 6: Finding Vulnerabilities
This chapter is all about vulnerability identification. It covers such tools as: nmap, Nessus, Metasploit scanning, Nikto, cadaver, and nc SMTP VRFY scanner.
Chapter 7: Capturing Traffic
This chapter starts on passive eavesdropping and fundamental networking protocols, then moves on to powerful man in the middle attacks. It covers such tools as: Wireshark, arp, ip_forwarding, arpspoof, dnsspoof, ettercap, and sslstrip.
Part: 3: Attacks
Chapter 8: Exploitation
This chapter dives right back into Metasploit. This chapter goes over exploiting services, websites, and doing things like dumping a windows SAM file. Covering things such as MS08_067, msfvenom, ftp, nfs, and ssh backdoors.
Chapter 9: Password Attacks
This chapter is all about password policy, cracking passwords, and bruteforce attacks. It goes over techniques involving generating wordlists, dumping a SAM file for windows hashes, and basic hash cracking. It covers tools such as: RockYou wordlist, CeWL, crunch, hydra, JohnTheRipper, and Windows Credential Editor.
Chapter 10: Client-Side Exploitation
This chapter largely discuses ways to get around firewalls through egress port testing payloads, browser executables, and trojan executables. This chapter discuses various Metasploit exploits and payloads that focus on the client, including a cool attack against WinAMP, where the client loads a trojan MAKI config file.
Chapter 11: Social Engineering
This is a great chapter following Client-Side Exploitation because it gives you multiple means of getting your client-side payload over to the victim. It details techniques such as spear-phishing, and doppelganger websites using the very popular tool SET.
Chapter 12: Bypassing Antivirus Applications
This is a great chapter, as Georgia shows many techniques to bypass antivirus, then get's creative by wrapping and re-compiling many of the executables she builds in Python and C. This chapter covers tools such as: msvenom, VirusTotal, Hyperion, and Veil.
Chapter 13: Post Exploitation
This is probably my favorite chapter in the whole book because Georgia takes all of that access previously gained to the next level. Here she show how to elevate privileges, add persistence mechanisms, and pivot through systems. This chapter covers tools such as: Meterpreter, RailGun, Windows UAC bypass, searchsploit, WinSCP exploits, PSExec, SSHExec, Incognito, SMBcapture, route, and proxychains.
Chapter 14: Web Application Testing
This is a very broad chapter and there are certainly a lot more comprehensive introductions to web app pen-testing, but overall this one does a good job of covering the basics such as using a manual proxy, injection attacks, file inclusion vulnerabilities, command execution and cross-site scripting. It covers tools such as: Burp, sqlmap, BeEF, and w3af.
Chapter 15: Wireless Assessments
This chapter covers basic wireless assessment techniques, such as cracking WEP, WPA2, and WPS. It covers tools such as: aircrack-ng tools and bully.
Part 4: Exploit Development
These are great chapters and I'm really glad Georgia included this stuff in the book, as most security practitioners don't learn these techniques until later in their education. I believe learning this stuff at an introductory point will give the penetration testers much deeper insight into what is going on when they launch an exploit.
Chapter 16: A Stack-Based Buffer Overflow in Linux
This chapter starts by discussing memory layout and registers, as well as things like DEP and ASLR. It goes over building a basic buffer overflow in c, compiling it, and exploiting it. This chapter is also a great introduction to GDB.
Chapter 17: A Stack-Based Buffer Overflow in Windows
This chapter looks at the classic example of exploiting a buffer overflow in WarFtp, searching for gadgets with Mona, building shellcode with msfvenom, and turning assembly instructions into shellcode w/ metasm.
Chapter 18: Structured Exception Handler Overwrites
This chapter focuses on exploiting SEH when used in programs. This chapter covers many vital techniques in exploit development, such as ROP, SafeSEH bypass, and using a short jump instead of an egghunter.
Chapter 19: Fuzzing, Porting Exploits, and Metaslpoit Modules
This chapter roughly covers code review, fuzzing, and debugging a crash. This chapter also covers using public exploits for your own means, building a Metasploit module and common exploit defenses.
Part 5: Mobile Hacking
Chapter 20: Mobile Hacking
This chapter is awesome because it covers Georgia's own Smartphone Pentest Framework. It steps through exploiting a device, getting persistence, pivoting, and even scanning from the phone. it's a pretty awesome framework, so I suggest you check it out and exploit some droids. The framework also has some good tools for inspecting APKs, like drozer, but doesn't highlight this tool in the book.
Overall, it's a great book on infosec, detailing a large sum of computer penetration testing and exploitation. Due to the breadth it covers it never dives too deep into any particular subject, except perhaps it's heavy use of Metasploit throughout the book. "Penetration Testing" does a fantastic introduction and walkthrough of many core techniques and tools. Although I won't likely reference this book often as a professional pentester, I would use it as an introductory book for a class. This book is great for anyone learning the practice as it allows them to set up and exploit a real environment throughout, providing guidance and wins that every hacker needs to get started.