Ethical Hacking with Hack The Box
Search
⌃
K
Ethical Hacking with Hack The Box
Search
⌃
K
Ethical Hacking With Hack The Box
About the Book
Introduction
About the Author
Copyright Notice
Chapter 1 Getting Started
Getting Started with Ethical Hacking
Setting up the VM
Exercise: The Shield Box with Metasploit
Final Thoughts
Chapter 2 Enumeration: Networks, SMB, DNS and Websites
What is Enumeration?
Finding and Exploiting Vulnerabilities
Network Enumeration
Exercise: Network Enumeration of the Archetype box
Website Enumeration
Exercise: ForwardSlash
Chapter 3 Enumeration: Web Vulnerabilities
Website Vulnerabilities
Cross-Site Scripting (XSS)
Exercise: Discovering XSS on Bankrobber
SQL Injection
Exercise: Using SQL injection on the Bankrobber box
Web Application Firewalls and SQL Injection
NoSQL Injection
Exercise: Writing a NoSQL injection password fuzzer for the Mango box
Template Injection
File Inclusion, Broken Authentication, Cracking Hashes
Broken Authentication
Cracking Hashes
Sensitive Data Exposure
XML External Entities (XXE)
Exercise: Enumerating and exploiting XXE on ForwardSlash
Broken Access Control
Exercise: Tampering with parameters on Oopsie
Security Misconfiguration and Insecure Deserialisation
Exercise: Exploiting .NET deserialization on the box JSON
Using Components with Known Vulnerabilities
Exercise: Case Study Multimaster
Exercise: Enumerating vulnerabilities caused by default applications in the box Netmon
Initial Access: Shells and Remote Services
Initial Access
Shells
SSH
Exercise: Initial access and port forwarding on Hack the Box machine Vault
Remote Desktop Protocol
Exercise: Using Seth in a Man-in-the-Middle Attack
VNC
Exercise: Exploiting VNC for initial access in Hack The Box machine Poison
Telnet and FTP
Exercise: Enumerating and exploiting FTP and Telnet on Hack The Box case machine Access
Brute forcing remote service passwords
Exercise: Brute forcing usernames and passwords for remote access on Hack The Box machine Fuse
Chapter 5 Initial Access: Custom Exploits
Buffer overflows
Exercise: Exploiting a Buffer Overflow on Ellingson
Exercise: Exploiting a Windows Buffer Overflow on Buff
Chapter 6 Initial Access: Social Engineering
Social Engineering
Exercise: Phishing on SneakyMailer
Chapter 7 Linux Enumeration and Privilege Escalation
Enumeration and privilege escalation on Linux
Exercise: Enumeration and privilege escalation on Traceback
Exercise: Enumeration and privilege escalation on Traverxec
Chapter 8 Windows Enumeration and Privilege Escalation
Enumeration and privilege escalation on Windows
Exercise: Enumeration and privilege escalation on Remote
Exercise: Enumeration and privilege escalation on Resolute
Final thoughts on enumeration and discovery
Chapter 9 Windows Active Directory Enumeration and Privilege Escalation
Enumeration and exploitation of Windows active Directory
Exercise: Enumerating and exploiting AD on Forest
Exercise: Enumerating and exploiting AD on Active
Final Thoughts
Chapter 10 Defense Evasion
Defense Evasion
Exercise: Bypassing a WAF on Multimaster
Process Injection
Chapter 11 Command & Control and Persistence
Command & Control
Persistence
Powered By
GitBook
Copyright Notice
Copyright © David Glance 2021. Except where otherwise specified, the text in this book is licensed under the
Creative Commons Attribution-ShareAlike License 4.0 (International) (CC-BY-SA 4.0)
.
Previous
About the Author
Next - Chapter 1 Getting Started
Getting Started with Ethical Hacking
Last modified
2yr ago
