PowerShell for Penetration Testing : Explore the Capabilities of PowerShell for Pentesters Across Multiple Platforms.

Format:

Book

Author/Creator:

Blyth, Andrew.

Contributor:

Murray, Campbell.

Language:

English

Subjects (All):

Penetration testing (Computer security).

Windows PowerShell (Computer program language).

Physical Description:

1 online resource (298 pages)

Edition:

1st ed.

Place of Publication:

Birmingham : Packt Publishing, Limited, 2024.

Summary:

PowerShell for Penetration Testing is a comprehensive guide designed to equip you with the essential skills you need for conducting effective penetration tests using PowerShell. You'll start by laying a solid foundation by familiarizing yourself with the core concepts of penetration testing and PowerShell scripting. In this part, you'll get up to speed with the fundamental scripting principles and their applications across various platforms. You’ll then explore network enumeration, port scanning, exploitation of web services, databases, and more using PowerShell tools. Hands-on exercises throughout the book will solidify your understanding of concepts and techniques. Extending the scope to cloud computing environments, particularly MS Azure and AWS, this book will guide you through conducting penetration tests in cloud settings, covering governance, reconnaissance, and networking intricacies. In the final part, post-exploitation techniques, including command-and-control structures and privilege escalation using PowerShell, will be explored. This section encompasses post-exploitation activities on both Microsoft Windows and Linux systems. By the end of this book, you’ll have covered concise explanations, real-world examples, and exercises that will help you seamlessly perform penetration testing techniques using PowerShell.

Contents:

Cover

Title Page

Copyright and Credits

Foreword

Contributors

Table of Contents

Preface

Part 1: Introduction to Penetration Testing and PowerShell

Chapter 1: Introduction to Penetration Testing

What is penetrating testing?

Stakeholders

Ethical, legal, and regulatory requirements

Managing and executing a penetration test

Using the cyber kill chain

Standards in penetration testing

Report writing

Summary

Chapter 2: Programming Principles in PowerShell

Basic concepts of PowerShell and pipelines in PowerShell

JSON in PowerShell

Retrieving JSON data from web APIs

Parsing JSON data

JSON manipulation for payloads

Interacting with JSON from files

Web scraping and data extraction

XML in PowerShell

Reading and parsing XML files

Extracting information from XML nodes

Modifying XML data

Crafting XML payloads

XML injection testing

COM, WMI, and .NET in PowerShell

Using WMI for system information gathering

Querying WMI for network information

Interacting with COM objects

Using .NET for cryptographic operations

Using .NET for network operations

Analyzing .NET assemblies for vulnerabilities

Part 2: Identification and Exploitation

Chapter 3: Network Services and DNS

Network services

TCP/IP network services

The IP addresses

The TCP/UDP port numbers

The OSI stack

DNS and types of DNS queries

DNS overview

Types of DNS queries

DNS and PowerShell

Chapter 4: Network Enumeration and Port Scanning

Network enumeration using PowerShell

TCP port scanning using PowerShell

Single port scanning with Test-NetConnection

Multiple port scanning with Test-NetConnection

Enumerating open ports with Test-NetConnection

Single port scanning with .NET

Multiple port scanning with .NET.

Enumerating all open ports with .NET

UDP port scanning using PowerShell

Using PowerShell tools for port scanning

Chapter 5: The WEB, REST, and SOAP

PowerShell and the web

Web application security testing with PowerShell

REST application security testing with PowerShell

SOAP application security testing with PowerShell

Encoding JSON and XML in PowerShell

Encoding JSON in PowerShell

Decoding JSON in PowerShell

Encoding XML in PowerShell

Decoding XML in PowerShell

PowerShell and REST

OWASP analysis - injection

OWASP analysis - broken authentication

OWASP analysis - sensitive data exposure

OWASP analysis - XML External Entities (XXE)

OWASP analysis - broken access control

OWASP analysis - security misconfiguration

OWASP analysis - Cross-Site Scripting (XSS)

OWASP analysis - Cross-Site Request Forgery (CSRF)

OWASP analysis - unvalidated redirects and forwards

OWASP analysis - insecure deserialization

PowerShell and SOAP

OWASP analysis - XXE

OWASP analysis - authentication bypass

Chapter 6: SMB, Active Directory, LDAP and Kerberos

PowerShell and SMB

Enumerating SMB shares

An SMB version assessment

Testing for weak passwords

SMB vulnerability scanning

Assessing SMB signing and encryption

The enumeration of active SMB sessions

Checking for guest access

Evaluating share permissions

SMB session monitoring

Automated ransomware detection

PowerShell, AD, and LDAP

The enumeration of active directory objects

Assessing user account security

Identifying inactive user accounts

Auditing group memberships

Identifying privileged accounts

Auditing password policy.

Assessing LDAP permissions

Testing LDAP authentication

Identifying unsecured LDAP ports

Monitoring LDAP traffic

Testing LDAP with LDAPS

Identifying anomalies with PowerShell scripts

PowerShell and Kerberos

The enumeration of Kerberos tickets

Service Principal Name (SPN) enumeration

Credential harvesting with Mimikatz

Detecting golden ticket attacks

Kerberos ticket renewal analysis

Analyzing event logs

Password spray attacks

Chapter 7: Databases: MySQL, PostgreSQL, and MSSQL

Accessing SQL databases using PowerShell

PowerShell and MySQL

Introduction to PowerShell and MySQL

Connecting to MySQL with PowerShell

Vulnerability assessment

Penetration testing

Access control verification

Security policy testing

Data protection and encryption

Logging and monitoring

PowerShell and PostgreSQL

Introduction to PowerShell and PostgreSQL

Connecting to PostgreSQL with PowerShell

PowerShell and Microsoft SQL (MSSQL)

Chapter 8: Email Services: Exchange, SMTP, IMAP, and POP

PowerShell and Exchange

Enumeration with PowerShell

Autodiscover enumeration

Exploitation with PowerShell

PowerShell and SMTP

PowerShell and IMAP

Vulnerabilities in IMAP servers

Establishing an IMAP connection

Scanning for IMAP servers

PowerShell and POP

Port identification

Authentication checks

Brute-forcing

Banner grabbing

Summary.

Chapter 9: PowerShell and FTP, SFTP, SSH, and TFTP

PowerShell and FTP

Banner grabbing for FTP

Connecting to an FTP server

Brute-forcing authentication of an FTP connection

Anonymous access check

SSL/TLS support for an FTP server

Listing files on the FTP server

Uploading a file to an FTP server

Downloading a file from an FTP server

Strong password policies for FTP

Firewall and access control lists for FTP

PowerShell and TFTP

Identifying the TFTP server

Enumerating a TFTP server configuration

Verifying access controls for TFTP

PowerShell and SSH, SCP, and SFTP

SSH server configuration assessment

Brute-forcing authentication for SSH

SSH server access control

Reviewing user access

SCP server configuration assessment

SFTP server configuration assessment

Reviewing SFTP configuration

Security auditing tools for SSH

User authentication and authorization

Monitoring and logging

Modules

Chapter 10: Brute Forcing in PowerShell

Brute forcing, in general, using PowerShell

Automated scripting

Password list attacks

Dictionary attacks

Credential stuffing

Rate limiting and stealth

Brute forcing FTP using PowerShell

Setting up the environment

Creating credential lists

FTP login attempt script

Handling FTP server responses

Logging and reporting

Brute forcing SSH using PowerShell

SSH login attempt script

Handling SSH server responses

Brute forcing web services using PowerShell

Understanding the web service

Installing required modules

Web service authentication

Handling web service responses

Rate limiting and stealth.

Logging and reporting

Adapting to web service specifics

Handling CAPTCHA and multifactor authentication

Iterating and refining

Bruteforcing a hash

Understanding hash brute forcing

Hash types and hashcat

PowerShell script for hash brute forcing

Customization for different hash algorithms

Salting

Handling larger character sets and optimizing

Chapter 11: PowerShell and Remote Control and Administration

Remote access and PowerShell

Enabling PowerShell remoting

Configuring WinRM

Connecting to a remote machine

Executing commands on remote machines

Remoting with credentials

Configuring trusted hosts

Session configuration

Parallel remoting

PowerShell and remote administration

Establishing remote sessions

Remote variable usage

Remote script execution

Handling background jobs

Remote registry manipulation

Remote event log retrieval

Remote service management

Remote software installation

Remoting to Azure virtual machines

Remote network configuration

Remote user management

Security considerations

Remote file copy

Using PowerShell for SNMP

SNMP module installation

SNMP agent query

SNMP walking

SNMP settings

SNMP trap handling

SNMP bulk requests

SNMP monitoring with PowerShell

SNMP and PowerShell integration

SNMP and graphical interfaces

SNMP and logging

Part 3: Penetration Testing on Azure and AWS cloud Environments

Chapter 12: Using PowerShell in Azure

Introduction to Azure

Azure architecture and governance

Azure Policy enforcement

Role-based access control (RBAC)

Resource tagging

Resource locking

Azure blueprint deployment

Compliance reporting

Accessing Azure.

Install and import the Azure PowerShell module.

Notes:

Includes index.

Description based on publisher supplied metadata and other sources.

ISBN:

9781835081648

OCLC:

1437546364