PowerShell for Penetration Testing : Explore the Capabilities of PowerShell for Pentesters Across Multiple Platforms.

Blyth, Andrew [Browse]
1st ed.
  • Birmingham : Packt Publishing, Limited, 2024.
  • ©2024.
1 online resource (298 pages)


Summary note
PowerShell for Penetration Testing is a comprehensive guide designed to equip you with the essential skills you need for conducting effective penetration tests using PowerShell. You'll start by laying a solid foundation by familiarizing yourself with the core concepts of penetration testing and PowerShell scripting. In this part, you'll get up to speed with the fundamental scripting principles and their applications across various platforms. You’ll then explore network enumeration, port scanning, exploitation of web services, databases, and more using PowerShell tools. Hands-on exercises throughout the book will solidify your understanding of concepts and techniques. Extending the scope to cloud computing environments, particularly MS Azure and AWS, this book will guide you through conducting penetration tests in cloud settings, covering governance, reconnaissance, and networking intricacies. In the final part, post-exploitation techniques, including command-and-control structures and privilege escalation using PowerShell, will be explored. This section encompasses post-exploitation activities on both Microsoft Windows and Linux systems. By the end of this book, you’ll have covered concise explanations, real-world examples, and exercises that will help you seamlessly perform penetration testing techniques using PowerShell.
Includes index.
Source of description
Description based on publisher supplied metadata and other sources.
  • Cover
  • Title Page
  • Copyright and Credits
  • Foreword
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Introduction to Penetration Testing and PowerShell
  • Chapter 1: Introduction to Penetration Testing
  • What is penetrating testing?
  • Stakeholders
  • Ethical, legal, and regulatory requirements
  • Managing and executing a penetration test
  • Using the cyber kill chain
  • Standards in penetration testing
  • Report writing
  • Summary
  • Chapter 2: Programming Principles in PowerShell
  • Basic concepts of PowerShell and pipelines in PowerShell
  • JSON in PowerShell
  • Retrieving JSON data from web APIs
  • Parsing JSON data
  • JSON manipulation for payloads
  • Interacting with JSON from files
  • Web scraping and data extraction
  • XML in PowerShell
  • Reading and parsing XML files
  • Extracting information from XML nodes
  • Modifying XML data
  • Crafting XML payloads
  • XML injection testing
  • COM, WMI, and .NET in PowerShell
  • Using WMI for system information gathering
  • Querying WMI for network information
  • Interacting with COM objects
  • Using .NET for cryptographic operations
  • Using .NET for network operations
  • Analyzing .NET assemblies for vulnerabilities
  • Part 2: Identification and Exploitation
  • Chapter 3: Network Services and DNS
  • Network services
  • TCP/IP network services
  • The IP addresses
  • The TCP/UDP port numbers
  • The OSI stack
  • DNS and types of DNS queries
  • DNS overview
  • Types of DNS queries
  • DNS and PowerShell
  • Chapter 4: Network Enumeration and Port Scanning
  • Network enumeration using PowerShell
  • TCP port scanning using PowerShell
  • Single port scanning with Test-NetConnection
  • Multiple port scanning with Test-NetConnection
  • Enumerating open ports with Test-NetConnection
  • Single port scanning with .NET
  • Multiple port scanning with .NET.
  • Enumerating all open ports with .NET
  • UDP port scanning using PowerShell
  • Using PowerShell tools for port scanning
  • Chapter 5: The WEB, REST, and SOAP
  • PowerShell and the web
  • Web application security testing with PowerShell
  • REST application security testing with PowerShell
  • SOAP application security testing with PowerShell
  • Encoding JSON and XML in PowerShell
  • Encoding JSON in PowerShell
  • Decoding JSON in PowerShell
  • Encoding XML in PowerShell
  • Decoding XML in PowerShell
  • PowerShell and REST
  • OWASP analysis - injection
  • OWASP analysis - broken authentication
  • OWASP analysis - sensitive data exposure
  • OWASP analysis - XML External Entities (XXE)
  • OWASP analysis - broken access control
  • OWASP analysis - security misconfiguration
  • OWASP analysis - Cross-Site Scripting (XSS)
  • OWASP analysis - Cross-Site Request Forgery (CSRF)
  • OWASP analysis - unvalidated redirects and forwards
  • OWASP analysis - insecure deserialization
  • PowerShell and SOAP
  • OWASP analysis - XXE
  • OWASP analysis - authentication bypass
  • Chapter 6: SMB, Active Directory, LDAP and Kerberos
  • PowerShell and SMB
  • Enumerating SMB shares
  • An SMB version assessment
  • Testing for weak passwords
  • SMB vulnerability scanning
  • Assessing SMB signing and encryption
  • The enumeration of active SMB sessions
  • Checking for guest access
  • Evaluating share permissions
  • SMB session monitoring
  • Automated ransomware detection
  • PowerShell, AD, and LDAP
  • The enumeration of active directory objects
  • Assessing user account security
  • Identifying inactive user accounts
  • Auditing group memberships
  • Identifying privileged accounts
  • Auditing password policy.
  • Assessing LDAP permissions
  • Testing LDAP authentication
  • Identifying unsecured LDAP ports
  • Monitoring LDAP traffic
  • Testing LDAP with LDAPS
  • Identifying anomalies with PowerShell scripts
  • PowerShell and Kerberos
  • The enumeration of Kerberos tickets
  • Service Principal Name (SPN) enumeration
  • Credential harvesting with Mimikatz
  • Detecting golden ticket attacks
  • Kerberos ticket renewal analysis
  • Analyzing event logs
  • Password spray attacks
  • Chapter 7: Databases: MySQL, PostgreSQL, and MSSQL
  • Accessing SQL databases using PowerShell
  • PowerShell and MySQL
  • Introduction to PowerShell and MySQL
  • Connecting to MySQL with PowerShell
  • Vulnerability assessment
  • Penetration testing
  • Access control verification
  • Security policy testing
  • Data protection and encryption
  • Logging and monitoring
  • PowerShell and PostgreSQL
  • Introduction to PowerShell and PostgreSQL
  • Connecting to PostgreSQL with PowerShell
  • PowerShell and Microsoft SQL (MSSQL)
  • Chapter 8: Email Services: Exchange, SMTP, IMAP, and POP
  • PowerShell and Exchange
  • Enumeration with PowerShell
  • Autodiscover enumeration
  • Exploitation with PowerShell
  • PowerShell and SMTP
  • PowerShell and IMAP
  • Vulnerabilities in IMAP servers
  • Establishing an IMAP connection
  • Scanning for IMAP servers
  • PowerShell and POP
  • Port identification
  • Authentication checks
  • Brute-forcing
  • Banner grabbing
  • Summary.
  • Chapter 9: PowerShell and FTP, SFTP, SSH, and TFTP
  • PowerShell and FTP
  • Banner grabbing for FTP
  • Connecting to an FTP server
  • Brute-forcing authentication of an FTP connection
  • Anonymous access check
  • SSL/TLS support for an FTP server
  • Listing files on the FTP server
  • Uploading a file to an FTP server
  • Downloading a file from an FTP server
  • Strong password policies for FTP
  • Firewall and access control lists for FTP
  • PowerShell and TFTP
  • Identifying the TFTP server
  • Enumerating a TFTP server configuration
  • Verifying access controls for TFTP
  • PowerShell and SSH, SCP, and SFTP
  • SSH server configuration assessment
  • Brute-forcing authentication for SSH
  • SSH server access control
  • Reviewing user access
  • SCP server configuration assessment
  • SFTP server configuration assessment
  • Reviewing SFTP configuration
  • Security auditing tools for SSH
  • User authentication and authorization
  • Monitoring and logging
  • Modules
  • Chapter 10: Brute Forcing in PowerShell
  • Brute forcing, in general, using PowerShell
  • Automated scripting
  • Password list attacks
  • Dictionary attacks
  • Credential stuffing
  • Rate limiting and stealth
  • Brute forcing FTP using PowerShell
  • Setting up the environment
  • Creating credential lists
  • FTP login attempt script
  • Handling FTP server responses
  • Logging and reporting
  • Brute forcing SSH using PowerShell
  • SSH login attempt script
  • Handling SSH server responses
  • Brute forcing web services using PowerShell
  • Understanding the web service
  • Installing required modules
  • Web service authentication
  • Handling web service responses
  • Rate limiting and stealth.
  • Adapting to web service specifics
  • Handling CAPTCHA and multifactor authentication
  • Iterating and refining
  • Bruteforcing a hash
  • Understanding hash brute forcing
  • Hash types and hashcat
  • PowerShell script for hash brute forcing
  • Customization for different hash algorithms
  • Salting
  • Handling larger character sets and optimizing
  • Chapter 11: PowerShell and Remote Control and Administration
  • Remote access and PowerShell
  • Enabling PowerShell remoting
  • Configuring WinRM
  • Connecting to a remote machine
  • Executing commands on remote machines
  • Remoting with credentials
  • Configuring trusted hosts
  • Session configuration
  • Parallel remoting
  • PowerShell and remote administration
  • Establishing remote sessions
  • Remote variable usage
  • Remote script execution
  • Handling background jobs
  • Remote registry manipulation
  • Remote event log retrieval
  • Remote service management
  • Remote software installation
  • Remoting to Azure virtual machines
  • Remote network configuration
  • Remote user management
  • Security considerations
  • Remote file copy
  • Using PowerShell for SNMP
  • SNMP module installation
  • SNMP agent query
  • SNMP walking
  • SNMP settings
  • SNMP trap handling
  • SNMP bulk requests
  • SNMP monitoring with PowerShell
  • SNMP and PowerShell integration
  • SNMP and graphical interfaces
  • SNMP and logging
  • Part 3: Penetration Testing on Azure and AWS cloud Environments
  • Chapter 12: Using PowerShell in Azure
  • Introduction to Azure
  • Azure architecture and governance
  • Azure Policy enforcement
  • Role-based access control (RBAC)
  • Resource tagging
  • Resource locking
  • Azure blueprint deployment
  • Compliance reporting
  • Accessing Azure.
  • Install and import the Azure PowerShell module.
Statement on language in description
Princeton University Library aims to describe library materials in a manner that is respectful to the individuals and communities who create, use, and are represented in the collections we manage. Read more...
Other views
Staff view

Supplementary Information