CompTIA Pentest+ Certification For Dummies (2022)

Preview (31 of 531 Pages)

100%

Purchase to unlock

Loading page image...

DownloadedfromStudyXY.comWw+StudyXY==as.Za\Rr'BE\StudyLAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontribuors.|6)www.studyxy.com

Loading page image...

Thisbookcomeswithaccesstomorecontentonline.Quizyourself,trackyourprogress,andscorehighontestday!Registeryourbookorebookatwww.dummies.com/go/getaccess.Selectyourproduct,andthenfollowthepromptstovalidateyourpurchase.You'llreceiveanemailwithyourPINandnetlim

Loading page image...

CompTIAPenTest+CertificationbyGlenE.Clarke,MCTdummies

Loading page image...

CompTIA®PenTest+®CertificationForDummies®,2ndEditionPublishedby:JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030-5774,ww.wiley.comCopyright©2022byJohnWiley&Sons,Inc.,Hoboken,NewJerseyPublishedsimultaneouslyinCanadaNopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyany‘means,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withoutthepriorwrittenpermissionofthePublisher.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.Trademarks:Wiley,ForDummies,theDummiesManlogo,Dummies.com,MakingEverythingEasier,andrelatedtradedressaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.andmaynotbeusedwithoutwrittenpermission.CompTIAandPenTest+aretrademarksorregisteredtrademarksofCompTIA,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendor‘mentionedinthisbook.LIMITOFLIABILITY/DISCLAIMEROFWARRANTY:WHILETHEPUBLISHERANDAUTHORSHAVEUSEDTHEIRBESTEFFORTSINPREPARINGTHISWORK,THEYMAKENOREPRESENTATIONSORWARRANTIESWITHRESPECTTOTHEACCURACYORCOMPLETENESSOFTHECONTENTSOFTHISWORKANDSPECIFICALLYDISCLAIMALL‘WARRANTIES,INCLUDINGWITHOUTLIMITATIONANYIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.NOWARRANTYMAYBECREATEDOREXTENDEDBYSALESREPRESENTATIVES,WRITTENSALESMATERIALSORPROMOTIONALSTATEMENTSFORTHISWORK.THEFACTTHATANORGANIZATION,WEBSITE,ORPRODUCTISREFERREDTOINTHISWORKASACITATIONAND/ORPOTENTIALSOURCEOFFURTHERINFORMATIONDOESNOTMEANTHATTHEPUBLISHERANDAUTHORSENDORSETHEINFORMATIONORSERVICESTHEORGANIZATION,WEBSITE,ORPRODUCTMAYPROVIDEORRECOMMENDATIONSITMAYMAKE.THISWORKISSOLDWITHTHEUNDERSTANDINGTHATTHEPUBLISHERISNOTENGAGEDINRENDERINGPROFESSIONALSERVICES.THEADVICEANDSTRATEGIESCONTAINEDHEREINMAYNOTBESUITABLEFORYOURSITUATION.YOUSHOULDCONSULTWITHASPECIALISTWHEREAPPROPRIATE.FURTHER,READERSSHOULDBEAWARETHATWEBSITESLISTEDINTHISWORKMAYHAVECHANGEDORDISAPPEAREDBETWEENWHENTHISWORKWASWRITTENANDWHENITISREAD.NEITHERTHEPUBLISHERNORAUTHORSSHALLBELIABLEFORANYLOSSOFPROFITORANYOTHERCOMMERCIALDAMAGES,INCLUDINGBUTNOTLIMITEDTOSPECIAL,INCIDENTAL,CONSEQUENTIAL,OROTHERDAMAGES.Forgeneralinformationonourotherproductsandservices,pleasecontactourCustomerCareDepartmentwithintheU.S.at877-762-2974,outsidetheU.S.at317-572-3993,orfax317-572-4002.Fortechnicalsupport,pleasevisithttps://hub.wiley.com/community/support/dummies.Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.Ifthisbookrefersto‘mediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialathttp://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwuw.wiley.com.LibraryofCongressControlNumber:2022930511ISBN978-1-119-86727-2(pbk);ISBN978-1-119-86728-9(ebk);ISBN978-1-119-86729-6(ebk)StudyXY

Loading page image...

Introduction...Pre-Assessment...TPart1:PlanningandInformationGathering................13cHapTER1:IntroductiontoPenetrationTesting..............................15chapter2:PlanningandScoping................o.oo.39chapTer3:InformationGathering........................ol...69chapter4:VulnerabilityIdentification........................oo...109Part2:AttacksandExploits....................................153cuapTers:ExploitingSystems...................o.oo...155cHaper6:ExploitingWirelessVulnerabilities...............................209cuapTer7:ExploitingApplication-BasedVulnerabilities......................247Part3:Post-ExploitationandReporting.....................293chapter8:UnderstandingPost-ExploitationActions.........................295chapter9:CommonPenetrationTestingTools.............................333cHapTER10:AnalyzingScriptFunctionality...................................385cHaPTER11:ReportingandCommunication.................................429Part4:Appendixes.........................oL.L.455apPENDIXA:PenTest+ExamDetails...457appenDIXB:COMPTIAPenTest+ExamReferenceMatrix.......................465appENDIXC:LabSetup...ee...489Index493T=StudyXY

Loading page image...

INTRODUCTION..................AboutThisBook........oooviiiiii1ConventionsUsedinThisBook.................coooiiiiiinnn2FoolishAssumptions...2HowThisBookIsOrganized....................................3Pre-assessment..............oiiiiiiiiiiiiiiiiiiiiiiaail3Part1:PlanningandInformationGathering....................3Part2:AttacksandExploits.......................olPart3:Post-ExploitationandReporting........................3Appendixes.............3Practiceexam.............oiiiiiiiiiiiiiiiiAIconsUsedinThisBook............ooiiiiiiiiiiiiiiiiin4BeyondtheBook.............................oiilllll5WheretoGofromHere....................cooiiiiial5PRE-ASSESSMENT........................7QUESTIONSLovetteeteeeeeeeeeeaaaaEPART1:PLANNINGANDINFORMATIONGATHERING....13carrer1:IntroductiontoPenetrationTesting.................15PenetrationTestingOverview..................................15Reasonsforapentest.....................................016Whoshouldperformapentest..............................17Howoftenapentestshouldbeperformed....................19DefiningPenetrationTestingTerminology.......................21Typesofassessments......................oieiaa.l21Penteststrategy.............coooiiiiiiiiiiii.22Threatactorsandthreatmodels............................23LookingatCompTIA'sPenetrationTestingPhases.......................ciiiiiiii...25Planningandscoping.................................025Informationgatheringandvulnerabilityidentification..........26Attacksandexploits...............oll27Reportingandcommunication..............................27IdentifyingTestingStandardsandMethodologies.................28MITREATT&CK.o.oo.29OpenWebApplicationSecurityProject(OWASP)...............29NationalInstituteofStandardsandTechnology(NIST)..........31OSSTMM,PTES,andISSAF..................ooiiiin.o.....32BR+studyxy|

Loading page image...

ReviewingKeyConcepts................oooviviiniieno.......33PrepTest.....o.ooL034ANSWETS.oot237carer:PlanningandScoping...................039UnderstandingKeyLegalConcepts.............................39Writtenauthorization...40Contractsandagreements......................o..oen......40Disclaimers...42ScopingtheProject...42Targetlist/in-scopeassets.................................43Generalquestions....................oil.44Webapplicationtestingquestions...........................45Wirelessnetworktestingquestions..........................45Physicalsecuritytestingquestions...........................45Socialengineeringtestingquestions.........................46TestingquestionsforITstaff................................46IdentifyingtheRulesofEngagement(ROE).......................46Environmentalconsiderations...........................47Targetaudienceandreasonforthepentest...................48Communicationescalationpath.............................48Resourcesandrequirements...............................49Budget..................ll52Impactanalysisandremediationtimelines....................52DefiningTargetsforthePentest................................53Internalandexternaltargets................................53First-partyversusthird-partyhosted.........................53Othertargets..............ocoiiiiiiiiiiiiieaen......54Targetconsiderations......................................54VerifyingAcceptancetoRisk...................................56SchedulingthePentestandManagingScopeCreep...............57Scheduling...............ll57SCOPECreEPviteeieeeeeieieieee...58ConductingCompliance-basedAssessments.....................59Considerationswithcompliance-basedassessments...........59Restrictionswithcompliance-basedassessments..............60Validatescopeofengagement..............................61Maintainingprofessionalismandintegrity....................62Riskstotheprofessional...................................62ReviewingKeyConcepts..................cooviiiiienon......63PrepTest...o.oo...B4ANSWETS.otteee67VillCompTIAPentest+CertificationForDummies

Loading page image...

carrera:InformationGathering................................69LookingatInformation-GatheringToolsandTechniques...........70Passiveinformationgathering/passivereconnaissance.........70Activeinformationgathering/activereconnaissance............85UnderstandingScanningandEnumeration......................86Passivescanning...................ieee...86Activescanning...............ol.87Enumeration...20.95Analyzetheresultsofareconnaissanceexercise..............98DetectionMethodsandTokens................................98Defensedetection................oooiiiiiiiiiiiiil99Securitytokens...........oo.99LabEXercises.............ooviiiiiiiiiiiiiiiiiiieei.....100Exercise3-1:ConductaWhoisSearch.......................100Exercise3-2:UsetheHarvestertocollectemailaddresses......101Exercise3-3:UseShodantodiscoversystemsonthelnternet..................ooviiiiiiiiiiiaenn......101Exercise3-4:Userecon-ngforOSINTinformationgathering............e102Exercise3-5:UsedigforDNSprofiling.......................102Exercise3-6:UseNmaptoportscan........................102ReviewingKeyConcepts.............ocvviiiniaiieeen........103PrepTest.......oooiuiiiiiiiiiiieee.104EE[074euarrers:VulnerabilityIdentification...........................100UnderstandingVulnerabilities.................................109Typesofvulnerabilityscans................................110Vulnerabilityscanconsiderations...........................114PerformingaVulnerabilityScan...............................115InstallingNessus.............................ooel.ll116RunningNessus.............coooviiieneenanenena.....119Usingothervulnerabilityscanners..........................123AnalyzingVulnerabilityResults................................124Mappingvulnerabilitiestoexploits..........................127UnderstandingtheCVSSbasescore.........................129Prioritizingactivities...........................000132Considerationsforanalyzingscanresults....................133AttacksandWeaknessesinSpecializedSystems...................oll136Mobiledevices...................ii..00136Cloudtechnologies.............................0........138InternetofThings(loT)devices.............................140Datastoragesystemvulnerabilities.........................142Underlyingsoftwarevulnerabilities.........................142BR+studyxy|

Loading page image...

Managementinterfacevulnerabilities.......................143VulnerabilitiesrelatedtoSCADA,lloT,andICS...143Vulnerabilitiesrelatedtovirtualenvironmentsandcontainers..............................144LabEXercises............oooiieiiiiiiiiiiiiiiiie...145Exercise4-1:DownloadandinstallNessus...................145Exercise4-2:Performavulnerabilityscan....................146Exercise4-3:PerformawebapplicationvulnerabilityscanwithNessus...148ReviewingKeyConcepts................cooovieiininen........148PrepTest.........ooiiiiL149ANSWETS.Lettie150PART2:ATTACKSANDEXPLOITS.............................153cuarrers:ExploitingSystems..................155ExploitingSystemswithMetasploit............................155StartingMetasploit.......................................156Searchingforanexploit...................................157Usinganexploit...............................o.........158Runningtheexploit.......................................160Settingthepayload.......................................161Usingmsfvenom.......................................0163Usingexploitresources...................................165UnderstandingSocialEngineering.............................166Emailphishing...........................................166USBkeydrop..........o.oiniiiiiiiiiieL167Otherformsofsocialengineering..........................168Methodsofinfluence.....................................168UsingSETtoperformanattack.............................169UsingBeEFtoperformanattack............................171Callspoofingtools..........................ooell.175Pretexting..................oiiiiiiiiieenL175LookingatAttacksonPhysicalSecurity.........................176Typesofphysicalsecuritycontrols..........................176Exploitingphysicalsecurity................................176CommonAttackTechniques..................................178Passwordcracking..................ool...178Usingexploits......................ooiil...0180Deception........o.oiiiee,182ExploitingNetwork-BasedVulnerabilities.......................182Commontoolsusedfornetwork-basedattacks...............183Commonnetwork-basedexploits...........................183XCompTIAPentest+CertificationForDummies

Loading page image...

Man-in-the-middle(MiTM)attacks..........................185Othercommonattacks...............c.oovviiiinaen.......188ExploitingLocal-HostVulnerabilities...........................190Operatingsystemvulnerabilities...........................190Unsecureserviceandprotocolconfigurations................191Privilegeescalation......................90Defaultaccountsettings...................................194Sandboxescape................iiiiiiiiiiiee....2195Physicaldevicesecurity...................................195LabEXercises............oooviiiiiiiiiiiiiiiiiiiiaiae....196Exercise5-1:ExploitanSMBservicewithMetasploit...........196Exercise5-2:Usethemeterpreterexploitpayload............197Exercise5-3:ConductaMiTMattackwithSETH...............199Exercise5-4:UseSETforcredentialharvesting...............200Exercise5-5:UseBeEFtoexploitawebbrowser...............................L.0200ReviewingKeyConcepts................cooviiniineeen........204PrepTest.........coooiiiiiiiiieee...205EE0)cuarrers:ExploitingWirelessVulnerabilities..................200UnderstandingWirelessTerminology..........................209Wirelessconcepts............oooiiiiiiiiiiiiieiae........210Wirelessequipmentandconfiguration......................212Typesofwirelessnetworks................................213IntroducingWirelessStandards...............................213802.11a.ities21480211b..214802.118Letteeee214802.1MN.e214802.178Ctiieieee2215LookingatWirelessConfigurationandTroubleshooting.........................................215ReviewingtheBasicServiceSet.............................215Designingamulti-accesspointWLAN.......................216Troubleshootingwirelessnetworks.........................217ImplementingWirelessSecurityPractices.......................218Generalsecuritypractices.................................218Encryptionprotocols..................................0.220ExploitingWirelessVulnerabilities.............................222Understandingattackmethodsandtools....................222Lookingat802.11wirelessvulnerabilities....................224LookingatRF-basedvulnerabilities.........................226CrackingWEPencryption..................................228WPSpinattack..............oooooiiL232BR+studyxy|

Loading page image...

CrackingWPA/WPA2encryptionkeys........................234UsingWifitetohackwirelessnetworks......................237ExploitingBluetoothdevices...............................238LabEXercises............ooiiiiiiiiiiiiiiiie.2240Exercise6-1:CrackWEPencryption.........................240Exercise6-2:CracktheWPSpin............................24Exercise6-3:CracktheWPA/WPA2encryptionkey............241Exercise6-4:TestBluetoothdevices.........................241ReviewingKeyConcepts..............ooveininiininin.......242PrepTest.....o.oo...243ANSWETS.©otteteeeeieee...246eaeer7:ExploitingApplication-BasedVulnerabilities.......247LookingatCommonApplication-BasedAttacks..................247Injectionattacks...................iiii.l......248Authenticationattacks....................ooiiiiii..LL.254Authorizationattacks..................cooill.256XSSandCSRF/XSRFattacks...................oo.ovn.......258UnderstandingApplicationSecurityVulnerabilities...............263Clickjacking..............oii...0.263Securitymisconfiguration.................................263Fileinclusion.................iL.266Privilegeescalation.......................................266Sessionreplayandsessionfixation.........................267CommonCodingMistakes....................................267Businesslogicflaws.....................lL....267Unauthorizeduseoffunctions/unprotectedAPIs.............269Hiddenelements/sensitiveinformationintheDOM............270Insecuredatatransmission...............oooiiieen0271Lackofcodesigning........................l0270SecureCodingBestPractices.....................cooeoa..L271Validation...270Sanitization...272Escaping........ooviiiiie272Parameterizedqueries....................lll272CommonToolsandResources.................ovevvneee.....273Commontools............ooiiiiiiiiiii0273COMMONreSOUNCeS..ovvetaeieeeneeieeenneenn...273LabEXercises.........ooovviiiiiiiiiiiiiiiiiiie274Exercise7-1:PerformaCSRFattack.........................274Exercise7-2:PerformaSQLinjection........................278Exercise7-3:Performacommandinjectionattack............283Exercise7-4:PerformareflectedXSSattack..................284Exercise7-5:PerformapersistentXSSattack.................284Exercise7-6:ResettheDVWA..............................286XllCompTIAPentest+CertificationForDummies

Loading page image...

ReviewingKeyConcepts................cooviiiiienaon........286PrepTest.........ouiiiiiiee...288ANSWERS.Lootieiinet2291PART3:POST-EXPLOITATIONANDREPORTING..........293aarrers:UnderstandingPost-ExploitationActions..........295CommonPost-ExploitationTasks..............................296Understandingthecontext................................298Collectinginformation....................................299Obtainingashell.........................................301Retrievingpasswordhashes...............................301Disablingtheantivirussoftware............................302Migratingtoadifferentprocess............................302Privilegeescalationandrestrictiveshells....................303Takingscreenshots.......................................303Takingremotecontrol....................................303Capturingkeystrokes.....................................304Enablingthewebcam.....................................304Networksegmentationtesting.............................306PerformingLateralMovement................................306PSremoting/WinRM..................................l.307UsingPSEX€C.........ooviiiiiiiiieee...308UsingPsExecwithpassthehash...........................309USingRDP..........oii.31UsingRPC/DCOM........ooiiiiieee.2.312Usingremoteservices.....................................313Othertechniquesforlateralmovement.....................317MaintainingAccess(Persistence)..............................318Newusercreation................cooiiiiiiiiine......318Plantingbackdoorsandtrojans............................320Othertechniquesformaintainingaccess....................320Detectionavoidance................oooiiiiiiiinin...2.321CoveringYourTracks.................ooiiiiiien......321LabEXercises............oooviiiiiiiiiiiiiiiiiiai..2323Exercise8-1:Exploitasystemandcollectinformation.........323Exercise8-2:Recordkeystrokes............................324Exercise8-3:Obtainpasswordhashes.......................324Exercise8-4:Movelaterally................................325Exercise8-5:Createabackdooraccount.....................326Exercise8-6:Coveryourtracks.............................326ReviewingKeyConcepts...............ovviininenon.......327PrepTest.........cooiiiiiiiiea...328aEPC<1|BR|study|

Loading page image...

carers:COMmonPenetrationTestingTools.................333UnderstandingUseCasesforCommonPentestTools............333Reconnaissance..............oooiiiiiiiiiiiiiaea..0.334Enumeration............ooo.334Vulnerabilityscanning.....................................334Credentialattacks...............ooooiiiiiiiiiiin..00.335Persistence...............ciiiiiiiiii00335Configurationcompliance.................................336Evasion.........o.oo.336Decompilationanddebugging.............................336Forensics...........oooiiiiiiiiiiii20336Softwareassurance...............ooiiiiiiieiiiaiin......337LookingatCommonPentestTools.............................337SCANNETS...\\ttiete...2338Credentialtestingtools....................................342Debuggers............oii...349Software-assurancetools.....................oooiin.......350Open-sourceintelligence(OSINT)tools......................351Wirelesstools...352Webapplicationtools/webproxies.........................354Socialengineeringtools...................................356Remoteaccesstools...............ooiiiiiiiiiiia..0357Networkingtools.........................................358Mobiletools...0359Steganographytools......................................359Cloudtools.........ooiiiiii00360Miscellaneoustools...............oooiiiiiiiiiii.362AnalyzingToolOutput........................coiien.......363Passwordcracking.....................oo.o........363Passthehash.............................o....365Settingupabindshell....................................367Gettingareverseshell....................................368Proxyingaconnection......................ooo...369Uploadingawebshell.....................................370Injections...L370LabEXercises............ooiiiiiiiiiiiiiiiiie.2371Exercise9-1:CrackpasswordswithJohntheRipper...........372Exercise9-2:Locatewebservers............................372Exercise9-3:Scanwebapplicationsforvulnerabilities.........373Exercise9-4:UseHydraforpasswordcrackingoverRDP.......373Exercise9-5:UseHydratocrackwebsitecredentials..........374Exercise9-6:UseCeWLtocreateawordlist..................376Exercise9-7:UseNetcat/Ncattocreateabindshell...........376Exercise9-8:UsingResponderandJohntheRippertocaptureandcrackpasswordhashes......................377XIVCompTIAPentest+CertificationForDummies

Loading page image...

ReviewingKeyConcepts..................ooeeiienon........380PrepTest...........oiiiiiiiiieee...381EEPC1.7cuarrer10:AnalyzingScriptFunctionality.......................385ReviewingScriptingConcepts......................oou........386Variablesandarrays......................................386Loopingandflowcontrol..................................387Understandingoperators..................................390Datastructures..............coooiiiiiiiiiiiiaaiiae......390Partsofsoftwareandscripts...............................392Commonoperations................ccoeeuiiienaena.......392Errorhandling.............................l......394UsingBashScripting.........................................395Variablesandarrays......................................395Loopingandflowcontrol..................................397Executingthescript.......................................398Errorhandling.........................lll0399Inputandoutput...399UnderstandingPythonScripting...............................400Variablesandarrays......................................400Loopingandflowcontrol..................................402Executingthescript.......................................403Errorhandling...........................................403Inputandoutput...404WorkingwithRubyScripting..................................405Variablesandarrays......................................405Loopingandflowcontrol..................................406Executingthescript.......................................408Errorhandling...........................................408Inputandoutput...409CodinginPowerShellScripting................................410Variablesandarrays......................................410Loopingandflowcontrol................................410Executingthescript.....................................043Errorhandling.................ll414Inputandoutput...AT4CodeExamplesandAutomation...............................415Analyzeexploitcode......................................415Opportunitiesforautomation..............................422LabEX@rcises........oovieiiiiiiiiiieiie422Exercise10-1:ReviewBashscript...........................422Exercise10-2:ReviewPythonscript.........................423Exercise10-3:ReviewPowerShellscript.....................424BR|studyxy|

Loading page image...

ReviewingKeyConcepts...............cooviviienenno......425PrepTest.....o.oo.426ANSWETS.©ooteeeeeeeeeeeeieee...428cuarrer11:ReportingandCommunication......................429CommunicatingDuringaPenTest.............................429Understandingcommunicationpaths.......................430Communicationtriggers..................................431Reasonsforcommunication..........................00432Goalreprioritizationandpresentationoffindings...................................433FindingsandRemediations...................................433Sharedlocaladministratorcredentials......................434Weakpasswordcomplexity................................434Plaintextpasswords.....................ooiel..L434Nomultifactorauthentication..............................435SQLinjection...........oii...435Unnecessaryopenservices................................436FocusingYourRemediationStrategies..........................436RecommendingtheAppropriateRemediationStrategy...........437Commontechnicalcontrols................................437Commonadministrativecontrols...........................439Commonoperationalcontrols.............................439Commonphysicalcontrols.................................440WritingandHandlingthePentestReport.......................440Commonthemes/rootcauses..............................440Notetakingandnormalizationofdata.......................441Riskappetite...ANReportaudience...................ol...442Reportstructure................ooiiiiiiiiii....442Securehandlinganddistributionofreports..................445DeliveringtheReportandPost-ReportActivities.................446Post-engagementcleanup.................................446Clientacceptance............ooivieiiinenaennnnen........447Administrativetasks..............oiiiiLLL447LabEXercises............ooiiiiiiiiiiiiiiiiii448Exercise11-1:Createapentestreport.......................448Exercise11-2:Encryptthepentestreport....................448ReviewingKeyConcepts..............ooovinieainanen........449PrepTest.........ooiiiiiiiiee...450ANSWETS.otitis453XVlCompTIAPentest+CertificationForDummies

Loading page image...

PART4:APPENDIXES...........................................455areenoixi:PenTest+ExamDetails.................................457CompTIAPenTest+CertificationandWhyYouNeedIt............457CheckingOuttheExamandItsObjectives......................458UsingThisBooktoPreparefortheExam.......................459StepstoPreparefortheExam................................460MakingArrangementstoTaketheExam........................460TheDaytheEarthStoodStill:ExamDay........................461Arrivingattheexamlocation...............................461Testingonline(fromhomeorwork).........................461Takingtheexam............................l....462HowdoesCompTIAsetthepasslevel?......................464aerenoixs:COMPTIAPenTest+ExamReferenceMatrix.......4652021PenTest+ExamObjectives—PTO-002.....................465aevenoxc:LabSetup...L489SettingUptheVirtualMachines...............................489ObtainingtheSoftwareNeeded...............................490VMwareWorkstation...................coooiiiiLL.490WindowsServer2012/2016/2019...........................490WIndows7«oot490KaliLinux..ooo491Metasploitable2.........................490INDEXoo493BR|study|

Loading page image...

IntroductionheCompTIAPenTest+certificationisafast-growingcybersecuritycertifi-cationthatsecurityprofessionalsattaintoprovetheirsecurityandpenetra-tiontestingknowledge.TheCompTIAPenTest+certificationisawell-recognizedcertificationthatnotonlytestsyourknowledgeonthecommontoolsusedtoperformapenetrationtest,butalsoittestsyourknowledgeontheprocesstofollowwhenperformingapenetrationtest.CompTIAPenTest+CertificationForDummiesisdesignedtobeahands-on,practicalguidetohelpyoupasstheCompTIAPenTest+certificationexam.Thisbookiswritteninawaythathelpsyouunderstandcomplextechnicalcontentandpre-paresyoutoapplythatknowledgetoreal-worldscenarios.IunderstandthevalueofabookthatcoversthepointsneededtopassthePen-Test+certificationexam,butIalsounderstandthevalueofensuringthatthematerialhelpsyouperforminformationtechnology(IT)-relatedtaskswhenyouareonthejob.Thatiswhatthisbookoffers—keypointstopasstheexamcom-binedwithpracticalinformationtohelpyouintherealworld,whichmeansthisbookcanbeusedinmorethanoneway:3Asanexampreparationtool:BecausemygoalistohelpyoupassthePenTest+exam,thisbookispackedwithexam-specificinformation.YoushouldunderstandeverythingthatisinthisbookbeforetakingthePenTest+exam,buttohelpidentifykeypointsthatyoumustknow,lookforiconscalledFortheExamtohelpyouprepare.»Asareference:RelyonmyextensiveexperienceintheITindustrynotonlytostudyfor(andpass)thePenTest+exam,butalsotohelpyouperformcommonpentest-relatedtasksonthejob.Thopeyoufindthisbookausefultoolthatyoucanrefertotimeandtimeagaininyourcareer.IntrodI~StudyXY

Loading page image...

EachchapterinthisbookhasdifferentelementsthathelpyoupreparetopassthePenTest+exam.Eachchapterincludesthefollowingfeatures:3Icons:LookfortheiconsusedineachchaptertodrawyourattentiontoinformationneededforthePenTest+examorintherealworld.Formoredetailsontheicons|use,checkoutthesection,“IconsUsedinThisBook”laterinthisintroduction.3ReviewingKeyConcepts:Foundattheendofeachchapter,the“ReviewingKeyConcepts”summarycoverskeypointsyoushouldrememberfortheexam.3PrepTest:Followingeachchapter's“ReviewingKeyConcepts”section,youwillfindexamplequestionstohelpyoureviewthechaptercontentinpreparationforthePenTest+certificationexam.Besuretodothereviewquestionswitheachchapter!Then,afteryoucompletethebook,checkoutthepracticeexamthataccompaniesthisbookonthewww.dummies.comwebsite.Thispracticeexamisdesignedtofunctionliketherealexam,withthesamelevelofdifficulty.(Seethesection,“BeyondtheBook"laterinthisIntroductionformoreinformationabouthowtoaccesstheonlinepracticeexam.)Imakeafewassumptionsaboutyouasareaderandhavewrittenthisbookwiththeseassumptionsinmind:3YouareinterestedinobtainingthePenTest+certification.Afterall,thefocusofthisbookishelpingyoupasstheexam.3Youhaveacomputertoworkon.Toperformthelabexercisesinthisbook,youneedacomputerwithvirtualizationsoftwaretorunmultiplevirtualmachines.|recommendusingvirtualizationsoftwaresuchasHyper-VorVMWarePlayertorunKaliLinux,Metasploitable2,aWindowsServer,andaWindowsclient.3Youwillstudyhardanddoasmuchhands-onworkaspossible.ThereisalotofcontentcoveredbythePenTest+certificationexam,andyoushouldreadovertheinformationinthisbookafewtimestoensureyouunderstandeverything.Youshouldalsoexperimentasmuchaspossibleafteryoureadaboutaparticulartopic.Forexample,afteryoureadaboutrunningavulnerabil-ityscan,youshouldtryit.Therearelabexercisestohelpyouwiththisaswell.2CompTIAPentest:+CertificationForDummiesv7StudyXY

Loading page image...

LikeallForDummiesbooks,chaptersareorganizedintoparts.Thechaptersineachpartarerelatedbyaspecificthemeortopic.Forexample,Part1:PlanningandInformationGathering,containsalltheinformationyouneedtoknowintheinitialstagesofapenetrationtest.Pre-assessmentBeforeyoudiveintothebook,you'llfindasetofpre-assessmentquestionstotestyourinitialknowledgeoftheareascoveredbytheCompTIAPenTest+certificationexam.Taketimetorevieweachquestiontoseewhereyoustand,andthenverifyyourworkwiththeanswersthatfollow.Usethechapterreferencegiventolearnmoreaboutthetopicrelatedtothequestion.Part1:PlanningandInformationGatheringInthispart,youdiscoverwhatthePenTest+certificationisallaboutandwhatyouwillbetestedonwhentakingtheCompTIAPenTest+certificationexam.Youalsolearnabouthowtoplanandscopethepenetrationtest,andthetoolstousetoperforminformationgatheringandvulnerabilityidentification.Part2:AttacksandExploitsInPart2,youlearnabouthowexploitsareperformedonsystemstogainaccesstothosesystems.Youlearnaboutexploitingsystems,wirelessnetworks,andhowtoexploitcommonweaknessesinapplications.Part3:Post-ExploitationandReportingPart3discussescommonpost-exploitationactionsyoucantakeafterexploitingasystemandgainingaccesstothatsystem.Part3alsodiscussesscriptinglan-guagesandhowtocreateapenetrationtestingreport.AppendixesThreeappendixesprovidehelpfulinformationaboutthePenTest+examanduse-fulinformationtohelpyoucreateahands-onlabenvironmenttohelpwithyourstudies.AppendixAintroducesyoutotheexamandgivesyouagoodideaofwhatyoucanexpectwhenyougototaketheexam.AppendixBincludesanexamIntrodJ~n+StudyXY

Loading page image...

objectivemappingtablethatletsyouknowwhereinthebookeachoftheexamobjectivesarecovered.ThisisveryusefulwhenyouarepreparingfortheComp-TIAPenTest+certificationexamtoensureyouknoweachpointintheobjectives.AppendixCcontainsalistofthevirtualmachines(VMs)Iusetocreatethelabexercisesandcontainsusefulinformationtohelpyoubuildamatchinglabenvi-ronmenttopracticeyourpenetrationtestingskills!PracticeexamAfteryouhavereadthroughthebookmultipletimes,performedthelabexercisesafewtimes,andcompletedtheendofchapterreviewquestions,youshouldthentakethepracticeexamavailableforthisbookonwww.dummies.com.Thepracticeexamgivesyoutheopportunitytoexperiencethefeelofaliveexamtohelpyoupreparefortherealexam.Thepracticeexamalsocontainssampleperformance-basedquestions,whichareinteractivequestionsyouwillfindontherealexam.Seethesection,“BeyondtheBook”laterinthisintroductionformoreinformationabouthowtoaccesstheonlinepracticeexam.Iuseanumberoficonsinthisbooktodrawyourattentiontopiecesofusefulinformation.Thisicongivesyouaheads-uponinformationyoushouldabsolutelyknowforthePenTest+certificationexam.FORTHEEXAMInformationthatwouldbehelpfultoyouintherealworldisindicatedwithaTipicon.Expecttofindshortcutsandtimesavershere.ie®Thisiconisusedtoflaginformationthatmaybeusefultorememberonthejob.REMEMBERInformationthatcouldcauseproblemstoyouortothecomputerisindicatedwithaWarningicon.IfyouseeaWarningicon,makesureyoureadit.Thecomputeryousavemaybeyourown.WARNING4CompTIAPentest+CertificationForDummies~FStudyxy

Loading page image...

Inadditiontowhatyou’rereadingrightnow,thisbookcomeswithafreeaccess-anywhereCheatSheetthatincludestipstohelpyouprepareforthePenTest+certificationexam.TogetthisCheatSheet,simplygotowww.dummies.comandtypeCompTIAPenTest+CertificationForDummiesCheatSheetintheSearchbox.Youalsogetaccesstopracticeexamquestions.Togainaccesstotheonlineprac-ticeexam,allyouhavetodoisregister.Justfollowthesesimplesteps:1.RegisteryourbookorebookatDummies.comtogetyourPIN.Gotowww.dummies.com/go/getaccess.2.Selectyourproductfromthedrop-downlistonthatpage.3.Followthepromptstovalidateyourproduct,andthencheckyouremailforaconfirmationmessagethatincludesyourPINandinstructionsforloggingin.Ifyoudonotreceivethisemailwithintwohours,pleasecheckyourspamfolderbeforecontactingusthroughourTechnicalSupportwebsiteathttps://supportwiley.comorbyphoneat877-762-2974.Nowyou'rereadytogo!Youcancomebacktothepracticematerialasoftenasyouwant—simplylogonwiththeusernameandpasswordyoucreatedduringyourinitiallogin.Noneedtoentertheaccesscodeasecondtime.YourregistrationisgoodforoneyearfromthedayyouactivateyourPIN.TheCompTIAPenTest+certificationisoneofthemostpopularsecuritycertifica-tionsforindividualsnewtoethicalhackingandpenetrationtesting.AfteryoupasstheCompTIAPenTest+certificationexam,youmightwanttocontinueyourcertificationpathbystudyingforthefollowingcertificationsfromCompTIA:3Security+:Ifyouhaven'tcompletedCompTIA'sSecurity+certification,thiscouldbethenextstep.MostcandidatescompleteSecurity+beforedoingPenTest+,butifyouhaven't,thereisnoproblemgoingbacktodoit.Security+coversITsecuritytopicsthathelpyousecurecompanyassets.IntrodI~StudyXY

Loading page image...

3CySA+:TheCySA+certificationisavendor-neutralcertificationthatensuresthecandidateknowshowtorespondtosecurityincidentsbycoveringsecurityanalytics,intrusiondetection,andincidentresponse.3CASP+:ThefinalsecuritycertificationintheCompTIAsecuritytrackistheCASP+certification,whichcoversadvancedtechnicalITsecuritytopics.6CompTIAPentest:+CertificationForDummiesyeStudy

Loading page image...

Pre-AssessmenthefollowingquestionsaredesignedtotestyouonareasoftheCompTIAPenTest+certificationexamthatyoumayneedtofocusonwhenreadingthroughthisbook.Taketimetorevieweachquestiontocomeupwiththebestanswerforeachquestion.Besuretoverifyyourworkwiththepre-assessmentanswersthatfollow,andusethechapterreferencegiventolearnmoreaboutthetopicrelatedtothequestion.1.Youareperformingapenetrationtestforalargecustomer.YouareusingNmaptodeterminetheportsthatareopenonthetargetsystems.Whatphaseofthepenetrationtestingprocessareyoucurrentlyon?(A)Reportingandcommunication(B)Attacksandexploits(C)Planningandscoping(D)Informationgatheringandvulnerabilityidentification2.Youarepreparingtoperformapenetrationtestforacustomer.Whattypeofdocumentdoesthecustomertypicallyhavethepenetrationtestersignbeforethepenetrationtestbegins?(A)Authorizationletter(B)Service-levelagreement(C)Non-disclosureagreement(D)Masterserviceagreement3.WhichofthefollowingpenetrationtoolsareconsideredOSINTtools?(Choosetwo.)(A)Nmap(B)Recon-ng(C)Hydra(D)Metasploit(E)MaltegoPre-Asses:|pp+StudyXY

Loading page image...

4.Youareinthediscoveryphaseofapenetrationtestandwouldliketodoaportscanonthenetwork,butnotperformapingoperationwiththeportscan.WhatNmapswitchwouldyouusetodisablepingswiththeportscan?(A)-Pn(B)-p(C)-sP(D)-sT5.Youarelookingtodiscovervulnerabilitiesonagroupofsystemsthataretargetsystemsforyourpenetrationtest.Whattoolswouldyouusetoidentifyvulnerabilitiesinthesystems?(Choosetwo.)(A)OpenVAS(B)Nessus(C)Hydra(D)Metasploit(E)Nmap6.DuringapenetrationtestyouarelookingtoperformaMiTMattack.Whichofthefollowingtoolswouldyouusetoperformtheattack?(A)Hydra(B)Metasploit(C)arpspoof(D)John7.Youareperformingapenetrationtestonawirelessnetwork.Youwouldliketodeauthenti-catetheclientsfromtheaccesspoint.Whattoolwouldyouuse?(A)Aircrack-ng(B)Aireplay-ng(C)Airodump-ng(D)Deauth-ng8.Whileperformingapenetrationtestonawirelessnetwork,youdecidetotrytobruteforcetheWPSpinonthewirelessaccesspoint.WhatcommandwouldyouuseinKaliLinux?(A)aircrack-ng(B)mimikatz(C)reaver(D)wpscrack-ng8CompTIAPentest+CertificationForDummies

Loading page image...

9.YouareassessingthesecurityofawebapplicationrunningonawebserverwithintheDMZ.Whichofthefollowingrepresentsanexampleofacommandinjectionattack?(A)http://site/showData.php?id=1;phpinfo()(B)http://site/purchase.aspx?redirect=confirmation.aspx(C)http://site/prodt.php?id=5;update%20products%20set%20price=.50(D)http://site/showData.php?dir=%3Bcat%20/etc/passwd10.Youareperformingapenetrationtestforacustomerandhaveexploitedasystemandgainedameterpretersession.Whatpost-exploitationcommandwasusedtoobtainthefollowingoutput?Admin:500:b45a8125648cbdd204272c bdd£2c4272cba5a8125648¢Guest:501:b45a8125648cbdd£204272c bdd£2c4272cba5a8125648¢testUser:1024:b45a8125648cbdd204272:bdd£2c4272ch45a8125648c(A)hashdump(B)hydra(C)killav(D)truncate11.Youareassessingthesecurityofawebapplication.Whattoolwouldyouusetoidentifyvulnerabilitiesonawebsite?(A)SQLdict(B)Nmap(€)Nikto(D)Hydra12.Youhaveobtainedthepasswordhashfortheadministratoraccountonasystem.Whattoolwouldyouusetocrackthepasswordhash?(A)Hashdump(B)Nmap(C)Aircrack-ng(D)HashcatBR|studyxY|

Loading page image...

13.Duringanauthorizedpenetrationtest,youhaveusedNmaptolocatesystemsonthenetworkrunningRDP.WhatcommandwouldyouusetoperformpasswordcrackingusingRDPtraffictothesystem?(A)mimikatz(B)hashcat(C)hydra(D)hashdump14.Whatlanguagewasusedtowritethefollowingcode?startTime=datetime.now()try:forportinrange(1,1024):sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)result=sock.connect_ex((remoteSystemIP,port))ifresult==0:print"Port{}:Open".format(port)sock.close()(A)PowerShell(B)Python(C)Ruby(D)Bash15.Whileperformingapenetrationtestforacustomer,younoticethereisevidenceofaprevioussecuritycompromiseonthewebserver.Whatshouldyoudo?(A)Makeanoteofitandcontinuethepentest(B)Continuethepentestandaddevidencetothereport(C)Patchthesystemandcontinuethepentest(D)Haltthepentestanddiscussthefindingswiththestakeholder10CompTIAPentest+CertificationForDummiesvgFStudyxy

Preview Mode

This document has 531 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

Company

Explore

Study Tools