Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Preface

What this book covers

What you need for this book

Free Chapter

Installing Kali and the Lab Setup

Introduction

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Reconnaissance and Scanning

Introduction

Using KeepNote to organize our data

Getting up and running with Maltego CE

Gathering domain information

Gathering public IP information

Gathering external routing information

Gathering internal routing information

Gathering cloud service information

Identifying network hosts

Profiling hosts

Identifying whether there is a web application firewall

Using SNMP to gather more information

Vulnerability Analysis

Introduction

Installation and configuration of OpenVAS

A basic vulnerability scanning with OpenVAS

Advanced vulnerability scanning with OpenVAS

Installation and Configuration of Nessus

A basic vulnerability scanning with Nessus

Advanced vulnerability scanning with Nessus

The installation and configuration of Nexpose

Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose

Finding Exploits in the Target

Introduction

Searching the local exploit database

Searching the online exploit database

The Metasploit setup and configuration

The Armitage setup

Basic exploit attacks with Armitage

Advanced attacks with Armitage

Using the backdoor factory and Armitage

Social Engineering

Introduction

Phishing attacks

Spear-phishing attacks

Credential harvesting with SET

Web jacking

PowerShell attack vector

QRCode attack vector

Infectious media generator

Obfuscating and manipulating URLs

DNS spoofing and ARP spoofing

DHCP spoofing

Password Cracking

Introduction

Resetting local Windows machine password

Cracking remote Windows machine passwords

Windows domain password attacks

Cracking local Linux password hashes

Cracking password hashes with a wordlist

Brute force password hashes

Cracking FTP passwords

Cracking Telnet and SSH passwords

Cracking RDP and VNC passwords

Cracking ZIP file passwords

Privilege Escalation

Introduction

Establishing a connection as an elevated user

Remotely bypassing Windows UAC

Local Linux system check for privilege escalation

Local Linux privilege escalation

Remote Linux privilege escalation

DirtyCOW privilege escalation for Linux

Wireless Specific Recipes

Introduction

Scanning for wireless networks

Bypassing MAC-based authentication

Breaking WEP encryption

Obtaining WPA/WPA2 keys

Exploiting guest access

Rogue AP deployment

Using wireless networks to scan internal networks

Web and Database Specific Recipes

Introduction

Creating an offline copy of a web application

Scanning for vulnerabilities

Launching website attacks

Scanning WordPress

Hacking WordPress

Performing SQL injection attacks

Maintaining Access

Introduction

Pivoting and expanding access to the network

Using persistence to maintain system access

Using cymothoa to create a Linux backdoor

Protocol spoofing using pingtunnel

Protocol spoofing using httptunnel

Hiding communications with cryptcat

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Installing OWASP-BWA

The Open Web Application Security Project (OWASP), is a global community that focuses on security awareness and the development of secure applications. While this may be thought of as a single application or platform, OWASP is actually a collection of projects that can focus on any number of aspects of applications security. For this recipe, we will focus on the OWASP Broken Web Application (BWA) project to provide us with a standardized platform for the testing of our tools in later chapters.

Getting ready

To install the OWASP-BWA image, we will need to do the following:

Download the latest version of OWASP-BWA in compressed form from https://sourceforge.net/projects/owaspbwa/
Have VirtualBox installed and configured

How to do it...

To install OWASP-BWA into our VirtualBox environment, we will do the following:

Unzip the ZIP file containing the OWASP-BWA files into a location you will reference in the next few steps.
From the console of VirtualBox, on the upper left, we will select the New icon to begin the creation of a new virtual machine.

We will name our new virtual machine OWASP-BWA, and define it as a 64 bit Ubuntu Linux system:

Creating a virtual machine for OWASP-BWA
Leave the default memory allocation as 1024 MB, and click Next.
You will now select Use existing virtual hard disk and navigate to the directory where you unpacked OWASP-BWA. From that directory, select the following and click Create:

Selection of OWASP-BWA virtual disk

Once you have created the virtual machine, we will need to make sure that the correct network interface has been designated. Right-click on on our new host on the left, and select Settings. Navigate to Network and ensure that the Adapter 1 is attached to the Host-only Adapter, and that the other adapters are not enabled:

Designating the network adapter for OWASP-BWA in VirtualBox

Once complete, start the new virtual machine and ensure that it boots properly.

It is very likely that fsck will run when first started due to the length of time since last run. You can allow this to complete to ensure there is no observed disk corruption - it only takes a few minutes.

Once fully booted, login as root with the password owaspbwa.
Ensure that you are receiving an IP address from DHCP by issuing ifconfig eth0 from the command line.

Open a web browser, and navigate it to the IP address of the OWASP-BWA guest. Ensure that you are able to see the different projects within OWASP-BWA. If you are able to see the following web page, you have successfully configured OWASP-BWA:

Confirmation of services running on OWASP-BWA

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux Cookbook - Second Edition

Password Cracking with Kali Linux

Learn Kali Linux 2019

Learn Penetration Testing