Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux - An Ethical Hacker's Cookbook
  • Table Of Contents Toc
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma
3.8 (20)
Buy this Book
close
close
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

3.8 (20)
By: Himanshu Sharma
Buy this Book

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
Kali – An Introduction
Icon
Kali – An Introduction
Icon
Introduction
Icon
Configuring Kali Linux
Icon
Configuring the Xfce environment
Icon
Configuring the Mate environment
Icon
Configuring the LXDE environment
Icon
Configuring the e17 environment
Icon
Configuring the KDE environment
Icon
Prepping up with custom tools
Icon
Pentesting VPN's ike-scan
Icon
Setting up proxychains
Icon
Going on a hunt with Routerhunter
2
Gathering Intel and Planning Attack Strategies
Icon
Gathering Intel and Planning Attack Strategies
Icon
Introduction
Icon
Getting a list of subdomains
Icon
Using Shodan for fun and profit
Icon
Shodan Honeyscore
Icon
Shodan plugins
Icon
Using Nmap to find open ports
Icon
Bypassing firewalls with Nmap
Icon
Searching for open directories
Icon
Performing deep magic with DMitry
Icon
Hunting for SSL flaws
Icon
Exploring connections with intrace
Icon
Digging deep with theharvester
Icon
Finding the technology behind web apps
Icon
Scanning IPs with masscan
Icon
Sniffing around with Kismet
Icon
Testing routers with firewalk
3
Vulnerability Assessment
Icon
Vulnerability Assessment
Icon
Introduction
Icon
Using the infamous Burp
Icon
Exploiting WSDLs with Wsdler
Icon
Using Intruder
Icon
Web app pentest with Vega
Icon
Exploring SearchSploit
Icon
Exploiting routers with RouterSploit
Icon
Using Metasploit
Icon
Automating Metasploit
Icon
Writing a custom resource script
Icon
Databases in Metasploit
4
Web App Exploitation – Beyond OWASP Top 10
Icon
Web App Exploitation – Beyond OWASP Top 10
Icon
Introduction
Icon
Exploiting XSS with XSS Validator
Icon
Injection attacks with sqlmap
Icon
Owning all .svn and .git repositories
Icon
Winning race conditions
Icon
Exploiting JBoss with JexBoss
Icon
Exploiting PHP Object Injection
Icon
Backdoors using web shells
Icon
Backdoors using meterpreters
5
Network Exploitation on Current Exploitation
Icon
Network Exploitation on Current Exploitation
Icon
Introduction
Icon
Man in the middle with hamster and ferret
Icon
Exploring the msfconsole
Icon
Railgun in Metasploit
Icon
Using the paranoid meterpreter
Icon
A tale of a bleeding heart
Icon
Redis exploitation
Icon
Say no to SQL – owning MongoDBs
Icon
Embedded device hacking
Icon
Elasticsearch exploit
Icon
Good old Wireshark
Icon
This is Sparta!
6
Wireless Attacks – Getting Past Aircrack-ng
Icon
Wireless Attacks – Getting Past Aircrack-ng
Icon
Introduction
7
Password Attacks – The Fault in Their Stars
Icon
Password Attacks – The Fault in Their Stars
Icon
Introduction
Icon
Identifying different types of hash in the wild!
Icon
Using hash-identifier
Icon
Cracking with patator
Icon
Cracking hashes online
Icon
Playing with John the ripper
Icon
Johnny Bravo!
Icon
Using cewl
Icon
Generating word list with crunch
8
Have Shell Now What?
Icon
Have Shell Now What?
Icon
Introduction
Icon
Spawning a TTY Shell
Icon
Looking for weakness
Icon
Horizontal escalation
Icon
Vertical escalation
Icon
Node hopping – pivoting
Icon
Privilege escalation on Windows
Icon
Using PowerSploit
Icon
Pulling plaintext passwords with mimikatz
Icon
Dumping other saved passwords from the machine
Icon
Pivoting into the network
Icon
Backdooring for persistence
9
Buffer Overflows
chevron up
Icon
Buffer Overflows
Icon
Introduction
Icon
Exploiting stack-based buffer overflows
Icon
Exploiting buffer overflow on real software
Icon
SEH bypass
Icon
Exploiting egg hunters
Icon
An overview of ASLR and NX bypass
10
Playing with Software-Defined Radios
Icon
Playing with Software-Defined Radios
Icon
Introduction
Icon
Radio frequency scanners
Icon
Hands-on with RTLSDR scanner
Icon
Playing around with gqrx
Icon
Kalibrating device for GSM tapping
Icon
Decoding ADS-B messages with Dump1090
11
Kali in Your Pocket – NetHunters and Raspberries
Icon
Kali in Your Pocket – NetHunters and Raspberries
Icon
Introduction
Icon
Installing Kali on Raspberry Pi
Icon
Installing NetHunter
Icon
Superman typing – HID attacks
Icon
Can I charge my phone?
Icon
Setting up an evil access point
12
Writing Reports
Icon
Writing Reports
Icon
Introduction
Icon
Generating reports using Dradis
Icon
Using MagicTree

Exploiting buffer overflow on real software

You have learned the basics of exploitation earlier. Now let's try these on some of the software already exploited long ago and with public exploits available. In this recipe, you will learn about publicly available exploits for old software and create your own version of the exploit for it.

Before we begin, we will need an old version of a Windows OS (preferably, Windows XP) and a debugger for Windows. I have used Immunity Debugger and an old software with a known buffer overflow vulnerability. We will use Easy RM to MP3 Converter. This version had a buffer overflow vulnerability in playing large M3U files.

Getting ready

The free version of Immunity Debugger can be downloaded at https://www.immunityinc.com/products/debugger/.

How to do it...

Follow the given steps to learn about it:

  1. Next, we download and install our MP3 converter on the machine.
  2. This converter had a vulnerability in playing M3U files. The software crashed when a large file was opened...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Kali Linux - An Ethical Hacker's Cookbook
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon