Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
KALI LINUX NETWORK SCANNING COOKBOOK
Aug, 2014 | 452 pages
No titles found
Table of Contents (16 chapters)
Kali Linux Network Scanning Cookbook
Kali Linux Network Scanning Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
Getting Started
Getting Started
Configuring a security lab with VMware Player (Windows)
Configuring a security lab with VMware Fusion (Mac OS X)
Installing Ubuntu Server
Installing Metasploitable2
Installing Windows Server
Increasing the Windows attack surface
Installing Kali Linux
Configuring and using SSH
Installing Nessus on Kali Linux
Configuring Burp Suite on Kali Linux
Using text editors (VIM and Nano)
2
Discovery Scanning
Discovery Scanning
Using Scapy to perform layer 2 discovery
Using ARPing to perform layer 2 discovery
Using Nmap to perform layer 2 discovery
Using NetDiscover to perform layer 2 discovery
Using Metasploit to perform layer 2 discovery
Using ICMP ping to perform layer 3 discovery
Using Scapy to perform layer 3 discovery
Using Nmap to perform layer 3 discovery
Using fping to perform layer 3 discovery
Using hping3 to perform layer 3 discovery
Using Scapy to perform layer 4 discovery
Using Nmap to perform layer 4 discovery
Using hping3 to perform layer 4 discovery
3
Port Scanning
Port Scanning
UDP port scanning
TCP port scanning
UDP scanning with Scapy
UDP scanning with Nmap
UDP scanning with Metasploit
Stealth scanning with Scapy
Stealth scanning with Nmap
Stealth scanning with Metasploit
Stealth scanning with hping3
Connect scanning with Scapy
Connect scanning with Nmap
Connect scanning with Metasploit
Connect scanning with Dmitry
TCP port scanning with Netcat
Zombie scanning with Scapy
Zombie scanning with Nmap
4
Fingerprinting
Fingerprinting
Banner grabbing with Netcat
Banner grabbing with Python sockets
Banner grabbing with Dmitry
Banner grabbing with Nmap NSE
Banner grabbing with Amap
Service identification with Nmap
Service identification with Amap
Operating system identification with Scapy
Operating system identification with Nmap
Operating system identification with xProbe2
Passive operating system identification with p0f
SNMP analysis with Onesixtyone
SNMP analysis with SNMPwalk
Firewall identification with Scapy
Firewall identification with Nmap
Firewall identification with Metasploit
5
Vulnerability Scanning
Vulnerability Scanning
Vulnerability scanning with Nmap Scripting Engine
Vulnerability scanning with MSF auxiliary modules
Creating scan policies with Nessus
Vulnerability scanning with Nessus
Command-line scanning with Nessuscmd
Validating vulnerabilities with HTTP interaction
Validating vulnerabilities with ICMP interaction
6
Denial of Service
Denial of Service
Fuzz testing to identify buffer overflows
Remote FTP service buffer overflow DoS
Smurf DoS attack
DNS amplification DoS attack
SNMP amplification DoS attack
NTP amplification DoS attack
SYN flood DoS attack
Sock stress DoS attack
DoS attacks with Nmap NSE
DoS attacks with Metasploit
DoS attacks with the exploit database
7
Web Application Scanning
Web Application Scanning
Web application scanning with Nikto
SSL/TLS scanning with SSLScan
SSL/TLS scanning with SSLyze
Defining a web application target with Burp Suite
Using Burp Suite Spider
Using Burp Suite engagement tools
Using Burp Suite Proxy
Using the Burp Suite web application scanner
Using Burp Suite Intruder
Using Burp Suite Comparer
Using Burp Suite Repeater
Using Burp Suite Decoder
Using Burp Suite Sequencer
GET method SQL injection with sqlmap
POST method SQL injection with sqlmap
Requesting a capture SQL injection with sqlmap
Automating CSRF testing
Validating command injection vulnerabilities with HTTP traffic
Validating command injection vulnerabilities with ICMP traffic
8
Automating Kali Tools
Automating Kali Tools
Nmap greppable output analysis
Nmap port scanning with targeted NSE script execution
Nmap NSE vulnerability scanning with MSF exploitation
Nessuscmd vulnerability scanning with MSF exploitation
Multithreaded MSF exploitation with reverse shell payload
Multithreaded MSF exploitation with backdoor executable
Multithreaded MSF exploitation with ICMP verification
Multithreaded MSF exploitation with admin account creation
Index
Index

Validating vulnerabilities with ICMP interaction

As a penetration tester, the best outcome of any given exploit is to achieve remote code execution. However, there are cases in which we might just want to determine if a remote code execution vulnerability is exploitable but don't want to actually follow through the entire exploitation and post-exploitation process. One way to do this is to run a script that logs ICMP traffic and then execute a ping command on the remote system. This recipe will demonstrate how to write a custom script for validating remote code execution vulnerabilities with ICMP traffic.

Getting ready

To validate vulnerabilities using ICMP traffic logging, you will need to have a remote system that is running an exploitable code execution vulnerability. Additionally, this section will require a script to be written to the filesystem by using a text editor such as VIM or Nano. For more information on writing scripts, refer to the Using text editors (VIM and Nano) recipe in...

Previous Section
End of Chapter 5
Next Chapter