Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma

Buy this Book

Kali Linux - An Ethical Hacker's Cookbook

By: Himanshu Sharma

Buy this Book

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.

Title Page

Credits

Disclaimer

About the Author

About the Reviewer

www.PacktPub.com

Customer Feedback

Preface

Free Chapter

Kali – An Introduction

Introduction

Configuring Kali Linux

Configuring the Xfce environment

Configuring the Mate environment

Configuring the LXDE environment

Configuring the e17 environment

Configuring the KDE environment

Prepping up with custom tools

Pentesting VPN's ike-scan

Setting up proxychains

Going on a hunt with Routerhunter

Gathering Intel and Planning Attack Strategies

Introduction

Getting a list of subdomains

Using Shodan for fun and profit

Shodan Honeyscore

Shodan plugins

Using Nmap to find open ports

Bypassing firewalls with Nmap

Searching for open directories

Performing deep magic with DMitry

Hunting for SSL flaws

Exploring connections with intrace

Digging deep with theharvester

Finding the technology behind web apps

Scanning IPs with masscan

Sniffing around with Kismet

Testing routers with firewalk

Vulnerability Assessment

Introduction

Using the infamous Burp

Exploiting WSDLs with Wsdler

Using Intruder

Web app pentest with Vega

Exploring SearchSploit

Exploiting routers with RouterSploit

Using Metasploit

Automating Metasploit

Writing a custom resource script

Databases in Metasploit

Web App Exploitation – Beyond OWASP Top 10

Introduction

Exploiting XSS with XSS Validator

Injection attacks with sqlmap

Owning all .svn and .git repositories

Winning race conditions

Exploiting JBoss with JexBoss

Exploiting PHP Object Injection

Backdoors using web shells

Backdoors using meterpreters

Network Exploitation on Current Exploitation

Introduction

Man in the middle with hamster and ferret

Exploring the msfconsole

Railgun in Metasploit

Using the paranoid meterpreter

A tale of a bleeding heart

Redis exploitation

Say no to SQL – owning MongoDBs

Embedded device hacking

Elasticsearch exploit

Good old Wireshark

This is Sparta!

Wireless Attacks – Getting Past Aircrack-ng

Introduction

Password Attacks – The Fault in Their Stars

Introduction

Identifying different types of hash in the wild!

Using hash-identifier

Cracking with patator

Cracking hashes online

Playing with John the ripper

Johnny Bravo!

Using cewl

Generating word list with crunch

Have Shell Now What?

Introduction

Spawning a TTY Shell

Looking for weakness

Horizontal escalation

Vertical escalation

Node hopping – pivoting

Privilege escalation on Windows

Using PowerSploit

Pulling plaintext passwords with mimikatz

Dumping other saved passwords from the machine

Pivoting into the network

Backdooring for persistence

Buffer Overflows

Introduction

Exploiting stack-based buffer overflows

Exploiting buffer overflow on real software

SEH bypass

Exploiting egg hunters

An overview of ASLR and NX bypass

Playing with Software-Defined Radios

Introduction

Radio frequency scanners

Hands-on with RTLSDR scanner

Playing around with gqrx

Kalibrating device for GSM tapping

Decoding ADS-B messages with Dump1090

Kali in Your Pocket – NetHunters and Raspberries

Introduction

Installing Kali on Raspberry Pi

Installing NetHunter

Superman typing – HID attacks

Can I charge my phone?

Setting up an evil access point

Writing Reports

Introduction

Generating reports using Dradis

Using MagicTree

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Kalibrating device for GSM tapping

RTLSDR also allows us to view GSM traffic using a tool called kal or kalibrate-rtl. This tool can scan for GSM base stations in a frequency band. In this recipe, we will learn about using kalibrate and then confirm the channel in gqrx.

How to do it...

Following are the steps to use kalibrate:

Most of the countries use the GSM900 band. In the USA, it's 850. We will use the following command to scan for GSM base stations:

kal -s GSM900 -g 40

The following screenshot shows the output of the preceding command:

In a few minutes, it will show us a list of base stations:

We note the frequency; in our case, we will use 947.6 MHz along with the offset.

Now we open GQRX and enter it in the Receiver Options window:

We can see in the waterfall that the device is able to catch signals perfectly.

Now we will look at this data at the packet level. We will use a tool known as gr-gsm.
It can be installed using apt install gr-gsm:

Once it is done, if we type grgsm_ and press the Tab...

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma

Kali Linux - An Ethical Hacker's Cookbook

By: Himanshu Sharma

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux - An Ethical Hacker's Cookbook

Kali Linux 2018: Assuring Security by Penetration Testing

Kali Linux Intrusion and Exploitation Cookbook

Mastering Kali Linux for Advanced Penetration Testing

Kalibrating device for GSM tapping

How to do it...