Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Preface

What this book covers

What you need for this book

Free Chapter

Installing Kali and the Lab Setup

Introduction

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Reconnaissance and Scanning

Introduction

Using KeepNote to organize our data

Getting up and running with Maltego CE

Gathering domain information

Gathering public IP information

Gathering external routing information

Gathering internal routing information

Gathering cloud service information

Identifying network hosts

Profiling hosts

Identifying whether there is a web application firewall

Using SNMP to gather more information

Vulnerability Analysis

Introduction

Installation and configuration of OpenVAS

A basic vulnerability scanning with OpenVAS

Advanced vulnerability scanning with OpenVAS

Installation and Configuration of Nessus

A basic vulnerability scanning with Nessus

Advanced vulnerability scanning with Nessus

The installation and configuration of Nexpose

Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose

Finding Exploits in the Target

Introduction

Searching the local exploit database

Searching the online exploit database

The Metasploit setup and configuration

The Armitage setup

Basic exploit attacks with Armitage

Advanced attacks with Armitage

Using the backdoor factory and Armitage

Social Engineering

Introduction

Phishing attacks

Spear-phishing attacks

Credential harvesting with SET

Web jacking

PowerShell attack vector

QRCode attack vector

Infectious media generator

Obfuscating and manipulating URLs

DNS spoofing and ARP spoofing

DHCP spoofing

Password Cracking

Introduction

Resetting local Windows machine password

Cracking remote Windows machine passwords

Windows domain password attacks

Cracking local Linux password hashes

Cracking password hashes with a wordlist

Brute force password hashes

Cracking FTP passwords

Cracking Telnet and SSH passwords

Cracking RDP and VNC passwords

Cracking ZIP file passwords

Privilege Escalation

Introduction

Establishing a connection as an elevated user

Remotely bypassing Windows UAC

Local Linux system check for privilege escalation

Local Linux privilege escalation

Remote Linux privilege escalation

DirtyCOW privilege escalation for Linux

Wireless Specific Recipes

Introduction

Scanning for wireless networks

Bypassing MAC-based authentication

Breaking WEP encryption

Obtaining WPA/WPA2 keys

Exploiting guest access

Rogue AP deployment

Using wireless networks to scan internal networks

Web and Database Specific Recipes

Introduction

Creating an offline copy of a web application

Scanning for vulnerabilities

Launching website attacks

Scanning WordPress

Hacking WordPress

Performing SQL injection attacks

Maintaining Access

Introduction

Pivoting and expanding access to the network

Using persistence to maintain system access

Using cymothoa to create a Linux backdoor

Protocol spoofing using pingtunnel

Protocol spoofing using httptunnel

Hiding communications with cryptcat

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Using Kali Linux from bootable media

As you will see in the pages that follow, there are a tremendous number of uses for Kali Linux, and for these uses, it is not always practical to dedicate a device to one particular use case, as this would be a tremendous waste of resources. To address this, you can use the Kali Linux installation ISO downloaded in the previous section as a live CD as well; or you can maintain persistence with a live USB drive with persistence (with or without Linux Unified Key Setup encryption).

We will show you how to create the Live USB (no persistence, no history maintained).

Additional options such as live USB with persistence, live USB with encrypted persistence, and custom rolled Kali Linux ISO (which can be incorporated into the bootable USB options) can be found on the Kali Linux documentation wiki at http://docs.kali.org under the section called 02. Kali Linux Live.

Getting ready

In order to be able to complete this section successfully, you will need the following:

USB Drive (8 GB or larger)
USB disk imager (Win32DiskImager)

How to do it...

Let's begin the process of creating a bootable Kali Linux USB device:

Starting with the Kali Linux ISO file we downloaded in the earlier recipe, installing VirtualBox, we will use Win32DiskImager (https://sourceforge.net/projects/win32diskimager/) to create a bootable USB using the ISO. Download and install Win32DiskImager.
Once installed, launch Win32DiskImager.

In order to format the USB drive and to write the raw image, Win32DiskImager needs admin permissions to run. You will need to give permission for it to run when the user access control dialog is presented.

Win32DiskImager will use IMG files, but we will tell it to use an ISO file as the source. From the application screen, click on the File Open button, and when presented with the File Open box, change the file filter to *.* in the lower right, and navigate to the Kali Linux ISO file.
Select the drive letter of your USB device, and click on Write:

FW32 DiskImager example

Once the image has been written to the USB drive, you will be able to boot from this device on machines that support the USB bootable media. In this configuration, you now have a bootable USB drive that will from which the Kali Linux operating system will boot, as if it were installed onto the local disk. Across reboots, you will lose any documents you may have created. If you choose it, you can create an additional partition on the USB drive that will be persistent, and keep files and documents you may wish to keep. The step-by-step instructions on how to extend this functionality can be found on the Kali Linux documentation wiki at http://docs.kali.org under 02. Kali Linux Live.

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux Cookbook - Second Edition

Password Cracking with Kali Linux

Learn Kali Linux 2019

Learn Penetration Testing