Book Image

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante
Book Image

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Cookbook - Second Edition
Corey P. Schultz | Bob Perciaccante
Sep, 2017 | 438 pages
Small book image
Password Cracking with Kali Linux
Daniel W Dieterle
Feb, 2024 | 213 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Readers feedback
Customer support
Free Chapter
1
Installing Kali and the Lab Setup
Installing Kali and the Lab Setup
Introduction
Lab architecture and considerations
Installing VirtualBox
Installing Kali on VirtualBox
Using Kali Linux from bootable media
Upgrading Kali Linux
Understanding the advanced customization and optimization of Kali
Installing Windows machines
Installing Metasploitable
Installing OWASP-BWA
Understanding hack me and other online resources
2
Reconnaissance and Scanning
Reconnaissance and Scanning
Introduction
Using KeepNote to organize our data
Getting up and running with Maltego CE
Gathering domain information
Gathering public IP information
Gathering external routing information
Gathering internal routing information
Gathering cloud service information
Identifying network hosts
Profiling hosts
Identifying whether there is a web application firewall
Using SNMP to gather more information
3
Vulnerability Analysis
Vulnerability Analysis
Introduction
Installation and configuration of OpenVAS
A basic vulnerability scanning with OpenVAS
Advanced vulnerability scanning with OpenVAS
Installation and Configuration of Nessus
A basic vulnerability scanning with Nessus
Advanced vulnerability scanning with Nessus
The installation and configuration of Nexpose
Basic vulnerability scanning with Nexpose
Advanced vulnerability scanning with Nexpose
4
Finding Exploits in the Target
Finding Exploits in the Target
Introduction
Searching the local exploit database
Searching the online exploit database
The Metasploit setup and configuration
The Armitage setup
Basic exploit attacks with Armitage
Advanced attacks with Armitage
Using the backdoor factory and Armitage
5
Social Engineering
Social Engineering
Introduction
Phishing attacks
Spear-phishing attacks
Credential harvesting with SET
Web jacking
PowerShell attack vector
QRCode attack vector
Infectious media generator
Obfuscating and manipulating URLs
DNS spoofing and ARP spoofing
DHCP spoofing
6
Password Cracking
Password Cracking
Introduction
Resetting local Windows machine password
Cracking remote Windows machine passwords
Windows domain password attacks
Cracking local Linux password hashes
Cracking password hashes with a wordlist
Brute force password hashes
Cracking FTP passwords
Cracking Telnet and SSH passwords
Cracking RDP and VNC passwords
Cracking ZIP file passwords
7
Privilege Escalation
Privilege Escalation
Introduction
Establishing a connection as an elevated user
Remotely bypassing Windows UAC
Local Linux system check for privilege escalation
Local Linux privilege escalation
Remote Linux privilege escalation
DirtyCOW privilege escalation for Linux
8
Wireless Specific Recipes
Wireless Specific Recipes
Introduction
Scanning for wireless networks
Bypassing MAC-based authentication
Breaking WEP encryption
Obtaining WPA/WPA2 keys
Exploiting guest access
Rogue AP deployment
Using wireless networks to scan internal networks
9
Web and Database Specific Recipes
Web and Database Specific Recipes
Introduction
Creating an offline copy of a web application
Scanning for vulnerabilities
Launching website attacks
Scanning WordPress
Hacking WordPress
Performing SQL injection attacks
10
Maintaining Access
Maintaining Access
Introduction
Pivoting and expanding access to the network
Using persistence to maintain system access
Using cymothoa to create a Linux backdoor
Protocol spoofing using pingtunnel
Protocol spoofing using httptunnel
Hiding communications with cryptcat

Understanding hack me and other online resources

There are several other resources that can be accessed either online or installed in VirtualBox that you can use to hone your penetration testing skills. The following list contains few resources you may want to explore as a supplement to the exercises in this book:

hack.me

Easy to advanced challenges

https://hack.me/

Hack this site

Easy to advanced challenges

https://www.hackthissite.org/

Vulnerable by design

Easy to advanced challenges

https://www.vulnhub.com/

Bee-Box

Vulnerable web sites

https://sourceforge.net/projects/bwapp/files/bee-box/

Moth

Vulnerable web applications

http://www.bonsai-sec.com/en/research/moth.php

RasPwn

Vulnerable Raspberry Pi image

http://raspwn.org/

OWASP-BWA

OWASP broken web application

https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Hackfest 2016 Sedna

Medium difficulty - root access

https://www.vulnhub.com/entry/hackfest2016-sedna,181/

Hackfest 2016 Quaoar

Easy machine to own

https://www.vulnhub.com/entry/hackfest2016-quaoar,180/

Pentester Lab: XSS and MySQL File

Easy SQL injection example

https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/

SQLInjection to Shell

Intermediate - SQL injection to shell

https://www.vulnhub.com/entry/pentester-lab-from-sql-injection-to-shell-ii,69/

Damn vulnerable web application

Vulnerable - PHP/MySQL application

 https://github.com/Hackademic/hackademic

Hackxor

Webapp hacking game

 http://hackxor.sourceforge.net/cgi-bin/index.pl

WebGoat

Medium level challenge

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

There's more...

The preceding resources will be installed on a variety of different methods that are beyond the scope of this book. But I will quickly mention some of the deployment options:

  • Virtual machines that, can be installed in VirtualBox
  • Scripts that can be run on standard Linux machines to build applications and make them specifically vulnerable to attacks
  • Resources that you may attack over the internet
  • Complete self contained hacking environments
Please ensure that as you are working with these sites, you read carefully the terms of service and understand all requirements and limitations of the environment or tools you are working with. Also be careful if you are remotely hacking sites across the internet. Although there are some of these options available for testing and it may be perfectly legal to do so, your Internet Service Provider (ISP) may flag the activity as malicious and take action against you.

Previous Section
End of Chapter 1
Next Chapter