Book Image

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Book Image

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Preface

What this book covers

What you need for this book

Who this book is for

Readers feedback

Customer support

Free Chapter

Installing Kali and the Lab Setup

Installing Kali and the Lab Setup

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Reconnaissance and Scanning

Reconnaissance and Scanning

Using KeepNote to organize our data

Getting up and running with Maltego CE

Gathering domain information

Gathering public IP information

Gathering external routing information

Gathering internal routing information

Gathering cloud service information

Identifying network hosts

Profiling hosts

Identifying whether there is a web application firewall

Using SNMP to gather more information

Vulnerability Analysis

Vulnerability Analysis

Installation and configuration of OpenVAS

A basic vulnerability scanning with OpenVAS

Advanced vulnerability scanning with OpenVAS

Installation and Configuration of Nessus

A basic vulnerability scanning with Nessus

Advanced vulnerability scanning with Nessus

The installation and configuration of Nexpose

Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose

Finding Exploits in the Target

Finding Exploits in the Target

Searching the local exploit database

Searching the online exploit database

The Metasploit setup and configuration

The Armitage setup

Basic exploit attacks with Armitage

Advanced attacks with Armitage

Using the backdoor factory and Armitage

Social Engineering

Social Engineering

Phishing attacks

Spear-phishing attacks

Credential harvesting with SET

PowerShell attack vector

QRCode attack vector

Infectious media generator

Obfuscating and manipulating URLs

DNS spoofing and ARP spoofing

Password Cracking

Password Cracking

Resetting local Windows machine password

Cracking remote Windows machine passwords

Windows domain password attacks

Cracking local Linux password hashes

Cracking password hashes with a wordlist

Brute force password hashes

Cracking FTP passwords

Cracking Telnet and SSH passwords

Cracking RDP and VNC passwords

Cracking ZIP file passwords

Privilege Escalation

Privilege Escalation

Establishing a connection as an elevated user

Remotely bypassing Windows UAC

Local Linux system check for privilege escalation

Local Linux privilege escalation

Remote Linux privilege escalation

DirtyCOW privilege escalation for Linux

Wireless Specific Recipes

Wireless Specific Recipes

Scanning for wireless networks

Bypassing MAC-based authentication

Breaking WEP encryption

Obtaining WPA/WPA2 keys

Exploiting guest access

Rogue AP deployment

Using wireless networks to scan internal networks

Web and Database Specific Recipes

Web and Database Specific Recipes

Creating an offline copy of a web application

Scanning for vulnerabilities

Launching website attacks

Scanning WordPress

Hacking WordPress

Performing SQL injection attacks

Maintaining Access

Maintaining Access

Pivoting and expanding access to the network

Using persistence to maintain system access

Using cymothoa to create a Linux backdoor

Protocol spoofing using pingtunnel

Protocol spoofing using httptunnel

Hiding communications with cryptcat

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Introduction

In this chapter, we will take the host information that we have accumulated to determine the potential exploits to use against target machines and services. It is important to note that as you work through this section, you are going to be launching attacks against hosts. These attacks are going to create noise on the network that may be picked up by security devices. Under typical circumstances, you will spend substantial time validating whether your target is truly vulnerable to an exploit before launching it, so you don't create any unnecessary information that could be used to determine an active attack against a device.