Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Preface

What this book covers

What you need for this book

Free Chapter

Installing Kali and the Lab Setup

Introduction

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Reconnaissance and Scanning

Introduction

Using KeepNote to organize our data

Getting up and running with Maltego CE

Gathering domain information

Gathering public IP information

Gathering external routing information

Gathering internal routing information

Gathering cloud service information

Identifying network hosts

Profiling hosts

Identifying whether there is a web application firewall

Using SNMP to gather more information

Vulnerability Analysis

Introduction

Installation and configuration of OpenVAS

A basic vulnerability scanning with OpenVAS

Advanced vulnerability scanning with OpenVAS

Installation and Configuration of Nessus

A basic vulnerability scanning with Nessus

Advanced vulnerability scanning with Nessus

The installation and configuration of Nexpose

Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose

Finding Exploits in the Target

Introduction

Searching the local exploit database

Searching the online exploit database

The Metasploit setup and configuration

The Armitage setup

Basic exploit attacks with Armitage

Advanced attacks with Armitage

Using the backdoor factory and Armitage

Social Engineering

Introduction

Phishing attacks

Spear-phishing attacks

Credential harvesting with SET

Web jacking

PowerShell attack vector

QRCode attack vector

Infectious media generator

Obfuscating and manipulating URLs

DNS spoofing and ARP spoofing

DHCP spoofing

Password Cracking

Introduction

Resetting local Windows machine password

Cracking remote Windows machine passwords

Windows domain password attacks

Cracking local Linux password hashes

Cracking password hashes with a wordlist

Brute force password hashes

Cracking FTP passwords

Cracking Telnet and SSH passwords

Cracking RDP and VNC passwords

Cracking ZIP file passwords

Privilege Escalation

Introduction

Establishing a connection as an elevated user

Remotely bypassing Windows UAC

Local Linux system check for privilege escalation

Local Linux privilege escalation

Remote Linux privilege escalation

DirtyCOW privilege escalation for Linux

Wireless Specific Recipes

Introduction

Scanning for wireless networks

Bypassing MAC-based authentication

Breaking WEP encryption

Obtaining WPA/WPA2 keys

Exploiting guest access

Rogue AP deployment

Using wireless networks to scan internal networks

Web and Database Specific Recipes

Introduction

Creating an offline copy of a web application

Scanning for vulnerabilities

Launching website attacks

Scanning WordPress

Hacking WordPress

Performing SQL injection attacks

Maintaining Access

Introduction

Pivoting and expanding access to the network

Using persistence to maintain system access

Using cymothoa to create a Linux backdoor

Protocol spoofing using pingtunnel

Protocol spoofing using httptunnel

Hiding communications with cryptcat

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Introduction

Although all the previous chapters have created a basis for pen testing that works across the spectrum, wireless has its own set of tools that span the pen testing methodology.

Scanning for Service Set Identifiers (SSIDs)
Scanning for hidden SSIDs
Determining security of target SSID
Testing for MAC address authentication
Cracking Wired Equivalent Privacy (WEP)
Cracking Wi-Fi Protected Access (WPA/WPA2)
Exploiting guest access
Rogue Access Point (AP) deployment
Man-in-the-Middle (MITM) wireless attacks
Using wireless networks to scan internal networks
Using wireless as a vector for network related attacks

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux Cookbook - Second Edition

Password Cracking with Kali Linux

Learn Kali Linux 2019

Learn Penetration Testing