Book Image

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

By : Vijay Kumar Velu
Book Image

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

By: Vijay Kumar Velu

Overview of this book

This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers. We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media. You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing

Related Content you might be interested in

Current Title:

Small book image
Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition
Vijay Kumar Velu
Jun, 2017 | 510 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Table of Contents (15 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Goal-Based Penetration Testing
Goal-Based Penetration Testing
Conceptual overview of security testing
Classical failures of vulnerability scanning, penetration testing, and red team exercises
The testing methodology
Introduction to Kali Linux – history and purpose
Installing and updating Kali
Using Kali from a portable device
Installing Kali into a virtual machine
VirtualBox
Installing to a Docker appliance
Installing Kali to the cloud – creating an AWS instance
Organizing Kali
Configuring and customizing Kali
Summary
2
Open Source Intelligence and Passive Reconnaissance
Open Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
Google Hacking Database
Creating custom word lists for cracking passwords
Summary
3
Active Reconnaissance of External and Internal Networks
Active Reconnaissance of External and Internal Networks
Stealth scanning strategies
DNS reconnaissance and route mapping
Employing comprehensive reconnaissance applications
Identifying the external network infrastructure
Mapping beyond the firewall
IDS/IPS identification
Enumerating hosts
Port, operating system, and service discovery
Writing your own port scanner using netcat
Large-scale scanning
Summary
4
Vulnerability Assessment
Vulnerability Assessment
Vulnerability nomenclature
Local and online vulnerability databases
Vulnerability scanning with nmap
Web application vulnerability scanners
Vulnerability scanners for mobile applications
The OpenVAS network vulnerability scanner
Specialized scanners
Threat modeling
Summary
5
Physical Security and Social Engineering
Physical Security and Social Engineering
Methodology and attack methods
Physical attacks at the console
Creating a rogue physical device
The Social Engineering Toolkit (SET)
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Launching a phishing attack
Summary
6
Wireless Attacks
Wireless Attacks
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a hidden SSID
Bypassing MAC address authentication and open authentication
Attacking WPA and WPA2
DoS attacks against wireless communications
Compromising enterprise implementations of WPA/WPA2
Working with Ghost Phisher
Summary
7
Reconnaissance and Exploitation of Web-Based Applications
Reconnaissance and Exploitation of Web-Based Applications
Methodology
Hackers mindmap
Conducting reconnaissance of websites
Client-side proxies
Application-specific attacks
Maintaining access with web shells
Summary
8
Attacking Remote Access
Attacking Remote Access
Exploiting vulnerabilities in communication protocols
Attacking Secure Sockets Layer (SSL)
Attacking an IPSec virtual private network
Summary
9
Client-Side Exploitation
Client-Side Exploitation
Backdooring executable files
Attacking a system using hostile scripts
The Cross-Site Scripting Framework (XSSF)
The Browser Exploitation Framework (BeEF)
Understanding the BeEF browser
Summary
10
Bypassing Security Controls
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Bypassing antivirus using different frameworks
Bypassing application-level controls
Bypassing Windows-specific operating system controls
Summary
11
Exploitation
Exploitation
The Metasploit framework
Exploiting targets using Metasploit Framework
Exploiting multiple targets using Metasploit Framework resource files
Exploiting multiple targets with Armitage
Using public exploits
Developing a Windows exploit
Summary
12
Action on the Objective
Action on the Objective
Activities on the compromised local system
Horizontal escalation and lateral movement
Summary
13
Privilege Escalation
Privilege Escalation
Overview of common escalation methodology
Local system escalation
Credential harvesting and escalation attacks
Escalating access rights in Active Directory
Compromising Kerberos – the golden ticket attack
Summary
14
Command and Control
Command and Control
Using persistent agents
Exfiltration of data
Summary

Bypassing a hidden SSID

The ESSID is the sequence of characters that uniquely identify a wireless local area network. Hiding the ESSID is a poor method of attempting to achieve security through obscurity; unfortunately, the ESSID can only be obtained by doing either of the following:

  • Sniffing the wireless environment and waiting for a client to associate to a network and then capturing that association
  • Actively deauthenticating a client to force the client to associate and then capturing that association

The aircrack tools are particularly well-suited to capturing the data needed to unhide a hidden ESSID, as shown in the following steps:

  1. At the command line, confirm that wireless is enabled on the attacking system by entering the following command:
root@kali:~# airmon-ng
  1. Next, use the following ifconfig command to review the available interfaces and to determine the exact...
Previous Section
End of Section 4
Next Section