Book Image

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook

By: Himanshu Sharma

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.
Table of Contents (20 chapters)
Title Page
Credits
Disclaimer
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
6
Wireless Attacks – Getting Past Aircrack-ng

Looking for weakness


Now that we have a stable shell, we need to look for vulnerabilities, misconfigurations, or anything that will help us in escalating privileges on the system. In this recipe, we will look at some of the ways in which privileges can be escalated to get the root of the system.

How to do it...

The basic step I would recommend to all of you after we have a shell on a server is to do as much enumeration as possible: the more we know, the better we have a chance of escalating privileges on the system.

The key steps to escalating privileges, as mentioned on g0tmi1k, on a system are as follows:

  • Collect: Enumeration, more enumeration, and some more enumeration.
  • Process: Sort through data, analyze, and prioritize.
  • Search: Know what to search for and where to find the exploit code.
  • Adapt: Customize the exploit so it fits. Not every exploit works for every system out of the box.
  • Try: Get ready for (lots of) trial and error.

We will look at some of the most common scripts available on the...