Book Image

Kali Linux Cookbook

Book Image

Kali Linux Cookbook

Overview of this book

In this age, where online information is at its most vulnerable, knowing how to execute the same attacks that hackers use to break into your system or network helps you plug the loopholes before it's too late and can save you countless hours and money. Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Discover a variety of popular tools of penetration testing, such as information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks. Packed with practical recipes, this useful guide begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more. The book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. The Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike!
Table of Contents (16 chapters)
Kali Linux Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Metasploitable PostgreSQL


In this recipe, we will explore how to use Metasploit to attack a PostgreSQL database server using the PostgreSQL Scanner module. PostgreSQL is touted as being the world's most advanced open source database and by many enthusiasts is said to be an enterprise class database. We will use Metasploit in order to brute force a PostgreSQL login.

Getting ready

The following requirement needs to be fulfilled:

  • A connection to the internal network

  • Metasploitable running in our hacking lab

  • Wordlist to perform dictionary attack

How to do it...

Let's begin our PostgreSQL attack by opening a terminal window:

  1. Open the command prompt.

  2. Launch the MSFCONSOLE:

    msfconsole
    
  3. Search for all the available PostgreSQL modules:

    search postgresql
    
  4. Use the PostgreSQL Scanner module:

    use auxiliary/scanner/postgres/postgres_login
    
  5. Show the available options of the module:

    show options
    
  6. Set RHOST to the host of your Metasploitable 2 machine or target:

    set RHOST 192.168.10.111
    
  7. Set your username file location...