Kali Linux Intrusion and Exploitation Cookbook

Kali Linux Intrusion and Exploitation Cookbook

By : Dhruv Shah, Ishan Girdhar

Buy this Book

Kali Linux Intrusion and Exploitation Cookbook

By: Dhruv Shah, Ishan Girdhar

Buy this Book

Overview of this book

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Title Page

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Customer Feedback

Preface

Free Chapter

Getting Started - Setting Up an Environment

Introduction

Installing Kali Linux on Cloud - Amazon AWS

Installing Kali Linux on Docker

Installing NetHunter on OnePlus One

Installing Kali Linux on a virtual machine

Customizing Kali Linux for faster package updates

Customizing Kali Linux for faster operations

Configuring remote connectivity services - HTTP, TFTP, and SSH

Configuring Nessus and Metasploit

Configuring third-party tools

Installing Docker on Kali Linux

Network Information Gathering

Introduction

Discovering live servers over the network

Bypassing IDS/IPS/firewall

Discovering ports over the network

Using unicornscan for faster port scanning

Service fingerprinting

Determining the OS using nmap and xprobe2

Service enumeration

Open-source information gathering

Network Vulnerability Assessment

Introduction

Using nmap for manual vulnerability assessment

Integrating nmap with Metasploit

Walkthrough of Metasploitable assessment with Metasploit

Vulnerability assessment with OpenVAS framework

Network Exploitation

Introduction

Gathering information for credential cracking

Cracking FTP login using custom wordlist

Cracking SSH login using custom wordlist

Cracking HTTP logins using custom wordlist

Cracking MySql and PostgreSQL login using custom wordlist

Cracking Cisco login using custom wordlist

Exploiting vulnerable services (Unix)

Exploiting vulnerable services (Windows)

Exploiting services using exploit-db scripts

Web Application Information Gathering

Introduction

Setting up API keys for recon-ng

Using recon-ng for reconnaissance

Gathering information using theharvester

Using DNS protocol for information gathering

Web application firewall detection

HTTP and DNS load balancer detection

Discovering hidden files/directories using DirBuster

CMS and plugins detection using WhatWeb and p0f

Finding SSL cipher vulnerabilities

Web Application Vulnerability Assessment

Introduction

Running vulnerable web applications in Docker

Using W3af for vulnerability assessment

Using Nikto for web server assessment

Using Skipfish for vulnerability assessment

Using Burp Proxy to intercept HTTP traffic

Using Burp Intruder for customized attack automation

Using Burp Sequencer to test the session randomness

Web Application Exploitation

Introduction

Using Burp for active/passive scanning

Using sqlmap to find SQL Injection on the login page

Exploiting SQL Injection on URL parameters using SQL Injection

Using Weevely for file upload vulnerability

Exploiting Shellshock using Burp

Using Metasploit to exploit Heartbleed

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

System and Password Exploitation

Introduction

Using local password-attack tools

Cracking password hashes

Using Social-Engineering Toolkit

Using BeEF for browser exploitation

Cracking NTLM hashes using rainbow tables

Privilege Escalation and Exploitation

Introduction

Using WMIC to find privilege-escalation vulnerabilities

Sensitive-information gathering

Unquoted service-path exploitation

Service permission issues

Misconfigured software installations/insecure file permissions

Linux privilege escalation

Wireless Exploitation

Introduction

Setting up a wireless network

Bypassing MAC address filtering

Sniffing network traffic

Cracking WEP encryption

Cracking WPA/WPA2 encryption

Cracking WPS

Denial-of-service attacks

Pen Testing 101 Basics

Introduction

What is penetration testing?

What is vulnerability assessment

Penetration testing versus vulnerability assessment

Objectives of penetration testing

Types of penetration testing

Who should be doing penetration testing?

What is the goal here?

General penetration testing phases

Conclusion

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Installing NetHunter on OnePlus One

Kali Linux is the first open source network pen testing platform for nexus and one plus devices. In this chapter, we will see how to install Kali Linux on One Plus One.

Before we begin, make sure you backup your device data before proceeding to do any of the following.

Getting ready

In order to commence with this, you will require the following:

A OnePlus One device, 64 GB
A USB cable
Any Windows operating system
NetHunter Windows Installer
Active Internet connection

How to do it...

Perform the following steps for this recipe:

Download the NetHunter Windows Installer at http://www.nethunter.com/download/ , you will see the following page:

Install the downloaded setup, as shown in the following screenshot:

Once the installation is complete, run the shortcut created on the desktop:

Once the application loads, make sure you check for any updates. If there are none, click on the Next button:

Now we will select the device for rooting. Our recipe sticks to OnePlus, so let's select the ONEPLUSONE-BACON (A0001) - 64GB option and click on Next:

Now we will be to install drivers, these are drivers for the laptop/PC to with the mobile device over a USB connection. Click on InstallDrivers... to commence the installation process. Once the installation is done, click on Test Drivers... to make sure that the drivers are working correctly, as shown in the following screenshot:

Once the drivers are installed correctly, proceed by clicking on Next and now we will come across the installer configuration. Here, it is recommended to proceed with Install Official Kali Linux NetHunter. In case you have a custom NetHunter, proceed with the second option but be careful with the compatibility issues:

Clicking on Next, we will be coming on the Download Files option where the application will determine the available packages with us and the missing files can be obtained with the help of the Download + Update All File Dependencies option. In case you get stuck or any file is not getting downloaded, you can simply Google the filename and download it and put it in the folder where the application was installed:

Once all the are made available, make you do the following:

After this has done, we can proceed with unlocking the bootloader. Click on Unlock Device Bootloader. Make to back up all the important data from the device before you start from this point onwards:

The phone will go in the Fastboot mode and proceed with its unlocking. Once that is done, proceed to the next step of flashing the stock ROM. This is a new ROM that will be mounted on your device to keep the compatibility with Kali Linux NetHunter. Click on Flash Stock... as shown in the following screenshot:

Once the flash stock is done, proceed to the next step and click on Flash Kali Linux + Root!, as shown in the following screenshot:

The preceding step will get the Kali Linux NetHunter in your device. Once successful, the device will go into the TWRP recovery mode.

In the mode, click on Reboot and it will ask that Super user is not installed Swipe to once the swipe is done the Kali linux will boot. Now, click on SuperSU and see whether it is working:

Download by Stephen (Stericson) and install, as in the following screenshot:

Click on the called NetHunter, as in the following screenshot:

Once you get the application running, you will be asked to grant root permissions. Click on Grant and commence to the Kali Launcher and then the terminal, as shown in the following screenshot:

Select the terminal and launch Metasploit, as in the following screenshot:

Launch msfconsole on the device:

How it works...

In this recipe, we have how you can install Linux, which is called NetHunter. NetHunter is ARM which was ported to run on a non-intel processor, which is built on your trusted Kali Linux and tool sets. The Kali Linux NetHunter project is an open source Android penetration testing platform for ARM devices, created as a joint effort between the Kali community member BinkyBear and Offensive Security.

There's more...

We installed Kali on our device and now we can perform our pen testing from OnePlus one, which is highly efficient in case of red team exercises, social engineering, or during physical security assessment.

More information for the same can be found at http://www.nethunter.com .

Kali Linux Intrusion and Exploitation Cookbook

By : Dhruv Shah, Ishan Girdhar

Kali Linux Intrusion and Exploitation Cookbook

By: Dhruv Shah, Ishan Girdhar

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux Intrusion and Exploitation Cookbook

Machine Learning with Spark

Kali Linux 2018: Assuring Security by Penetration Testing

Kali Linux - An Ethical Hacker's Cookbook

Installing NetHunter on OnePlus One

Getting ready

How to do it...

How it works...

There's more...