Book Image

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook

By: Himanshu Sharma

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.
Table of Contents (20 chapters)
Title Page
Credits
Disclaimer
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
6
Wireless Attacks – Getting Past Aircrack-ng

Railgun in Metasploit


In this recipe, we learn more about Railgun. Railgun is a meterpreter—only Windows exploitation feature. It allows direct communication to Windows API.

How to do it...

Railgun allows us to perform a lot of tasks that Metasploit cannot, such as pressing keyboard keys and so on. Using this, we can use Windows API calls to perform all the operations we need to for even better post exploitation:

  1. We have already seen in the previous chapters on getting a meterpreter session. We can jump into Railgun from meterpreter by typing the irb command:
  1. To access Railgun, we use the session.railgun command:

 

We see that a lot of data has been printed. These are basically the available DLL's and functions we can use.

  1. To have a better view in order to see the DLL names, we type the command:
        session.railgun.known_dll_names

The following screenshot shows the output for the preceding command:

  1. To view a function of a .dll, we use the following command:
        session.railgun.<dllname&gt...