Book Image

Hands-On Penetration Testing with Kali NetHunter

By : Glen D. Singh, Sean-Philip Oriyano
Book Image

Hands-On Penetration Testing with Kali NetHunter

By: Glen D. Singh, Sean-Philip Oriyano

Overview of this book

Kali NetHunter is a version of the popular and powerful Kali Linux pentesting platform, designed to be installed on mobile devices. Hands-On Penetration Testing with Kali NetHunter will teach you the components of NetHunter and how to install the software. You’ll also learn about the different tools included and how to optimize and use a package, obtain desired results, perform tests, and make your environment more secure. Starting with an introduction to Kali NetHunter, you will delve into different phases of the pentesting process. This book will show you how to build your penetration testing environment and set up your lab. You will gain insight into gathering intellectual data, exploiting vulnerable areas, and gaining control over target systems. As you progress through the book, you will explore the NetHunter tools available for exploiting wired and wireless devices. You will work through new ways to deploy existing tools designed to reduce the chances of detection. In the concluding chapters, you will discover tips and best practices for integrating security hardening into your Android ecosystem. By the end of this book, you will have learned to successfully use a mobile penetration testing device based on Kali NetHunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.

Related Content you might be interested in

Current Title:

Small book image
Hands-On Penetration Testing with Kali NetHunter
Glen D. Singh | Sean-Philip Oriyano
Feb, 2019 | 302 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Small book image
The Ultimate Kali Linux Book
Glen D Singh
Feb, 2022 | 742 pages
Table of Contents (19 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Kali NetHunter
Introduction to Kali NetHunter
What is Kali NetHunter?
Tools within Kali NetHunter
The Android platform and security model
Installing NetHunter
Additional optional hardware
Summary
2
Understanding the Phases of the Pentesting Process
Understanding the Phases of the Pentesting Process
The need for penetration testing
Types of penetration tests
Phases of penetration testing
Penetration testing methodologies and frameworks
Phases of penetration testing
Deliverables
Summary
3
Intelligence-Gathering Tools
Intelligence-Gathering Tools
Technical requirements
Objectives of intelligence gathering
Information for the taking
Tools for gathering useful information
Working with Recon-Ng
Going for technical data
Summary
Further reading
4
Scanning and Enumeration Tools
Scanning and Enumeration Tools
Technical requirements
Scanning
Determining whether a host is up or down
Using Nmap
Port scanning
Full Open/TCP connect scans
Stealth scans
XMAS scans
FIN scans
NULL scans
ACK scans
Tuning and tweaking
Banner grabbing
Enumeration with NetHunter
Enumerating DNS
Enumerating SMTP
Working with SMB
Summary
Further reading
5
Penetrating the Target
Penetrating the Target
Technical requirements
Concerning passwords
Summary
Further reading
6
Clearing Tracks and Removing Evidence from a Target
Clearing Tracks and Removing Evidence from a Target
Clearing tracks
Clearing logs on Windows
Clearing logs in Linux
Summary
7
Packet Sniffing and Traffic Analysis
Packet Sniffing and Traffic Analysis
The need for sniffing traffic
Types of packet-sniffing techniques
Tools and techniques of packet sniffing
Packet analysis techniques
Summary
8
Targeting Wireless Devices and Networks
Targeting Wireless Devices and Networks
Wireless network topologies
Wireless standards
Service Set Identifier
Wireless authentication modes
Wireless encryption standard
Wireless threats
Wireless attacks
Bluetooth hacking
Summary
9
Avoiding Detection
Avoiding Detection
Scanning
MAC spoofing
Fragmentation
Metasploit Payload Generator
Encrypting traffic
Summary
10
Hardening Techniques and Countermeasures
Hardening Techniques and Countermeasures
Security threats and countermeasures
Client system security
Hardening networking devices
Hardening mobile devices
Summary
11
Building a Lab
Building a Lab
Technical requirements
Hypervisor
Vulnerable systems
Setting up the lab
Summary
12
Selecting a Kali Device and Hardware
Selecting a Kali Device and Hardware
Small computers
Mobile hardware
External components
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Fragmentation

Another method hackers and penetration testers use to avoid detection is fragmentation. Fragmentation breaks up a message (packet) into tiny pieces. Fragments are put into a network since, these tiny pieces of the messages usually are able to bypass almost any network for security appliance and monitoring tools that are proactively observing network traffic and activities for security threats.

In a fragmentation attack, the attacker can modify the Time to Live (TTL) or the timeout values between each bit sent through the firewall or intrusion-prevention system (IPS). This would cause the security appliance to not easily detect a threat and confuse the device during a reassembly process.

The attack can send fragments of a payload to the victim machine and have it reassemble to a payload without being detected at all.

Nmap allows us to perform port scanning with packet fragmentation on a target device. We can use the nmap –f <target IP address> command:

Using Wireshark, we...

Previous Section
End of Section 4
Next Section