Book Image

Kali Linux 2: Windows Penetration Testing

Book Image

Kali Linux 2: Windows Penetration Testing

Overview of this book

Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS. This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important. Thus, you not only learn penetrating in the machine you also learn Windows privilege’s escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network.
Table of Contents (17 chapters)
Kali Linux 2: Windows Penetration Testing
About the Authors
About the Reviewer


Attacks on networks are increasing, and these days, it is not so much whether your network will be breached, but when. The stakes are high, and the training most Windows engineers get is weak in in-depth defense. You have to think like an attacker to know what really needs protection in your network. We are dedicated to your success in protecting your network and the data that your organization runs on. The stakeholders include your customers, whose personal data can be exploited. There is no peace of mind in hoping and praying your network is secure, and hope is not a strategy. Welcome to the fascinating world of network penetration testing with the Kali security platform.

As a working hacker, you need the most compact and complete toolset for the largest proportion of conditions. This book helps you prepare for and conduct network testing, surveillance, infiltration, penetration tests, advanced persistent threat detection, and forensics on the most commonly hacked operating system family on the planet, Microsoft Windows, using the most compact and flexible toolset on the planet—Kali Linux.

What this book covers

Chapter 1, Sharpening the Saw, teaches you the several ways of setting up Kali to perform different tasks. This chapter introduces you to the setup that works best, the documentation tools that we use to make sure that the results of the tests are prepared and presented right, and the details of Linux services you need to use these tools. Most books about Kali set the chapters in the order of the submenus in the Kali Security desktop. We have put all the setup at the beginning to reduce confusion for the first-time Kali users and because some things, such as the documentation tools, must be understood before you start using the other tools. The reason why the title of this chapter is "Sharpening the Saw" is that the skilled craftsman spends a bit more time preparing the tools so the job goes faster.

Chapter 2, Information Gathering and ulnerability Assessment, explains how understanding the network can make a hacker's life a lot easier. You need to be able to find your way around your target network and determine known vulnerabilities to be able to exploit a Windows system remotely. As time goes by, you will discover that you have memorized many of the most effective Windows exploits, but vulnerability assessment is a moving target. You will need to keep bringing on new exploits as time goes by.

Chapter 3, Exploitation Tools (Pwnage), demonstrates how once you have done your due diligence investigating the network and uncovering several vulnerabilities, it's time to prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools to exploit several common Windows vulnerabilities and guidelines to create and implement new exploits for upcoming Windows vulnerabilities.

Chapter 4, Web Application Exploitation, tells you that at least 25% of the web servers on the Internet are Windows based, and a much larger group of intranet servers are Windows machines. Web access exploits may be some of the easiest to perform, and here you will find the tools you need to compromise web services (a subset of exploitation tools).

Chapter 5, Sniffing and Spoofing, explains how network sniffing helps you understand which users are using services you can exploit and IP spoofing can be used to poison a system's DNS cache so that all their traffic is sent to a man in the middle (your designated host, for instance) as well as being an integral part of most e-mail phishing schemes. Sniffing and spoofing are often used against the Windows endpoints in the network, and you need to understand the techniques that the bad guys are going to be using.

Chapter 6, Password Attacks, warns you that your Windows security is only as strong as the weakest link in the chain. Passwords are often that weak link. Password attacks can be used in concert with other approaches to break into and own a Windows network.

Chapter 7, Windows Privilege Escalation, asks the question of what happens if you have some access at a lower level but want to have administrative privileges on your compromised Windows server. There are a few cool ways to get administrative privileges on a Windows server or workstation when you have some lower-level access. This is a great advantage when you want to install backdoors and malware services on a target Windows machine.

Chapter 8, Maintaining Access, explores the possibility of how once you have cracked a machine or a network, you may want to maintain access to it. This chapter covers some devious ways of maintaining access and control of a Windows machine after you have gained access through the techniques you learned in the previous chapters.

Chapter 9, Reverse Engineering and Stress Testing, is about voiding your warranty for fun and profit. There are many respectable reasons to reverse engineer a Windows component, service, or program, and Kali has tools to help you do that. This chapter also covers stress testing your Windows server or application. This is a great idea if you want to discover how much DDoS will turn your server belly-up. This chapter is the beginning of how to develop an anti-fragile, self-healing Windows network.

Chapter 10, Forensics, explains how forensic research is required to help you understand how one of your Windows devices was compromised. This chapter introduces you to Kali Linux forensic tools. Forensic research could be employed to deal with a damaged hardware component or to find or recover corrupted applications or data files.

What you need for this book

  1. An Internet-connected computer/laptop for your Kali attack platform.

  2. A workstation with a minimum of 8 GB of RAM. An Ubuntu or Debian base OS is recommended.

  3. The Kali Linux ISO that matches your workstation architecture (32 or 64 bit). Download it from

  4. Oracle VirtualBox for your workstation to create VMs for Windows and Kali Linux machines.

  5. (Suggested) Several test machines to set up in your test network.

  6. Licenses for Windows 7, Windows 8 (8.1), Windows 10, Windows Server 2008, and Windows Server 2012. You can get evaluation copies of all of these except Windows 7 from Microsoft's website (

Who this book is for

This book is a set of reminders for the working ethical hacker and a guidebook to the Kali Linux toolkit for network analysts who are improving their value to the enterprise by adding offense to their security analyst defense. You ideally are a network engineer with a good grasp of networking concepts and operating systems. If the network security engineer title is no longer large enough to fit your skill set, this book can increase your skills even more.

To get the most out of this book, you need to have:

  • Curiosity about how systems fail and how they can be protected

  • Advanced experience with Linux operating systems and the bash terminal emulator

  • Advanced experience with the Windows desktop and command line

If you are an absolute beginner, you may find this book too challenging for you. You need to consider getting the Kali Linux Cookbook by Pritchett and de Smet. If you are a script kiddie looking for cheap exploits so you can brag to your friends on the Interwebs, this book could help you get your first, best, real job, or your first felony conviction—choose wisely.


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Use a real domain name that you or your company controls. Do not use a bogus domain name such as .local or .localdomain."

Any command-line input or output is written as follows:

root@kalibook :~#  apt-get -y install gedit

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Pull up a terminal window by clicking in the menu bar in the upper left hand corner and go to Applications | Accessories | Terminal. This will bring up the terminal or command-line window."


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at , and we will do our best to address the problem.