Book Image

Kali Linux Cookbook

Book Image

Kali Linux Cookbook

Overview of this book

In this age, where online information is at its most vulnerable, knowing how to execute the same attacks that hackers use to break into your system or network helps you plug the loopholes before it's too late and can save you countless hours and money. Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Discover a variety of popular tools of penetration testing, such as information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks. Packed with practical recipes, this useful guide begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more. The book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. The Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike!
Table of Contents (16 chapters)
Kali Linux Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Identifying active machines


Before attempting a pentest, we first need to identify the active machines that are on the target network range.

A simple way would be by performing a ping on the target network. Of course, this can be rejected or known by a host, and we don't want that.

How to do it...

Let's begin the process of locating active machines by opening a terminal window:

  1. Using Nmap we can find if a host is up or not, shown as follows:

    nmap -sP 216.27.130.162
    
    Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-04-27 23:30 CDT
    Nmap scan report for test-target.net (216.27.130.162)
    Host is up (0.00058s latency).
    Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
    
  2. We can also use Nping (Nmap suite), which gives us a more detailed view:

    nping --echo-client "public" echo.nmap.org
    
  3. We can also send some hex data to a specified port:

    nping -tcp -p 445 –data AF56A43D 216.27.130.162