Book Image

Kali Linux Cookbook

Book Image

Kali Linux Cookbook

Overview of this book

In this age, where online information is at its most vulnerable, knowing how to execute the same attacks that hackers use to break into your system or network helps you plug the loopholes before it's too late and can save you countless hours and money. Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Discover a variety of popular tools of penetration testing, such as information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks. Packed with practical recipes, this useful guide begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more. The book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. The Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike!

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Cookbook
Oct, 2013 | 260 pages
No titles found
Table of Contents (16 chapters)
Kali Linux Cookbook
Kali Linux Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Up and Running with Kali Linux
Up and Running with Kali Linux
Introduction
Installing to a hard disk drive
Installing to a USB drive with persistent memory
Installing in VirtualBox
Installing VMware Tools
Fixing the splash screen
Starting network services
Setting up the wireless network
2
Customizing Kali Linux
Customizing Kali Linux
Introduction
Preparing kernel headers
Installing Broadcom drivers
Installing and configuring ATI video card drivers
Installing and configuring nVidia video card drivers
Applying updates and configuring extra security tools
Setting up ProxyChains
Directory encryption
3
Advanced Testing Lab
Advanced Testing Lab
Introduction
Getting comfortable with VirtualBox
Downloading Windows Targets
Downloading Linux Targets
Attacking WordPress and other applications
4
Information Gathering
Information Gathering
Introduction
Service enumeration
Determining network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
5
Vulnerability Assessment
Vulnerability Assessment
Introduction
Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
6
Exploiting Vulnerabilities
Exploiting Vulnerabilities
Introduction
Installing and configuring Metasploitable
Mastering Armitage, the graphical management tool for Metasploit
Mastering the Metasploit Console (MSFCONSOLE)
Mastering the Metasploit CLI (MSFCLI)
Mastering Meterpreter
Metasploitable MySQL
Metasploitable PostgreSQL
Metasploitable Tomcat
Metasploitable PDF
Implementing browser_autopwn
7
Escalating Privileges
Escalating Privileges
Introduction
Using impersonation tokens
Local privilege escalation attack
Mastering the Social Engineering Toolkit (SET)
Collecting the victim's data
Cleaning up the tracks
Creating a persistent backdoor
Man In The Middle (MITM) attack
8
Password Attacks
Password Attacks
Introduction
Online password attacks
Cracking HTTP passwords
Gaining router access
Password profiling
Cracking a Windows password using John the Ripper
Using dictionary attacks
Using rainbow tables
Using nVidia Compute Unified Device Architecture (CUDA)
Using ATI Stream
Physical access attacks
9
Wireless Attacks
Wireless Attacks
Introduction
Wireless network WEP cracking
Wireless network WPA/WPA2 cracking
Automating wireless network cracking
Accessing clients using a fake AP
URL traffic manipulation
Port redirection
Sniffing network traffic
Index
Index

Service fingerprinting

Determining the services running on specific ports will ensure a successful pentest on the target network. It will also remove any doubts left resulting from the OS fingerprinting process.

How to do it...

Let's begin the process of service fingerprinting by opening a terminal window:

  1. Open a terminal window and issue the following command:

    nmap -sV 192.168.10.200

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-03-28 05:10 CDT
Interesting ports on 192.168.10.200:
Not shown: 1665 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd 5.0
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
80/tcp open http Microsoft IIS webserver 5.0
119/tcp open nntp Microsoft NNTP Service 5.0.2195.6702 (posting ok)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
1025/tcp open mstask Microsoft mstask
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows...
Previous Section
End of Section 8
Next Section