Book Image

Kali Linux Intrusion and Exploitation Cookbook

By : Dhruv Shah, Ishan Girdhar
Book Image

Kali Linux Intrusion and Exploitation Cookbook

By: Dhruv Shah, Ishan Girdhar

Overview of this book

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Intrusion and Exploitation Cookbook
Dhruv Shah | Ishan Girdhar
Apr, 2017 | 512 pages
Small book image
Machine Learning with Spark
Manpreet Singh Ghotra | Rajdeep Dua
Apr, 2017 | 532 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Small book image
Kali Linux - An Ethical Hacker's Cookbook
Himanshu Sharma
Oct, 2017 | 376 pages
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Getting Started - Setting Up an Environment
Getting Started - Setting Up an Environment
Introduction
Installing Kali Linux on Cloud - Amazon AWS
Installing Kali Linux on Docker
Installing NetHunter on OnePlus One
Installing Kali Linux on a virtual machine
Customizing Kali Linux for faster package updates
Customizing Kali Linux for faster operations
Configuring remote connectivity services - HTTP, TFTP, and SSH
Configuring Nessus and Metasploit
Configuring third-party tools
Installing Docker on Kali Linux
2
Network Information Gathering
Network Information Gathering
Introduction
Discovering live servers over the network
Bypassing IDS/IPS/firewall
Discovering ports over the network
Using unicornscan for faster port scanning
Service fingerprinting
Determining the OS using nmap and xprobe2
Service enumeration
Open-source information gathering
3
Network Vulnerability Assessment
Network Vulnerability Assessment
Introduction
Using nmap for manual vulnerability assessment
Integrating nmap with Metasploit
Walkthrough of Metasploitable assessment with Metasploit
Vulnerability assessment with OpenVAS framework
4
Network Exploitation
Network Exploitation
Introduction
Gathering information for credential cracking
Cracking FTP login using custom wordlist
Cracking SSH login using custom wordlist
Cracking HTTP logins using custom wordlist
Cracking MySql and PostgreSQL login using custom wordlist
Cracking Cisco login using custom wordlist
Exploiting vulnerable services (Unix)
Exploiting vulnerable services (Windows)
Exploiting services using exploit-db scripts
5
Web Application Information Gathering
Web Application Information Gathering
Introduction
Setting up API keys for recon-ng
Using recon-ng for reconnaissance
Gathering information using theharvester
Using DNS protocol for information gathering
Web application firewall detection
HTTP and DNS load balancer detection
Discovering hidden files/directories using DirBuster
CMS and plugins detection using WhatWeb and p0f
Finding SSL cipher vulnerabilities
6
Web Application Vulnerability Assessment
Web Application Vulnerability Assessment
Introduction
Running vulnerable web applications in Docker
Using W3af for vulnerability assessment
Using Nikto for web server assessment
Using Skipfish for vulnerability assessment
Using Burp Proxy to intercept HTTP traffic
Using Burp Intruder for customized attack automation
Using Burp Sequencer to test the session randomness
7
Web Application Exploitation
Web Application Exploitation
Introduction
Using Burp for active/passive scanning
Using sqlmap to find SQL Injection on the login page
Exploiting SQL Injection on URL parameters using SQL Injection
Using Weevely for file upload vulnerability
Exploiting Shellshock using Burp
Using Metasploit to exploit Heartbleed
Using the FIMAP tool for file inclusion attacks (RFI/LFI)
8
System and Password Exploitation
System and Password Exploitation
Introduction
Using local password-attack tools
Cracking password hashes
Using Social-Engineering Toolkit
Using BeEF for browser exploitation
Cracking NTLM hashes using rainbow tables
9
Privilege Escalation and Exploitation
Privilege Escalation and Exploitation
Introduction
Using WMIC to find privilege-escalation vulnerabilities
Sensitive-information gathering
Unquoted service-path exploitation
Service permission issues
Misconfigured software installations/insecure file permissions
Linux privilege escalation
10
Wireless Exploitation
Wireless Exploitation
Introduction
Setting up a wireless network
Bypassing MAC address filtering
Sniffing network traffic
Cracking WEP encryption
Cracking WPA/WPA2 encryption
Cracking WPS
Denial-of-service attacks
Pen Testing 101 Basics
Pen Testing 101 Basics
Introduction
What is penetration testing?
What is vulnerability assessment
Penetration testing versus vulnerability assessment
Objectives of penetration testing
Types of penetration testing
Who should be doing penetration testing?
What is the goal here?
General penetration testing phases
Conclusion

Configuring Nessus and Metasploit

In this recipe, we will you how to install, configure, and start running Nessus and Metasploit.

Getting ready

For this recipe, we will be Nessus home feed and register for a valid license.

How to do it...

Perform the steps for this recipe:

  1. Open Firefox and go to http://www.tenable.com/products/nessus/select-your-operating-system and select the home version. On the next page, select the operating system as 6 and 7 (as Kali is based on Debian Jessie) as shown in the following screenshot:

 

  1. To the Nessus, open the command in the terminal and type:
      dpkg -i Nessus-6.2.0-debian6_amd64.deb
  1. Now, your Nessus has been installed as shown in the following screenshot:

  1. Once the installation is complete, start the Nessus service using the following command:
      /etc/init.d/nessusd start

 

  1. Open link https://kali:8834 as shown in the screenshot:

 

  1. By default, during installation, Nessus is configured for using self-signed certificates to the traffic between your browser and the Nessus server; therefore, you are seeing page shown in the preceding screenshot. If you have downloaded the Nessus from a tenable website, you can consider it safe to click on I understand the risk and accept the certificate to continue and you will see the following page:

 

  1. Click on Continue, and you will be shown the initial account setup page, as in following screenshot:

 

  1. Enter the username and password combination you want to create and click on Continue. On the next page, you will be required to enter the code as shown in following screenshot:

  1. To obtain the activation, go to http://www.tenable.com/products/nessus-home and fill the form on the right-hand side of the page to receive the activation code. You will receive your activation code on your e-mail account. Copy the activation and enter it on this screen and continue:

Now, the Activation has been completed and Nessus will update the plugins and the tool will be ready for your use.

  1. We now have Nessus in place. So, let's set up Metasploit. Metasploit is installed by default during OS installation. To invoke, you will need to start the following services:
      # service postgresql start
      [ ok ] Starting PostgreSQL 9.1 database server: main.
      root@Intrusion-Exploitation:~#
      root@Intrusion-Exploitation:~# msfconsole
      [ ok ] Starting Metasploit rpc server: prosvc.
      [ ok ] Starting Metasploit web server: thin.
      [ ok ] Starting Metasploit worker: worker.

 

  1. Metasploit will be started as shown in following screenshot:

How it works...

In this recipe, we have downloaded Nessus home feed and started the service. We completed the basic initial account setup and entered the account activation key to activate our home feed version of Nessus and finally updated the plugins.

Later on, we turned on PostgreSQL and Metasploit services, and finally, using msfconsole we started an instance of Metasploit.

There's more...

Nessus is a scanner and is an exploitation framework from Rapid7. However, most network environments require only vulnerability assessment and not in-depth exploitation. But, if in some cases it is needed, Metasploit is one of the best frameworks available. Similar to Nessus, Rapid7 has also launched their own vulnerability scanner called Nexpose. can be configured to be integrated with Metasploit, which allows Metasploit to use NexPose for vulnerability scanning and select exploits based on the information gathered by and thus it provides better experience as compared to using Nessus with Metasploit. For more information, visit http://www.rapid7.in/products/nexpose/ .

Previous Section
End of Section 10
Next Section