Book Image

Kali Linux Intrusion and Exploitation Cookbook

By : Dhruv Shah, Ishan Girdhar
Book Image

Kali Linux Intrusion and Exploitation Cookbook

By: Dhruv Shah, Ishan Girdhar

Overview of this book

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.
Table of Contents (18 chapters)
Title Page
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface

Gathering information for credential cracking


In order to perform a successful crack, it is important to have a list of possible and passwords. One of the ways this is possible is by making use of the dictionaries available in the Kali Linux Distro. These are located under /usr/share/wordlists/. The following screenshot shows the available wordlists in Kali:

You will find a rockyou.txt.gz file, which you will need to unzip. Use the following command in terminal to unzip the contents of the file:

gunzip rockyou.txt.gz

Once this is done, the file will be extracted, as shown in the preceding screenshot. This is a prebuilt list of available passwords in Kali Linux. Let us begin to formulate one of ours with the help of enumeration and information gathering.

Getting ready

To commence, we will first find the IP address of the hosted Stapler machine and begin enumerating information to collect and create a set of custom passwords.

How to do it...

The steps for the recipe are as follows:

  1. Discover...