Kali Linux Intrusion and Exploitation Cookbook

Book Image

Kali Linux Intrusion and Exploitation Cookbook

By : Dhruv Shah, Ishan Girdhar

Book Image

Kali Linux Intrusion and Exploitation Cookbook

By: Dhruv Shah, Ishan Girdhar

Overview of this book

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Title Page

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Customer Feedback

Customer Feedback

Preface

Free Chapter

Getting Started - Setting Up an Environment

Getting Started - Setting Up an Environment

Installing Kali Linux on Cloud - Amazon AWS

Installing Kali Linux on Docker

Installing NetHunter on OnePlus One

Installing Kali Linux on a virtual machine

Customizing Kali Linux for faster package updates

Customizing Kali Linux for faster operations

Configuring remote connectivity services - HTTP, TFTP, and SSH

Configuring Nessus and Metasploit

Configuring third-party tools

Installing Docker on Kali Linux

Network Information Gathering

Network Information Gathering

Discovering live servers over the network

Bypassing IDS/IPS/firewall

Discovering ports over the network

Using unicornscan for faster port scanning

Service fingerprinting

Determining the OS using nmap and xprobe2

Service enumeration

Open-source information gathering

Network Vulnerability Assessment

Network Vulnerability Assessment

Using nmap for manual vulnerability assessment

Integrating nmap with Metasploit

Walkthrough of Metasploitable assessment with Metasploit

Vulnerability assessment with OpenVAS framework

Network Exploitation

Network Exploitation

Gathering information for credential cracking

Cracking FTP login using custom wordlist

Cracking SSH login using custom wordlist

Cracking HTTP logins using custom wordlist

Cracking MySql and PostgreSQL login using custom wordlist

Cracking Cisco login using custom wordlist

Exploiting vulnerable services (Unix)

Exploiting vulnerable services (Windows)

Exploiting services using exploit-db scripts

Web Application Information Gathering

Web Application Information Gathering

Setting up API keys for recon-ng

Using recon-ng for reconnaissance

Gathering information using theharvester

Using DNS protocol for information gathering

Web application firewall detection

HTTP and DNS load balancer detection

Discovering hidden files/directories using DirBuster

CMS and plugins detection using WhatWeb and p0f

Finding SSL cipher vulnerabilities

Web Application Vulnerability Assessment

Web Application Vulnerability Assessment

Running vulnerable web applications in Docker

Using W3af for vulnerability assessment

Using Nikto for web server assessment

Using Skipfish for vulnerability assessment

Using Burp Proxy to intercept HTTP traffic

Using Burp Intruder for customized attack automation

Using Burp Sequencer to test the session randomness

Web Application Exploitation

Web Application Exploitation

Using Burp for active/passive scanning

Using sqlmap to find SQL Injection on the login page

Exploiting SQL Injection on URL parameters using SQL Injection

Using Weevely for file upload vulnerability

Exploiting Shellshock using Burp

Using Metasploit to exploit Heartbleed

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

System and Password Exploitation

System and Password Exploitation

Using local password-attack tools

Cracking password hashes

Using Social-Engineering Toolkit

Using BeEF for browser exploitation

Cracking NTLM hashes using rainbow tables

Privilege Escalation and Exploitation

Privilege Escalation and Exploitation

Using WMIC to find privilege-escalation vulnerabilities

Sensitive-information gathering

Unquoted service-path exploitation

Service permission issues

Misconfigured software installations/insecure file permissions

Linux privilege escalation

Wireless Exploitation

Wireless Exploitation

Setting up a wireless network

Bypassing MAC address filtering

Sniffing network traffic

Cracking WEP encryption

Cracking WPA/WPA2 encryption

Denial-of-service attacks

Pen Testing 101 Basics

Pen Testing 101 Basics

What is penetration testing?

What is vulnerability assessment

Penetration testing versus vulnerability assessment

Objectives of penetration testing

Types of penetration testing

Who should be doing penetration testing?

What is the goal here?

General penetration testing phases

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Appendix A. Pen Testing 101 Basics

In this chapter, we will cover the following topics:

Introduction
What is penetration testing
What is vulnerability assessment
Penetration testing versus vulnerability assessments
Objectives of penetration testing
Types of penetration testing:
- Black box
- White box
- Gray box
Who should do penetration testing
What is the goal here
General penetration testing phases
Gathering requirements
Preparing the test plan
The different phases of penetration testing
Providing test objectiveness and boundaries
Project management and third-party approvals
Categorization of vulnerabilities
Threat management
Asset risk rating
Report
Conclusion