Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux 2 - Assuring Security by Penetration Testing
  • Table Of Contents Toc
Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali
4.2 (5)
Buy this Book
close
close
Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing

4.2 (5)
By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali
Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Beginning with Kali Linux
chevron up
Icon
1. Beginning with Kali Linux
Icon
A brief history of Kali Linux
Icon
Kali Linux tool categories
Icon
Downloading Kali Linux
Icon
Using Kali Linux
Icon
Configuring the virtual machine
Icon
Updating Kali Linux
Icon
Network services in Kali Linux
Icon
Installing a vulnerable server
Icon
Installing additional weapons
Icon
Summary
2
2. Penetration Testing Methodology
Icon
2. Penetration Testing Methodology
Icon
Types of penetration testing
Icon
Vulnerability assessment versus penetration testing
Icon
Security testing methodologies
Icon
General penetration testing framework
Icon
Information gathering
Icon
The ethics
Icon
Summary
3
3. Target Scoping
Icon
3. Target Scoping
Icon
Gathering client requirements
Icon
Preparing the test plan
Icon
Profiling test boundaries
Icon
Defining business objectives
Icon
Project management and scheduling
Icon
Summary
4
4. Information Gathering
Icon
4. Information Gathering
Icon
Open Source Intelligence
Icon
Using public resources
Icon
Querying the domain registration information
Icon
Analyzing the DNS records
Icon
Getting network routing information
Icon
Utilizing the search engine
Icon
Metagoofil
Icon
Accessing leaked information
Icon
Summary
5
5. Target Discovery
Icon
5. Target Discovery
Icon
Starting off with target discovery
Icon
Identifying the target machine
Icon
OS fingerprinting
Icon
Summary
6
6. Enumerating Target
Icon
6. Enumerating Target
Icon
Introducing port scanning
Icon
Understanding the TCP/IP protocol
Icon
Understanding the TCP and UDP message format
Icon
The network scanner
Icon
Unicornscan
Icon
Zenmap
Icon
Amap
Icon
SMB enumeration
Icon
SNMP enumeration
Icon
VPN enumeration
Icon
Summary
7
7. Vulnerability Mapping
Icon
7. Vulnerability Mapping
Icon
Types of vulnerabilities
Icon
Vulnerability taxonomy
Icon
Automated vulnerability scanning
Icon
Network vulnerability scanning
Icon
Web application analysis
Icon
Fuzz analysis
Icon
Database assessment tools
Icon
Summary
8
8. Social Engineering
Icon
8. Social Engineering
Icon
Modeling the human psychology
Icon
Attack process
Icon
Attack methods
Icon
Social Engineering Toolkit
Icon
Summary
9
9. Target Exploitation
Icon
9. Target Exploitation
Icon
Vulnerability research
Icon
Vulnerability and exploit repositories
Icon
Advanced exploitation toolkit
Icon
MSFConsole
Icon
MSFCLI
Icon
Ninja 101 drills
Icon
Writing exploit modules
Icon
Summary
10
10. Privilege Escalation
Icon
10. Privilege Escalation
Icon
Privilege escalation using a local exploit
Icon
Password attack tools
Icon
Network spoofing tools
Icon
Network sniffers
Icon
Summary
11
11. Maintaining Access
Icon
11. Maintaining Access
Icon
Using operating system backdoors
Icon
Working with tunneling tools
Icon
Creating web backdoors
Icon
Summary
12
12. Wireless Penetration Testing
Icon
12. Wireless Penetration Testing
Icon
Wireless networking
Icon
Wireless network recon
Icon
Wireless testing tools
Icon
Post cracking
Icon
Sniffing wireless traffic
Icon
Summary
13
13. Kali Nethunter
Icon
13. Kali Nethunter
Icon
Kali Nethunter
Icon
Installing Kali Nethunter
Icon
Nethunter icons
Icon
Nethunter tools
Icon
Third-party applications
Icon
Wireless attacks
Icon
HID attacks
Icon
Summary
14
14. Documentation and Reporting
Icon
14. Documentation and Reporting
Icon
Documentation and results verification
Icon
Types of reports
Icon
The executive report
Icon
The management report
Icon
The technical report
Icon
Network penetration testing report (sample contents)
Icon
Preparing your presentation
Icon
Post-testing procedures
Icon
Summary
15
A. Supplementary Tools
Icon
A. Supplementary Tools
Icon
Reconnaissance tool
Icon
Web application tools
Icon
Network tool
Icon
Summary
16
B. Key Resources
Icon
B. Key Resources
Icon
Vulnerability disclosure and tracking
Icon
Paid incentive programs
Icon
Reverse engineering resources
Icon
Penetration testing learning resources
Icon
Exploit development learning resources
Icon
Penetration testing on a vulnerable environment
Icon
Online web application challenges
Icon
Virtual machines and ISO images
Icon
Network ports
17
Index
Icon
Index

Installing a vulnerable server

In this section, we will install a vulnerable virtual machine as a target virtual machine. This target will be used in several chapters of the book, when we explain particular topics. The reason we chose to set up a vulnerable server in our machine instead of using vulnerable servers available on the Internet is because we don't want you to break any laws. We should emphasize that you should never pen test other servers without written permission. Another purpose of installing another virtual machine would be to improve your skills in a controlled manner. This way, it is easy to fix issues and understand what is going on in the target machine when attacks do not work.

In several countries, even port scanning a machine that you don't own can be considered a criminal act. Also, if something happens to the operating system using a virtual machine, we can repair it easily.

The vulnerable virtual machine that we are going to use is Metasploitable 2. The famous HD Moore of Rapid7 creates this vulnerable system.

Note

There are other deliberately vulnerable systems besides Metasploitable 2 that you can use for your penetration testing learning process, as can be seen on the following site: http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/.

Metasploitable 2 has many vulnerabilities in the operating system, network, and web application layers.

Note

Information about the vulnerabilities contained in Metasploitable 2 can be found on the Rapid7 site at https://community.rapid7.com/docs/DOC-1875.

To install Metasploitable 2 in Virtual Box, you can perform the following steps:

  1. Download the Metasploitable 2 file from http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
  2. Extract the Metasploitable 2 ZIP file. After the extraction process is completed successfully, you will find five files:
    Metasploitable.nvram
Metasploitable.vmdk
Metasploitable.vmsd
Metasploitable.vmx
Metasploitable.vmxf
  3. Create a new virtual machine in VirtualBox. Set Name to Metasploitable2, operating system to Linux, and Version to Ubuntu.
  4. Set the memory to 1024MB.
  5. In the Virtual Hard Disk setting, select Use existing hard disk. Choose the Metasploitable files that we have already extracted in the previous step:
  6. Change the network setting to Host-only adapter to make sure that this server is accessible only from the host machine and the Kali Linux virtual machine. The Kali Linux virtual machine's network setting should also be set to Host-only adapter for pen-testing local VMs.
  7. Start the Metasploitable 2 virtual machine. After the boot process is finished, you can log in to the Metasploitable 2 console using the following credentials:
    • Username: msfadmin
    • Password: msfadmin

The following is the Metasploitable 2 console after you have logged in successfully:

Installing a vulnerable server
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Kali Linux 2 - Assuring Security by Penetration Testing
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon