Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux 2 - Assuring Security by Penetration Testing
  • Table Of Contents Toc
Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali
4.2 (5)
Buy this Book
close
close
Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing

4.2 (5)
By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali
Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Beginning with Kali Linux
Icon
1. Beginning with Kali Linux
Icon
A brief history of Kali Linux
Icon
Kali Linux tool categories
Icon
Downloading Kali Linux
Icon
Using Kali Linux
Icon
Configuring the virtual machine
Icon
Updating Kali Linux
Icon
Network services in Kali Linux
Icon
Installing a vulnerable server
Icon
Installing additional weapons
Icon
Summary
2
2. Penetration Testing Methodology
Icon
2. Penetration Testing Methodology
Icon
Types of penetration testing
Icon
Vulnerability assessment versus penetration testing
Icon
Security testing methodologies
Icon
General penetration testing framework
Icon
Information gathering
Icon
The ethics
Icon
Summary
3
3. Target Scoping
Icon
3. Target Scoping
Icon
Gathering client requirements
Icon
Preparing the test plan
Icon
Profiling test boundaries
Icon
Defining business objectives
Icon
Project management and scheduling
Icon
Summary
4
4. Information Gathering
Icon
4. Information Gathering
Icon
Open Source Intelligence
Icon
Using public resources
Icon
Querying the domain registration information
Icon
Analyzing the DNS records
Icon
Getting network routing information
Icon
Utilizing the search engine
Icon
Metagoofil
Icon
Accessing leaked information
Icon
Summary
5
5. Target Discovery
Icon
5. Target Discovery
Icon
Starting off with target discovery
Icon
Identifying the target machine
Icon
OS fingerprinting
Icon
Summary
6
6. Enumerating Target
Icon
6. Enumerating Target
Icon
Introducing port scanning
Icon
Understanding the TCP/IP protocol
Icon
Understanding the TCP and UDP message format
Icon
The network scanner
Icon
Unicornscan
Icon
Zenmap
Icon
Amap
Icon
SMB enumeration
Icon
SNMP enumeration
Icon
VPN enumeration
Icon
Summary
7
7. Vulnerability Mapping
Icon
7. Vulnerability Mapping
Icon
Types of vulnerabilities
Icon
Vulnerability taxonomy
Icon
Automated vulnerability scanning
Icon
Network vulnerability scanning
Icon
Web application analysis
Icon
Fuzz analysis
Icon
Database assessment tools
Icon
Summary
8
8. Social Engineering
Icon
8. Social Engineering
Icon
Modeling the human psychology
Icon
Attack process
Icon
Attack methods
Icon
Social Engineering Toolkit
Icon
Summary
9
9. Target Exploitation
chevron up
Icon
9. Target Exploitation
Icon
Vulnerability research
Icon
Vulnerability and exploit repositories
Icon
Advanced exploitation toolkit
Icon
MSFConsole
Icon
MSFCLI
Icon
Ninja 101 drills
Icon
Writing exploit modules
Icon
Summary
10
10. Privilege Escalation
Icon
10. Privilege Escalation
Icon
Privilege escalation using a local exploit
Icon
Password attack tools
Icon
Network spoofing tools
Icon
Network sniffers
Icon
Summary
11
11. Maintaining Access
Icon
11. Maintaining Access
Icon
Using operating system backdoors
Icon
Working with tunneling tools
Icon
Creating web backdoors
Icon
Summary
12
12. Wireless Penetration Testing
Icon
12. Wireless Penetration Testing
Icon
Wireless networking
Icon
Wireless network recon
Icon
Wireless testing tools
Icon
Post cracking
Icon
Sniffing wireless traffic
Icon
Summary
13
13. Kali Nethunter
Icon
13. Kali Nethunter
Icon
Kali Nethunter
Icon
Installing Kali Nethunter
Icon
Nethunter icons
Icon
Nethunter tools
Icon
Third-party applications
Icon
Wireless attacks
Icon
HID attacks
Icon
Summary
14
14. Documentation and Reporting
Icon
14. Documentation and Reporting
Icon
Documentation and results verification
Icon
Types of reports
Icon
The executive report
Icon
The management report
Icon
The technical report
Icon
Network penetration testing report (sample contents)
Icon
Preparing your presentation
Icon
Post-testing procedures
Icon
Summary
15
A. Supplementary Tools
Icon
A. Supplementary Tools
Icon
Reconnaissance tool
Icon
Web application tools
Icon
Network tool
Icon
Summary
16
B. Key Resources
Icon
B. Key Resources
Icon
Vulnerability disclosure and tracking
Icon
Paid incentive programs
Icon
Reverse engineering resources
Icon
Penetration testing learning resources
Icon
Exploit development learning resources
Icon
Penetration testing on a vulnerable environment
Icon
Online web application challenges
Icon
Virtual machines and ISO images
Icon
Network ports
17
Index
Icon
Index

Writing exploit modules

Developing an exploit is one of the most interesting aspects of the Metasploit framework. In this section, we will briefly discuss the core issues surrounding the development of an exploit, and explain its key skeleton by taking a live example from the existing framework's database. However, it is important to be adept with the Ruby programming language before you attempt to write your own exploit module. On the other hand, intermediate skills of reverse engineering and practical understanding of vulnerability discovery tools (for example, fuzzers and debuggers) provide an open map towards the exploit construction. This section is meant only as an introduction to the topic, and not a complete guide.

For our example, we have selected the exploit (EasyFTP Server <= 1.7.0.11 MKD Command Stack Buffer Overflow), which will provide a basic view of exploiting buffer overflow vulnerability in the Easy FTP Server application. You can port this module for a similar...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Kali Linux 2 - Assuring Security by Penetration Testing
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon