Book Image

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali
Book Image

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition
Gerard Johansen | Lee Allen | Tedi Heriyanto | Shakeel Ali
Sep, 2016 | 572 pages
No titles found
Table of Contents (24 chapters)
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Credits
Credits
Disclaimer
Disclaimer
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Beginning with Kali Linux
Beginning with Kali Linux
A brief history of Kali Linux
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Configuring the virtual machine
Updating Kali Linux
Network services in Kali Linux
Installing a vulnerable server
Installing additional weapons
Summary
2
Penetration Testing Methodology
Penetration Testing Methodology
Types of penetration testing
Vulnerability assessment versus penetration testing
Security testing methodologies
General penetration testing framework
Information gathering
The ethics
Summary
3
Target Scoping
Target Scoping
Gathering client requirements
Preparing the test plan
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4
Information Gathering
Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Getting network routing information
Utilizing the search engine
Metagoofil
Accessing leaked information
Summary
5
Target Discovery
Target Discovery
Starting off with target discovery
Identifying the target machine
OS fingerprinting
Summary
6
Enumerating Target
Enumerating Target
Introducing port scanning
Understanding the TCP/IP protocol
Understanding the TCP and UDP message format
The network scanner
Unicornscan
Zenmap
Amap
SMB enumeration
SNMP enumeration
VPN enumeration
Summary
7
Vulnerability Mapping
Vulnerability Mapping
Types of vulnerabilities
Vulnerability taxonomy
Automated vulnerability scanning
Network vulnerability scanning
Web application analysis
Fuzz analysis
Database assessment tools
Summary
8
Social Engineering
Social Engineering
Modeling the human psychology
Attack process
Attack methods
Social Engineering Toolkit
Summary
9
Target Exploitation
Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Writing exploit modules
Summary
10
Privilege Escalation
Privilege Escalation
Privilege escalation using a local exploit
Password attack tools
Network spoofing tools
Network sniffers
Summary
11
Maintaining Access
Maintaining Access
Using operating system backdoors
Working with tunneling tools
Creating web backdoors
Summary
12
Wireless Penetration Testing
Wireless Penetration Testing
Wireless networking
Wireless network recon
Wireless testing tools
Post cracking
Sniffing wireless traffic
Summary
13
Kali Nethunter
Kali Nethunter
Kali Nethunter
Installing Kali Nethunter
Nethunter icons
Nethunter tools
Third-party applications
Wireless attacks
HID attacks
Summary
14
Documentation and Reporting
Documentation and Reporting
Documentation and results verification
Types of reports
The executive report
The management report
The technical report
Network penetration testing report (sample contents)
Preparing your presentation
Post-testing procedures
Summary
Supplementary Tools
Supplementary Tools
Reconnaissance tool
Web application tools
Network tool
Summary
Key Resources
Key Resources
Vulnerability disclosure and tracking
Paid incentive programs
Reverse engineering resources
Penetration testing learning resources
Exploit development learning resources
Penetration testing on a vulnerable environment
Online web application challenges
Virtual machines and ISO images
Network ports
Index
Index

Network ports

Assessing the network infrastructure for the identification of critical vulnerabilities has always been a challenging and time-consuming process. Thus, we have fine-tuned a small list of known network ports with their respective services in order to help penetration testers quickly map through potential vulnerable services (TCP/UDP ports 1 to 65,535) using Kali Linux tools.

To get a complete and a more up-to-date list of all network ports, visit http://www.iana.org/assignments/port-numbers.

However, bear in mind that sometimes the applications and services are configured to run on different ports than the default ones, shown as follows:

Service

Port

Protocol

Echo

7

TCP/UDP

Character Generator (CHARGEN)

19

TCP/UDP

FTP data transfer

20

TCP

FTP control

21

TCP

SSH

22

TCP

Telnet

23

TCP

SMTP

25

TCP

WHOIS

43

TCP

TACACS

49

TCP/UDP

DNS

53

TCP/UDP

Bootstrap Protocol (BOOTP) server

67

UDP

Bootstrap Protocol (BOOTP) client

68

UDP

TFTP

69

UDP

HTTP

80

TCP

Kerberos

88

TCP

POP3

110

TCP

Sun RPC

111

TCP/UDP

NTP

123

UDP

NetBIOS (Name service)

137

TCP/UDP

NetBIOS (Datagram service)

138

TCP/UDP

NetBIOS (Session service)

139

TCP/UDP

IMAP

143

TCP

SNMP

161

UDP

SNMPTRAP

162

TCP/UDP

BGP

179

TCP/UDP

IRC

194

TCP/UDP

BGMP

264

TCP/UDP

LDAP

389

TCP/UDP

HTTPS

443

TCP

Microsoft DS

445

TCP/UDP

ISAKMP

500

TCP/UDP

rexec

512

TCP

rlogin

513

TCP

Who

513

UDP

rsh

514

TCP

Syslog

514

UDP

Talk

517

TCP/UDP

RIP/RIPv2

520

UDP

Timed

525

UDP

klogin

543

TCP

Mac OS X Server administration

660

TCP/

Spamassassin

783

TCP

rsync

873

TCP

IMAPS

993

TCP

POP3S

995

TCP

SOCKS

1080

TCP

Nessus

1241

TCP

IBM Lotus Notes

1352

TCP

Timbuktu-srv1

1417 to 1420

TCP/UDP

MS SQL

1433

TCP

Citrix

1494

TCP

Oracle default listener

1521

TCP

Ingres

1524

TCP/UDP

Oracle common alternative for listener

1526

TCP

PPTP

1723

TCP/UDP

radius

1812

TCP/UDP

Cisco SCCP

2000

TCP/UDP

NFS

2049

TCP

Openview Network Node Manager daemon

2447

TCP/UDP

Microsoft Global Catalog

3268

TCP/UDP

MySQL

3306

TCP

Microsoft Terminal Service

3389

TCP

NFS-lockd

4045

TCP

SIP

5060

TCP/UDP

Multicast DNS

5353

UDP

PostgreSQL

5432

TCP

PCAnywhere

5631

TCP

VNC

5900

TCP

X11

6000

TCP

ArcServe

6050

TCP

BackupExec

6101

TCP

Gnutella

6346

TCP/UDP

Gnutella alternate

6347

TCP/UDP

IRC

6665 to 6670

TCP

Web

8080

TCP

Privoxy

8118

TCP

Polipo

8123

TCP

Cisco-xremote

9001

TCP

Jetdirect

9100

TCP

Netbus

12345

TCP

Quake

27960

UDP

Back Orifice

31337

UDP

Previous Section
End of Chapter
Next Chapter