In the world of penetration testing, one operating system stands out as the standard for tools. Kali Linux is an operating system that has been designed to provide the penetration tester a flexible platform to perform the panoply of penetration tasks such as enumerating a target, identifying vulnerabilities, and exploiting targets in a networked environment. Taking the technical methods of penetration testing in concert with an industry standard penetration testing methodology along with appropriate planning and objectives allows penetration testers to ascertain the vulnerabilities of a targeted network and deliver guidance for their organizations on appropriate changes to their security infrastructure.
This updated volume of Kali Linux – Assuring Security by Penetration Testing presents a structured method for developing a skill set tailored to the unique nature of penetration testing. What follows is a systematic approach that takes the tools and techniques of penetration testing and combines it with a framework that addresses the tasks related to penetration testing.
Starting off with installing Kali Linux and preparing a testing platform, we will move toward the penetration testing methodologies and frameworks. Next, the preliminary steps of a penetration test are covered. From there, we begin the examination of tools for gathering the open source information about our target networks. Next, we incorporate tools and techniques to gather more detailed information about our target by enumerating ports, detecting operating systems, and identifying services. Building on that information, performing vulnerability assessments will provide a greater depth in understanding potential vulnerabilities on the target network. With this information in hand, we will then discuss leveraging one of the most significant vulnerabilities, people, with an examination of social engineering. With the information we have gathered, we will then exploit our target with the aim of taking control of a system and compromising credentials. Next, we will look at maintaining control of our target network and retrieving data. Finally, we will look at attacking wireless networks to gain access to the internal network. In addition to using the tools in Kali Linux, we will also explore how to use the portable version of Kali Linux—Kali NetHunter.
Throughout this process, we will demonstrate the tools and techniques and their applicability to real-world penetration testing scenarios. In addition, resources for further clarification and direction along with other tools have been presented to address the wide range of situations a penetration tester may find themselves in.
This edition of Kali Linux – Assuring Security by Penetration Testing has been prepared to give the reader, whether a student, security professional, or penetration tester, a roadmap to develop skills and methodologies for use in the challenging world of security testing or for use in their own laboratory. Kali Linux is a powerful tool in the hands of professionals, and this book was developed to allow professionals to see and experience the full extent of what this toolset can do.
Chapter 1, Beginning with Kali Linux, focuses on installing Kali Linux as either a primary operating system, virtual machine, or on removable media. For installation as virtual machine, there will be additional information on the additional features available. After installation, the chapter will discuss additional services such as database and webserver settings that can be configured. Finally, to have a platform to test the skills that will be developed in the coming chapters, the installation of the deliberately vulnerable Linux OS, Metasploitable2 will be discussed.
Chapter 2, Penetration Testing Methodology, explores the various methodologies available to penetration testers. Methodologies such as the OWASP, OSSTM, ISSAF, and WASC-TC set the baseline rules and flow of a penetration test. These methodologies serve the vital function of providing a guideline for penetration testing. The chapter will also differentiate the process of a vulnerability assessment and a penetration test. It will also explore the differences between a white-box and black-box test. Finally, this chapter provides a solid foundation and process for testing a network in a systemic manner.
Chapter 3, Target Scoping, discusses the preliminary activities associated with a penetration test. It will walk you through the critical steps to prepare for a penetration test; gathering client requirements, preparing a test plan, understanding the test boundaries, and clearly defining business objectives. It will also discuss project management techniques to ensure that the penetration test is conducted on schedule.
Chapter 4, Information Gathering, is the first technical step of a penetration test and involves utilizing tools and techniques to gather data about the target. This chapter addresses tools for analyzing DNS records; network routing information and leveraging search engines to identify target e-mail addresses. In addition, a look at leveraging Open Source Intelligence (OSINT) sources and leaked information will be explored.
Chapter 5, Target Discovery, covers the variety of tools available to identify target systems as Kali Linux has a great many tools to gain a more detailed look at the systems that are part of the target network. It will also look at the methods used to identify target operating systems.
Chapter 6, Enumerating Target, discusses the basics of port scanning and one of the gold standard tools for enumerating target hosts, NMAP, because as we move farther along in the penetration testing process, we will explore tools that increase the amount of information we can discover about the target systems. In addition to port discovery, we will put other tools to use to identify SMB, SNMP, and VPN services on our target network.
Chapter 7, Vulnerability Mapping, discusses the types of vulnerability, the vulnerability taxonomy, and the tools that are available, because understanding the role that vulnerability identification and reporting is critical to the penetration testing process. As the chapter progresses, you will be guided through configuring tools to identify vulnerabilities within the target network.
Chapter 8, Social Engineering, examines the tools and techniques available to penetration testers to exploit the vulnerability within the human element because arguably the hardest part of any enterprise to secure is the human element. A great deal of real-world attacks involve social engineering. This chapter will include examining the process of attack and the methods used in social engineering. These will then be combined with tools that can be leveraged in real-world scenarios. Taken in concert, these tools and techniques give the penetration tester an insight into the security around the human element.
Chapter 9, Target Exploitation, looks at the powerful penetration testing tool, Metasploit, following the penetration testing process, we have identified information about our target network. Here is where we put that information to use. Using Metasploit, we will discuss the variety of methods that the penetration tester can leverage against a target network.
Chapter 10, Privilege Escalation, is an exploration of the methods used to compromise credentials. This chapter includes information about how to obtain credentials through network spoofing and sniffing. There is also a good deal dedicated to cracking passwords through a variety of tools.
Chapter 11, Maintaining Access, discusses some of the methods that can be leveraged to maintain control of a compromised system. We will examine the Meterpreter back door in addition to using tunneling tools and configuring web back doors. These techniques allow the penetration tester to maintain access to compromised systems and fly below the radar.
Chapter 12, Wireless Penetration Testing, addresses the unique tools and techniques involved in gaining access to wireless networks. This begins with an overview of the authentication and encryption methods in use by wireless networks. From there, it addresses capturing wireless traffic and the methods utilized to ascertain valid authentication credentials. Finally, once access is obtained, the actions that can be taken as part of an overall penetration test are addressed.
Chapter 13, Kali Nethunter, explores installing Nethunter on compatible Android devices, configuring tools, and real-world examples for use in penetration testing as taking Kali Linux on the road is now easier with the development of Kali Nethunter. This Android operating system allows a penetration tester to leverage the tools of Kali Linux on a portable platform.
Chapter 14, Documentation and Reporting, discusses the different types of report, the contents of different types of report, and finally, how to prepare a presentation of your findings, because reporting the findings of a penetration testing engagement is an often overlooked facet but one that is of paramount importance.
Appendix A, Supplementary Tools, provides some additional tools that may be of use in penetration testing engagements, while there is an in-depth exploration of the tools available in Kali Linux.
Appendix B, Key Resources, provides links to various resources available to further increase the penetration tester's skills and knowledge, while there are a great deal of resources available online that address aspects of penetration testing.
To maximize the demonstrations in this book, you will need to have a computer or other device in which to install Kali Linux, as well as a deliberately vulnerable operating system. For this book, Metasploitable2 and Windows XP Mode were utilized. Both of these are virtual machines that are free to users. In addition, having access to a wireless access point to configure a wireless network will allow you to follow later chapters that address wireless penetration testing.
If you are an IT security professional or a student with a basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "We can include other contexts through the use of the include directive."
Any command-line input or output is written as follows:
# ./cisco_crack -h Usage: ./cisco_crack -p <encrypted password> ./cisco_crack <router config file> <output file>
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Select the file by navigating to File | Add Files to find out the SHA1 hash value of a file."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/KaliLinux2AssuringSecuritybyPenetrationTesting_thirdEdition_ColorImages.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.