Book Image

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

By : Vijay Kumar Velu
Book Image

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

By: Vijay Kumar Velu

Overview of this book

This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers. We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media. You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing

Related Content you might be interested in

Current Title:

Small book image
Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition
Vijay Kumar Velu
Jun, 2017 | 510 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Table of Contents (15 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Goal-Based Penetration Testing
Goal-Based Penetration Testing
Conceptual overview of security testing
Classical failures of vulnerability scanning, penetration testing, and red team exercises
The testing methodology
Introduction to Kali Linux – history and purpose
Installing and updating Kali
Using Kali from a portable device
Installing Kali into a virtual machine
VirtualBox
Installing to a Docker appliance
Installing Kali to the cloud – creating an AWS instance
Organizing Kali
Configuring and customizing Kali
Summary
2
Open Source Intelligence and Passive Reconnaissance
Open Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
Google Hacking Database
Creating custom word lists for cracking passwords
Summary
3
Active Reconnaissance of External and Internal Networks
Active Reconnaissance of External and Internal Networks
Stealth scanning strategies
DNS reconnaissance and route mapping
Employing comprehensive reconnaissance applications
Identifying the external network infrastructure
Mapping beyond the firewall
IDS/IPS identification
Enumerating hosts
Port, operating system, and service discovery
Writing your own port scanner using netcat
Large-scale scanning
Summary
4
Vulnerability Assessment
Vulnerability Assessment
Vulnerability nomenclature
Local and online vulnerability databases
Vulnerability scanning with nmap
Web application vulnerability scanners
Vulnerability scanners for mobile applications
The OpenVAS network vulnerability scanner
Specialized scanners
Threat modeling
Summary
5
Physical Security and Social Engineering
Physical Security and Social Engineering
Methodology and attack methods
Physical attacks at the console
Creating a rogue physical device
The Social Engineering Toolkit (SET)
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Launching a phishing attack
Summary
6
Wireless Attacks
Wireless Attacks
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a hidden SSID
Bypassing MAC address authentication and open authentication
Attacking WPA and WPA2
DoS attacks against wireless communications
Compromising enterprise implementations of WPA/WPA2
Working with Ghost Phisher
Summary
7
Reconnaissance and Exploitation of Web-Based Applications
Reconnaissance and Exploitation of Web-Based Applications
Methodology
Hackers mindmap
Conducting reconnaissance of websites
Client-side proxies
Application-specific attacks
Maintaining access with web shells
Summary
8
Attacking Remote Access
Attacking Remote Access
Exploiting vulnerabilities in communication protocols
Attacking Secure Sockets Layer (SSL)
Attacking an IPSec virtual private network
Summary
9
Client-Side Exploitation
Client-Side Exploitation
Backdooring executable files
Attacking a system using hostile scripts
The Cross-Site Scripting Framework (XSSF)
The Browser Exploitation Framework (BeEF)
Understanding the BeEF browser
Summary
10
Bypassing Security Controls
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Bypassing antivirus using different frameworks
Bypassing application-level controls
Bypassing Windows-specific operating system controls
Summary
11
Exploitation
Exploitation
The Metasploit framework
Exploiting targets using Metasploit Framework
Exploiting multiple targets using Metasploit Framework resource files
Exploiting multiple targets with Armitage
Using public exploits
Developing a Windows exploit
Summary
12
Action on the Objective
Action on the Objective
Activities on the compromised local system
Horizontal escalation and lateral movement
Summary
13
Privilege Escalation
Privilege Escalation
Overview of common escalation methodology
Local system escalation
Credential harvesting and escalation attacks
Escalating access rights in Active Directory
Compromising Kerberos – the golden ticket attack
Summary
14
Command and Control
Command and Control
Using persistent agents
Exfiltration of data
Summary

Classical failures of vulnerability scanning, penetration testing, and red team exercises

In this section, we will focus on the limitations of classical Vscanning, pentesting, and red teaming exercises. Let's now discuss the actual meaning of these three methodologies in simple terms and look at their limitations:

  • Vscanning: This is the process of identifying vulnerabilities or security loopholes in a system or network. The limitations with Vscanning are the potential vulnerabilities, including false positives, which can be confusing to the business owner.
  • Pentesting: This is the process of safely exploiting vulnerabilities without much impact to the existing network or business. There are a fewer number of false positives, since the testers will try and simulate the exploit faithfully. A key limitation of pentesting is that the exploits it can detect are only those that are currently known and publicly available exploits. Also, most pentests are project-focused tests. In pentesting, we often hear "Yay, got root!", but we never then hear "What's next?" This could be due to various reasons, such as the project limiting the pentester to reporting only the high-risk issues immediately to the client, or the client being interested only in one segment of the network and wanting the pentester to compromise.
  • RTEs: This is the process of evaluating the effectiveness of an organization's defenses against cyber threats and improving them; during RTEs, we notice multiple ways of achieving project goals, such as the complete coverage of all activities under a defined project goal. The key limitations with RTEs are that they are limited in terms of time and can only simulate specific predefined scenarios, and they have an assumed rather than a real environment.

Often, all three of these testing methodologies refer to the terms hack or compromise. "We will hack your network and show you where its weaknesses are –," but wait: does the client or business owner understand the terms hack or compromise? How do we measure hack or compromise? What are the criteria? When do we know that a hack or compromise is complete? All these questions point to only one thing: needing to know the primary goal.

The primary goal of pentesting and RTEs is determining the risk, differentiating the risk rating from the scanner, and performing a business risk value assessment of each asset, as well as the brand/image of the organization. It's not about how many threats there are, but how much risk the organization is exposed to. A risk does not really constitute a threat and doesn't necessarily need to be demonstrated. For example, a Cross-Site Scripting (XSS) attack on a brochure website may not have significant impact on the business; however, a client might put in a mitigation plan for the risk using a Web Application Firewall (WAF) to prevent the XSS attacks.

Previous Section
End of Section 3
Next Section