Book Image

Kali Linux 2018: Windows Penetration Testing - Second Edition

By : Wolf Halton, Bo Weaver
Book Image

Kali Linux 2018: Windows Penetration Testing - Second Edition

By: Wolf Halton, Bo Weaver

Overview of this book

Microsoft Windows is one of the two most common OSes, and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, and forensics tools, and not the OS. This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. You will start by learning about the various desktop environments that now come with Kali. The book covers network sniffers and analysis tools to uncover the Windows protocols in use on the network. You will see several tools designed to improve your average in password acquisition, from hash cracking, online attacks, offline attacks, and rainbow tables to social engineering. It also demonstrates several use cases for Kali Linux tools like Social Engineering Toolkit, and Metasploit, to exploit Windows vulnerabilities. Finally, you will learn how to gain full system-level access to your compromised system and then maintain that access. By the end of this book, you will be able to quickly pen test your system and network using easy-to-follow instructions and support images.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux 2018: Windows Penetration Testing - Second Edition
Wolf Halton | Bo Weaver
Oct, 2018 | 404 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Small book image
Hands-On Penetration Testing on Windows
Phil Bramwell
Jul, 2018 | 452 pages
Table of Contents (12 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Choosing Your Distro
Choosing Your Distro
Desktop environments
Choosing your look and feel
Configuring Kali to be your Daily Driver
Summary
2
Sharpening the Saw
Sharpening the Saw
Technical requirements
Installing Kali Linux to an encrypted USB drive
Running Kali from the Live DVD
Installing and configuring applications
Setting up and configuring OpenVAS
Reporting tests
Running services on Kali Linux
Summary
3
Information Gathering and Vulnerability Assessments
Information Gathering and Vulnerability Assessments
Technical requirements
Footprinting the network
An annotated list of Nmap command options
Using OpenVAS
Using Maltego
Using KeepNote
Summary
Further reading
4
Sniffing and Spoofing
Sniffing and Spoofing
Technical requirements
Sniffing and spoofing network traffic
Sniffing network traffic
Spoofing network traffic
Summary
Further reading
5
Password Attacks
Password Attacks
Password attack planning
My friend, Johnny
John the Ripper (command line)
xHydra
Summary
Further reading
6
NetBIOS Name Service and LLMNR - Obsolete but Still Deadly
NetBIOS Name Service and LLMNR - Obsolete but Still Deadly
Technical requirements
NetBIOS name service and NTLM
Sniffing and capturing traffic
Summary
Further reading
7
Gaining Access
Gaining Access
Pwnage
Technical requirements
Exploiting Windows systems with Metasploit
Using advanced Footprinting
Summary
Further reading
8
Windows Privilege Escalation and Maintaining Access
Windows Privilege Escalation and Maintaining Access
Technical requirements
Windows privilege escalation
MS16-032 Secondary Logon Handle Privilege Escalation
Windows Escalate Service Permissions Local Privilege Escalation
Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability)
Maintaining access
Summary
9
Maintaining Access on Server or Desktop
Maintaining Access on Server or Desktop
Maintaining access or ET Phone Home
Maintaining access with Ncat
The Drop Box
Cracking the Network Access Controller (NAC)
Creating a spear-phishing attack with the Social Engineering Toolkit
Using Backdoor Factory to evade antivirus
Summary
Further reading
10
Reverse Engineering and Stress Testing
Reverse Engineering and Stress Testing
Technical requirements
Setting up a test environment
Reverse Engineering theory
Working with Boolean logic
Practicing Reverse Engineering
Stress testing Windows
Summary
Further reading
11
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

To get the most out of this book

You will require following to code test this book:

  • Router/firewall
  • Linux workstation 8 cores 32 GB RAM for a VM server. (running VirtualBox)
  • Windows 2008 server for the DC (VM)
  • Windows 2008 server file server (VM)
  • Win7 client (VM)
  • Win10 client (This was a physical laptop)
  • Laptop running Kali 4 cores 8 GB of RAM. For the attacking platform. (My personal laptop)

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "This produces a fast scan-the T stands for Timing (from 1 to 5), and the default timing is -T3."

A block of code is set as follows:

html, body, #map {
 height: 100%; 
 margin: 0;
 padding: 0
}

Any command-line input or output is written as follows:

nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Open the Terminal from the icon on the top bar or by clicking on the menu links:
Application | Accessories | Terminal".

Warnings or important notes appear like this.
Tips and tricks appear like this.
Previous Section
Next Section