This book is dedicated to the use of Kali Linux in performing penetration tests against networks, systems, and applications. A penetration test simulates an attack against a network or a system by a malicious outsider or insider. Unlike a vulnerability assessment, penetration testing is designed to include the exploitation phase. Therefore, it proves that the exploit is present, and that it is accompanied by the very real risk of being compromised if not acted upon.
Note
Throughout this book, we will refer to penetration testers, attackers, and hackers interchangeably, as they use the same techniques and tools to assess the security of networks and data systems. The only difference between them is their end objective—a secure data network, or a data breach.
In short, this book will take you through a journey of penetration testing, with a number of proven techniques for defeating the latest network defenses using Kali Linux, from selecting the most effective tools, to rapidly compromising network security, to highlighting the techniques used to avoid detection.
If you are a penetration tester, IT professional, or security consultant wanting to maximize the success of your network testing by using some of the advanced features of Kali Linux, then this book is for you. Some prior exposure to the basics of penetration testing and ethical hacking would be helpful in making the most out of this title.
Chapter 1, Goal-Based Penetration Testing with Kali Linux, introduces a functional outline, based on the penetration-testing methodology, that will be used throughout the book. It ensures that a coherent and comprehensive approach to penetration testing will be followed.
Chapter 2, Open Source Intelligence and Passive Reconnaissance, provides background on how to gather information about a target using publicly-available sources, and discusses the tools that can simplify reconnaissance and information management.
Chapter 3, Active Reconnaissance of the External and Internal Networks, introduces you to stealthy approaches that can be used to gain information about the target, especially the information that identifies vulnerabilities to be exploited.
Chapter 4, Vulnerability Assessment, teaches you the semi-automated process of scanning a network and its devices to locate systems that are vulnerable to attack and compromise, and the process of taking all reconnaissance and vulnerability scan information, assessing it, and then creating a map to guide the penetration-testing process.
Chapter 5, Advanced Social Engineering and Physical Security, demonstrates why being able to physically access a system or interact with the humans who manage it provides the most successful route to exploitation.
Chapter 6, Wireless Attacks, provides a brief explanation of wireless technologies, and focuses instead on the common techniques used to compromise these networks by bypassing security.
Chapter 7, Exploiting Web-Based Applications, provides a brief overview of one of the most complex delivery phases to secure: web-based applications that are exposed to the public internet.
Chapter 8, Client-Side Exploitation, focuses on attacks against applications on the end user's systems, which are frequently not protected to the same degree as the organization's primary network.
Chapter 9, Bypassing Security Controls, demonstrates the most common security controls in place, identifies a systematic process for overcoming these controls, and demonstrates this using the tools from the Kali toolset.
Chapter 10, Exploitation, demonstrates the methodologies that can be used to find and execute exploits that allow a system to be compromised by an attacker.
Chapter 11, Action on the Objective, focuses on the immediate post-exploit activities, as well as the concept of horizontal escalation—the process of using an exploited system as a starting point to jump off to other systems on the network.
Chapter 12, Privilege Escalation, demonstrates how the penetration tester can own all aspects of a system's operations, and more importantly, how obtaining some access privileges will allow the tester to control all systems across a network.
Chapter 13, Command and Control, focuses on what a modern attacker would do to enable data to be exfiltrated to the attacker's location, while hiding the evidence of the attack.
Chapter 14, Embedded Devices and RFID Hacking, focuses on what a modern attacker would do to perform a structured attack on embedded devices, as well as the cloning of NFC cards, to achieve an objective.
In order to practice the material presented in this book, you will need virtualization tools such as VMware or VirtualBox.
You will need to download and configure the Kali Linux operating system and its suite of tools. To ensure that it is up to date and that you have all of the tools, you will need an internet connection.
Sadly, not all of the tools on the Kali Linux system will be addressed, since there are just too many of them. The focus of this book is not to overwhelm you with all of the tools and options, but to provide an approach for testing that will give you the opportunity to learn and incorporate new tools as your experiences and knowledge increases over time.
Although most of the examples from this book focus on Microsoft Windows, the methodology and most of the tools are transferable to other operating systems, such as Linux and the other flavors of Unix.
Finally, this book applies Kali to complete the attacker's kill-chain against target systems. For this, you will need a target operating system. Many of the examples in the book use Microsoft Windows 7 and Windows 2008 R2.
You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packt.com.
- Select the
SUPPORT
tab. - Click on
Code Downloads & Errata
. - Enter the name of the book in the
Search
box and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Advanced-Penetration-Testing-Third-Edition. In case there's an update to the code, it will be updated on the existing GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781789340563_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText
: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "For example, we have used the netcat
command."
A block of code is set as follows:
<!DOCTYPE foo [ <!ENTITY Variable "hello" > ]><somexml><message>&Variable;</message></somexml>
Any command-line input or output is written as follows:
chmod 600 privatekey.pem ssh -i privatekey.pem ec2-user@amazon-dns-ip
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Right-click on the folder and select the Sharing
tab. From this menu, select Share
."
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected]
.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected]
with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book to perform illegal activities if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.
The features explained in the book are based on the meta-packages version of Kali Linux 2019.1, this is not the official release by Offensive Security.