Book Image

Learn Kali Linux 2019

By : Glen D. Singh
Book Image

Learn Kali Linux 2019

By: Glen D. Singh

Overview of this book

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.
Table of Contents (22 chapters)
Free Chapter
1
Section 1: Kali Linux Basics
6
Section 2: Reconnaissance
9
Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019

Hping3

Hping3 is a command-line tool that allows a user to analyze TCP/IP messages on a network. Additionally, Hping3 allows use to assemble network packets, which can be beneficial to a penetration tester in performing device and service discovery and offensive actions, such as a Denial-of-Service (DoS) attack.

Hping3 is a tool that can perform the following tasks:

  • Host discovery on a network
  • Fingerprinting host devices to determine services
  • Sniffing network traffic
  • Flooding packets (DoS)
  • File transfer

As mentioned in the previous section, there are many servers and devices that have ICMP responses disabled as a security precaution. We can use Hping3 to probe a port on a target system to force an ICMP response back to our attacker machine.

To get started using Hping3, let's use the following steps to perform a port scan on port 80:

  1. We use the ping utility to send four...