Book Image

Learn Kali Linux 2019

By : Glen D. Singh

Book Image

Learn Kali Linux 2019

By: Glen D. Singh

Overview of this book

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Section 1: Kali Linux Basics

Section 1: Kali Linux Basics

Introduction to Hacking

Introduction to Hacking

Who is a hacker?

Exploring important terminology

Penetration testing phases

Penetration testing methodologies

Penetration testing approaches

Types of penetration testing

Further reading

Setting Up Kali - Part 1

Setting Up Kali - Part 1

Technical requirements

Building our lab

Further reading

Setting Up Kali - Part 2

Setting Up Kali - Part 2

Technical requirements

Installing Windows as a VM

Installing Ubuntu 8.10

Troubleshooting Kali Linux

Further reading

Getting Comfortable with Kali Linux 2019

Getting Comfortable with Kali Linux 2019

Technical requirements

Understanding Kali Linux

What's new in Kali Linux 2019?

Basics of Kali Linux

Further reading

Section 2: Reconnaissance

Section 2: Reconnaissance

Passive Information Gathering

Passive Information Gathering

Technical requirements

Reconnaissance and footprinting

Understanding passive information gathering

Understanding OSINT

Using the top OSINT tools

Identifying target technology and security controls

Finding data leaks in cloud resources

Understanding Google hacking and search operators

Leveraging whois and copying websites with HTTrack

Finding subdomains using Sublist3r

Further reading

Active Information Gathering

Active Information Gathering

Technical requirements

Understanding active information gathering

DNS interrogation

SMB, LDAP enumeration, and null sessions

User enumeration through noisy authentication controls

Web footprints and enumeration with EyeWitness

Metasploit auxiliary modules

Further reading

Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019

Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019

Working with Vulnerability Scanners

Working with Vulnerability Scanners

Technical requirements

Nessus and its policies

Scanning with Nessus

Exporting Nessus results

Analyzing Nessus results

Using web application scanners

Further reading

Understanding Network Penetration Testing

Understanding Network Penetration Testing

Technical requirements

Introduction to network penetration testing

Understanding the MAC address

Connecting a wireless adapter to Kali Linux

Managing and monitoring wireless modes

Further reading

Network Penetration Testing - Pre-Connection Attacks

Network Penetration Testing - Pre-Connection Attacks

Technical requirements

Getting started with packet sniffing using airodump-ng

Targeted packet sniffing using airodump-ng

Deauthenticating clients on a wireless network

Creating a rogue AP/evil twin

Performing a password spraying attack

Setting up watering hole attacks

Exploiting weak encryption to steal credentials

Further reading

Network Penetration Testing - Gaining Access

Network Penetration Testing - Gaining Access

Technical requirements

Securing your network from the aforementioned attacks

Configuring wireless security settings to secure your network

Exploiting vulnerable perimeter systems with Metasploit

Penetration testing Citrix and RDP-based remote access systems

Plugging PWN boxes and other tools directly into a network

Further reading

Network Penetration Testing - Post-Connection Attacks

Network Penetration Testing - Post-Connection Attacks

Technical requirements

Gathering information

Session hijacking

Exploiting LLMNR and NetBIOS-NS

WPAD protocol attacks

Escalating privileges

Lateral movement tactics

PowerShell tradecraft

Launching a VLAN hopping attack

Further reading

Network Penetration Testing - Detection and Security

Network Penetration Testing - Detection and Security

Technical requirements

Using Wireshark to understand ARP

Detecting ARP poisoning attacks

Detecting suspicious activity

MITM remediation techniques

Further reading

Client-Side Attacks - Social Engineering

Client-Side Attacks - Social Engineering

Technical requirements

Basics of social engineering

Types of social engineering

Defending against social engineering

Recon for social engineering (doxing)

Planning for each type of social engineering attack

Social engineering tools

Further reading

Performing Website Penetration Testing

Performing Website Penetration Testing

Technical requirements

Information gathering

File upload and file inclusion vulnerabilities

Exploiting file upload vulnerabilities

Exploiting code execution vulnerabilities

Exploiting LFI vulnerabilities

Preventing vulnerabilities

Further reading

Website Penetration Testing - Gaining Access

Website Penetration Testing - Gaining Access

Technical requirements

Exploring the dangers of SQL injection

SQL injection vulnerabilities and exploitation

Cross-Site Scripting vulnerabilities

Discovering vulnerabilities automatically

Further reading

Best Practices

Technical requirements

Guidelines for penetration testers

Web application security blueprints and checklists

Further reading

Assessments

Chapter 1: Introduction to Hacking

Chapter 2: Setting Up Kali - Part

Chapter 4: Getting Comfortable with Kali Linux 2019

Chapter 5: Passive Information Gathering

Chapter 6: Active Information Gathering

Chapter 7: Working with Vulnerability Scanners

Chapter 8: Understanding Network Penetration Testing

Chapter 9: Network Penetration Testing - Pre-Connection Attacks

Chapter 10: Network Penetration Testing - Gaining Access

Chapter 11: Network Penetration Testing - Post-Connection Attacks

Chapter 12: Network Penetration Testing - Detection and Security

Chapter 13: Client-Side Attacks - Social Engineering

Chapter 14: Performing Website Penetration Testing

Chapter 15: Website Penetration Testing - Gaining Access

Chapter 16: Best Practices

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

During this chapter, we covered various DNS interrogation techniques using a variety of tools to discover important servers, subdomains, and IP addresses, and were able to successfully extract the zone files from a DNS server (zone transfer) due to a misconfiguration on the target's DNS server.

Then, we used Nmap to perform various types of port scanning to determine the port status, running services and their versions, and the target's operating system; we also gained an indication of whether there's a firewall on the target. Finally, to close this chapter, we performed SMB and LDAP enumeration to gather user shares and directory records on our network devices.

Now that you have completed this chapter, you'll be able to successfully perform DNS zone transfers on vulnerable DNS servers; profile a system to discover its operating system, running services...