Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By: Himanshu Sharma

Overview of this book

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities. The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report. By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux - An Ethical Hacker's Cookbook - Second Edition
Himanshu Sharma
Mar, 2019 | 472 pages
Small book image
Hands-On Red Team Tactics
Harpreet Singh | Himanshu Sharma
Sep, 2018 | 480 pages
Small book image
Kali Linux 2018: Assuring Security by Penetration Testing
Lee Allen | Alex Samm | Shakeel Ali | Damian Boodoo | Tedi Heriyanto | Gerard Johansen | Shiva V N Parasram
Oct, 2018 | 528 pages
Small book image
Hands-On Web Penetration Testing with Metasploit
Harpreet Singh | Himanshu Sharma
May, 2020 | 544 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Disclaimer
Free Chapter
1
Kali - An Introduction
Kali - An Introduction
Configuring Kali Linux
Configuring the Xfce environment
Configuring the MATE environment
Configuring the LXDE environment
Configuring the E17 environment
Configuring the KDE environment
Prepping with custom tools
Zone Walking using DNSRecon
Setting up I2P for anonymity
Pentesting VPN's ike-scan
Setting up proxychains
Going on a hunt with Routerhunter
2
Gathering Intel and Planning Attack Strategies
Gathering Intel and Planning Attack Strategies
Getting a list of subdomains
Using Shodan for fun and profit
Shodan Honeyscore
Shodan plugins
Censys
Using Nmap to find open ports
Bypassing firewalls with Nmap
Searching for open directories using GoBuster
Hunting for SSL flaws
Automating brute force with BruteSpray
Digging deep with TheHarvester
Finding technology behind webapps using WhatWeb
Scanning IPs with masscan
Finding origin servers with CloudBunny
Sniffing around with Kismet
Testing routers with Firewalk
3
Vulnerability Assessment - Poking for Holes
Vulnerability Assessment - Poking for Holes
Using the infamous Burp
Exploiting WSDLs with Wsdler
Using Intruder
Using golismero
Exploring Searchsploit
Exploiting routers with routersploit
Using Metasploit
Automating Metasploit
Writing a custom resource script
Setting up a database in Metasploit
Generating payloads with MSFPC
Emulating threats with Cobalt Strike
4
Web App Exploitation - Beyond OWASP Top 10
Web App Exploitation - Beyond OWASP Top 10
Exploiting XSS with XSS Validator
Injection attacks with sqlmap
Owning all .svn and .git repositories
Winning race conditions
Exploiting XXEs
Exploiting Jboss with JexBoss
Exploiting PHP Object Injection
Automating vulnerability detection using RapidScan
Backdoors using meterpreter
Backdoors using webshells
5
Network Exploitation
Network Exploitation
Introduction
MITM with hamster and ferret
Exploring the msfconsole
Railgun in Metasploit
Using the paranoid meterpreter
The tale of a bleeding heart
Exploiting Redis
Saying no to SQL – owning MongoDBs
Hacking embedded devices
Exploiting Elasticsearch
Good old Wireshark
This is Sparta
Exploiting Jenkins
Shellver – reverse shell cheatsheet
Generating payloads with MSFvenom Payload Creator (MSFPC)
6
Wireless Attacks - Getting Past Aircrack-ng
Wireless Attacks - Getting Past Aircrack-ng
The good old Aircrack
Hands-on with Gerix
Dealing with WPAs
Owning employee accounts with Ghost Phisher
Pixie dust attack
Setting up rogue access points with WiFi-Pumpkin
Using Airgeddon for Wi-Fi attacks
7
Password Attacks - The Fault in Their Stars
Password Attacks - The Fault in Their Stars
Identifying different types of hashes in the wild
Hash-identifier to the rescue
Cracking with Patator
Playing with John the Ripper
Johnny Bravo!
Using ceWL
Generating wordlists with crunch
Using Pipal
8
Have Shell, Now What?
Have Shell, Now What?
Spawning a TTY shell
Looking for weaknesses
Horizontal escalation
Vertical escalation
Node hopping – pivoting
Privilege escalation on Windows
Pulling a plaintext password with Mimikatz
Dumping other saved passwords from the machine
Pivoting
Backdooring for persistance
Age of Empire
Automating Active Directory (AD) exploitation with DeathStar
Exfiltrating data through Dropbox
Data exfiltration using CloakifyFactory
9
Buffer Overflows
Buffer Overflows
Exploiting stack-based buffer overflows
Exploiting buffer overflows on real software
SEH bypass
Exploiting egg hunters
An overview of ASLR and NX bypass
10
Elementary, My Dear Watson - Digital Forensics
Elementary, My Dear Watson - Digital Forensics
Using the volatility framework
Using Binwalk
Capturing a forensic image with guymager
11
Playing with Software-Defined Radios
Playing with Software-Defined Radios
Radio-frequency scanners
Hands-on with the RTLSDR scanner
Playing around with gqrx
Kalibrating your device for GSM tapping
Decoding ADS-B messages with Dump1090
12
Kali in Your Pocket - NetHunters and Raspberries
Kali in Your Pocket - NetHunters and Raspberries
Installing Kali on Raspberry Pi
Installing NetHunter
Superman typing – human interface device (HID) attacks
Can I charge my phone?
Setting up an evil access point
13
Writing Reports
Writing Reports
Using Dradis
Using MagicTree
Using Serpico
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Horizontal escalation

We have already learned how to spawn a TTY shell by performing enumeration. In this recipe, we will look at some of the methods where horizontal escalation can be performed to gain more privileges on the system.

How to do it...

Let's perform the following steps:

  1. Here, we have a situation where we have got a reverse shell, www-data.
  2. Run sudo --list. We will find that the user is allowed to open a configuration file as another user, waldo:
  1. We need to open up the file in the VI Editor. To get a shell in VI, we must type the following:
!bash

After executing the !bash command, we get the following screen:

  1. We now have a shell with the waldo user. Our escalation was successful.
  2. In some cases, we...
Previous Section
End of Section 4
Next Section