Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By : Himanshu Sharma

4.2 (6)

Kali Linux - An Ethical Hacker's Cookbook

4.2 (6)

By: Himanshu Sharma

Overview of this book

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities. The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report. By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Disclaimer

Free Chapter

Kali - An Introduction

Kali - An Introduction

Configuring Kali Linux

Configuring the Xfce environment

Configuring the MATE environment

Configuring the LXDE environment

Configuring the E17 environment

Configuring the KDE environment

Prepping with custom tools

Zone Walking using DNSRecon

Setting up I2P for anonymity

Pentesting VPN's ike-scan

Setting up proxychains

Going on a hunt with Routerhunter

Gathering Intel and Planning Attack Strategies

Gathering Intel and Planning Attack Strategies

Getting a list of subdomains

Using Shodan for fun and profit

Shodan Honeyscore

Shodan plugins

Censys

Using Nmap to find open ports

Bypassing firewalls with Nmap

Searching for open directories using GoBuster

Hunting for SSL flaws

Automating brute force with BruteSpray

Digging deep with TheHarvester

Finding technology behind webapps using WhatWeb

Scanning IPs with masscan

Finding origin servers with CloudBunny

Sniffing around with Kismet

Testing routers with Firewalk

Vulnerability Assessment - Poking for Holes

Vulnerability Assessment - Poking for Holes

Using the infamous Burp

Exploiting WSDLs with Wsdler

Using Intruder

Using golismero

Exploring Searchsploit

Exploiting routers with routersploit

Using Metasploit

Automating Metasploit

Writing a custom resource script

Setting up a database in Metasploit

Generating payloads with MSFPC

Emulating threats with Cobalt Strike

Web App Exploitation - Beyond OWASP Top 10

Web App Exploitation - Beyond OWASP Top 10

Exploiting XSS with XSS Validator

Injection attacks with sqlmap

Owning all .svn and .git repositories

Winning race conditions

Exploiting XXEs

Exploiting Jboss with JexBoss

Exploiting PHP Object Injection

Automating vulnerability detection using RapidScan

Backdoors using meterpreter

Backdoors using webshells

Network Exploitation

Network Exploitation

Introduction

MITM with hamster and ferret

Exploring the msfconsole

Railgun in Metasploit

Using the paranoid meterpreter

The tale of a bleeding heart

Exploiting Redis

Saying no to SQL – owning MongoDBs

Hacking embedded devices

Exploiting Elasticsearch

Good old Wireshark

This is Sparta

Exploiting Jenkins

Shellver – reverse shell cheatsheet

Generating payloads with MSFvenom Payload Creator (MSFPC)

Wireless Attacks - Getting Past Aircrack-ng

Wireless Attacks - Getting Past Aircrack-ng

The good old Aircrack

Hands-on with Gerix

Dealing with WPAs

Owning employee accounts with Ghost Phisher

Pixie dust attack

Setting up rogue access points with WiFi-Pumpkin

Using Airgeddon for Wi-Fi attacks

Password Attacks - The Fault in Their Stars

Password Attacks - The Fault in Their Stars

Identifying different types of hashes in the wild

Hash-identifier to the rescue

Cracking with Patator

Playing with John the Ripper

Johnny Bravo!

Using ceWL

Generating wordlists with crunch

Using Pipal

Have Shell, Now What?

Have Shell, Now What?

Spawning a TTY shell

Looking for weaknesses

Horizontal escalation

Vertical escalation

Node hopping – pivoting

Privilege escalation on Windows

Pulling a plaintext password with Mimikatz

Dumping other saved passwords from the machine

Pivoting

Backdooring for persistance

Age of Empire

Automating Active Directory (AD) exploitation with DeathStar

Exfiltrating data through Dropbox

Data exfiltration using CloakifyFactory

Buffer Overflows

Buffer Overflows

Exploiting stack-based buffer overflows

Exploiting buffer overflows on real software

SEH bypass

Exploiting egg hunters

An overview of ASLR and NX bypass

Elementary, My Dear Watson - Digital Forensics

Elementary, My Dear Watson - Digital Forensics

Using the volatility framework

Using Binwalk

Capturing a forensic image with guymager

Playing with Software-Defined Radios

Playing with Software-Defined Radios

Radio-frequency scanners

Hands-on with the RTLSDR scanner

Playing around with gqrx

Kalibrating your device for GSM tapping

Decoding ADS-B messages with Dump1090

Kali in Your Pocket - NetHunters and Raspberries

Kali in Your Pocket - NetHunters and Raspberries

Installing Kali on Raspberry Pi

Installing NetHunter

Superman typing – human interface device (HID) attacks

Can I charge my phone?

Setting up an evil access point

Writing Reports

Writing Reports

Using Dradis

Using MagicTree

Using Serpico

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting stack-based buffer overflows

Now that our basics are clear, let's move on to the exploitation of stack-based buffer overflows.

How to do it...

The following steps demonstrate the stack-based buffer overflow:

Let's take a look at another simple C program:

#include<stdio.h> 
#include<string.h> 
void main(int argc, char *argv[]) 
{ 
    char buf[120]; 
    strcpy(buf, argv[1]); 
    printf(buf); 
}

This program uses a vulnerable strcpy() method. We save the program to a file.

Compile the program with gcc using fno-stack-protector and execstack:

gcc -ggdb name.c -o name -fno-stack-protector -z execstack

Turn off address space randomization using the following code:

echo 0 > /proc/sys...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Kali Linux - An Ethical Hacker's Cookbook

Search

Your notes and bookmarks