Book Image

The Ultimate Kali Linux Book - Second Edition

By : Glen D. Singh
5 (1)
Book Image

The Ultimate Kali Linux Book - Second Edition

5 (1)
By: Glen D. Singh

Overview of this book

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks. This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment. By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Second Edition
Glen D. Singh
Feb, 2022 | 742 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
SeanPhilip Oriyano | Glen D Singh
Feb, 2019 | 302 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Share Your Thoughts
1
Section 1: Getting Started with Penetration Testing
Section 1: Getting Started with Penetration Testing
Free Chapter
2
Chapter 1: Introduction to Ethical Hacking
Chapter 1: Introduction to Ethical Hacking
Identifying threat actors and their intent
Understanding what matters to threat actors
Discovering cybersecurity terminologies
Exploring the need for penetration testing and its phases
Understanding penetration testing approaches
Exploring hacking phases
Understanding the Cyber Kill Chain framework
Summary
Further reading
3
Chapter 2: Building a Penetration Testing Lab
Chapter 2: Building a Penetration Testing Lab
Technical requirements
Understanding the lab overview and its technologies
Setting up a hypervisor and virtually isolated networks
Setting up and working with Kali Linux
Deploying Metasploitable 2 as a target system
Implementing Metasploitable 3 using Vagrant
Setting up vulnerability web application systems
Summary
Further reading
4
Chapter 3: Setting Up for Advanced Hacking Techniques
Chapter 3: Setting Up for Advanced Hacking Techniques
Technical requirements
Building an AD red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
5
Section 2: Reconnaissance and Network Penetration Testing
Section 2: Reconnaissance and Network Penetration Testing
6
Chapter 4: Reconnaissance and Footprinting
Chapter 4: Reconnaissance and Footprinting
Technical requirements
Understanding the importance of reconnaissance
Understanding passive information gathering
Exploring open source intelligence
Using OSINT strategies to gather intelligence
Summary
Further reading
7
Chapter 5: Exploring Active Information Gathering
Chapter 5: Exploring Active Information Gathering
Technical requirements
Understanding active reconnaissance
Exploring Google hacking strategies
Exploring DNS reconnaissance
Enumerating subdomains
Profiling websites using EyeWitness
Exploring active scanning techniques
Enumerating common network services
Performing user enumeration through noisy authentication controls
Finding data leaks in the cloud
Summary
Further reading
8
Chapter 6: Performing Vulnerability Assessments
Chapter 6: Performing Vulnerability Assessments
Technical requirements
Nessus and its policies
Vulnerability discovery using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
9
Chapter 7: Understanding Network Penetration Testing
Chapter 7: Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and monitoring wireless modes
Summary
Further reading
10
Chapter 8: Performing Network Penetration Testing
Chapter 8: Performing Network Penetration Testing
Technical requirements
Discovering live systems
Profiling a target system
Exploring password-based attacks
Identifying and exploiting vulnerable services
Understanding watering hole attacks
Further reading
11
Section 3: Red Teaming Techniques
Section 3: Red Teaming Techniques
12
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Technical requirements
Post-exploitation using Meterpreter
Data encoding and exfiltration
Understanding MITM and packet sniffing attacks
Summary
Further reading
13
Chapter 10: Working with Active Directory Attacks
Chapter 10: Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
14
Chapter 11: Advanced Active Directory Attacks
Chapter 11: Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
15
Chapter 12: Delving into Command and Control Tactics
Chapter 12: Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
16
Chapter 13: Advanced Wireless Penetration Testing
Chapter 13: Advanced Wireless Penetration Testing
Technical requirements
Introduction to wireless networking
Performing wireless reconnaissance
Compromising WPA and WPA2 networks
Performing AP-less attacks
Exploiting enterprise wireless networks
Creating a Wi-Fi honeypot
Discovering WPA3 attacks
Securing your wireless network
Summary
Further reading
17
Section 4: Social Engineering and Web Application Attacks
Section 4: Social Engineering and Web Application Attacks
18
Chapter 14: Performing Client-Side Attacks – Social Engineering
Chapter 14: Performing Client-Side Attacks – Social Engineering
Technical requirements
Fundamentals of social engineering
Types of social engineering
Defending against social engineering
Planning for each type of social engineering attack
Exploring social engineering tools and techniques
Summary
Further reading
19
Chapter 15: Understanding Website Application Security
Chapter 15: Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
20
Chapter 16: Advanced Website Penetration Testing
Chapter 16: Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Understanding security logging and monitoring failures
Performing server-side request forgery
Automating SQL injection attacks
Understanding cross-site scripting
Performing client-side attacks
Summary
Further reading
21
Chapter 17: Best Practices for the Real World
Chapter 17: Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker's tool bag
Setting up remote access
Next steps ahead
Summary
Further reading
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Understanding penetration testing approaches

A white box assessment is typical of web application testing but can extend to any form of penetration testing. The key difference between white, black, and gray box testing is the amount of information provided to the penetration testers prior to the engagement. In a white box assessment, the penetration tester will be provided with full information about the application and its technologies, and will usually be given credentials with varying degrees of access to quickly and thoroughly identify vulnerabilities in the applications, systems, or networks. Not all security testing is done using the white box approach; sometimes, only the target company's name is provided to the penetration tester.

Black box assessments are the most common form of network penetration assessment and are most typical among external network penetration tests and social engineering penetration tests. In a black box assessment, the penetration testers are given very little or no information about the target networks or systems they are testing. This particular form of testing is efficient when trying to determine what a real hacker will discover and their strategies to gain unauthorized access to the organization's network and compromise their systems.

Gray box assessments are a hybrid of white and black box testing and are typically used to provide a realistic testing scenario while also giving penetration testers enough information to reduce the time needed to conduct reconnaissance and other black box testing activities. In addition, it's important in any assessment to ensure you are testing all in-scope systems. In a true black box, it's possible to miss systems, and as a result, they are left out of the assessment.

Each penetration test approach is different from the others, and it's vital that you know about all of them. Imagine a potential client calling to request a black box test on their external network; as a penetration tester, we must be familiar with the terms and what is expected.

Types of penetration testing

As an aspiring penetration tester, it's important to understand the difference between a vulnerability assessment and penetration testing. In a vulnerability assessment, the cybersecurity professional uses a vulnerability scanner, which is used to help assess the security posture of the systems within the organization. These vulnerability scanners use various techniques to automate the process of discovering a wide range of security weaknesses on systems.

The downside of vulnerability scanning is its incapability to identify the issues that manual testing can, and this is the reason that an organization hires penetration testers to conduct these assessments. Within the industry, organizations may hire a cybersecurity professional to perform penetration testing on their infrastructure. However, if the cybersecurity professional delivers scans instead of manual testing, this is a form of fraud and is, in my opinion, highly unethical. If you can't cut it in penetration testing, then practice, practice, and practice some more. You will learn legal ways to improve your tradecraft later in this book.

Web application penetration testing

Web application penetration testing, hereafter referred to as WAPT, is the most common form of penetration testing and is likely to be the first penetration testing job most people reading this book will be involved in. WAPT is the act of conducting manual hacking or penetration testing against a web application to test for vulnerabilities that typical vulnerability scanners won't find. Too often, penetration testers submit web application vulnerability scans instead of manually finding and verifying issues within web applications.

Mobile application penetration testing

Mobile application penetration testing is similar to WAPT but is specific to mobile applications that contain their own attack vectors and threats. This is a rising form of penetration testing with a great deal of opportunity for those who are looking to break into penetration testing and have an understanding of mobile application development. As you may have noticed, the different types of penetration testing each have specific objectives.

Social engineering penetration testing

Social engineering penetration testing, in my opinion, is the most adrenaline-filled type of testing. Social engineering is the art of manipulating basic human psychology to find human vulnerabilities and get people to do things they may not otherwise do. During this form of penetration testing, you may be asked to do activities such as sending phishing emails, make vishing phone calls, or talk your way into secure facilities to determine what an attacker targeting their personnel could achieve. There are many types of social engineering attacks, which will be covered later on in this book.

Network penetration testing (external and internal)

Network penetration testing focuses on identifying security weaknesses in a targeted environment. The penetration test objectives are to identify the flaws in the target organization's systems, their networks (wired and wireless), and their networking devices such as switches and routers.

The following are some tasks that are performed using network penetration testing:

  • Bypassing an Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
  • Bypassing firewall appliances
  • Password cracking
  • Gaining access to end devices and servers
  • Exploiting misconfigurations on switches and routers

Now that you have a better idea of the objectives of network penetration testing, let's take a look at the purpose of cloud penetration testing.

Cloud penetration testing

Cloud penetration testing involves performing security assessments and penetration testing on risks to cloud platforms to discover any vulnerabilities that may expose confidential information to malicious users. Before attempting to directly engage a cloud platform, ensure you have legal permission from the cloud provider. For example, if you are going to perform penetration testing on the Microsoft Azure platform, you'll need legal permission from Microsoft as your actions may affect other users and services who are sharing the data center.

Physical penetration testing

Physical penetration testing focuses on testing the physical security access control systems in place to protect an organization's data. Security controls exist within offices and data centers to prevent unauthorized persons from entering secure areas of a company.

Physical security controls include the following:

  • Security cameras and sensors: Security cameras are used to monitor physical actions within an area.
  • Biometric authentication systems: Biometrics are used to ensure that only authorized people are granted access to an area.
  • Doors and locks: Locking systems are used to prevent unauthorized persons from entering a room or area.
  • Security guards: Security guards are people who are assigned to protect something, someone, or an area.

Having completed this section, you are now able to describe the various types of penetration testing. Your journey ahead won't be complete without understanding the phases of hacking. The different phases of hacking will be covered in the next section.

Previous Section
End of Section 6
Next Section