Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kali Linux Cookbook

Kali Linux Cookbook

By : Perciaccante, Corey Schultz
4.3 (9)
Buy this Book
close
close
Kali Linux Cookbook

Kali Linux Cookbook

4.3 (9)
By: Perciaccante, Corey Schultz

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.
Table of Contents (11 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Readers feedback
Customer support
Free Chapter
1
Installing Kali and the Lab Setup
Installing Kali and the Lab Setup
Introduction
Lab architecture and considerations
Installing VirtualBox
Installing Kali on VirtualBox
Using Kali Linux from bootable media
Upgrading Kali Linux
Understanding the advanced customization and optimization of Kali
Installing Windows machines
Installing Metasploitable
Installing OWASP-BWA
Understanding hack me and other online resources
2
Reconnaissance and Scanning
chevron up
Reconnaissance and Scanning
Introduction
Using KeepNote to organize our data
Getting up and running with Maltego CE
Gathering domain information
Gathering public IP information
Gathering external routing information
Gathering internal routing information
Gathering cloud service information
Identifying network hosts
Profiling hosts
Identifying whether there is a web application firewall
Using SNMP to gather more information
3
Vulnerability Analysis
Vulnerability Analysis
Introduction
Installation and configuration of OpenVAS
A basic vulnerability scanning with OpenVAS
Advanced vulnerability scanning with OpenVAS
Installation and Configuration of Nessus
A basic vulnerability scanning with Nessus
Advanced vulnerability scanning with Nessus
The installation and configuration of Nexpose
Basic vulnerability scanning with Nexpose
Advanced vulnerability scanning with Nexpose
4
Finding Exploits in the Target
Finding Exploits in the Target
Introduction
Searching the local exploit database
Searching the online exploit database
The Metasploit setup and configuration
The Armitage setup
Basic exploit attacks with Armitage
Advanced attacks with Armitage
Using the backdoor factory and Armitage
5
Social Engineering
Social Engineering
Introduction
Phishing attacks
Spear-phishing attacks
Credential harvesting with SET
Web jacking
PowerShell attack vector
QRCode attack vector
Infectious media generator
Obfuscating and manipulating URLs
DNS spoofing and ARP spoofing
DHCP spoofing
6
Password Cracking
Password Cracking
Introduction
Resetting local Windows machine password
Cracking remote Windows machine passwords
Windows domain password attacks
Cracking local Linux password hashes
Cracking password hashes with a wordlist
Brute force password hashes
Cracking FTP passwords
Cracking Telnet and SSH passwords
Cracking RDP and VNC passwords
Cracking ZIP file passwords
7
Privilege Escalation
Privilege Escalation
Introduction
Establishing a connection as an elevated user
Remotely bypassing Windows UAC
Local Linux system check for privilege escalation
Local Linux privilege escalation
Remote Linux privilege escalation
DirtyCOW privilege escalation for Linux
8
Wireless Specific Recipes
Wireless Specific Recipes
Introduction
Scanning for wireless networks
Bypassing MAC-based authentication
Breaking WEP encryption
Obtaining WPA/WPA2 keys
Exploiting guest access
Rogue AP deployment
Using wireless networks to scan internal networks
9
Web and Database Specific Recipes
Web and Database Specific Recipes
Introduction
Creating an offline copy of a web application
Scanning for vulnerabilities
Launching website attacks
Scanning WordPress
Hacking WordPress
Performing SQL injection attacks
10
Maintaining Access
Maintaining Access
Introduction
Pivoting and expanding access to the network
Using persistence to maintain system access
Using cymothoa to create a Linux backdoor
Protocol spoofing using pingtunnel
Protocol spoofing using httptunnel
Hiding communications with cryptcat

Using SNMP to gather more information

We can use hosts that we identified through nmap as having open SNMP ports or services running, to try and gather more information.

The Simple Network Management Protocol (SNMP) is a protocol used to provide status and configuration for various devices including servers, workstations, network appliances, IoT devices, and other hosts. This protocol provides both a read-only and read-write functionality. Quite often, devices have been deployed with read-only available by default. Network administrators will often enable read-write access for management purposes. The default passwords for SNMP on many devices is public for a read-only access and private for a read-write access. There are three types of SNMPs. While version 1 has been mostly deprecated, version 2 is still quite common, and version 3 is gaining in use due to it's better...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Chapter 2
Next Chapter
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY