Sign In Start Free Trial

Kali Linux Cookbook

By : Perciaccante, Corey Schultz

4.3 (9)

Kali Linux Cookbook

4.3 (9)

By: Perciaccante, Corey Schultz

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Readers feedback

Customer support

Free Chapter

Installing Kali and the Lab Setup

Installing Kali and the Lab Setup

Introduction

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Reconnaissance and Scanning

Reconnaissance and Scanning

Introduction

Using KeepNote to organize our data

Getting up and running with Maltego CE

Gathering domain information

Gathering public IP information

Gathering external routing information

Gathering internal routing information

Gathering cloud service information

Identifying network hosts

Profiling hosts

Identifying whether there is a web application firewall

Using SNMP to gather more information

Vulnerability Analysis

Vulnerability Analysis

Introduction

Installation and configuration of OpenVAS

A basic vulnerability scanning with OpenVAS

Advanced vulnerability scanning with OpenVAS

Installation and Configuration of Nessus

A basic vulnerability scanning with Nessus

Advanced vulnerability scanning with Nessus

The installation and configuration of Nexpose

Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose

Finding Exploits in the Target

Finding Exploits in the Target

Introduction

Searching the local exploit database

Searching the online exploit database

The Metasploit setup and configuration

The Armitage setup

Basic exploit attacks with Armitage

Advanced attacks with Armitage

Using the backdoor factory and Armitage

Social Engineering

Social Engineering

Introduction

Phishing attacks

Spear-phishing attacks

Credential harvesting with SET

Web jacking

PowerShell attack vector

QRCode attack vector

Infectious media generator

Obfuscating and manipulating URLs

DNS spoofing and ARP spoofing

DHCP spoofing

Password Cracking

Password Cracking

Introduction

Resetting local Windows machine password

Cracking remote Windows machine passwords

Windows domain password attacks

Cracking local Linux password hashes

Cracking password hashes with a wordlist

Brute force password hashes

Cracking FTP passwords

Cracking Telnet and SSH passwords

Cracking RDP and VNC passwords

Cracking ZIP file passwords

Privilege Escalation

Privilege Escalation

Introduction

Establishing a connection as an elevated user

Remotely bypassing Windows UAC

Local Linux system check for privilege escalation

Local Linux privilege escalation

Remote Linux privilege escalation

DirtyCOW privilege escalation for Linux

Wireless Specific Recipes

Wireless Specific Recipes

Introduction

Scanning for wireless networks

Bypassing MAC-based authentication

Breaking WEP encryption

Obtaining WPA/WPA2 keys

Exploiting guest access

Rogue AP deployment

Using wireless networks to scan internal networks

Web and Database Specific Recipes

Web and Database Specific Recipes

Introduction

Creating an offline copy of a web application

Scanning for vulnerabilities

Launching website attacks

Scanning WordPress

Hacking WordPress

Performing SQL injection attacks

Maintaining Access

Maintaining Access

Introduction

Pivoting and expanding access to the network

Using persistence to maintain system access

Using cymothoa to create a Linux backdoor

Protocol spoofing using pingtunnel

Protocol spoofing using httptunnel

Hiding communications with cryptcat

Customer Reviews

4.3 (9)

5 star

66.7%

4 star

11.1%

3 star

11.1%

2 star

11.1%

1 star

0

Exploiting guest access

When guest access is offered, often it is on a shared network with the network you are attempting to infiltrate. There are several different types of wireless guest access offered, each has its own vulnerabilities:

Pre-shared keys: These are generally WEP or WPA PSK's that are intended to keep unauthorized users or devices to a minimum. Unfortunately, these keys are generally known by many people and are very rarely changed.

Captive portal: The guests connect to a wireless network and are automatically redirected to a web page that prompts them for credentials. This may or may not be combined with a pre-shared key.

The most common implementations of guest access include elements of recipes that we have done in previous sections but are stung together and very frequently are labeled as guest networks by their SSID.

...

Search

Your notes and bookmarks