Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux - An Ethical Hacker's Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma
3.8 (20)
Buy this Book
close
close
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook

3.8 (20)
By: Himanshu Sharma
Buy this Book

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
Kali – An Introduction
Icon
Kali – An Introduction
Icon
Introduction
Icon
Configuring Kali Linux
Icon
Configuring the Xfce environment
Icon
Configuring the Mate environment
Icon
Configuring the LXDE environment
Icon
Configuring the e17 environment
Icon
Configuring the KDE environment
Icon
Prepping up with custom tools
Icon
Pentesting VPN's ike-scan
Icon
Setting up proxychains
Icon
Going on a hunt with Routerhunter
2
Gathering Intel and Planning Attack Strategies
Icon
Gathering Intel and Planning Attack Strategies
Icon
Introduction
Icon
Getting a list of subdomains
Icon
Using Shodan for fun and profit
Icon
Shodan Honeyscore
Icon
Shodan plugins
Icon
Using Nmap to find open ports
Icon
Bypassing firewalls with Nmap
Icon
Searching for open directories
Icon
Performing deep magic with DMitry
Icon
Hunting for SSL flaws
Icon
Exploring connections with intrace
Icon
Digging deep with theharvester
Icon
Finding the technology behind web apps
Icon
Scanning IPs with masscan
Icon
Sniffing around with Kismet
Icon
Testing routers with firewalk
3
Vulnerability Assessment
Icon
Vulnerability Assessment
Icon
Introduction
Icon
Using the infamous Burp
Icon
Exploiting WSDLs with Wsdler
Icon
Using Intruder
Icon
Web app pentest with Vega
Icon
Exploring SearchSploit
Icon
Exploiting routers with RouterSploit
Icon
Using Metasploit
Icon
Automating Metasploit
Icon
Writing a custom resource script
Icon
Databases in Metasploit
4
Web App Exploitation – Beyond OWASP Top 10
Icon
Web App Exploitation – Beyond OWASP Top 10
Icon
Introduction
Icon
Exploiting XSS with XSS Validator
Icon
Injection attacks with sqlmap
Icon
Owning all .svn and .git repositories
Icon
Winning race conditions
Icon
Exploiting JBoss with JexBoss
Icon
Exploiting PHP Object Injection
Icon
Backdoors using web shells
Icon
Backdoors using meterpreters
5
Network Exploitation on Current Exploitation
Icon
Network Exploitation on Current Exploitation
Icon
Introduction
Icon
Man in the middle with hamster and ferret
Icon
Exploring the msfconsole
Icon
Railgun in Metasploit
Icon
Using the paranoid meterpreter
Icon
A tale of a bleeding heart
Icon
Redis exploitation
Icon
Say no to SQL – owning MongoDBs
Icon
Embedded device hacking
Icon
Elasticsearch exploit
Icon
Good old Wireshark
Icon
This is Sparta!
6
Wireless Attacks – Getting Past Aircrack-ng
Icon
Wireless Attacks – Getting Past Aircrack-ng
Icon
Introduction
7
Password Attacks – The Fault in Their Stars
Icon
Password Attacks – The Fault in Their Stars
Icon
Introduction
Icon
Identifying different types of hash in the wild!
Icon
Using hash-identifier
Icon
Cracking with patator
Icon
Cracking hashes online
Icon
Playing with John the ripper
Icon
Johnny Bravo!
Icon
Using cewl
Icon
Generating word list with crunch
8
Have Shell Now What?
chevron up
Icon
Have Shell Now What?
Icon
Introduction
Icon
Spawning a TTY Shell
Icon
Looking for weakness
Icon
Horizontal escalation
Icon
Vertical escalation
Icon
Node hopping – pivoting
Icon
Privilege escalation on Windows
Icon
Using PowerSploit
Icon
Pulling plaintext passwords with mimikatz
Icon
Dumping other saved passwords from the machine
Icon
Pivoting into the network
Icon
Backdooring for persistence
9
Buffer Overflows
Icon
Buffer Overflows
Icon
Introduction
Icon
Exploiting stack-based buffer overflows
Icon
Exploiting buffer overflow on real software
Icon
SEH bypass
Icon
Exploiting egg hunters
Icon
An overview of ASLR and NX bypass
10
Playing with Software-Defined Radios
Icon
Playing with Software-Defined Radios
Icon
Introduction
Icon
Radio frequency scanners
Icon
Hands-on with RTLSDR scanner
Icon
Playing around with gqrx
Icon
Kalibrating device for GSM tapping
Icon
Decoding ADS-B messages with Dump1090
11
Kali in Your Pocket – NetHunters and Raspberries
Icon
Kali in Your Pocket – NetHunters and Raspberries
Icon
Introduction
Icon
Installing Kali on Raspberry Pi
Icon
Installing NetHunter
Icon
Superman typing – HID attacks
Icon
Can I charge my phone?
Icon
Setting up an evil access point
12
Writing Reports
Icon
Writing Reports
Icon
Introduction
Icon
Generating reports using Dradis
Icon
Using MagicTree

Horizontal escalation

You have already learned how to spawn a TTY shell and perform enumeration. In this recipe, we will look at some of the methods where horizontal escalation can be done to gain more privileges on the system.

How to do it...

Here, we have a situation where we have got a reverse shell as www-data.

Running sudo –-list, we find that the user is allowed to open a configuration file as another user, waldo:

So, we open up the config file in VI Editor, and to get a shell in VI, we type this in the VI’s command line:

!bash

We now have a shell with the user waldo. So, our escalation was successful.

Note

In some cases, we may also find authorized keys in the ssh directory or saved passwords, that help us perform horizontal escalation.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 5
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY