You are previewing Kali Linux 2: Windows Penetration Testing.
O'Reilly logo
Kali Linux 2: Windows Penetration Testing

Book Description

Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers

About This Book

  • Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux

  • Footprint, monitor, and audit your network and investigate any ongoing infestations

  • Customize Kali Linux with this professional guide so it becomes your pen testing toolkit

  • Who This Book Is For

    If you are a working ethical hacker who is looking to expand the offensive skillset with a thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about Linux operating systems and the BASH terminal emulator along with Windows desktop and command line would be highly beneficial.

    What You Will Learn

  • Set up Kali Linux for pen testing

  • Map and enumerate your Windows network

  • Exploit several common Windows network vulnerabilities

  • Attack and defeat password schemes on Windows

  • Debug and reverse-engineer Windows programs

  • Recover lost files, investigate successful hacks and discover hidden data in innocent-looking files

  • Catch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is done

  • In Detail

    Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS.

    This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important.

    Thus, you not only learn penetrating in the machine you also learn Windows privilege’s escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network.

    Style and approach

    This book is a hands-on guide for Kali Linux pen testing. This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology. The book uses easy-to-understand yet professional language for explaining concepts.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the code file.

    Table of Contents

    1. Kali Linux 2: Windows Penetration Testing
      1. Table of Contents
      2. Kali Linux 2: Windows Penetration Testing
      3. Credits
      4. About the Authors
      5. About the Reviewer
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Sharpening the Saw
        1. Installing Kali Linux to an encrypted USB drive
          1. Prerequisites for installation
          2. Booting Up
          3. Installing configuration
          4. Setting up the drive
          5. Booting your new installation of Kali
        2. Running Kali from the live CD
        3. Installing and configuring applications
          1. Gedit – the Gnome text editor
          2. Terminator – the terminal emulator for multitasking
          3. EtherApe – the graphical protocol analysis tool
        4. Setting up and configuring OpenVAS
        5. Reporting the tests
          1. KeepNote – the standalone document organizer
          2. Dradis – the web-based document organizer
        6. Running services on Kali Linux
        7. Exploring the Kali Linux Top 10 and more
        8. Summary
      9. 2. Information Gathering and Vulnerability Assessment
        1. Footprinting the network
          1. Exploring the network with Nmap
          2. Zenmap
          3. The difference verbosity makes
          4. Scanning a network range
        2. Where can you find instructions on this thing?
        3. A return to OpenVAS
        4. Using Maltego
        5. Using Unicorn-Scan
        6. Monitoring resource use with Htop
        7. Monkeying around the network
        8. Summary
      10. 3. Exploitation Tools (Pwnage)
        1. Choosing the appropriate time and tool
        2. Choosing the right version of Metasploit
        3. Starting Metasploit
        4. Creating workspaces to organize your attack
        5. Using the hosts and services commands
        6. Using advanced footprinting
          1. Interpreting the scan and building on the result
          2. Exploiting poor patch management
          3. Finding out whether anyone is home
        7. Using the pivot
          1. Mapping the network to pivot
        8. Creating the attack path
          1. Grabbing system on the target
          2. Setting Up the route
          3. Exploring the inner network
          4. Abusing the Windows NET USE command
            1. Adding a Windows user from the command line
        9. Summary
      11. 4. Web Application Exploitation
        1. Surveying the webscape
          1. Concept of Robots.txt
          2. Concept of .htaccess
          3. Quick solutions to cross-site scripting
          4. Reducing buffer overflows
          5. Avoiding SQL injection
        2. Arm yourself with Armitage
          1. Working with a single known host
          2. Discovering new machines with NMap
        3. Zinging Windows servers with OWASP ZAP
          1. Using ZAP as an attack proxy
          2. Reading the ZAP interface
        4. Search and destroy with Burp Suite
          1. Targeting the test subject
          2. Using Burp Suite as a Proxy
            1. Installing the Burp Suite security certificate
          3. Spidering a site with Burp Spider
        5. Summary
      12. 5. Sniffing and Spoofing
        1. Sniffing and spoofing network traffic
        2. Sniffing network traffic
          1. Basic sniffing with tcpdump
          2. More basic sniffing with WinDump (Windows tcpdump)
          3. Packet hunting with Wireshark
            1. Dissecting the packet
            2. Swimming with Wireshark
        3. Spoofing network traffic
          1. Ettercap
            1. Using Ettercap on the command line
        4. Summary
      13. 6. Password Attacks
        1. Password attack planning
          1. Cracking the NTLM code (Revisited)
          2. Password lists
          3. Cleaning a password list
        2. My friend Johnny
        3. John the Ripper (command line)
        4. xHydra
        5. Adding a tool to the main menu in Kali 2.x
        6. Summary
      14. 7. Windows Privilege Escalation
        1. Gaining access with Metasploit
        2. Replacing the executable
        3. Local privilege escalation with a standalone tool
        4. Escalating privileges with physical access
          1. Robbing the Hives with samdump2
          2. Owning the registry with chntpw
        5. Weaseling in with Weevely
          1. Preparing to use Weevely
          2. Creating an agent
          3. Testing Weevely locally
          4. Testing Weevely on a Windows server
            1. Getting help in Weevely
            2. Getting the system info
            3. Using filesystem commands in Weevely
            4. Writing into files
        6. Summary
      15. 8. Maintaining Remote Access
        1. Maintaining access
          1. Covering our tracks
        2. Maintaining access with Ncat
          1. Phoning Home with Metasploit
        3. The Dropbox
        4. Cracking the NAC (Network Access Controller)
        5. Creating a Spear-Phishing Attack with the Social Engineering Toolkit
        6. Using Backdoor-Factory to Evade Antivirus
        7. Summary
      16. 9. Reverse Engineering and Stress Testing
        1. Setting up a test environment
          1. Creating your victim machine(s)
          2. Testing your testing environment
        2. Reverse engineering theory
          1. One general theory of reverse engineering
        3. Working with Boolean logic
          1. Reviewing a while loop structure
          2. Reviewing the for loop structure
            1. Understanding the decision points
        4. Practicing reverse engineering
          1. Demystifying debuggers
            1. Using the Valgrind Debugger to discover memory leaks
            2. Translating your app to assembler with the EDB-Debugger
            3. EDB-Debugger symbol mapper
            4. Running OllyDbg
          2. Introduction to disassemblers
            1. Running JAD
            2. Create your own disassembling code with Capstone
          3. Some miscellaneous reverse engineering tools
            1. Running Radare2
          4. Additional members of the Radare2 tool suite
            1. Running rasm2
            2. Running rahash2
            3. Running radiff2
            4. Running rafind2
            5. Running rax2
        5. Stresstesting Windows
          1. Dealing with Denial
          2. Putting the network under Siege
          3. Configuring your Siege engine
        6. Summary
      17. 10. Forensics
        1. Getting into Digital Forensics
        2. Exploring Guymager
          1. Starting Kali for Forensics
          2. Acquiring a drive to be legal evidence
          3. Cloning With Guymager
        3. Diving into Autopsy
        4. Mounting image files
        5. Summary
      18. Index