You are previewing Kali Linux 2 — Assuring Security by Penetration Testing, 3rd Edition.
O'Reilly logo
Kali Linux 2 — Assuring Security by Penetration Testing, 3rd Edition

Book Description

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!

About This Book

  • Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before
  • Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town–Kali Linux 2 (aka Sana).
  • Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smoother

Who This Book Is For

If you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.

What You Will Learn

  • Find out to download and install your own copy of Kali Linux
  • Properly scope and conduct the initial stages of a penetration test
  • Conduct reconnaissance and enumeration of target networks
  • Exploit and gain a foothold on a target system or network
  • Obtain and crack passwords
  • Use the Kali Linux NetHunter install to conduct wireless penetration testing
  • Create proper penetration testing reports

In Detail

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.

Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Style and approach

This practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
    1. Table of Contents
    2. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
    3. Credits
    4. Disclaimer
    5. About the Authors
    6. About the Reviewer
    7. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    8. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the color images of this book
        2. Errata
        3. Piracy
        4. Questions
    9. 1. Beginning with Kali Linux
      1. A brief history of Kali Linux
      2. Kali Linux tool categories
      3. Downloading Kali Linux
      4. Using Kali Linux
        1. Running Kali using Live DVD
        2. Installing on a hard disk
          1. Installing Kali on a physical machine
          2. Installing kali on a virtual machine
            1. Installing Kali on a virtual machine from the ISO image
            2. Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
        3. Saving or Moving the virtual machine
        4. Installing Kali on a USB disk
      5. Configuring the virtual machine
        1. VirtualBox Guest Additions
        2. Setting up Networking
          1. Setting up a wired connection
        3. Setting up a wireless connection
      6. Updating Kali Linux
      7. Network services in Kali Linux
        1. HTTP
        2. MySQL
        3. SSH
      8. Installing a vulnerable server
      9. Installing additional weapons
        1. Installing the Nessus vulnerability scanner
        2. Installing the Cisco password cracker
      10. Summary
    10. 2. Penetration Testing Methodology
      1. Types of penetration testing
        1. Black box testing
        2. White box testing
        3. Gray box testing
        4. Deciding on a test
      2. Vulnerability assessment versus penetration testing
      3. Security testing methodologies
        1. Open Source Security Testing Methodology Manual
          1. Key features and benefits of OSSTMM
        2. Information Systems Security Assessment Framework
          1. Key features and benefits of ISSAF
        3. Open Web Application Security Project
          1. Key features and benefits of OWASP
        4. Web Application Security Consortium Threat Classification
        5. Key features and benefits of WASC-TC
        6. Penetration Testing Execution Standard
        7. Key features and benefits of PTES
      4. General penetration testing framework
        1. Target scoping
      5. Information gathering
        1. Target discovery
        2. Enumerating target
        3. Vulnerability mapping
        4. Social engineering
        5. Target exploitation
        6. Privilege escalation
        7. Maintaining access
        8. Documentation and reporting
      6. The ethics
      7. Summary
    11. 3. Target Scoping
      1. Gathering client requirements
        1. Creating the customer requirements form
        2. The deliverables assessment form
      2. Preparing the test plan
        1. The test plan checklist
      3. Profiling test boundaries
      4. Defining business objectives
      5. Project management and scheduling
      6. Summary
    12. 4. Information Gathering
      1. Open Source Intelligence
      2. Using public resources
      3. Querying the domain registration information
      4. Analyzing the DNS records
        1. Host
        2. dig
        3. dnsenum
        4. fierce
        5. DMitry
        6. Maltego
      5. Getting network routing information
        1. tcptraceroute
        2. tctrace
      6. Utilizing the search engine
        1. theharvester
        2. SimplyEmail
      7. Metagoofil
      8. Accessing leaked information
        1. The Onion Router
        2. Installing the TOR Browser
      9. Summary
    13. 5. Target Discovery
      1. Starting off with target discovery
      2. Identifying the target machine
        1. ping
        2. arping
        3. fping
        4. hping3
        5. nping
        6. alive6
        7. detect-new-ip6
        8. passive_discovery6
        9. nbtscan
      3. OS fingerprinting
        1. p0f
        2. Nmap
      4. Summary
    14. 6. Enumerating Target
      1. Introducing port scanning
      2. Understanding the TCP/IP protocol
      3. Understanding the TCP and UDP message format
      4. The network scanner
        1. Nmap
        2. Nmap target specification
        3. Nmap TCP scan options
        4. Nmap UDP scan options
        5. Nmap port specification
        6. Nmap output options
        7. Nmap timing options
        8. Useful Nmap options
          1. Service version detection
          2. Operating system detection
          3. Disabling host discovery
          4. Aggressive scan
        9. Nmap for scanning the IPv6 target
        10. The Nmap scripting engine
        11. Nmap options for Firewall/IDS evasion
      5. Unicornscan
      6. Zenmap
      7. Amap
      8. SMB enumeration
      9. SNMP enumeration
        1. onesixtyone
        2. snmpcheck
      10. VPN enumeration
        1. ike-scan
      11. Summary
    15. 7. Vulnerability Mapping
      1. Types of vulnerabilities
        1. Local vulnerability
        2. Remote vulnerability
      2. Vulnerability taxonomy
      3. Automated vulnerability scanning
        1. Nessus
      4. Network vulnerability scanning
        1. Cisco analysis
        2. Cisco auditing tool
        3. Cisco global exploiter
        4. SMB analysis
        5. Impacket Samrdump
        6. SNMP analysis
        7. SNMP Walk
      5. Web application analysis
        1. Nikto2
        2. OWASP ZAP
        3. Burp Suite
        4. Paros proxy
        5. W3AF
        6. WafW00f
        7. WebScarab
      6. Fuzz analysis
        1. BED
        2. JBroFuzz
      7. Database assessment tools
        1. SQLMap
        2. SQL Ninja
      8. Summary
    16. 8. Social Engineering
      1. Modeling the human psychology
      2. Attack process
      3. Attack methods
        1. Impersonation
        2. Reciprocation
        3. Influential authority
        4. Scarcity
        5. Social relationship
        6. Curiosity
      4. Social Engineering Toolkit
        1. Anonymous USB Attack
      5. Summary
    17. 9. Target Exploitation
      1. Vulnerability research
      2. Vulnerability and exploit repositories
      3. Advanced exploitation toolkit
      4. MSFConsole
      5. MSFCLI
      6. Ninja 101 drills
        1. Scenario 1
        2. Scenario 2
          1. SMB usernames
          2. VNC blank authentication scanner
          3. PostGRESQL login
        3. Scenario 3
          1. Bind shell
          2. Reverse shell
          3. Meterpreter
        4. Scenario 4
          1. Generating a binary backdoor
          2. Automated browser exploitation
      7. Writing exploit modules
      8. Summary
    18. 10. Privilege Escalation
      1. Privilege escalation using a local exploit
      2. Password attack tools
        1. Offline attack tools
        2. hash-identifier
        3. Hashcat
        4. RainbowCrack
        5. samdump2
        6. John
        7. Johnny
        8. Ophcrack
        9. Crunch
        10. Online attack tools
        11. CeWL
        12. Hydra
        13. Medusa
        14. Mimikatz
      3. Network spoofing tools
        1. DNSChef
          1. Setting up a DNS proxy
          2. Faking a domain
        2. arpspoof
        3. Ettercap
      4. Network sniffers
        1. dsniff
        2. tcpdump
        3. Wireshark
      5. Summary
    19. 11. Maintaining Access
      1. Using operating system backdoors
        1. Cymothoa
        2. Intersect
        3. The meterpreter backdoor
      2. Working with tunneling tools
        1. dns2tcp
        2. iodine
        3. Configuring the DNS server
        4. Running the iodine server
        5. Running the iodine client
        6. ncat
        7. proxychains
        8. ptunnel
        9. socat
          1. Getting HTTP header information
          2. Transferring files
        10. sslh
        11. stunnel4
      3. Creating web backdoors
        1. WeBaCoo
        2. PHP meterpreter
      4. Summary
    20. 12. Wireless Penetration Testing
      1. Wireless networking
        1. Overview of 802.11
          1. Wired Equivalent Privacy Standard
          2. Wi-Fi Protected Access
      2. Wireless network recon
        1. Antennas
        2. Iwlist
        3. Kismet
        4. WAIDPS
      3. Wireless testing tools
        1. Aircrack-ng
          1. WPA Pre-shared Key cracking
          2. WEP cracking
        2. PixieWPS
        3. Wifite
        4. Fern Wifi Cracker
      4. Post cracking
        1. MAC spoofing
        2. Persistence
      5. Sniffing wireless traffic
        1. Sniffing WLAN traffic
        2. Passive sniffing
      6. Summary
    21. 13. Kali Nethunter
      1. Kali Nethunter
        1. Deployment
          1. Network deployment
          2. Wireless deployment
          3. Host deployment
      2. Installing Kali Nethunter
      3. Nethunter icons
      4. Nethunter tools
        1. Nmap
        2. Metasploit
        3. MAC changer
      5. Third-party applications
      6. Wireless attacks
        1. Wireless scanning
          1. Nethunter tools
          2. Third-party apps
        2. WPA/WPA2 cracking
        3. WPS cracking
        4. Evil AP attack
          1. Mana Evil AP
      7. HID attacks
      8. Summary
    22. 14. Documentation and Reporting
      1. Documentation and results verification
      2. Types of reports
      3. The executive report
      4. The management report
      5. The technical report
      6. Network penetration testing report (sample contents)
      7. Preparing your presentation
      8. Post-testing procedures
      9. Summary
    23. A. Supplementary Tools
      1. Reconnaissance tool
        1. Vulnerability scanner
        2. NeXpose Community Edition
        3. Installing NeXpose
        4. Starting the NeXpose community
        5. Logging in to the NeXpose community
        6. Using the NeXpose community
      2. Web application tools
        1. Vega
        2. BlindElephant
      3. Network tool
        1. Netcat
        2. Open connection
        3. Service banner grabbing
        4. Creating a simple chat server
        5. File transfer
        6. Port scanning
        7. Backdoor shell
        8. Reverse shell
      4. Summary
    24. B. Key Resources
      1. Vulnerability disclosure and tracking
      2. Paid incentive programs
      3. Reverse engineering resources
      4. Penetration testing learning resources
      5. Exploit development learning resources
      6. Penetration testing on a vulnerable environment
      7. Online web application challenges
      8. Virtual machines and ISO images
      9. Network ports
    25. Index