O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Book Description

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!

About This Book

  • Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before

  • Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town—Kali Linux 2 (aka Sana).

  • Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smoother

  • Who This Book Is For

    If you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.

    What You Will Learn

  • Find out to download and install your own copy of Kali Linux

  • Properly scope and conduct the initial stages of a penetration test

  • Conduct reconnaissance and enumeration of target networks

  • Exploit and gain a foothold on a target system or network

  • Obtain and crack passwords

  • Use the Kali Linux NetHunter install to conduct wireless penetration testing

  • Create proper penetration testing reports

  • In Detail

    Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.

    Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

    Style and approach

    This practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.

    Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
      1. Table of Contents
      2. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
      3. Credits
      4. Disclaimer
      5. About the Authors
      6. About the Reviewer
      7. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      9. 1. Beginning with Kali Linux
        1. A brief history of Kali Linux
        2. Kali Linux tool categories
        3. Downloading Kali Linux
        4. Using Kali Linux
          1. Running Kali using Live DVD
          2. Installing on a hard disk
            1. Installing Kali on a physical machine
            2. Installing kali on a virtual machine
              1. Installing Kali on a virtual machine from the ISO image
              2. Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
          3. Saving or Moving the virtual machine
          4. Installing Kali on a USB disk
        5. Configuring the virtual machine
          1. VirtualBox Guest Additions
          2. Setting up Networking
            1. Setting up a wired connection
          3. Setting up a wireless connection
        6. Updating Kali Linux
        7. Network services in Kali Linux
          1. HTTP
          2. MySQL
          3. SSH
        8. Installing a vulnerable server
        9. Installing additional weapons
          1. Installing the Nessus vulnerability scanner
          2. Installing the Cisco password cracker
        10. Summary
      10. 2. Penetration Testing Methodology
        1. Types of penetration testing
          1. Black box testing
          2. White box testing
          3. Gray box testing
          4. Deciding on a test
        2. Vulnerability assessment versus penetration testing
        3. Security testing methodologies
          1. Open Source Security Testing Methodology Manual
            1. Key features and benefits of OSSTMM
          2. Information Systems Security Assessment Framework
            1. Key features and benefits of ISSAF
          3. Open Web Application Security Project
            1. Key features and benefits of OWASP
          4. Web Application Security Consortium Threat Classification
          5. Key features and benefits of WASC-TC
          6. Penetration Testing Execution Standard
          7. Key features and benefits of PTES
        4. General penetration testing framework
          1. Target scoping
        5. Information gathering
          1. Target discovery
          2. Enumerating target
          3. Vulnerability mapping
          4. Social engineering
          5. Target exploitation
          6. Privilege escalation
          7. Maintaining access
          8. Documentation and reporting
        6. The ethics
        7. Summary
      11. 3. Target Scoping
        1. Gathering client requirements
          1. Creating the customer requirements form
          2. The deliverables assessment form
        2. Preparing the test plan
          1. The test plan checklist
        3. Profiling test boundaries
        4. Defining business objectives
        5. Project management and scheduling
        6. Summary
      12. 4. Information Gathering
        1. Open Source Intelligence
        2. Using public resources
        3. Querying the domain registration information
        4. Analyzing the DNS records
          1. Host
          2. dig
          3. dnsenum
          4. fierce
          5. DMitry
          6. Maltego
        5. Getting network routing information
          1. tcptraceroute
          2. tctrace
        6. Utilizing the search engine
          1. theharvester
          2. SimplyEmail
        7. Metagoofil
        8. Accessing leaked information
          1. The Onion Router
          2. Installing the TOR Browser
        9. Summary
      13. 5. Target Discovery
        1. Starting off with target discovery
        2. Identifying the target machine
          1. ping
          2. arping
          3. fping
          4. hping3
          5. nping
          6. alive6
          7. detect-new-ip6
          8. passive_discovery6
          9. nbtscan
        3. OS fingerprinting
          1. p0f
          2. Nmap
        4. Summary
      14. 6. Enumerating Target
        1. Introducing port scanning
        2. Understanding the TCP/IP protocol
        3. Understanding the TCP and UDP message format
        4. The network scanner
          1. Nmap
          2. Nmap target specification
          3. Nmap TCP scan options
          4. Nmap UDP scan options
          5. Nmap port specification
          6. Nmap output options
          7. Nmap timing options
          8. Useful Nmap options
            1. Service version detection
            2. Operating system detection
            3. Disabling host discovery
            4. Aggressive scan
          9. Nmap for scanning the IPv6 target
          10. The Nmap scripting engine
          11. Nmap options for Firewall/IDS evasion
        5. Unicornscan
        6. Zenmap
        7. Amap
        8. SMB enumeration
        9. SNMP enumeration
          1. onesixtyone
          2. snmpcheck
        10. VPN enumeration
          1. ike-scan
        11. Summary
      15. 7. Vulnerability Mapping
        1. Types of vulnerabilities
          1. Local vulnerability
          2. Remote vulnerability
        2. Vulnerability taxonomy
        3. Automated vulnerability scanning
          1. Nessus
        4. Network vulnerability scanning
          1. Cisco analysis
          2. Cisco auditing tool
          3. Cisco global exploiter
          4. SMB analysis
          5. Impacket Samrdump
          6. SNMP analysis
          7. SNMP Walk
        5. Web application analysis
          1. Nikto2
          2. OWASP ZAP
          3. Burp Suite
          4. Paros proxy
          5. W3AF
          6. WafW00f
          7. WebScarab
        6. Fuzz analysis
          1. BED
          2. JBroFuzz
        7. Database assessment tools
          1. SQLMap
          2. SQL Ninja
        8. Summary
      16. 8. Social Engineering
        1. Modeling the human psychology
        2. Attack process
        3. Attack methods
          1. Impersonation
          2. Reciprocation
          3. Influential authority
          4. Scarcity
          5. Social relationship
          6. Curiosity
        4. Social Engineering Toolkit
          1. Anonymous USB Attack
        5. Summary
      17. 9. Target Exploitation
        1. Vulnerability research
        2. Vulnerability and exploit repositories
        3. Advanced exploitation toolkit
        4. MSFConsole
        5. MSFCLI
        6. Ninja 101 drills
          1. Scenario 1
          2. Scenario 2
            1. SMB usernames
            2. VNC blank authentication scanner
            3. PostGRESQL login
          3. Scenario 3
            1. Bind shell
            2. Reverse shell
            3. Meterpreter
          4. Scenario 4
            1. Generating a binary backdoor
            2. Automated browser exploitation
        7. Writing exploit modules
        8. Summary
      18. 10. Privilege Escalation
        1. Privilege escalation using a local exploit
        2. Password attack tools
          1. Offline attack tools
          2. hash-identifier
          3. Hashcat
          4. RainbowCrack
          5. samdump2
          6. John
          7. Johnny
          8. Ophcrack
          9. Crunch
          10. Online attack tools
          11. CeWL
          12. Hydra
          13. Medusa
          14. Mimikatz
        3. Network spoofing tools
          1. DNSChef
            1. Setting up a DNS proxy
            2. Faking a domain
          2. arpspoof
          3. Ettercap
        4. Network sniffers
          1. dsniff
          2. tcpdump
          3. Wireshark
        5. Summary
      19. 11. Maintaining Access
        1. Using operating system backdoors
          1. Cymothoa
          2. Intersect
          3. The meterpreter backdoor
        2. Working with tunneling tools
          1. dns2tcp
          2. iodine
          3. Configuring the DNS server
          4. Running the iodine server
          5. Running the iodine client
          6. ncat
          7. proxychains
          8. ptunnel
          9. socat
            1. Getting HTTP header information
            2. Transferring files
          10. sslh
          11. stunnel4
        3. Creating web backdoors
          1. WeBaCoo
          2. PHP meterpreter
        4. Summary
      20. 12. Wireless Penetration Testing
        1. Wireless networking
          1. Overview of 802.11
            1. Wired Equivalent Privacy Standard
            2. Wi-Fi Protected Access
        2. Wireless network recon
          1. Antennas
          2. Iwlist
          3. Kismet
          4. WAIDPS
        3. Wireless testing tools
          1. Aircrack-ng
            1. WPA Pre-shared Key cracking
            2. WEP cracking
          2. PixieWPS
          3. Wifite
          4. Fern Wifi Cracker
        4. Post cracking
          1. MAC spoofing
          2. Persistence
        5. Sniffing wireless traffic
          1. Sniffing WLAN traffic
          2. Passive sniffing
        6. Summary
      21. 13. Kali Nethunter
        1. Kali Nethunter
          1. Deployment
            1. Network deployment
            2. Wireless deployment
            3. Host deployment
        2. Installing Kali Nethunter
        3. Nethunter icons
        4. Nethunter tools
          1. Nmap
          2. Metasploit
          3. MAC changer
        5. Third-party applications
        6. Wireless attacks
          1. Wireless scanning
            1. Nethunter tools
            2. Third-party apps
          2. WPA/WPA2 cracking
          3. WPS cracking
          4. Evil AP attack
            1. Mana Evil AP
        7. HID attacks
        8. Summary
      22. 14. Documentation and Reporting
        1. Documentation and results verification
        2. Types of reports
        3. The executive report
        4. The management report
        5. The technical report
        6. Network penetration testing report (sample contents)
        7. Preparing your presentation
        8. Post-testing procedures
        9. Summary
      23. A. Supplementary Tools
        1. Reconnaissance tool
          1. Vulnerability scanner
          2. NeXpose Community Edition
          3. Installing NeXpose
          4. Starting the NeXpose community
          5. Logging in to the NeXpose community
          6. Using the NeXpose community
        2. Web application tools
          1. Vega
          2. BlindElephant
        3. Network tool
          1. Netcat
          2. Open connection
          3. Service banner grabbing
          4. Creating a simple chat server
          5. File transfer
          6. Port scanning
          7. Backdoor shell
          8. Reverse shell
        4. Summary
      24. B. Key Resources
        1. Vulnerability disclosure and tracking
        2. Paid incentive programs
        3. Reverse engineering resources
        4. Penetration testing learning resources
        5. Exploit development learning resources
        6. Penetration testing on a vulnerable environment
        7. Online web application challenges
        8. Virtual machines and ISO images
        9. Network ports
      25. Index