You are previewing Kali Linux – Assuring Security by Penetration Testing.
O'Reilly logo
Kali Linux – Assuring Security by Penetration Testing

Book Description

With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals.

In Detail

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.

Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

What You Will Learn

  • Develop the Kali Linux environment in your test lab by installing, configuring, running, and updating its core system components
  • Perform a formal Kali Linux testing methodology
  • Scope your target with definitive test requirements, limitations, business objectives, and schedule the test plan
  • Exercise a number of security tools from Kali Linux, logically divided into subcategories of testing methodology
  • Practice the processes of reconnaissance, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and maintaining access to target for evaluation purposes
  • Document, report, and present your verified test results to the relevant authorities in a formal reporting structure
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Kali Linux – Assuring Security by Penetration Testing
      1. Table of Contents
      2. Kali Linux – Assuring Security by Penetration Testing
      3. Credits
      4. About the Authors
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Disclaimer
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      9. I. Lab Preparation and Testing Procedures
        1. 1. Beginning with Kali Linux
          1. A brief history of Kali Linux
          2. Kali Linux tool categories
          3. Downloading Kali Linux
          4. Using Kali Linux
            1. Running Kali using Live DVD
            2. Installing on a hard disk
              1. Installing Kali on a physical machine
              2. Installing Kali on a virtual machine
                1. Installing Kali on a virtual machine from the ISO image
                2. Installing Kali in a virtual machine using the provided Kali VM image
            3. Installing Kali on a USB disk
          5. Configuring the virtual machine
            1. VirtualBox guest additions
            2. Setting up networking
              1. Setting up a wired connection
              2. Setting up a wireless connection
              3. Starting the network service
            3. Configuring shared folders
            4. Saving the guest machine state
            5. Exporting a virtual machine
          6. Updating Kali Linux
          7. Network services in Kali Linux
            1. HTTP
            2. MySQL
            3. SSH
          8. Installing a vulnerable server
          9. Installing additional weapons
            1. Installing the Nessus vulnerability scanner
            2. Installing the Cisco password cracker
          10. Summary
        2. 2. Penetration Testing Methodology
          1. Types of penetration testing
            1. Black box testing
            2. White box testing
          2. Vulnerability assessment versus penetration testing
          3. Security testing methodologies
            1. Open Source Security Testing Methodology Manual (OSSTMM)
              1. Key features and benefits
            2. Information Systems Security Assessment Framework (ISSAF)
              1. Key features and benefits
            3. Open Web Application Security Project (OWASP)
              1. Key features and benefits
            4. Web Application Security Consortium Threat Classification (WASC-TC)
              1. Key features and benefits
          4. Penetration Testing Execution Standard (PTES)
            1. Key features and benefits
          5. General penetration testing framework
            1. Target scoping
            2. Information gathering
            3. Target discovery
            4. Enumerating target
            5. Vulnerability mapping
            6. Social engineering
            7. Target exploitation
            8. Privilege escalation
            9. Maintaining access
            10. Documentation and reporting
          6. The ethics
          7. Summary
      10. II. Penetration Testers Armory
        1. 3. Target Scoping
          1. Gathering client requirements
            1. Creating the customer requirements form
            2. The deliverables assessment form
          2. Preparing the test plan
            1. The test plan checklist
          3. Profiling test boundaries
          4. Defining business objectives
          5. Project management and scheduling
          6. Summary
        2. 4. Information Gathering
          1. Using public resources
          2. Querying the domain registration information
          3. Analyzing the DNS records
            1. host
            2. dig
            3. dnsenum
            4. dnsdict6
            5. fierce
            6. DMitry
            7. Maltego
          4. Getting network routing information
            1. tcptraceroute
            2. tctrace
          5. Utilizing the search engine
            1. theharvester
            2. Metagoofil
          6. Summary
        3. 5. Target Discovery
          1. Starting off with target discovery
          2. Identifying the target machine
            1. ping
            2. arping
            3. fping
            4. hping3
            5. nping
            6. alive6
            7. detect-new-ip6
            8. passive_discovery6
            9. nbtscan
          3. OS fingerprinting
            1. p0f
            2. Nmap
          4. Summary
        4. 6. Enumerating Target
          1. Introducing port scanning
            1. Understanding the TCP/IP protocol
            2. Understanding the TCP and UDP message format
          2. The network scanner
            1. Nmap
              1. Nmap target specification
              2. Nmap TCP scan options
              3. Nmap UDP scan options
              4. Nmap port specification
              5. Nmap output options
              6. Nmap timing options
              7. Nmap useful options
                1. Service version detection
                2. Operating system detection
                3. Disabling host discovery
                4. Aggressive scan
              8. Nmap for scanning the IPv6 target
              9. The Nmap scripting engine
              10. Nmap options for Firewall/IDS evasion
            2. Unicornscan
            3. Zenmap
            4. Amap
          3. SMB enumeration
          4. SNMP enumeration
            1. onesixtyone
            2. snmpcheck
          5. VPN enumeration
            1. ike-scan
          6. Summary
        5. 7. Vulnerability Mapping
          1. Types of vulnerabilities
            1. Local vulnerability
            2. Remote vulnerability
          2. Vulnerability taxonomy
          3. Open Vulnerability Assessment System (OpenVAS)
            1. Tools used by OpenVAS
          4. Cisco analysis
            1. Cisco auditing tool
            2. Cisco global exploiter
          5. Fuzz analysis
            1. BED
            2. JBroFuzz
          6. SMB analysis
            1. Impacket Samrdump
          7. SNMP analysis
            1. SNMP Walk
          8. Web application analysis
            1. Database assessment tools
              1. DBPwAudit
              2. SQLMap
              3. SQL Ninja
            2. Web application assessment
              1. Burp Suite
              2. Nikto2
              3. Paros proxy
              4. W3AF
              5. WafW00f
              6. WebScarab
          9. Summary
        6. 8. Social Engineering
          1. Modeling the human psychology
          2. Attack process
          3. Attack methods
            1. Impersonation
            2. Reciprocation
            3. Influential authority
          4. Scarcity
          5. Social relationship
          6. Social Engineering Toolkit (SET)
            1. Targeted phishing attack
          7. Summary
        7. 9. Target Exploitation
          1. Vulnerability research
          2. Vulnerability and exploit repositories
          3. Advanced exploitation toolkit
            1. MSFConsole
            2. MSFCLI
            3. Ninja 101 drills
              1. Scenario 1
              2. Scenario 2
                1. SNMP community scanner
                2. VNC blank authentication scanner
                3. IIS6 WebDAV unicode auth bypass
              3. Scenario 3
                1. Bind shell
                2. Reverse shell
                3. Meterpreter
              4. Scenario 4
                1. Generating a binary backdoor
                2. Automated browser exploitation
            4. Writing exploit modules
          4. Summary
        8. 10. Privilege Escalation
          1. Privilege escalation using a local exploit
          2. Password attack tools
            1. Offline attack tools
              1. hash-identifier
              2. Hashcat
              3. RainbowCrack
              4. samdump2
              5. John
              6. Johnny
              7. Ophcrack
              8. Crunch
            2. Online attack tools
              1. CeWL
              2. Hydra
              3. Medusa
          3. Network spoofing tools
            1. DNSChef
              1. Setting up a DNS proxy
              2. Faking a domain
            2. arpspoof
            3. Ettercap
          4. Network sniffers
            1. dsniff
            2. tcpdump
            3. Wireshark
          5. Summary
        9. 11. Maintaining Access
          1. Using operating system backdoors
            1. Cymothoa
            2. Intersect
            3. The meterpreter backdoor
          2. Working with tunneling tools
            1. dns2tcp
            2. iodine
              1. Configuring the DNS server
              2. Running the iodine server
              3. Running the iodine client
            3. ncat
            4. proxychains
            5. ptunnel
            6. socat
              1. Getting HTTP header information
              2. Transferring files
            7. sslh
            8. stunnel4
          3. Creating web backdoors
            1. WeBaCoo
            2. weevely
            3. PHP meterpreter
          4. Summary
        10. 12. Documentation and Reporting
          1. Documentation and results verification
          2. Types of reports
            1. The executive report
            2. The management report
            3. The technical report
          3. Network penetration testing report (sample contents)
          4. Preparing your presentation
          5. Post-testing procedures
          6. Summary
      11. III. Extra Ammunition
        1. A. Supplementary Tools
          1. Reconnaissance tool
          2. Vulnerability scanner
            1. NeXpose Community Edition
              1. Installing NeXpose
              2. Starting the NeXpose community
              3. Logging in to the NeXpose community
              4. Using the NeXpose community
          3. Web application tools
            1. Golismero
            2. Arachni
            3. BlindElephant
          4. Network tool
            1. Netcat
              1. Open connection
              2. Service banner grabbing
              3. Simple chat server
              4. File transfer
              5. Portscanning
              6. Backdoor shell
              7. Reverse shell
          5. Summary
        2. B. Key Resources
          1. Vulnerability disclosure and tracking
            1. Paid incentive programs
          2. Reverse engineering resources
          3. Penetration testing learning resources
          4. Exploit development learning resources
          5. Penetration testing on a vulnerable environment
            1. Online web application challenges
            2. Virtual machines and ISO images
          6. Network ports
      12. Index