You are previewing Mastering Kali Linux for Advanced Penetration Testing.
O'Reilly logo
Mastering Kali Linux for Advanced Penetration Testing

Book Description

This book will make you an expert in Kali Linux penetration testing. It covers all the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. Full of real-world examples – an indispensable manual.

In Detail

Mastering Kali Linux for Advanced Penetration Testing will teach you the kill chain perspective in assessing network security—from selecting the most effective tools, to rapidly compromising network security, to highlighting the techniques used to avoid detection.

This book will take you, as a tester, through the reconnaissance, exploitation, and post-exploitation activities used by penetration testers and hackers. After learning the hands-on techniques to perform an effective and covert attack, specific routes to the target will be examined, including bypassing physical security. You will also get to grips with concepts such as social engineering, attacking wireless networks, web services, and remote access connections. Finally, you will focus on the most vulnerable part of the network—directly attacking the end user.

This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology.

What You Will Learn

  • Employ the methods used by real hackers effectively, to ensure the most effective penetration testing of your network
  • Select and configure the most effective tools from Kali Linux to test network security
  • Employ stealth to avoid detection in the network being tested
  • Recognize when stealthy attacks are being used against your network
  • Exploit networks and data systems using wired and wireless networks as well as web services
  • Identify and download valuable data from target systems
  • Maintain access to compromised systems
  • Use social engineering to compromise the weakest part of the network—the end users
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Mastering Kali Linux for Advanced Penetration Testing
      1. Table of Contents
      2. Mastering Kali Linux for Advanced Penetration Testing
      3. Credits
      4. About the Author
      5. About the Reviewers
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. The "Kill Chain" approach to penetration testing
        2. What this book covers
        3. What you need for this book
        4. Who this book is for
        5. Conventions
        6. Reader feedback
        7. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. Disclaimer
      9. 1. The Attacker's Kill Chain
        1. 1. Starting with Kali Linux
          1. Kali Linux
          2. Configuring network services and secure communications
            1. Adjusting network proxy settings
            2. Securing communications with Secure Shell
          3. Updating Kali Linux
            1. The Debian package management system
              1. Packages and repositories
              2. Dpkg
              3. Using Advanced Packaging Tools
          4. Configuring and customizing Kali Linux
            1. Resetting the root password
            2. Adding a non-root user
            3. Speeding up Kali operations
            4. Sharing folders with Microsoft Windows
            5. Creating an encrypted folder with TrueCrypt
          5. Managing third-party applications
            1. Installing third-party applications
            2. Running third-party applications with non-root privileges
          6. Effective management of penetration tests
          7. Summary
        2. 2. Identifying the Target – Passive Reconnaissance
          1. Basic principles of reconnaissance
          2. Open Source intelligence
          3. DNS reconnaissance and route mapping
            1. WHOIS
            2. DNS reconnaissance
              1. IPv4
              2. IPv6
            3. Mapping the route to the target
          4. Obtaining user information
            1. Gathering names and e-mail addresses
            2. Gathering document metadata
          5. Profiling users for password lists
          6. Summary
        3. 3. Active Reconnaissance and Vulnerability Scanning
          1. Stealth scanning strategies
            1. Adjusting source IP stack and tool identification settings
            2. Modifying packet parameters
            3. Using proxies with anonymity networks (Tor and Privoxy)
          2. Identifying the network infrastructure
          3. Enumerating hosts
            1. Live host discovery
          4. Port, operating system, and service discovery
            1. Port scanning
            2. Fingerprinting the operating system
            3. Determining active services
          5. Employing comprehensive reconnaissance applications
            1. nmap
            2. The recon-ng framework
            3. Maltego
          6. Vulnerability scanning
          7. Summary
        4. 4. Exploit
          1. Threat modeling
          2. Using online and local vulnerability resources
            1. The Metasploit Framework
            2. Exploiting a vulnerable application
          3. Exploiting multiple targets with Armitage
            1. Team testing with Armitage
            2. Scripting the Armitage attack
          4. Bypassing IDs and antivirus detection
          5. Summary
        5. 5. Post Exploit – Action on the Objective
          1. Bypassing Windows User Account Control
          2. Conducting a rapid reconnaissance of a compromised system
            1. Using the WMIC scripting language
          3. Finding and taking sensitive data – pillaging the target
          4. Creating additional accounts
          5. Using Metasploit for post-exploit activities
          6. Escalating user privileges on a compromised host
          7. Replaying authentication tokens using incognito
            1. Manipulating access credentials with Windows Credential Editor
            2. Escalating from Administrator to SYSTEM
          8. Accessing new accounts with horizontal escalation
          9. Covering your tracks
          10. Summary
        6. 6. Post Exploit – Persistence
          1. Compromising the existing system and application files for remote access
            1. Remotely enabling the Telnet service
            2. Remotely enabling Windows Terminal Services
            3. Remotely enabling Virtual Network Computing
          2. Using persistent agents
            1. Employing Netcat as a persistent agent
          3. Maintaining persistence with the Metasploit Framework
            1. Using the metsvc script
            2. Using the persistence script
          4. Creating a standalone persistent agent with Metasploit
          5. Redirecting ports to bypass network controls
            1. Example 1 – simple port redirection
            2. Example 2 – bidirectional port redirection
          6. Summary
      10. 2. The Delivery Phase
        1. 7. Physical Attacks and Social Engineering
          1. Social Engineering Toolkit
            1. Spear Phishing Attack
            2. Using a website attack vector – Java Applet Attack Method
            3. Using a website attack vector – Credential Harvester Attack Method
            4. Using a website attack vector – Tabnabbing Attack Method
            5. Using a website attack vector - Multi-Attack Web Method
          2. Using the PowerShell alphanumeric shellcode injection attack
          3. Hiding executables and obfuscating the attacker's URL
          4. Escalating an attack using DNS redirection
          5. Physical access and hostile devices
            1. Raspberry Pi attack vectors
          6. Summary
        2. 8. Exploiting Wireless Communications
          1. Configuring Kali for wireless attacks
          2. Wireless reconnaissance
            1. Kismet
          3. Bypassing a Hidden Service Set Identifier
          4. Bypassing the MAC address authentication
          5. Compromising a WEP encryption
          6. Attacking WPA and WPA2
            1. Brute-force attacks
            2. Attacking wireless routers with Reaver
          7. Cloning an access point
          8. Denial-of-service attacks
          9. Summary
        3. 9. Reconnaissance and Exploitation of Web-based Applications
          1. Conducting reconnaissance of websites
          2. Vulnerability scanners
            1. Extending the functionality of traditional vulnerability scanners
            2. Extending the functionality of web browsers
            3. Web-service-specific vulnerability scanners
          3. Testing security with client-side proxies
          4. Server exploits
          5. Application-specific attacks
            1. Brute-forcing access credentials
            2. Injection attacks against databases
          6. Maintaining access with web backdoors
          7. Summary
        4. 10. Exploiting Remote Access Communications
          1. Exploiting operating system communication protocols
            1. Compromising Remote Desktop Protocol
            2. Compromising Secure Shell
          2. Exploiting third-party remote access applications
          3. Attacking Secure Sockets Layer
            1. Configuring Kali for SSLv2 scanning
            2. Reconnaissance of SSL connections
            3. Using sslstrip to conduct a man-in-the-middle attack
            4. Denial-of-service attacks against SSL
          4. Attacking an IPSec Virtual Private Network
            1. Scanning for VPN gateways
            2. Fingerprinting the VPN gateway
            3. Capturing pre-shared keys
            4. Performing offline PSK cracking
            5. Identifying default user accounts
          5. Summary
        5. 11. Client-side Exploitation
          1. Attacking a system using hostile scripts
            1. Conducting attacks using VBScript
            2. Attacking systems using Windows PowerShell
          2. The Cross-Site Scripting Framework
          3. The Brower Exploitation Framework – BeEF
            1. Installing and configuring the Browser Exploitation Framework
          4. A walkthrough of the BeEF browser
            1. Integrating BeEF and Metasploit attacks
            2. Using BeEF as a tunneling proxy
          5. Summary
        6. A. Installing Kali Linux
          1. Downloading Kali Linux
          2. Basic Installation of Kali Linux
            1. Installing Kali Linux to a virtual machine
            2. Full disk encryption and nuking the master key
          3. Setting up a test environment
            1. Vulnerable operating systems and applications
      11. Index