Mastering Kali Linux for Advanced Penetration Testing - Second Edition

Mastering Kali Linux for Advanced Penetration Testing - Second Edition

by Vijay Kumar Velu
Released June 2017
Publisher(s): Packt Publishing
ISBN: 9781787120235

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration testers and hackers.

About This Book

  • Employ advanced pentesting techniques with Kali Linux to build highly-secured systems

  • Get to grips with various stealth techniques to remain undetected and defeat the latest defenses and follow proven approaches

  • Select and configure the most effective tools from Kali Linux to test network security and prepare your business against malicious threats and save costs

    • Who This Book Is For

    Penetration Testers, IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you.Some prior exposure to basics of penetration testing/ethical hacking would be helpful in making the most out of this title.

    What You Will Learn

  • Select and configure the most effective tools from Kali Linux to test network security

  • Employ stealth to avoid detection in the network being tested

  • Recognize when stealth attacks are being used against your network

  • Exploit networks and data systems using wired and wireless networks as well as web services

  • Identify and download valuable data from target systems

  • Maintain access to compromised systems

  • Use social engineering to compromise the weakest part of the network—the end users

    • In Detail

    This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers.

    We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media.

    You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing

    Style and approach

    An advanced level tutorial that follows a practical approach and proven methods to maintain top notch security of your networks.

    Table of contents

    1. Title Page
      1. Second Edition
    2. Copyright
      1. Mastering Kali Linux for Advanced Penetration Testing
        1. Second Edition
    3. Credits
    4. About the Author
    5. About the Reviewer
    6. www.PacktPub.com
      1. Why subscribe?
    7. Customer Feedback
    8. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Downloading the color images of this book
        3. Errata
        4. Piracy
        5. Questions
    9. Goal-Based Penetration Testing
      1. Conceptual overview of security testing
      2. Classical failures of vulnerability scanning, penetration testing, and red team exercises
      3. The testing methodology
      4. Introduction to Kali Linux – history and purpose
      5. Installing and updating Kali
      6. Using Kali from a portable device
      7. Installing Kali into a virtual machine
        1. VMware Workstation Player
      8. VirtualBox
      9. Installing to a Docker appliance
      10. Installing Kali to the cloud – creating an AWS instance
      11. Organizing Kali
      12. Configuring and customizing Kali
        1. Resetting the root password
        2. Adding a non-root user
        3. Speeding up Kali operations
        4. Sharing folders with the host operating system
        5. Using Bash scripts to customize Kali
        6. Building a verification lab
        7. Setting up a virtual network with Active Directory
        8. Installing defined targets
        9. Metasploitable3
        10. Mutillidae
        11. Managing collaborative penetration testing using Faraday
      13. Summary
    10. Open Source Intelligence and Passive Reconnaissance
      1. Basic principles of reconnaissance
        1. OSINT
        2. Offensive OSINT
        3. Maltego
        4. CaseFile
        5. Google caches
        6. Scraping
        7. Gathering usernames and email addresses
        8. Obtaining user information
        9. Shodan and censys.io
      2. Google Hacking Database
        1. Using dork script to query Google
        2. DataDump sites
        3. Using scripts to automatically gather OSINT data
        4. Defensive OSINT
          1. Dark Web
          2. Security breaches
          3. Threat intelligence
        5. Profiling users for password lists
      3. Creating custom word lists for cracking passwords
        1. Using CeWL to map a website
        2. Extracting words from Twitter using Twofi
      4. Summary
    11. Active Reconnaissance of External and Internal Networks
      1. Stealth scanning strategies
        1. Adjusting the source IP stack and tool identification settings
        2. Modifying packet parameters
        3. Using proxies with anonymity networks
      2. DNS reconnaissance and route mapping
        1. The whois command
      3. Employing comprehensive reconnaissance applications
        1. The recon-ng framework
          1. IPv4
          2. IPv6
        2. Using IPv6 - specific tools
        3. Mapping the route to the target
      4. Identifying the external network infrastructure
      5. Mapping beyond the firewall
      6. IDS/IPS identification
      7. Enumerating hosts
        1. Live host discovery
      8. Port, operating system, and service discovery
        1. Port scanning
      9. Writing your own port scanner using netcat
        1. Fingerprinting the operating system
        2. Determining active services
      10. Large-scale scanning
        1. DHCP information
        2. Identification and enumeration of internal network hosts
        3. Native MS Windows commands
        4. ARP broadcasting
        5. Ping sweep
        6. Using scripts to combine Masscan and nmap scans
        7. Taking advantage of SNMP
        8. Windows account information via Server Message Block (SMB) sessions
        9. Locating network shares
        10. Reconnaissance of active directory domain servers
        11. Using comprehensive tools (SPARTA)
        12. An example to configure SPARTA
      11. Summary
    12. Vulnerability Assessment
      1. Vulnerability nomenclature
      2. Local and online vulnerability databases
      3. Vulnerability scanning with nmap
        1. Introduction to LUA scripting
        2. Customizing NSE scripts
      4. Web application vulnerability scanners
        1. Introduction to Nikto and Vega
        2. Customizing Nikto and Vega
      5. Vulnerability scanners for mobile applications
      6. The OpenVAS network vulnerability scanner
        1. Customizing OpenVAS
      7. Specialized scanners
      8. Threat modeling
      9. Summary
    13. Physical Security and Social Engineering
      1. Methodology and attack methods
        1. Computer-based attacks
        2. Voice-based
        3. Physical attacks
      2. Physical attacks at the console
        1. Samdump2 and chntpw
        2. Sticky Keys
        3. Attacking system memory with Inception
      3. Creating a rogue physical device
        1. Microcomputer-based attack agents
      4. The Social Engineering Toolkit (SET)
        1. Using a website attack vector – the credential harvester attack method
        2. Using a website attack vector – the tabnabbing attack method
        3. Using the PowerShell alphanumeric shellcode injection attack
        4. HTA attack
      5. Hiding executables and obfuscating the attacker's URL
      6. Escalating an attack using DNS redirection
        1. Spear phishing attack
        2. Setting up a phishing campaign with Phishing Frenzy
      7. Launching a phishing attack
      8. Summary
    14. Wireless Attacks
      1. Configuring Kali for wireless attacks
      2. Wireless reconnaissance
        1. Kismet
      3. Bypassing a hidden SSID
      4. Bypassing MAC address authentication and open authentication
      5. Attacking WPA and WPA2
        1. Brute-force attacks
        2. Attacking wireless routers with Reaver
      6. DoS attacks against wireless communications
      7. Compromising enterprise implementations of WPA/WPA2
      8. Working with Ghost Phisher
      9. Summary
    15. Reconnaissance and Exploitation of Web-Based Applications
      1. Methodology
      2. Hackers mindmap
      3. Conducting reconnaissance of websites
        1. Detection of web application firewall and load balancers
        2. Fingerprinting a web application and CMS
        3. Mirroring a website from the command line
      4. Client-side proxies
        1. Burp Proxy
        2. Extending the functionality of web browsers
        3. Web crawling and directory brute-force attacks
        4. Web-service-specific vulnerability scanners
      5. Application-specific attacks
        1. Brute-forcing access credentials
        2. OS command injection using commix
        3. Injection attacks against databases
      6. Maintaining access with web shells
      7. Summary
    16. Attacking Remote Access
      1. Exploiting vulnerabilities in communication protocols
        1. Compromising Remote Desktop Protocol (RDP)
        2. Compromising secure shell
        3. Compromising remote access protocols (VNC)
      2. Attacking Secure Sockets Layer (SSL)
        1. Weaknesses and vulnerabilities in the SSL protocol
          1. Browser Exploit Against SSL and TLS (BEAST)
          2. Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)
          3. Compression Ratio Info-leak Made Easy (CRIME)
          4. Factoring Attack on RSA-EXPORT Keys (FREAK)
          5. Heartbleed
          6. Insecure TLS renegotiation
          7. Logjam attack
          8. Padding Oracle On Demanded Legacy Encryption (POODLE)
        2. Introduction to Testssl
        3. Reconnaissance of SSL connections
        4. Using sslstrip to conduct a man-in-the-middle attack
        5. Denial-of-service attacks against SSL
      3. Attacking an IPSec virtual private network
        1. Scanning for VPN gateways
        2. Fingerprinting the VPN gateway
        3. Capturing pre-shared keys
        4. Performing offline PSK cracking
        5. Identifying default user accounts
      4. Summary
    17. Client-Side Exploitation
      1. Backdooring executable files
      2. Attacking a system using hostile scripts
        1. Conducting attacks using VBScript
        2. Attacking systems using Windows PowerShell
      3. The Cross-Site Scripting Framework (XSSF)
      4. The Browser Exploitation Framework (BeEF)
        1. Configuring BeEF
      5. Understanding the BeEF browser
        1. Integrating BeEF and Metasploit attacks
        2. Using BeEF as a tunneling proxy
      6. Summary
    18. Bypassing Security Controls
      1. Bypassing Network Access Control (NAC)
        1. Pre-admission NAC
          1. Adding new elements
          2. Identifying the rules
            1. Exceptions
            2. Quarantine rules
          3. Disabling endpoint security
            1. Preventing remediation
            2. Adding exceptions
        2. Post-admission NAC
          1. Bypassing isolation
          2. Detecting HoneyPot
      2. Bypassing antivirus using different frameworks
        1. Using the Veil framework
        2. Using Shellter
      3. Bypassing application-level controls
        1. Tunneling past client-side firewalls using SSH
          1. Inbound to outbound
          2. Bypassing URL filtering mechanisms
          3. Outbound to inbound
        2. Defeating application whitelisting
      4. Bypassing Windows-specific operating system controls
        1. Enhanced Migration Experience Toolkit (EMET)
        2. User Account Control (UAC)
        3. Other Windows-specific operating system controls
          1. Access and authorization
          2. Encryption
          3. System security
          4. Communications security
          5. Auditing and logging
      5. Summary
    19. Exploitation
      1. The Metasploit framework
        1. Libraries
          1. REX
          2. Framework – core
          3. Framework – base
        2. Interfaces
        3. Modules
        4. Database setup and configuration
      2. Exploiting targets using Metasploit Framework
        1. Single targets using a simple reverse shell
        2. Single targets using a reverse shell with a PowerShell attack vector
      3. Exploiting multiple targets using Metasploit Framework resource files
      4. Exploiting multiple targets with Armitage
      5. Using public exploits
        1. Locating and verifying publicly available exploits
        2. Compiling and using exploits
          1. Compiling C files
          2. Adding the exploits that are written using Metasploit Framework as a base
      6. Developing a Windows exploit
        1. Identifying a vulnerability using fuzzing
        2. Crafting a Windows-specific exploit
      7. Summary
    20. Action on the Objective
      1. Activities on the compromised local system
        1. Conducting a rapid reconnaissance of a compromised system
        2. Finding and taking sensitive data – pillaging the target
          1. Creating additional accounts
        3. Post-exploitation tools (MSF, the Veil-Pillage framework, scripts)
        4. Veil-Pillage
      2. Horizontal escalation and lateral movement
        1. Compromising domain trusts and shares
        2. PsExec, WMIC, and other tools
          1. WMIC
        3. Lateral movement using services
        4. Pivoting and port forwarding
          1. Using Proxychains
      3. Summary
    21. Privilege Escalation
      1. Overview of common escalation methodology
      2. Local system escalation
        1. Escalating from administrator to system
        2. DLL injection
        3. PowerShell's Empire tool
      3. Credential harvesting and escalation attacks
        1. Password sniffers
        2. Responder
        3. SMB relay attacks
      4. Escalating access rights in Active Directory
      5. Compromising Kerberos – the golden ticket attack
      6. Summary
    22. Command and Control
      1. Using persistent agents
        1. Employing Netcat as a persistent agent
        2. Using schtasks to configure a persistent task
        3. Maintaining persistence with the Metasploit framework
        4. Using the persistence script
        5. Creating a standalone persistent agent with Metasploit
        6. Persistence using social media and Gmail
      2. Exfiltration of data
        1. Using existing system services (Telnet, RDP, and VNC)
        2. Exfiltration of data using the DNS protocol
        3. Exfiltration of data using ICMP
        4. Using the Data Exfiltration Toolkit (DET)
        5. Exfiltration from PowerShell
        6. Hiding evidence of the attack
      3. Summary

    Product information

    • Title: Mastering Kali Linux for Advanced Penetration Testing - Second Edition
    • Author(s): Vijay Kumar Velu
    • Release date: June 2017
    • Publisher(s): Packt Publishing
    • ISBN: 9781787120235