41,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers
About This Book
- Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux
- Footprint, monitor, and audit your network and investigate any ongoing infestations
- Customize Kali Linux with this professional guide so it becomes your pen testing toolkit
Who This Book Is For
If you are a working ethical hacker who is looking to expand the offensive skillset with a thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about Linux operating systems and the BASH terminal emulator along with Windows desktop and command line would be highly beneficial.
What You Will Learn
- Set up Kali Linux for pen testing
- Map and enumerate your Windows network
- Exploit several common Windows network vulnerabilities
- Attack and defeat password schemes on Windows
- Debug and reverse-engineer Windows programs
- Recover lost files, investigate successful hacks and discover hidden data in innocent-looking files
- Catch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is done
In Detail
Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS.
This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important.
Thus, you not only learn penetrating in the machine you also learn Windows privilege's escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network.
Style and approach
This book is a hands-on guide for Kali Linux pen testing. This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology. The book uses easy-to-understand yet professional language for explaining concepts.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 315
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Kali Linux 2: Windows Penetration Testing
Kali Linux 2: Windows Penetration Testing
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: June 2016
Production reference: 1220616
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78216-849-2
www.packtpub.com
Credits
Authors
Wolf Halton
Bo Weaver
Reviewer
Paolo Stagno
Commissioning Editor
Kunal Paraikh
Acquisition Editor
Tushar Gupta
Content Development Editor
Aishwarya Pandere
Technical Editor
Mohit Hassija
Copy Editor
Madhusudan Uchil
Project Coordinator
Nidhi Joshi
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Graphics
Kirk D'Penha
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade
About the Authors
Wolf Halton is a widely recognized authority on computer and internet security, an Amazon best selling author on computer security, and the CEO of Atlanta Cloud Technology. He specializes in business continuity, security engineering, open source consulting, marketing automation, virtualization and datacenter restructuring, and Linux evangelism. Wolf started hacking Windows in 1993 and loaded Linux for the first time in 2002. Wolf attributes whatever successes he has had to his darling bride, Helen, without whose tireless encouragement he would have never come so far so fast. To contact Wolf, e-mail him at <[email protected]>.
Bo Weaver is an old-school ponytailed geek who misses the old days of black screens and green text, when mice were only found under the subflooring and monitors only had eight colors. His first involvement with networks was in 1972, while working on an R&D project called ARPANET in the US Navy. Here, he also learned the power of Unix and how to "outsmart" the operating system. In the early days of BBS systems, he helped set up, secure, and maintain these systems in the South. He later worked with many in the industry to set up Internet providers and secured these environments. Bo has been working with and using Linux daily since the 1990s, and he is a promoter of open source (yes, Bo runs on Linux). He has also worked in physical security fields as a private investigator and in executive protection. Bo is now the senior penetration tester for Compliancepoint, an Atlanta-based security consulting company, where he works remotely from under a tree in the North Georgia mountains. Bo is Cherokee and works with Native American youth to help keep their traditions alive and strong. He is also the father of a geek son, Ross, a hacker in his own right, and the grandfather of two grandchildren, Rachel and Austin, who at their young age can Nmap a network. To contact Bo, e-mail him at <[email protected]>.
We would like to thank Dyana Pearson (Hacker Girl) and Joe Sikes for their input and suggestions. Without their assistance and humor, this book would not be what it is.
Special thanks to Offensive Security for creating the Kali Linux platform, to Rapid 7 for bringing us Metasploit, to Insecure.org for the Nmap tool suite, and to all the upstream developers who make our lives so much easier. We produced this book on open source software, and all of the tools reviewed are open source.
About the Reviewer
Paolo Stagno, aka VoidSec, is a cyber security analyst and security researcher.
He specializes in penetration testing, vulnerability assessment, cybercrime, and underground intelligence for a wide range of high-profile clients across top-tier international banks, major companies, and industries using bleeding-edge technologies in the cyberspace arena.He has attended various international conferences as a speaker, such as DEFCON, BlackHat, and Droidcon.
He is also the leader and founder of the security blog VoidSec (http://voidsec.com). During the last few years, especially in Italy, the underground hacking community died, not for a lack of ideas or skills but because we lost two fundamental requirements: a meeting place and the possibility to share. VoidSec.com intends to give to all hackers a meeting place, where ideas can be shared freely, where the ones who know can share their knowledge with the community and the inexperienced can learn.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Preface
Attacks on networks are increasing, and these days, it is not so much whether your network will be breached, but when. The stakes are high, and the training most Windows engineers get is weak in in-depth defense. You have to think like an attacker to know what really needs protection in your network. We are dedicated to your success in protecting your network and the data that your organization runs on. The stakeholders include your customers, whose personal data can be exploited. There is no peace of mind in hoping and praying your network is secure, and hope is not a strategy. Welcome to the fascinating world of network penetration testing with the Kali security platform.
As a working hacker, you need the most compact and complete toolset for the largest proportion of conditions. This book helps you prepare for and conduct network testing, surveillance, infiltration, penetration tests, advanced persistent threat detection, and forensics on the most commonly hacked operating system family on the planet, Microsoft Windows, using the most compact and flexible toolset on the planet—Kali Linux.
What this book covers
Chapter 1, Sharpening the Saw, teaches you the several ways of setting up Kali to perform different tasks. This chapter introduces you to the setup that works best, the documentation tools that we use to make sure that the results of the tests are prepared and presented right, and the details of Linux services you need to use these tools. Most books about Kali set the chapters in the order of the submenus in the Kali Security desktop. We have put all the setup at the beginning to reduce confusion for the first-time Kali users and because some things, such as the documentation tools, must be understood before you start using the other tools. The reason why the title of this chapter is "Sharpening the Saw" is that the skilled craftsman spends a bit more time preparing the tools so the job goes faster.
Chapter 2, Information Gathering and ulnerability Assessment, explains how understanding the network can make a hacker's life a lot easier. You need to be able to find your way around your target network and determine known vulnerabilities to be able to exploit a Windows system remotely. As time goes by, you will discover that you have memorized many of the most effective Windows exploits, but vulnerability assessment is a moving target. You will need to keep bringing on new exploits as time goes by.
Chapter 3, Exploitation Tools (Pwnage), demonstrates how once you have done your due diligence investigating the network and uncovering several vulnerabilities, it's time to prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools to exploit several common Windows vulnerabilities and guidelines to create and implement new exploits for upcoming Windows vulnerabilities.
Chapter 4, Web Application Exploitation, tells you that at least 25% of the web servers on the Internet are Windows based, and a much larger group of intranet servers are Windows machines. Web access exploits may be some of the easiest to perform, and here you will find the tools you need to compromise web services (a subset of exploitation tools).
Chapter 5, Sniffing and Spoofing, explains how network sniffing helps you understand which users are using services you can exploit and IP spoofing can be used to poison a system's DNS cache so that all their traffic is sent to a man in the middle (your designated host, for instance) as well as being an integral part of most e-mail phishing schemes. Sniffing and spoofing are often used against the Windows endpoints in the network, and you need to understand the techniques that the bad guys are going to be using.
Chapter 6, Password Attacks, warns you that your Windows security is only as strong as the weakest link in the chain. Passwords are often that weak link. Password attacks can be used in concert with other approaches to break into and own a Windows network.
Chapter 7, Windows Privilege Escalation, asks the question of what happens if you have some access at a lower level but want to have administrative privileges on your compromised Windows server. There are a few cool ways to get administrative privileges on a Windows server or workstation when you have some lower-level access. This is a great advantage when you want to install backdoors and malware services on a target Windows machine.
Chapter 8, Maintaining Access, explores the possibility of how once you have cracked a machine or a network, you may want to maintain access to it. This chapter covers some devious ways of maintaining access and control of a Windows machine after you have gained access through the techniques you learned in the previous chapters.
Chapter 9, Reverse Engineering and Stress Testing, is about voiding your warranty for fun and profit. There are many respectable reasons to reverse engineer a Windows component, service, or program, and Kali has tools to help you do that. This chapter also covers stress testing your Windows server or application. This is a great idea if you want to discover how much DDoS will turn your server belly-up. This chapter is the beginning of how to develop an anti-fragile, self-healing Windows network.
Chapter 10, Forensics, explains how forensic research is required to help you understand how one of your Windows devices was compromised. This chapter introduces you to Kali Linux forensic tools. Forensic research could be employed to deal with a damaged hardware component or to find or recover corrupted applications or data files.
What you need for this book
Who this book is for
This book is a set of reminders for the working ethical hacker and a guidebook to the Kali Linux toolkit for network analysts who are improving their value to the enterprise by adding offense to their security analyst defense. You ideally are a network engineer with a good grasp of networking concepts and operating systems. If the network security engineer title is no longer large enough to fit your skill set, this book can increase your skills even more.
To get the most out of this book, you need to have:
If you are an absolute beginner, you may find this book too challenging for you. You need to consider getting the Kali Linux Cookbook by Pritchett and de Smet. If you are a script kiddie looking for cheap exploits so you can brag to your friends on the Interwebs, this book could help you get your first, best, real job, or your first felony conviction—choose wisely.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Use a real domain name that you or your company controls. Do not use a bogus domain name such as .local or .localdomain."
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Pull up a terminal window by clicking in the menu bar in the upper left hand corner and go to Applications | Accessories | Terminal. This will bring up the terminal or command-line window."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/KaliLinux2WindowsPenetrationTesting_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Sharpening the Saw
A craftsman is only as good as his tools and tools need to be set up and maintained. In this chapter we will go through the setup and configuration of Kali Linux.
There are several ways to set up Kali to perform different tasks. This chapter introduces you to the setup that works best for your Windows-hacking use case, the documentation tools that we use to make sure that the results of the tests are prepared and presented correctly, and the details of Linux services you need in order to use these tools. Most books about Kali set the chapters in the order of the submenus in the Kali security desktop. We have put all the set-up at the beginning to reduce the confusion for first-time Kali users, and because some things, such as the documentation tools, must be understood before you start using the other tools. The reason why the title of this chapter is Sharpening the Saw is because the skilled craftsman spends a bit more time preparing the tools to make the job go faster.
In the Kali Desktop Menu, there is a sub-menu, Top 10 Security Tools, and these are the tools that the creators of Kali Linux believe to be the most indispensable weapons for a working security analyst to understand. In this chapter we are going to show you the tools we use the most. Most of them are in the Kali Top 10 Menu, but not all of them!
Many of the system services on Kali Linux are the same as those on most Linux servers, but because there are security tools that use a client/server model, there are services that will need to have their servers started early to run your tests successfully.
Installing Kali Linux to an encrypted USB drive
Secure networking environments such as those found in most organizations that have IT departments present several challenges to you as a security engineer. The company probably has a specific list of approved applications. Anti-virus applications are usually managed from a central location. Security tools are miscategorized as evil hacking tools or malware packages. Many companies have defensive rules against having any operating system that isn't Microsoft Windows installed on company computing hardware.
To add to the challenge, they prohibit non-corporate assets on the corporate network. The main problem you will find is that there are very few economical penetration testing tools written for Windows, and the few, such as Metasploit, that do have a Windows version, tend to fight with the lower-level operating system functions. Since most company laptops must have anti-virus software running on the system, you have to do some serious exception voodoo on Metasploit's directories. The anti-virus software will quarantine all the viruses that come with Metasploit. Also, intrusion protection software and local firewall rules will cause problems. These OS functions and security add-ons are designed to prevent hacking, and that is exactly what you are preparing to do.
Note
The Payment Card Industry Digital Security Standard (PCI DSS 3.0) requires that any Windows machine that handles payment data or is on a network with any machine that handles payment data to be patched, runs a firewall and has anti-virus software installed on it. Further, many company IT security policies mandate that no end user can disable anti-virus protection without a penalty.
Another issue with using a Windows machine as your penetration-testing machine is that you may do external testing from time to time. In order to do a proper external test the testing machine must be on the public Internet. It is unwise to hang a Windows machine out on the public network with all your security applications turned off. Such a configuration will probably be infected with worms within 20 minutes of putting it on the Internet.
So what's the answer? An encrypted bootable USB drive loaded with Kali Linux. On Kali's install screen there is the option to install Kali to a USB drive with what is called "persistence". This gives you the ability to install to a USB drive and have the ability to save files to the USB but the drive is not encrypted. By mounting the USB drive with a Linux machine your files are there for the taking. This is fine for trying out Kali but you don't want real test data floating around on a USB drive. By doing a normal full install of Kali to the USB drive, full disk encryption can be used on the disk. If the USB is compromised or lost, the data is still safe.
In this chapter we will install Kali to a 64GB USB disk. You can use a smaller one but remember you will be gathering data from your testing and even on a small network this can amount to a lot of data. We do testing almost daily so we used a 1TB USB 3.0 drive. The 64GB drive is a good size for most testing.
Prerequisites for installation
For this chapter you will need a 64GB thumb drive, a copy of Kali burned to a DVD and a machine with a DVD player and USB capabilities on boot. You can download Kali at http://kali.org and look for the download link.
Booting Up
Once you are ready, insert your DVD and your USB drive into your machine.
Note
Be sure to insert the USB before powering up the machine. You want the machine to see the USB on boot so the installer will see it during the install.
Now power up the machine and you'll get the screen below. Pick the Graphic Install from the menu. This installation will also work if you use the text installer found by picking the Install command on line six.
Installing configuration
If you have ever installed any distribution of Linux, the first section of the installation should seem very familiar. You will see a series of screens for the country, language, and keyboard set up. Set this up for your locale and language of choice. Normally the installer will discover the keyboard and you can click on the one chosen. Click the Continue button to continue on each of these pages.
After these configurations you'll be presented with the following window and asked to give it a hostname. Give it a distinctive name and not the default. This will be helpful later when using saved data and screenshots taken. If you have several people using Kali and all the machines are named Kali it can be confusing as to exactly where the data came from.
In the next screen you will be asked for a domain name. Use a real domain name that you or your company controls. Do not use a bogus domain name such as .local or .localdomain. If you are doing business on the Internet, or even if you are an individual please use a proper domain name. This makes tracing routes and tracking packets easier. Domains are cheap. If the domain belongs to your employer, and you cannot just use their domain name, request a subdomain such as testing.mycompany.com.
In the next window you will be asked to provide a root password. Make this a good password. The longer and more complex the password, the better. Remember, after a few tests the keys to your network kingdom will be on this device. Unlike most computer operations during testing you will be using the root account and not a normal user account for testing. You will need the ability to open and close ports and have full control of the network stack.
Note
A standard Kali install does not offer you the chance to add a standard user. If you install Kali on the laptop itself, and use this laptop for other things besides testing, create a standard user and give it sudoer privileges. You never want to get into the habit of using your root account for browsing the World-Wide Web and sending e-mails.
Next to be set up is the time zone. Set up by your location on the graphical map, or pull-down menu, or pick your UTC offset. Many of the tools on Kali Linux output timestamps and these provide legal evidence that you did what you said you did, when you said you did.
Setting up the drive
The next step will be setting up the drive, encrypting it, and partitioning the drive. The next dialog will ask you to select the type of partitioning for this install.
In the next window you will be asked to pick the disk you require for installation.
Tip
WARNING. Be careful to pick the USB disk and not your local drive. If you pick your local drive you will wipe the operating system from that drive. Note in the window below you can see the USB drive and a VMware virtual disk. The virtual disk is the hard drive of the virtual machine being used for this demonstration.
This will start the disk encryption and partitioning process. First the drive is fully erased and encrypted. This will take a while. Get a cup of coffee, or better yet, go for a walk outside. A 1TB drive will take about 30 hours for the encrypting process. The 64GB drive takes about 30 minutes.
In the next window, you will be asked to give provide a passphrase for the drive encryption. You will use this passphrase when booting up Kali. Note the term passphrase.Tip
Use something really long but easy to remember. A line from a song or a poem or quote! The longer the better! "Mary had a little lamb and walked it to town." Even with no numbers in this phrase it would take John the Ripper over a month to crack this.
Now the system will start the partitioning process.
After the partitioning process, the system install will start.
Next you will be asked if you want to use a Network Mirror. Click Yes on this! This will select repository mirrors close to your location and help speed up your updates later when you update your system.Your installation process will now complete and you will be asked to reboot the system. Be sure to remove the install disk before rebooting.Booting your new installation of Kali
Now we're ready to fire up Kali. Insert your Kali USB drive into your machine and power it up. In the beginning of the boot process you will be given the ability to manually select a boot drive. The specific keystroke will vary depending on the type and make of your machine. By whatever process your machine uses you will be given a menu of the available drives to boot from. Pick the USB drive and continue. When the system boots, you will be presented with a screen asking for your passphrase. This is the passphrase we had set earlier during the installation. This is not the root login password. Enter the passphrase and hit the Enter key.
This will start the actual boot process of the system from the now unencrypted drive. Once the system is booted up you will be presented the login following screen:
Tip
Hacker Tip
Before we go any further we would advise you to use these tools only on systems that you have written authorization to test, or systems that you personally own. Any use of these tools on a machine you do not have authorization to test is illegal under various Federal and State laws. When you get caught, you will go to jail. Sentences for hacking tend to be draconically long.
Get a personal copy of the testing waiver that your company receives to allow them to test the client's network and systems. This document should contain the dates and times of testing and the IP addresses and/or networks to be tested. This is the "scope" of your testing. This document is your "Get out of jail free card." Do not test without this.
Now with that said let's login and continue our set up.
On your first login, check to be sure that everything is up to date. Pull up a terminal window by clicking in the menu bar in the upper left hand corner and go to Applications | Accessories | Terminal. This will bring up the terminal or command-line window. Type the following:
This will refresh the update list and check for new updates. Next run:
This will run the upgrade process as the -y automatically answers "yes" to the upgrade. The system will run an upgrade of all applications. Reboot if necessary.
Tip
Hacker Trick
Here's another way to get to your terminal window and skip the main menu. Press Alt + F2. This opens a dialog window with a single field. You can type any program name into the field and it opens the program. In this case, type terminal in the field, and click OK
Running Kali from the live CD
Running Kali Linux from the live disk is best when you are doing forensics or recovery tasks. Some tools, such as OpenVAS will not work at all, because they have to be configured and file updates must be saved. You can't do this from the CD. One thing you can do very neatly from the live disk is to start up a computer without writing anything to the hard drive, and this is an important consideration when you are working on recovering files from the hard drive in question for forensic investigation.
To run Kali from the CD, just load the CD and boot from it. You will see the following screen. Note there are several options in booting live from the CD:
