41,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Over 120 recipes to perform advanced penetration testing with Kali Linux
About This Book
- Practical recipes to conduct effective penetration testing using the powerful Kali Linux
- Leverage tools like Metasploit, Wireshark, Nmap, and many more to detect vulnerabilities with ease
- Confidently perform networking and application attacks using task-oriented recipes
Who This Book Is For
This book is aimed at IT security professionals, pentesters, and security analysts who have basic knowledge of Kali Linux and want to conduct advanced penetration testing techniques.
What You Will Learn
- Installing, setting up and customizing Kali for pentesting on multiple platforms
- Pentesting routers and embedded devices
- Bug hunting 2017
- Pwning and escalating through corporate network
- Buffer overflows 101
- Auditing wireless networks
- Fiddling around with software-defned radio
- Hacking on the run with NetHunter
- Writing good quality reports
In Detail
With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book's crisp and task-oriented recipes.
Style and approach
This is a recipe-based book that allows you to venture into some of the most cutting-edge practices and techniques to perform penetration testing with Kali Linux.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 171
Veröffentlichungsjahr: 2017
Ähnliche
BIRMINGHAM - MUMBAI
Kali Linux - An Ethical Hacker's Cookbook
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2017
Production reference: 1121017
ISBN 978-1-78712-182-9
www.packtpub.com
Credits
Authors
Himanshu Sharma
Copy Editors
Safis Editing
Stuti Srivastava
Reviewers
Amir Roknifard
Project Coordinator
Virginia Dias
Commissioning Editor
Vijin Boricha
Proofreader
Safis Editing
Acquisition Editor
Namrata Patil
Indexer
Pratik Shirodkar
Content Development Editor
Sweeny Dias
Graphics
Kirk D'Penha
Technical Editor
Khushbu Sutar
Production Coordinator
Shraddha Falebhai
Disclaimer
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.
About the Author
Himanshu Sharma, 23, has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. He has gained worldwide recognition through his hacking skills and contribution to the hacking community. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in tracking down his hacked account and recovering it. He was a speaker at the international conference Botconf '13, held in Nantes, France. He also spoke at IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the cofounder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services.
About the Reviewer
Amir Roknifard is a self-educated cyber security solutions architect with a focus on web application, network, and mobile security. He leads the research, development, and innovation at KPMG Malaysia and is a hobby coder and programmer who enjoys spending his time on educating people about privacy and security so that even ordinary people can have the required knowledge to protect themselves. He likes automation and developed an integrated platform for cyber defense teams so that it could take care of their day-to-day workflow from request tickets to final reports.
He has been part of many projects in governmental, military, and public sectors in different countries and has worked for banks and other financial institutions and oil and gas and telecommunication companies. He also has hours of lecturing on IT and information security topics on his resume and has reviewed several books in the realm of IT and security.
Amir also founded the Academician Journal, which aims to narrow the gap between academia and the information security industry. It tries to identify the reasons this gap occurs and analyze and address them. He picks up new ideas that are possibly able to solve the problems of tomorrow and develops them. That is why likeminded people are always welcome to suggest their ideas for publication or co-authoring a piece of research by contacting him at @roknifard.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787121828.
If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
Kali – An Introduction
Introduction
Configuring Kali Linux
Getting ready
How to do it...
How it works...
Configuring the Xfce environment
How to do it...
Configuring the Mate environment
How to do it...
Configuring the LXDE environment
How to do it...
Configuring the e17 environment
How to do it...
Configuring the KDE environment
How to do it...
Prepping up with custom tools
Getting ready
How to do it...
Dnscan
Subbrute
Dirsearch
Pentesting VPN's ike-scan
Getting ready
How to do it...
Cracking the PSK
How it works...
Setting up proxychains
How to do it...
Using proxychains with tor
Going on a hunt with Routerhunter
Getting ready
How to do it...
Gathering Intel and Planning Attack Strategies
Introduction
Getting a list of subdomains
Fierce
How to do it...
DNSdumpster
How to do it...
Using Shodan for fun and profit
Getting ready
How to do it...
Shodan Honeyscore
How to do it...
Shodan plugins
How to do it...
See also
Using Nmap to find open ports
How to do it...
Using scripts
See also
Bypassing firewalls with Nmap
TCP ACK scan
How to do it...
How it works...
TCP Window scan
How to do it...
Idle scan
How to do it...
How it works...
Searching for open directories
The dirb tool
How to do it...
There's more...
See also
Performing deep magic with DMitry
How to do it...
Hunting for SSL flaws
How to do it...
See also
Exploring connections with intrace
How to do it...
Digging deep with theharvester
How to do it...
How it works...
Finding the technology behind web apps
How to do it...
Scanning IPs with masscan
How to do it...
Sniffing around with Kismet
How to do it...
Testing routers with firewalk
How to do it...
How it works...
Vulnerability Assessment
Introduction
Using the infamous Burp
How to do it...
Exploiting WSDLs with Wsdler
How to do it...
Using Intruder
How to do it...
Web app pentest with Vega
Getting ready
How to do it...
Exploring SearchSploit
How to do it...
Exploiting routers with RouterSploit
Getting ready
How to do it...
Using the scanners command
Using creds
Using Metasploit
How to do it...
Automating Metasploit
How to do it...
Writing a custom resource script
How to do it...
Databases in Metasploit
How to do it...
Web App Exploitation – Beyond OWASP Top 10
Introduction
Exploiting XSS with XSS Validator
Getting ready
How to do it...
Injection attacks with sqlmap
How to do it...
See also
Owning all .svn and .git repositories
How to do it...
Winning race conditions
How to do it...
See also
Exploiting JBoss with JexBoss
How to do it...
Exploiting PHP Object Injection
How to do it...
See also
Backdoors using web shells
How to do it...
Backdoors using meterpreters
How to do it...
Network Exploitation on Current Exploitation
Introduction
Man in the middle with hamster and ferret
Getting ready
How to do it...
Exploring the msfconsole
How to do it...
Railgun in Metasploit
How to do it...
There's more...
Using the paranoid meterpreter
How to do it...
There's more...
A tale of a bleeding heart
How to do it...
Redis exploitation
How to do it...
Say no to SQL – owning MongoDBs
Getting ready
How to do it...
Embedded device hacking
How to do it...
Elasticsearch exploit
How to do it...
See also
Good old Wireshark
Getting ready
How to do it...
There's more...
This is Sparta!
Getting ready
How to do it...
Wireless Attacks – Getting Past Aircrack-ng
Introduction
The good old Aircrack
Getting ready
How to do it...
How it works...
Hands on with Gerix
Getting ready
How to do it...
Dealing with WPAs
How to do it...
Owning employee accounts with Ghost Phisher
How to do it...
Pixie dust attack
Getting ready
How to do it...
There's more...
Password Attacks – The Fault in Their Stars
Introduction
Identifying different types of hash in the wild!
How to do it...
MD5
MySQL less than v4.1
MD5 (WordPress)
MySQL 5
Base64 encoding
There's more...
Using hash-identifier
How to do it...
Cracking with patator
How to do it...
Cracking hashes online
How to do it...
Hashkiller
Crackstation
OnlineHashCrack
Playing with John the ripper
How to do it...
There's more...
Johnny Bravo!
How to do it...
Using cewl
How to do it...
Generating word list with crunch
How to do it...
Have Shell Now What?
Introduction
Spawning a TTY Shell
How to do it...
There's more...
Looking for weakness
How to do it...
Horizontal escalation
How to do it...
Vertical escalation
How to do it...
Node hopping – pivoting
How to do it...
There's more…
Privilege escalation on Windows
How to do it...
Using PowerSploit
How to do it…
There's more…
Pulling plaintext passwords with mimikatz
How to do it…
Dumping other saved passwords from the machine
How to do it...
Pivoting into the network
How to do it...
Backdooring for persistence
How to do it...
Buffer Overflows
Introduction
Exploiting stack-based buffer overflows
How to do it...
Exploiting buffer overflow on real software
Getting ready
How to do it...
SEH bypass
How to do it...
See also
Exploiting egg hunters
Getting ready
How to do it...
See also
An overview of ASLR and NX bypass
How to do it...
See also
Playing with Software-Defined Radios
Introduction
Radio frequency scanners
Getting ready
How to do it...
Hands-on with RTLSDR scanner
How to do it...
Playing around with gqrx
How to do it...
There's more...
Kalibrating device for GSM tapping
How to do it...
There's more...
Decoding ADS-B messages with Dump1090
How to do it...
There's more...
Kali in Your Pocket – NetHunters and Raspberries
Introduction
Installing Kali on Raspberry Pi
Getting ready
How to do it...
Installing NetHunter
Getting ready
How to do it...
Superman typing – HID attacks
How to do it...
Can I charge my phone?
How to do it...
Setting up an evil access point
How to do it...
Writing Reports
Introduction
Generating reports using Dradis
How to do it...
Using MagicTree
How to do it...
There's more...
Preface
Kali Linux is the distro, which comes to mind when anyone thinks about penetration testing. Every year Kali is improved and updated with new tools making it more powerful. We see new exploits being released every day and with rapidly evolving technology, we have rapidly evolving attack vectors. This book aims to cover the approach to some of the unique scenarios a user may face while performing a pentest.
This book specifically focuses on using the Kali Linux to perform a pentest activity starting from information gathering till reporting. This book also covers recipes for testing wireless networks, web applications, and privilege escalations on both Windows and Linux machines and even exploiting vulnerabilities in software programs.
What this book covers
Chapter 1, Kali – An Introduction, covers installing of Kali with different desktop environments, and tweaking it a bit by installing a few custom tools.
Chapter 2, Gathering Intel and Planning Attack Strategies, covers recipes about collecting subdomains and other information about a target using multiple tools, such as Shodan, and so on.
Chapter 3, Vulnerability Assessment, talks about the methods of hunting for vulnerabilities on the data discovered during information gathering process.
Chapter 4, Web App Exploitation – Beyond OWASP Top 10, is about the exploitation of some of the unique vulnerabilities, such as serialization and server misconfiguration, and so on.
Chapter 5, Network Exploitation on Current Exploitation, focuses on different tools, which can be used to exploit vulnerabilities in a server running different services, such as Redis, MongoDB and so on, in the network.
Chapter 6, Wireless Attacks – Getting Past Aircrack-ng, teaching you some new tools to break into wireless networks, as well as using aircrack-ng.
Chapter 7, Password Attacks – The Fault in Their Stars, talks about identifying and cracking different types of hashes.
Chapter 8, Have Shell, Now What? covers different ways of escalating privilege on Linux and Windows-based machines and then getting inside that network using that machine as a gateway.
Chapter 9, Buffer Overflows, discusses exploiting different overflow vulnerabilities, such as SEH, stack-based overflows, egg hunting, and so on.
Chapter 10, Playing with Software-Defined Radios, focusses on exploring the world of frequencies and using different tools to monitor/view data traveling across different frequency bands.
Chapter 11, Kali in Your Pocket – NetHunters and Raspberries, talks about how we can install Kali Linux on portable devices, such as Raspberry Pi or a cellphone, and perform pentest using it.
Chapter 12, Writing Reports, covers the basics of writing a good quality report of the pentest activity once it has been performed.
What you need for this book
The OS required is Kali Linux with at least 2 GB of RAM recommended and 20-40 GB of hard disk space.
The hardware needed for the device would be a RTLSDR device for Chapter 10, Playing with Software-Defined Radios and any of the devices mentioned in the following link for Chapter 11, Kali in Your Pocket – NetHunters and Raspberries:
https://www.offensive-security.com/kali-linux-nethunter-download/
We also require Alfa card for Chapter 6, Wireless Attacks – Getting Past Aircrack-ng.
Who this book is for
This book is aimed at IT security professionals, pentesters and security analysts who have basic knowledge of Kali Linux and want to conduct advanced penetration testing techniques.
Sections
In this book, you will find several headings that appear frequently (Getting ready, How to do it…, How it works…, There's more…, and See also). To give clear instructions on how to complete a recipe, we use these sections as follows:
Getting ready
This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.
How to do it…
This section contains the steps required to follow the recipe.
How it works…
This section usually consists of a detailed explanation of what happened in the previous section.
There's more…
This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.
See also
This section provides helpful links to other useful information for the recipe.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "To launch fierce, we typefierce -hto see the help menu."
A block of code is set as follows:
if (argc < 2) { printf("strcpy() NOT executed....\n"); printf("Syntax: %s <characters>\n", argv[0]); exit(0); }
Any command-line input or output is written as follows:
fierce -dns host.com -threads 10
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "We right-click and navigate to Search for | All commands in all modules."
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com
