E-Book
41,99 €

Kali Linux Cookbook - Second Edition E-Book

Corey P. Schultz

0,0

41,99 €

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.

Herausgeber: Packt Publishing
Kategorie: Wissenschaft und neue Technologien
Sprache: Englisch

Beschreibung

Over 80 recipes to effectively test your network and boost your career in security

About This Book

Learn how to scan networks to find vulnerable computers and servers
Hack into devices to control them, steal their data, and make them yours
Target wireless networks, databases, and web servers, and password cracking to make the most of Kali Linux

Who This Book Is For

If you are looking to expand your career into penetration testing, you will need a good understanding of Kali Linux and the variety of tools it includes. This book will work as a perfect guide for anyone who wants to have a practical approach in leveraging penetration testing mechanisms using Kali Linux

What You Will Learn

Acquire the key skills of ethical hacking to perform penetration testing
Learn how to perform network reconnaissance
Discover vulnerabilities in hosts
Attack vulnerabilities to take control of workstations and servers
Understand password cracking to bypass security
Learn how to hack into wireless networks
Attack web and database servers to exfiltrate data
Obfuscate your command and control connections to avoid firewall and IPS detection

In Detail

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals.

This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional.

Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Style and approach

This book teaches you everything you need to know about Kali Linux from the perspective of a penetration tester. It is filled with powerful recipes and practical examples that will help you gain in-depth knowledge of Kali Linux.

Details

Sie lesen das E-Book in den Legimi-Apps auf:

Android

iOS

von Legimi
zertifizierten E-Readern

Seitenzahl: 251

Veröffentlichungsjahr: 2017

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Leseprobe

Kali Linux Cookbook

Second Edition

Effective penetration testing solutions

Corey P. Schultz

Bob Perciaccante

BIRMINGHAM - MUMBAI

Kali Linux Cookbook

Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: October 2013

Second edition: September 2017

Production reference: 1080917

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78439-030-3

www.packtpub.com

Credits

Authors

Corey P. Schultz

Bob Perciaccante

Copy Editors

Juliana Nair

Yesha Gangani

Reviewers

Bhargav Tandel

Nishant Kumar Das Pattanaik

Project Coordinator

Judie Jose

Commissioning Editor

Vijin Boricha

Proofreader

Safis Editing

Acquisition Editor

Rahul Nair

Indexer

Aishwarya Gangawane

Content Development Editor

Devika Battike

Graphics

Kirk D'Penha

Technical Editor

Prachi Sawant

Production Coordinator

Aparna Bhagat

About the Authors

Corey P. Schultz is a technologist focusing on security research, Internet of Things, and the impact of technology on education and learning. He has over 20 years of experience in the security industry doing security architecture, penetration testing, incident response, and forensic analysis.

Corey is currently a technical solutions architect for Cisco Systems Global Security Sales Organization. He works on a daily basis with large environments on designing and architecting secure enterprise networks.

You can also find Corey active on Twitter @cschultz0000 or at his blog darkderby.com, where you can also see his schedule of speaking engagements and appearances.

I would like to thank my wife Melanie and our two sons, Nate and Kyle, for all their love and support, especially during the long nights and weekends while I was writing this book. I would also like to thank my mom and dad (Rest in Peace – I miss you dad!) for teaching me the value of hard work and all their love and support.

I would also like to thank Colby Kordas and Kyle Schultz for their efforts in testing some of the content in the book.

Lastly, I would like to thank the numerous people throughout my career that have supported me and mentored me over the last 20 years. For without their help, I would not be where I am today—thank you all!

Bob Perciaccante is seasoned information security practitioner who has been in the security field for almost 20 years. Currently, he is a consulting systems engineer for Cisco Systems in Pennsylvania where he has worked for the last 10 years focusing on network and data security, network access control, and secure network architectures. His primary day-to-day responsibilities focus on designing secure network solutions for his customers and working to train customers and partners on security solution implementations and daily operations to get the most out of their infrastructure.

When not involved in security activities, Bob enjoys eclectic hobbies such as working on cars, 3D printing, and camping.

Collaborating with his Cisco peer, Corey P. Schultz, this book is his first security publication.

I would like to thank my wife, Amy, for her unending, unwavering support, without whom this book, and a large part of my career, would not be possible. You make a difference, every day – don’t ever forget that!

I would also like to thank the many professionals who have helped me to become what I am today, whether they realize it or not. To Cliff Alligood, for my first shot in IT security and the mentorship and strong work ethics, I learned under your tutelage that has allowed me to be as successful as I am today. To John Ciesla, who gave me the opportunity to grow and the chance to see how a real security team should work. To Tom Bowe, who taught with care, support, and guidance to encourage others to do more than they believed they could. To my Cisco peers, with whom I have shared so much of my career as well as creating an extended family. I hope to be able to pass on some of the experience gained through the support and comradery of those who have shaped me into the individual I have become.

About the Reviewers

Bhargav Tandel has over 5+ years of experience in information security with companies such as Reliance jio, Vodafone, and Wipro. His core expertise and passions are vulnerability assessment, penetration testing, ethical hacking, information security, and system administration. He is currently pursuing the OSCP certification. He has the ability to solve complex problems involving a wide variety of information systems, work independently on large-scale projects, and thrive under pressure in fast-paced environments while directing multiple projects from concept to implementation.

I would like to dedicate this book to my family and friends, who have always stood by me. I would like to thank Jigar Tank (www.hupp.in) and Utkarsh Bhatt, my friends, who have always been there for me. I would also like to thank my Sir, Rakesh Dwivedi, who gave me the reason to continue learning and growing. My extended family made of friends, new and old, makes life more exciting, and there are far too many to list.

Above all, I'd like to thank my parent and my love, Urvashi, for always being there and inspiring me to never back down.

Nishant Kumar Das Pattanaik is an experienced application security and DevSecOps engineer. He is currently working as an application security engineer at eBay, Bangalore. In the past, he has worked as an application security researcher at InMobi and as a senior paranoid at Yahoo!. He loves to share his work with the InfoSec and developer community through public speaking and open source projects. And, hence, he has been a presenter at Black Hat Europe 2016, Black Hat USA 2016, Black Hat USA 2013, and Nullcon 2012. He loves to code in Python, Node.js, and PHP. He has authored Software Hacking, published by Vikas Publishing, and is also the technical reviewer of the book Kali Linux Intrusion and Exploitation Cookbook, published by Packt Publishing, and iOS Penetration Testing: A Definitive Guide to iOS Security, published by Apress Inc. When he is not working, you can find him either playing a piano or experimenting in the kitchen. You may reach out to him on Twitter at @dpnishant and check out some of his open source projects at github.com/dpnishant.

I would like to thank my parents, Manoj Das Pattanaik and Ipsita Das Pattanaik, for all of their sacrifices to give me better opportunities in life; my sister, Sulagna, without whose support, love, and blessings I would not have been able to achieve what I have today. I would also like to thank all of my really close friends: Diwakar Kumar Dinkar, Abhilash Sahoo, Piyush Pattanayak, Vivek Singh Yadav, Somasish Sahoo, and my colleagues at eBay and Yahoo! who have always been a constant source of support and encouragement.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

why subscribe

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

Preface

Kali Linux, the most popular security testing platform available today, provides a means for individuals from all walks of life to become more experienced with penetration testing and information security. Kali is not only the cornerstone of many security penetration testing programs, but also has a tremendous community of users who share code, methods, and experiences to help even the most seasoned security practitioners become more effective. As a platform, Kali Linux is quite versatile. It can be run from bootable media, installed onto hardware platforms, or run in virtual environments. It can be enhanced with any number of tools available outside of the native distribution (and we will demonstrate this in the following chapters). It truly gives you the means to have a single platform to work from, in any format you like, without the need for expensive investments in hardware and software.

With the rise of malicious actors and malware, and the increased focus on system and network security, being able to understand how the attacker operates allows you to become more effective at providing balanced and appropriate controls.

In this book, we will explore how to use Kali Linux as well as additional tools such as Nexpose, Nessus, and OpenVAS to perform various types of penetration testing tasks. We will cover how to set up an effective lab for testing purposes and we will also cover many aspects of penetration testing, along with useful advice on how to go about being successful in using the Kali Linux platform.

What this book covers

Chapter 1, Installing Kali and the Lab Setup, documents best practices for setting up a testing environment, where you can test the skills highlighted in this book.

Chapter 2, Reconnaissance and Scanning, enables you to learn the skills necessary to gather information about your target environment. We will gather domain names, IP subnets, hosts, routing information, as well as other useful information. You will also learn how to keep track of this data, so we can refer to it in the future as we progress through our penetration testing environment.

Chapter 3, Vulnerability Analysis, explains that once access to a network has been gained and the systems within that network have been identified, the next step is to establish a foothold and persistent access.

Chapter 4, Finding Exploits in the Target, takes the host information that we have accumulated to determine the potential exploits to use against target machines and services.

Chapter 5, Social Engineering, speaks about social engineering that can be employed through electronic means and is also used in physical penetration testing and even data gathering. We bend well-known natural tendencies to help us accomplish or obtain what we want.

Chapter 6, Password Cracking, enables you to learn different techniques and tools to gain knowledge of password hashes gained during various attacks, as well as the means to reset these passwords if access is gained.

Chapter 7, Privilege Escalation, helps you to learn how to use a small foothold to expand the scope of your breach, increase the admin level, and use lateral movement to compromise more machines. In most cases, the initial point of a breach is not the desired target, but just a means to get to the more valuable targets.

Chapter 8, Wireless Specific Recipes, explains that due to the ever growing adoption of wireless networking, as well as the extended reach wireless signals can provide, we will focus on how to gain access to these networks through a variety of means.

Chapter 9, Web and Database Specific Recipes, explains that evaluating the security of web applications and databases requires a unique set of tools that can be leveraged against them. In the event that a web application is compromised, it is highly likely that it may then be used as a jumping off point for further network penetration.

Chapter 10, Maintaining Access, explains that once access has been gained to the target environment, it is crucial to make sure that your access is maintained. Learn how to maintain access and pivot into other areas of your target environment.

What you need for this book

This book assumes a medium level of expertise on Linux operating systems, strong knowledge of networking technologies, including both wired and wireless, moderate experience with OS platform configuration, and moderate experience with general information security concepts. This book will go through the process of setting up a basic testing lab, the installation of Kali Linux, and the tools needed to perform network reconnaissance, and exploitation. Because you will be running exercises against live hosts, it is important that this environment is isolated from other non-test environments.

Kali Linux can be installed into a virtual environment such as VirtualBox or VMware, or can be installed onto a dedicated hardware. This book requires that you have enough compute resources for the Kali Linux installation as well as the target systems. In addition to the minimum requirements for your hypervisor, minimum hardware or virtual requirements are listed as follows:

CPU: 10 cores

Memory: 24 GB RAM

Disk space: 260 GB

In this book, you will need the following software list:

Kali Linux 2017.x

VirtualBox

Windows XP

Windows 7

Windows 2008

Internet connectivity is required to install the necessary additional packages that must be installed onto Kali Linux, depending on the recipe requirements.

Who this book is for

To make best use of the content of this book, knowledge in networking, device management, general information security concepts, and core operating systems is required. Foundational knowledge of Kali Linux is also expected. Since Kali Linux provides a tremendous number of tools for many different purposes, it is impossible to cover all possible combinations of the available tools and their use. For more details on all the tools available within Kali Linux, visit the official Kali Linux Tool page located at https://tools.kali.org/. With that in mind, this book is intended to provide a more in-depth set of recipes to take advantage of these tools to sharpen your knowledge of security penetration testing and exploitation of insecure/undersecured environments.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it, How it works, There's more, and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "select /root/Documents and type in your customer name".

Any command-line input or output is written as follows:

wafw00f scanme.nmap.org

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "click on Apply."

Warnings or important notes appear like this

Tips and tricks appear like this.

Readers feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply email [email protected], and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/KaliLinuxCookbookSecondEdition_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Installing Kali and the Lab Setup

In this chapter, we will cover the following topics:

Lab architecture and considerations

Installing VirtualBox

Installing Kali on VirtualBox

Using Kali Linux from bootable media

Upgrading Kali Linux

Understanding the advanced customization and optimization of Kali

Installing Windows machines

Installing Metasploitable

Installing OWASP-BWA

Understanding hack me and other online resources

Introduction

In order to set the stage for the rest of this book and to help you reproduce the recipes and their output, I strongly recommend that you create a test environment where you can run various tools that are included with Kali Linux. In this chapter, we will be focusing on building our testing environment based on free or low-cost applications to minimize cost.

Starting with installing the virtualization platform, VirtualBox, we will walk through a few common installation techniques for Kali Linux; you will also learn how to update and maintain your installation.

Lab architecture and considerations

In this section, we will discuss our lab design and provide some information that you can use to expand it in the future.

As we begin to set up our lab, we want to take some time to discuss the lab setup and some of the considerations that we will take when using the lab. Some of these considerations are designed to make the lab more effective, while others are used for the protection of the networks our lab is connected to. We also want you to be in a position to easily expand or grow this network with other test machines as you master the Kali recipes that follow.