E-Book
39,59 €

Kali Linux Network Scanning Cookbook. E-Book

Michael Hixon

0,0

39,59 €

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.

Herausgeber: Packt Publishing
Kategorie: Fachliteratur
Sprache: Englisch

Beschreibung

With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools.

Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates.

This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them.

Details

Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:

EPUB

Seitenzahl: 477

Veröffentlichungsjahr: 2017

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Ähnliche

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Denke (nach) und werde reich

Napoleon Hill

30 Minuten Resilienz

Ulrich Siegrist

Krebszellen mögen keine Himbeeren - Der große Bestseller - Vollständig überarbeitet und aktualisiert

Richard Béliveau

Die Hormonrevolution

Michael E Platt

Der Crash ist die Lösung

Matthias Weik

Günter, der innere Schweinehund, lernt verkaufen

Stefan Frädrich

Die Leber wächst mit ihren Aufgaben

Dr. med. Eckart von Hirschhausen

Der größte Raubzug der Geschichte

Matthias Weik

Unsere Hunde - gesund durch Homöopathie

Hans Günter Wolff

Die Jahrhundertlüge, die nur Insider kennen

Heiko Schrang

Organisation für Komplexität

Niels Pfläging

Radikal führen

Reinhard K. Sprenger

30 Minuten Sympathisch und souverän: So geht Vortragen!

Thomas Lorenz

BLACKOUT - Morgen ist es zu spät

Marc Elsberg

The Truth About Employee Engagement

Patrick M. Lencioni

Mensch und Wald

Carsten Wippermann

The Food Truck Handbook

David Weber

Die selbstbestimmte Geburt

Ina May Gaskin

Leseprobe

Title Page

Kali Linux Network Scanning Cookbook

Second Edition

Take your penetration-testing skills to the next level

Michael Hixon

Justin Hutchens

BIRMINGHAM - MUMBAI

Copyright

Kali Linux Network Scanning Cookbook

Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: August 2014

Second edition: May 2017

Production reference: 1220517

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78728-790-7

www.packtpub.com

Credits

Authors

Michael Hixon

Justin Hutchens

Copy Editor

Madhusudan Uchil

Reviewer

Ahmad Muammar WK

Project Coordinator

Virginia Dias

Acquisition Editor

Rahul Nair

Proofreader

Safis Editing

Content Development Editors

Sweeny Dias

Amedh Pohad

Indexer

Mariammal Chettiyar

Technical Editor

Khushbu Sutar

Graphics

Kirk D'Penha

Production Coordinator

Aparna Bhagat

About the Authors

Michael Hixon currently works as a security consultant with a focus on penetration testing and web application security. He previously served in the United States Marine Corp, where he was an infantryman, security forces member, and counterintelligence agent. After the military, he worked as a programmer before changing his focus to IT security. He has worked for the Red Cross, Department of Defense, Department of Justice, and numerous intelligence agencies in his career. He holds a bachelor’s degree in management information systems and multiple professional information-security certifications, including Certified Information Systems Security Professional (CISSP), eLearnSecurity Web Application Penetration Tester (eWPT), Certified Ethical Hacker (CEH), and eLearnSecurity Certified Professional Penetration Tester (eCPPT). He currently runs the Baltimore chapter of the Open Web Application Security Project (OWASP).

Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force, where he worked as an intrusion-detection specialist, network-vulnerability analyst, and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He holds a bachelor's degree in information technology and multiple professional information-security certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), eLearnSecurity Web Application Penetration Tester (eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI). He is also the writer and producer of Packt's e-learning video course Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing.

About the Reviewer

Ahmad Muammar WK is an IT security consultant and penetration tester. He holds Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), and elearnsecurity Mobile Application Penetration Tester (eMAPT) certifications. He is the founder of ECHO (http://echo.or.id), one of the oldest Indonesian IT security communities, and is also a founder of IDSECCONF (http://idsecconf.org), the biggest annual security conference in Indonesia. He also a reviewed Kali Linux Cookbook by Willie L. Pritchett and David De Smet, Packt Publishing, and Kali Linux Network Scanning Cookbook by Justin Hutchens, Packt Publishing.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787287904.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

Preface

For better or for worse, we now live in a world where hacking is the norm. It's in our daily news stories, entertainment, governments, businesses, and homes. While it has become more and more prevalent, it has also become easier. A great deal of attacks take very little technical knowledge as scripts can be found and used by even a novice. For the technically savvy hacker, the stakes are very high as more and more systems can be compromised for financial or political gain.

In a world where hacking has become so easy that a child could do it, it is absolutely essential that organizations verify their own level of protection by having their networks tested using the same tools that cybercriminals use against them. However, the basic usage of these tools is not sufficient knowledge to be an effective information-security professional. It is absolutely critical that information-security professionals understand the techniques that are being employed by these tools and why these techniques are able to exploit various vulnerabilities in a network or system. A knowledge of the basic underlying principles that explain how these common attack tools work enables one to effectively use them, but more importantly, it also contributes to one's ability to effectively identify such attacks and defend against them.

The intention of this book is to enumerate and explain the use of common attack tools that are available on the Kali Linux platform, but more importantly, this book also aims to address the underlying principles that define why these tools work. In addition to addressing the highly functional tools integrated into Kali Linux, we will also create a large number of Python and Bash scripts that can be used to perform similar functions and/or to streamline existing tools.

Ultimately, the intention of this book is to help forge stronger security professionals through a better understanding of their adversary.

What this book covers

Chapter 1, Getting Started, explains the configuration of a security lab and then the installation and configuration of Kali Linux and other security tools.

Chapter 2, Reconnaissance, explains how to collect information on your target using passive information-gathering techniques. Collecting subdomains, e-mail addresses, and DNS enumeration are covered in depth.

Chapter 3, Discovery, explains gathering domain information on our target and identifying hosts on a given network segment.

Chapter 4, Port Scanning, covers multiple tools and methods for finding open ports on one or more hosts.

Chapter 5, Fingerprinting, explains identifying the services and versions associated with them once having identified open ports on our target(s).

Chapter 6, Vulnerability Scanning, discusses ways to identify vulnerabilities based on the services and versions found in the previous chapter.

Chapter 7, Denial of Service, covers how to execute several types of DoS attack.

Chapter 8, Working with Burp Suite, covers Burp Suite and how to use the many tools it comes bundled with.

Chapter 9, Web Application Scanning, covers a number of tools and techniques for testing web applications.

Chapter 10, Attacking the Browser with BeEF, covers the Browser Exploitation Framework (BeEF), including configuration, hooking a browser, and a number of exploits.

Chapter 11, Working with Sparta, looks at how to configure and modify Sparta. We also cover how to take full advantage of the tool to collect and organize your information gathering.

Chapter 12, Automating Kali Tools, demonstrates automating a number of Kali tools to both collect information and exploit targets.

What you need for this book

In order to perform the examples provided in this book, you will need the following:

Vmware Workstation Player 12 (or newer) or Vmware Fusion 8.5 (or newer)

PuTTY 6.9 (for Windows users needing SSH)

Nessus 5.2.6

Kali Linux 2016.2

Ubuntu 64-bit 16.x

Metasploitable2

Wndows XP SP2

Who this book is for

This book is for information-security professionals and casual security enthusiasts alike. It provides foundational principles if you're a novice but will also introduce scripting techniques and in-depth analysis if you're more advanced. Whether you are brand new to Kali Linux or a seasoned veteran, this book will help you both understand and ultimately master many of the most powerful and useful scanning techniques in the industry. It is assumed that you have some basic security-testing experience.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Enumerating DNS using the host command."

A block of code is set as follows:

Any command-line input or output is written as follows:

theharvester -d google.com -l 500 -b google

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "On this page, scroll down to the VMware Workstation Player link and click on Download."

Warnings or important notes appear in a box like this.

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors .

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.

You can download the code files by following these steps:

Hover the mouse pointer on the

SUPPORT

tab at the top.

Click on

Code Downloads & Errata

Enter the name of the book in the

box.

Select the book for which you're looking to download the code files.

Choose from the drop-down menu where you purchased this book from.

Click on

Code Download

You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR / 7-Zip for Windows

Zipeg / iZip / UnRarX for Mac

7-Zip / PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Kali-Linux-Network-Scanning-Cookbook-Second-Edition. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/KaliLinuxNetworkScanningCookbookSecondEdition_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Getting Started

The following recipes will be covered in this chapter:

Configuring a security lab with VMware Player (Windows)

Configuring a security lab with VMware Fusion (macOS)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Using text editors (Vim and GNU nano)

Keeping Kali updated

Managing Kali services

Configuring and using SSH

Installing Nessus on Kali Linux

Introduction

This first chapter covers the basics of setting up and configuring a virtual security lab, which can be used to practice most of the scenarios and exercises addressed throughout this book. Topics addressed in this chapter include the installation of the virtualization software, the installation of various systems in the virtual environment, and the configuration of some of the tools that will be used in the exercises.

Configuring a security lab with VMware Player (Windows)

You can run a virtual security lab on a Windows PC with relatively few available resources by installing VMware Player on your Windows workstation. You can get VMware Player for free or get the more functional alternative, VMware Player Plus, for a low cost.

Getting ready

To download and install VMware Player on the Windows system, follow these steps:

To install VMware Player on your Windows workstation, you will first need to download the software. The download for the free version of VMware Workstation Player can be found at

https://my.vmware.com/web/vmware/free

On this page, scroll down to the VMware Workstation Player link and click on

Download

On page that opens up, select the Windows 64-bit installation package and then click on

Download

There are installation packages available for Linux 64-bit systems as well.

How to do it...

Follow these steps to setup the virtual environment:

Once the software package has been downloaded, you should find it in your default download directory. Double-click on the executable file in this directory to start the installation process. Once started, it is as easy as following the on-screen instructions to complete the installation.

After the installation is complete, you should be able to start VMware Player using the desktop icon, the quick launch icon, or from

All Programs

. Once it's loaded, you will see the virtual machine library. This library will not yet contain any virtual machines, but they will be populated as you create them in the left-hand side of the screen, as shown in the following screenshot:

Once you have opened VMware Workstation Player, you can select

Create a New Virtual Machine

to get started. This will initialize a very easy-to-use virtual machine installation wizard:

The first task you need to perform in the installation wizard is to define the installation media. You can choose to install it directly from your host machine's optical drive, or you can use an ISO image file. ISOs will be used for most of the installations discussed in this section, and the place you can get them from will be mentioned in each specific recipe.

For now, we will assume that we browsed to an existing ISO file and clicked on

. VMware Workstation Player will attempt to determine the operating system of the ISO file you selected. In some cases, it cannot and will ask you what operating system you are installing. In this example, we will choose

Debian 8.x

and click on

You then need to assign a name for the virtual machine. The virtual machine name is merely an arbitrary value that serves as a label to identify and distinguish it from other VMs in your library. Since a security lab is often classified by a diversity of operating systems, it can be useful to indicate the operating system as part of the virtual machine's name:

The next screen requests a value for the maximum size of the installation. The virtual machine will only consume hard drive space as required, but it will not exceed the value specified here.You should be aware of the minimum required disk space for your operating system and budget appropriately. Additionally, you can also define whether the virtual machine will be contained within a single file or spread across multiple files, as seen in the following screenshot:

Once you are done with specifying the disk capacity, you will see the following:

The final step provides a summary of the configurations. You can either select the

Finish

button to finalize the creation of the virtual machine or select the

Customize Hardware…

button to manipulate more advanced configurations. Have a look at the following screenshot for the advanced configurations:

The advanced configuration settings give you full control over shared resources, virtual hardware configurations, and networking. Most of the default configurations should be sufficient for your security lab, but if changes need to be made at a later time, these configurations can be readdressed by accessing the virtual machine settings. When you are done with setting up the advanced configuration, you will see something similar to the following:

After the installation wizard has finished, you should see the new virtual machine listed in your virtual machine library. From here, it can now be launched by pressing the

Play virtual machine

button. Multiple virtual machines can be run simultaneously by opening multiple instances of VMware Workstation Player and a unique VM in each instance.

How it works...

VMware creates a virtualized environment in which resources from a single hosting system can be shared to create an entire network environment. Virtualization software such as VMware has made it significantly easier and cheaper to build a security lab for personal, independent study.

Configuring a security lab with VMware Fusion (macOS)

You can also run a virtual security lab on macOS with relative ease by installing VMware Fusion on your Mac. VMware Fusion does require a license that has to be purchased, but it is very reasonably priced.

Getting ready

To install VMware Player on your Mac, you will first need to download the software. To download the free trial or purchase the software, go to https://www.vmware.com/products/fusion/.

How to do it...

These steps will help you to set up the virtual environment in the macOS:

Once the software package has been downloaded, you should find it in your default download directory. Run the

.dmg

installation file and then follow the on-screen instructions to install it.

Once the installation is complete, you can launch VMware Fusion either from the dock or within the

Applications

directory in Finder. Once it's loaded, you will see the

Virtual Machine Library

window. This library will not yet contain any virtual machines, but they will be populated as you create them in the left-hand side of the screen. The following screenshot shows the

Virtual Machine Library

window:

To get started, click on the

Add

button in the top-left corner of the screen and then click on

New

. This will start the virtual machine installation wizard. The installation wizard is a very simple guided process to set up your virtual machine, as shown in the following screenshot:

The first step requests that you select your installation method. VMware Fusion gives you options to install from a disc or image (ISO file) and offers several techniques to migrate existing systems to a new virtual machine. For all of the virtual machines discussed in this section, select the first option.

After selecting the first option,

Install from disc or image

, you will be prompted to select the installation disc or image to be used. If nothing is populated automatically, or if the automatically populated option is not the image you want to install, click on the

Use another disc or disc image...

button. This should open up Finder, and it will allow you to browse to the image you would like to use. The place where you can get specific system image files will be discussed in subsequent recipes in this chapter. You may be directed to a screen with a

Use Easy Install

option. If so, just uncheck the

Use Easy Install

option and click on

Continue

Finally, we are directed to the

Finish

window:

After you have selected the image file you wish to use, click on the

Continue

button, and you will be brought to the summary screen. This will provide an overview of the configurations you selected. If you wish to make changes to these settings, click on the

Customize Settings

button. Otherwise, click on the

Finish

button to create the virtual machine. When you click on it, you will be requested to save the file(s) associated with the virtual machine. The name you use to save it will be the name of the virtual machine and will be displayed in your

Virtual Machine Library

, as shown in the following screenshot:

As you add more virtual machines, you will see them included in the

Virtual Machine Library

in the left-hand side of the screen. After selecting a particular virtual machine, you can launch it by clicking on the

Start Up

button at the top. Additionally, you can use the

Settings

button to modify configurations or use the

Snapshots

button to save the virtual machine at various moments in time. You can run multiple virtual machines simultaneously by starting each one independently from the library.

How it works...

Using VMware Fusion within the macOS operating system, you can create a virtualized lab environment in order to create an entire network environment on an Apple host machine. Virtualization software such as VMware has made it significantly easier and cheaper to build a security lab for personal, independent study.

Installing Ubuntu Server

Ubuntu Server is an easy-to-use Linux distribution that can be used to host network services and/or vulnerable software for testing in a security lab. Feel free to use other Linux distributions if you prefer; however, Ubuntu is a good choice for beginners because there are a lot of reference materials and resources publicly available.

Getting ready

Prior to installing Ubuntu Server in VMware, you will need to download the image disc (ISO file). This file can be downloaded from Ubuntu's website at http://www.ubuntu.com/server. For the purposes of this book, we will be using Ubuntu 16.10.

How to do it...

Now the virtual machine is ready, but first, we need to install Ubuntu on the VM. Follow along to install Ubuntu on the VM:

After the image file has been loaded and the virtual machine has been booted from it, you will see the default Ubuntu menu, shown in the following screenshot. This includes multiple installation and diagnostic options. The menu can be navigated to with the keyboard. For a standard installation, ensure that the

Install Ubuntu Server

option is highlighted, and press the

Enter

key:

Press the

key and check the following options:

acpi=off

noapic

, and

nolapic

. Once this is done, click on

Install Ubuntu Server

When the installation process begins, you will be asked a series of questions to define the configurations of the system. The first two options request that you specify your language and country of residence. After answering these questions, you will be required to define your keyboard layout configuration, as shown in the following screenshot:

There are multiple options available to define the keyboard layout. One option is detection, in which you will be prompted to press a series of keys that will allow Ubuntu to detect the keyboard layout you are using. You can use keyboard detection by clicking on Yes. Alternatively, you can select your keyboard layout manually by clicking on No. This process is streamlined by defaulting to the most likely choice based on your country and language.

After you have defined your keyboard layout, you are requested to enter a hostname for the system. If you will be joining the system to a domain, ensure that the hostname is unique. Next, you will be asked for the full name of the new user and a username. Unlike the full name of the user, the username should consist of a single string of lowercase letters. Numbers can also be included in the username, but they cannot be the first character. Have a look at the following screenshot:

After you have provided the username of the new account, you will be requested to provide a password. Ensure that the password is something you can remember as you may later need to access this system to modify configurations. Have a look at the following screenshot:

After supplying a password, you will be asked to decide whether the home directories for each user should be encrypted. While this offers an additional layer of security, it is not essential in a lab environment as the systems will not be holding any actual sensitive data. You will next be asked to configure the system clock, as shown in the following screenshot:

Even though your system is on an internal IP address, it will attempt to determine the public IP address through which it is routing out and will use this information to guess your appropriate time zone. If the guess provided by Ubuntu is correct, select

Yes

; if not, select

to manually choose the time zone. After the time zone is selected, you will be asked to define the disk partition configurations, as shown in the following screenshot:

If you have no reason to select differently, it is recommended you choose the default selection. It is unlikely that you will need to perform any manual partitioning in a security lab as each virtual machine will usually be using a single dedicated partition. After selecting the partitioning method, you will be asked to select the disk. Unless you have added additional disks to the virtual machine, you should only see the following option here:

After selecting the disk, you will be asked to review the configurations. Verify that everything is correct and then confirm the installation.You will then be asked for the amount of the volume group to use for guided partitioning. This should be the full amount you specified for the drive, as shown in the following screenshot:

Prior to the installation process, you will be asked to configure your HTTP proxy. For the purposes of this book, a separate proxy is unnecessary, and you can leave this field blank:

You will then be asked how you want to manage upgrades on the system.Use the

No automatic updates

selection:

Finally, you will be asked whether you want to install any software on the operating system, as shown in the following screenshot:

To select any given software, use the spacebar. To increase the attack surface, I have included multiple services, only excluding virtual hosting and additional manual package selection. Once you have selected your desired software packages, press the

Enter

key to complete the process. You will be asked some questions about the software you selected to install. Just follow the prompts; for most cases, the default selections will be fine:

Once the software is installed, you will be asked whether you want to install the GRUB bootloader on the hard disk. Select

, and your installation is complete.

How it works...

Ubuntu Server has no GUI and is exclusively command-line driven. To use it effectively, I recommended you use SSH. To configure and use SSH, refer to the Configuring andusing SSH recipe later in this chapter.

Installing Metasploitable2

Metasploitable2 is an intentionally vulnerable Linux distribution and is also a highly effective security training tool. It comes fully loaded with a large number of vulnerable network services and also includes several vulnerable web applications.

Getting ready

Prior to installing Metasploitable2 in your virtual security lab, you will need to download it from the Web. There are many mirrors and torrents available for this. One relatively easy method to acquire Metasploitable2 is to download it from SourceForge from this URL: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.

How to do it...

Installing Metasploitable2 is likely to be one of the easiest installations that you will perform in your security lab. This is because it is already prepared as a VMware virtual machine when it is downloaded from SourceForge.

Once the ZIP file has been downloaded, you can easily extract its contents on Windows or macOS by double-clicking on it in Explorer or Finder, respectively. Have a look at the following screenshot:

Once extracted, the ZIP file will return a directory with five additional files inside. Included among these files is the VMware VMX file. To use Metasploitable2 in VMware, just click on the

File

drop-down menu and click on

Open

. Then, browse to the directory created from the ZIP extraction process, and open

Metasploitable.vmx

, as shown in the following screenshot:

Once the VMX file has been opened, it should be included in your virtual machine library. Select it from the library and click on

Run

to start the VM and get the following screen:

After the VM loads, the splash screen will appear and request login credentials. The default credentials are

msfadmin

for both the username and password. This machine can also be accessed via SSH, as addressed in the

Configuring and using SSH

recipe later in this recipe.

How it works...

Metasploitable was built with the idea of security testing education in mind. This is a highly effective tool, but it must be handled with care. The Metasploitable system should never be exposed to any untrusted networks. It should never be assigned a publicly routable IP address, and port forwarding should not be used to make services accessible over the Network Address Translation (NAT) interface.

Installing Windows Server

Having a Windows operating system in your testing lab is critical to learning security skills as it is the most prominent operating system environment used in production systems. In the scenarios provided, an installation of Windows XP Service Pack 2 (SP2) is used. Since Windows XP is an older operating system, there are many flaws and vulnerabilities that can be exploited in a test environment.

Getting ready

To complete the tasks discussed in this recipe and some of the exercises later in this book, you will need to acquire a copy of a Windows operating system. If possible, Windows XP SP2 should be used because it was the operating system used while writing this book. One of the reasons this operating system was selected is because it is no longer supported by Microsoft and can be acquired with relative ease and at little to no cost. However, because it is no longer supported, you will need to purchase it from a third-party vendor or acquire it by other means. I'll leave the acquisition of this product up to you.

How to do it...

Let's install Windows XP on the VM:

After booting from the Windows XP image file, a blue menu screen will load, which will ask you a series of questions to guide you through the installation process. Initially, you will be asked to define the partition that the operating system will be installed to. Unless you have made custom changes to your virtual machine, you should only see a single option here. You can then select either a quick or full-disk format. Either option should be sufficient for the virtual machine.

Once you have answered these preliminary questions, you will be provided with a series of questions regarding operating system configurations. Then, you will be directed to the following screen:

First, you will be asked to provide a

Name

and

Organization

. The name is assigned to the initial account that was created, but the organization name is merely included for metadata purposes and has no effect on the performance of the operating system.

Next, you will be requested to provide the

Computer name

and

Administrator password

, as shown in the following screenshot:

If you will be adding the system to a domain, it is recommended you use a unique computer name. The admin password should be one that you will remember as you will need to log in to this system to test or configure changes. You will then be asked to set the date, time, and time zone. These will likely be automatically populated, but ensure that they are correct as misconfiguring the date and time can affect system performance. Have a look at the following screenshot:

After configuring the time and date, you will be asked to assign the system to either a workgroup or domain. Most of the exercises discussed within this book can be performed with either configuration. However, there are a few remote SMB auditing tasks, which will be discussed, that require that the system be domain joined. The following screenshot shows the

Help protect your PC

window:

After the installation process has been completed, you will be prompted to help protect your PC with automatic updates. The default selection for this is to enable automatic updates. However, because we want to increase the number of testing opportunities available to us, we will select the

Not right now

option.

How it works...

Windows XP SP2 is an excellent addition to any beginner's security lab. Since it is an older operating system, it offers a large number of vulnerabilities that can be tested and exploited. However, as one becomes more skilled in the art of penetration testing, it is important to begin to further polish your skills by introducing newer and more secure operating systems such as Windows 7.

Increasing the Windows attack surface

To further increase the availability of the attack surface on the Windows operating system, it is important to add vulnerable software and enable or disable certain integrated components.

Getting ready

Prior to modifying the configurations in Windows to increase the attack surface, you will need to have the operating system installed on one of your virtual machines. If this has not been done already, refer to the previous recipe.

How to do it...

Now, follow these steps to make Windows XP more vulnerable:

Enabling remote services, especially unpatched remote services, is usually an effective way of introducing some vulnerabilities into a system. First, you'll want to enable

Simple Network Management Protocol

(

SNMP

) on your Windows system. To do this, open the Start menu in the bottom-left corner and then click on

Control Panel

. Double-click on the

Add

or Remove Programs

icon, and then click on the

Add/Remove Windows Components

link on the left-hand side of the screen to get the following screen:

From here, you will see a list of components that can be enabled or disabled on the operating system. Scroll down to

Management and Monitoring Tools

and double-click on it to open the options contained within, as shown in the following screenshot:

Once opened, ensure that both checkboxes,

Simple Network Management Protocol

and

WMI SNMP Provider

, are checked. This will allow remote SNMP queries to be performed on the system. After clicking on

, the installation of these services will begin. This installation will require the Windows XP image disc, which VMware likely removed after the virtual machine was imaged. If this is the case, you will receive a popup requesting you to insert the disc, as shown in the following screenshot:

To use the disc image, access the virtual machine settings. Ensure that the virtual optical media drive is enabled, then browse to the ISO file in your host filesystem to add the disc:

Once the disc is detected, the installation of SNMP services will be completed automatically. The

Windows Components Wizard

window should notify you when the installation is complete. In addition to adding services, you should also remove some default services included in the operating system. To do this, open

Control Panel

again and double-click on the

Security Center

icon. Scroll to the bottom of the page, click on the link for

Windows Firewall

, and ensure that this feature is turned off, as shown in the following screenshot:

After you have turned off the

Windows Firewall

feature, click on

to return to the previous menu. Scroll to the bottom once again, click on the

Automatic Updates

link, and ensure that it is also turned off.

How it works...

The enabling of functional services and disabling of security services on an operating system drastically increases the risk of compromise. By increasing the number of vulnerabilities present on the operating system, we also increase the number of opportunities available to learn attack patterns and exploitation. This particular recipe only addressed the manipulation of integrated components in Windows to increase the attack surface. However, it can also be useful to install various third-party software packages that have known vulnerabilities.

Vulnerable software packages can be found at the following URLs:http://www.exploit-db.com/http://www.oldversion.com/

Installing Kali Linux

Kali Linux is known as one of the best hacking distributions, providing an entire arsenal of penetration testing tools. The developers recently released Kali Linux 2016.2, which solidified their efforts in making it a rolling distribution. Different desktop environments have been released alongside GNOME in this release, such as e17, LXDE, Xfce, MATE, and KDE. Kali Linux will be kept updated with the latest improvements and tools by weekly updated ISOs.For the purposes of this book, we will be using Kali Linux 2016.2 with GNOME as our development environment for many of the scanning scripts that will be discussed throughout this book.

Getting ready

Prior to installing Kali Linux in your virtual security testing lab, you will need to acquire the ISO file (image file) from a trusted source. The Kali Linux ISO can be downloaded at http://www.kali.org/downloads/.

How to do it...

These steps will guide you to install Kali Linux on the VM:

After selecting the Kali Linux ISO file, you will be asked what operating system you are installing.Currently Kali Linux is built on Debian 8.x. Choose this and click on

Continue

You will see a finish screen, but let's customize the settings first.Kali Linux requires at least 15 GB of hard disk space and a minimum of 512 MB RAM:

After booting from the Kali Linux image file, you will be presented with the initial boot menu. Here, scroll down to the sixth option,

Install

, and press the

Enter

key to start the installation process:

Once it has started, you will be guided through a series of questions to complete the installation process. Initially, you will be asked to provide your location (country) and language. You will then be provided with an option to manually select your keyboard configuration or use a guided detection process.

The next step will request that you provide a hostname for the system. If the system will be joined to a domain, ensure that the hostname is unique, as shown in the following screenshot:

Next, you will need to set the password for the root account. It is recommended that this be a fairly complex password that will not be easily compromised. Have a look at the following screenshot:

Next, you will be asked to provide the time zone you are located in. The system will use IP geolocation to provide its best guess of your location. If this is not correct, manually select the correct time zone:

For setting up your disk partition, using the default method and partitioning scheme should be sufficient for lab purposes:

It is recommended that you use a mirror to ensure that your software in Kali Linux is kept up to date:

Next, you will be asked to provide an HTTP proxy address. An external HTTP proxy is not required for any of the exercises addressed in this book, so this can be left blank:

Finally, choose

Yes

to install the GRUB boot loader and then press the

Enter

key to complete the installation process. When the system loads, you can log in with the root account and the password provided during the installation:

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben:

Kali Linux Network Scanning Cookbook. E-Book

Michael Hixon

Title Page

Second Edition

Copyright

Kali Linux Network Scanning Cookbook

Second Edition

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Getting Started

Introduction

Configuring a security lab with VMware Player (Windows)

Getting ready

How to do it...

How it works...

Configuring a security lab with VMware Fusion (macOS)

Getting ready

How to do it...

How it works...

Installing Ubuntu Server

Getting ready

How to do it...

How it works...

Installing Metasploitable2

Getting ready

How to do it...

How it works...

Installing Windows Server

Getting ready

How to do it...

How it works...

Increasing the Windows attack surface

Getting ready

How to do it...

How it works...

Installing Kali Linux

Getting ready

How to do it...