Kali Linux Penetration Testing Bible E-Book

Table of Contents

Cover

Title Page

Introduction

What Does This Book Cover?

Companion Download Files

How to Contact the Publisher

How to Contact the Author

CHAPTER 1: Mastering the Terminal Window

Kali Linux File System

Managing Users and Groups in Kali

Files and Folders Management in Kali Linux

Remote Connections in Kali

Kali Linux System Management

Networking in Kali Linux

Summary

CHAPTER 2: Bash Scripting

Basic Bash Scripting

Printing to the Screen in Bash

Variables

Script Parameters

User Input

Functions

Conditions and Loops

Summary

CHAPTER 3: Network Hosts Scanning

Basics of Networking

Network Scanning

DNS Enumeration

Summary

CHAPTER 4: Internet Information Gathering

Passive Footprinting and Reconnaissance

Summary

CHAPTER 5: Social Engineering Attacks

Spear Phishing Attacks

Payloads and Listeners

Social Engineering with the USB Rubber Ducky

Summary

CHAPTER 6: Advanced Enumeration Phase

Transfer Protocols

E‐mail Protocols

Database Protocols

CI/CD Protocols

Web Protocols 80/443

Graphical Remoting Protocols

File Sharing Protocols

Summary

CHAPTER 7: Exploitation Phase

Vulnerabilities Assessment

Services Exploitation

Summary

CHAPTER 8: Web Application Vulnerabilities

Web Application Vulnerabilities

Summary

CHAPTER 9: Web Penetration Testing and Secure Software Development Lifecycle

Web Enumeration and Exploitation

Secure Software Development Lifecycle

Summary

CHAPTER 10: Linux Privilege Escalation

Introduction to Kernel Exploits and Missing Configurations

Kernel Exploits

SUID Exploitation

Overriding the Passwd Users File

CRON Jobs Privilege Escalation

sudoers

Exploiting Running Services

Automated Scripts

Summary

CHAPTER 11: Windows Privilege Escalation

Windows System Enumeration

File Transfers

Windows System Exploitation

Summary

CHAPTER 12: Pivoting and Lateral Movement

Dumping Windows Hashes

Pivoting with Port Redirection

Summary

CHAPTER 13: Cryptography and Hash Cracking

Basics of Cryptography

Cracking Secrets with Hashcat

Summary

CHAPTER 14: Reporting

Overview of Reports in Penetration Testing

Scoring Severities

Report Presentation

Summary

CHAPTER 15: Assembly Language and Reverse Engineering

CPU Registers

Assembly Instructions

Data Types

Memory Segments

Addressing Modes

Reverse Engineering Example

Summary

CHAPTER 16: Buffer/Stack Overflow

Basics of Stack Overflow

Stack Overflow Exploitation

Summary

CHAPTER 17: Programming with Python

Basics of Python

Running Python Scripts

Debugging Python Scripts

Practicing Python

Python Basic Syntaxes

Variables

More Techniques in Python

Summary

CHAPTER 18: Pentest Automation with Python

Penetration Test Robot

Summary

APPENDIX A: APPENDIX AKali Linux Desktop at a Glance

Downloading and Running a VM of Kali Linux

Kali Xfce Desktop

Summary

APPENDIX B: APPENDIX BBuilding a Lab Environment Using Docker

Docker Technology

Summary

Index

Copyright

About the Author

About the Technical Editor

Acknowledgments

End User License Agreement

List of Tables

Chapter 1

Table 1.1 Tmux Keyboard Shortcuts

Chapter 2

Table 2.1 Numerical Conditions

Table 2.2 String Conditions

Table 2.3 File/Directory Conditions

Chapter 3

Table 3.1 OSI Layers

Table 3.2 Subnets and CIDR

Table 3.3 Common Port Numbers

Table 3.4 Nmap Version Intensity

Chapter 4

Table 4.1 The Most Common Query Criteria Used on the Shodan Site

Table 4.2 Google Dorks Common Queries

Chapter 14

Table 14.1 CVSS Score Rating

Chapter 15

Table 15.1 Flag Registers

Table 15.2 Assembly Instructions

Table 15.3 Assembly Jump Instructions

Table 15.4 Assembly Instructions

Table 15.5 Data Types

Table 15.6 Addressing Modes

Chapter 17

Table 17.1 Arithmetic Operators

Table 17.2 String Formatters

Table 17.3 String Functions

Table 17.4 Comparision Operators

Table 17.5 Python Escape Characters

List of Illustrations

Chapter 1

Figure 1.1 Tmux New Window

Figure 1.2 New Tmux Highlighted Tab

Figure 1.3 Tmux Vertical Windows Side by Side

Figure 1.4 Tmux Horizontal Windows

Figure 1.5 Kali Linux OS Security Commands

Figure 1.6 Kali Linux – Files and Folders Commands

Figure 1.7 USB Mount

Figure 1.8 Mount Using the Command Line

Figure 1.9 “Windows Login”

Figure 1.10 SSH with MobaXterm on Windows

Figure 1.11 SSH Root Connection

Figure 1.12 SSH Service Status

Figure 1.13 SSH Key Generation

Figure 1.14 Kali System Management Commands

Figure 1.15 HTOP

Figure 1.16 Kali Networking Commands

Figure 1.17 Kali Network Interfaces

Figure 1.18 Static IP Configs

Figure 1.19 Testing Internet Connection

Chapter 2

Figure 2.1 Bash Scripting

Figure 2.2 Export Config

Figure 2.3 Script Sections

Figure 2.4 Conditions and Loops

Chapter 3

Figure 3.1 TCP Handshake

Figure 3.2 Wireshark Network Interface Selection

Figure 3.3 Wireshark Capture

Figure 3.4 Wireshark ICMP Filter

Chapter 4

Figure 4.1 Shodan

Figure 4.2 Google Dork Site Filter

Figure 4.3 Google Dork Site Filter with Description

Figure 4.4 Google Hacking Database

Figure 4.5 Kali Menu – Information Gathering

Figure 4.6 Maltego Transform Hub

Figure 4.7 Maltego Entities

Figure 4.8 Maltego Transforms

Figure 4.9 Maltego To Domains Tranform

Figure 4.10 Maltego Domain Name / DNS

Figure 4.11 Domain Name Tansforms

Figure 4.12 Maltego Subdomains Graph

Chapter 5

Figure 5.1 Admin E‐mail

Figure 5.2 Bind Shell

Figure 5.3 Reverse Shell

Figure 5.4 Virus Total

Figure 5.5 USB Rubber Ducky

Figure 5.6 USB Rubber Ducky with MicroSD

Figure 5.7 Running PowerShell in Admin Mode

Chapter 6

Figure 6.1 Jenkins Web Portal

Figure 6.2 Jenkins Error Message

Figure 6.3 Firefox Network Settings

Figure 6.4 Kali Menu ‐ Burp Suite

Figure 6.5 Burp Suite Proxy

Figure 6.6 Burp Suite – Send to Repeater

Figure 6.7 POST Contents

Chapter 7

Figure 7.1 OpenVAS Web Portal

Figure 7.2 OpenVAS New Target

Figure 7.3 OpenVAS Target Options

Figure 7.4 OpenVAS Task Options

Figure 7.5 OpenVAS Run A Task

Figure 7.6 OpenVAS Report Results

Figure 7.7 OpenVAS – Vulnerability Results Sample

Figure 7.8 OpenVAS‐ Report References

Figure 7.9 Google Search for Exploit

Figure 7.10 FileZilla FTP Connect

Figure 7.11 FileZilla FTP Connection Established

Figure 7.12 Google Search – FTP Exploit

Figure 7.13 Wireshark Interface Selection

Figure 7.14 Wireshark Capture Results

Figure 7.15 Wireshark – Follow TCP Stream

Figure 7.16 Wireshark – Cleartext Capture

Figure 7.17 Receiving Email Settings

Figure 7.18 Sending Email Settings

Figure 7.19 Email Inbox

Figure 7.20 Docker Host Design

Figure 7.21 Jenkins Homepage

Figure 7.22 Jenkins ‐ New Project

Figure 7.23 Jenkins – Add Build Step

Figure 7.24 Jenkins – Reverse Shell

Figure 7.25 SMB Connect

Figure 7.26 SMB Connection Established

Chapter 8

Figure 8.1 Mutillidae Home Page

Figure 8.2 Mutillidae – DNS Lookup

Figure 8.3 Mutillidae – Script Alert

Figure 8.4 Mutillidae – Blog Entry

Figure 8.5 Mutillidae ‐ Logs

Figure 8.6 Burp suite – Proxy Intercept

Figure 8.7 Burp Suite – User‐Agent Edit

Figure 8.8 Mutillidae – Bad Characters Error Message

Figure 8.9 Burp Suite – Intercept Payload

Figure 8.10 Burp Suite – Target Host Script

Figure 8.11 Accounts Table

Figure 8.12 Accounts Table ‐ SQL Query

Figure 8.13 Login SQLi

Figure 8.14 Login SQLi Query

Figure 8.15 Login SQLi Results

Figure 8.16 Mutillidae – Login SQLi

Figure 8.17 Mutillidae – Login SQLi Results

Figure 8.18 SQLi ‐ Union Select Syntax

Figure 8.19 SQLi – Union Select

Figure 8.20 SQLi – Union Select with DB Version

Figure 8.21 Schema Table – Credit Cards Field

Figure 8.22 Credit Cards Table Query

Figure 8.23 Extract Credit Cards Table Data

Figure 8.24 SQL Query – Write To System

Figure 8.25 SQLi Error

Figure 8.26 Mutillidae – Command Injection

Figure 8.27 Mutillidae – Extracting Passwd File

Figure 8.28 Mutillidae – Remote File Inclusion

Figure 8.29 Mutillidae Blog Page

Figure 8.30 Burp Suite – Generate CSRF PoC

Figure 8.31 Burp Suite – Generate CSRF Copy HTML

Figure 8.32 CSRF PoC Victim

Figure 8.33 CSRF PoC Results

Figure 8.34 Mutillidae File Upload

Figure 8.35 Mutillidae – File Upload Results

Figure 8.36 File Upload POST Data

Figure 8.37 File Upload Post Data Payloads

Figure 8.38 Burp Suite – Intercept Hex Tab

Figure 8.39 Burp Suite Encoding

Chapter 9

Figure 9.1 Burp Suite Certificate

Figure 9.2 Importing the Burp Suite Certificate

Figure 9.3 Burp Suite Proxy Tab, Options Section

Figure 9.4 Burp Suite Target

Figure 9.5 Burp Suite Add To Scope Option

Figure 9.6 Burp Suite In‐Scope Filter

Figure 9.7 Burp Suite In‐Scope Filter Applied

Figure 9.8 Burp Suite Discover Content Menu Item

Figure 9.9 Burp Suite Running Discover Content Feature

Figure 9.10 Burp Suite Active Scan

Figure 9.11 Burp Suite Send To Repeater Menu Item

Figure 9.12 Changing the UID Param

Figure 9.13 Burp Suite Intruder Positions Subtab

Figure 9.14 Burp Suite Intruder Payload

Figure 9.15 Burp Suite Intruder Payload Option

Figure 9.16 Burp Suite Intruder Attack

Figure 9.17 Burp Suite Extender Tab

Figure 9.18 BApp Store

Figure 9.19 Creating Reports in Burp Suite

Figure 9.20 Report Sample in Burp Suite

Figure 9.21 Software Development Lifecycle

Figure 9.22 Secure Development Lifecycle

Figure 9.23 Network Diagram

Figure 9.24 Data Flow Diagram

Chapter 10

Figure 10.1 Google Search – Dirty COW Exploit

Chapter 11

Figure 11.1 Windows Permissions

Figure 11.2 Iperius Backup

Figure 11.3 Iperius About Tab

Figure 11.4 Exploit‐DB – Iperius Exploitation

Figure 11.5 Iperius – Evil.bat Config

Chapter 12

Figure 12.1 Port Forwarding

Figure 12.2 ECorp Network Diagram

Chapter 13

Figure 13.1 RSA Tool

Chapter 14

Figure 14.1 CVSS Calculator

Figure 14.2 CVSS Results

Chapter 15

Figure 15.1 General CPU Registers

Figure 15.2 Index Registers

Figure 15.3 Pointer Registers

Figure 15.4 Segment Registers

Figure 15.5 Memory Segments

Figure 15.6 Immunity Paused

Figure 15.7 Main Function Instructions

Figure 15.8 Follow In Dump

Figure 15.9 Memory Dump Window

Figure 15.10 Memory Map Menu

Figure 15.11 Memory Map Window

Figure 15.12

HelloWorld.text

Figure 15.13 Registers

Figure 15.14 Stack

Chapter 16

Figure 16.1 Stack Pointers

Figure 16.2 PUSH EBP

Figure 16.3 Immunity Debugger, Opening a File

Figure 16.4 Immunity Debugger, Run Button

Figure 16.5 Error Message

Figure 16.6 Stack Structure

Figure 16.7 Filling the Buffer with As

Figure 16.8 Stack Overflow with A, B, and C

Chapter 17

Figure 17.1 Running VS Code

Figure 17.2 Python Extension

Figure 17.3 Pylint

Figure 17.4 Debug

Figure 17.5 Output

Chapter 18

Figure 18.1 Application Workflow

Appendix A

Figure A.1 Choose Kali/Linux on the Load Menu

Figure A.2 Xfce Installation Option

Figure A.3 Kali Desktop

Figure A.4 Kali Menu

Figure A.5 Remove from Favorites

Figure A.6 Add to Favorites

Figure A.7 Kali Menu Tools

Figure A.8 Kali Settings Menu

Figure A.9 Managing the Network

Figure A.10 Kali Dark Theme

Figure A.11 Desktop Icons

Figure A.12 Changing Fonts

Figure A.13 Appearance Settings

Figure A.14 Changing Desktop Background

Figure A.15 Menu Settings

Figure A.16 Applications Menu

Figure A.17 Managing Workspaces

Figure A.18 Icons Settings

Figure A.19 Display Settings

Figure A.20 Advanced Display Settings

Figure A.21 Kali File Manager

Figure A.22 File Manager Preferences

Figure A.23 File Manager Behavior

Figure A.24 File Manager Advanced Settings

Figure A.25 Keyboard Settings

Figure A.26 Application Shortcuts

Figure A.27 MIME Type Editor

Figure A.28 Mouse Settings

Figure A.29 Top Bar

Figure A.30 Panel Settings

Figure A.31 Panel Appearance Settings

Figure A.32 Panel Items Position

Figure A.33 Workspaces

Figure A.34 Window Manager

Figure A.35 Windows Keyboard Shortcuts

Figure A.36 Window Focus Settings

Figure A.37 Panel Settings

Figure A.38 Top Panel Changes

Figure A.39 Adding a Panel

Figure A.40 New Panel Settings

Figure A.41 Add to Panel

Figure A.42 Final Results

Figure A.43 Desktop Settings

Figure A.44 Desktop Background

Figure A.45 Icons Settings

Figure A.46 Desktop New Look

Figure A.47 Graphical Install

Figure A.48 Language

Figure A.49 Hostname

Figure A.50 User Full Name

Figure A.51 User Password

Figure A.52 Partition Disks Step 1

Figure A.53 Partition Disks Step 2

Figure A.54 Partition Disks Step 3

Figure A.55 Partition Disks Final Step

Figure A.56 Software Selection

Figure A.57 GRUB Loader

Figure A.58 Installation Accomplishment

Appendix B

Figure B.1 Docker Commands

Figure B.2 Docker Container Example

Figure B.3 Mutillidae DB Init

Figure B.4 Mutillidae Home Page

Guide

Cover

Table of Contents

Begin Reading

Pages

i

xx

xxi

xxii

xxiii

xxiv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

477

478

479

480

481

482

483

484

485

486

487

488

ii

iii

iv

v

489

Kali Linux Penetration Testing Bible

Introduction

Kali is a popular Linux distribution used by security professionals and is becoming an important tool for daily use and for certifications. Penetration testers need to master Kali's hundreds of tools for pentesting, digital forensics, and reverse engineering. Kali Linux Penetration Testing Bible is a hands‐on guide for getting the most from Kali Linux for pentesting. This book is for working cybersecurity professionals in offensive, hands‐on roles, including red teamers, white‐hat hackers, and ethical hackers. Defensive specialists will also find this book valuable, as they need to be familiar with the tools used by attackers.

This comprehensive pentesting book covers every aspect of the art and science of penetration testing. It covers topics like building a modern Dockerized environment, the basics of bash language in Linux, finding vulnerabilities in different ways, identifying false positives, and practical penetration testing workflows. You'll also learn to automate penetration testing with Python and dive into advanced subjects like buffer overflow, privilege escalation, and beyond.

By reading this book, you will:

Gain a thorough understanding of the hundreds of penetration testing tools available in Kali Linux.

Master the entire range of techniques for ethical hacking so you can be more effective in your job and gain coveted certifications.

Learn how penetration testing works in practice and fill the gaps in your knowledge to become a pentesting expert.

Discover the tools and techniques that hackers use so you can boost your network's defenses.

What Does This Book Cover?

This book goes deep into the subject of penetration testing. For established penetration testers, this book fills all the practical gaps, so you have one complete resource that will help you as your career progresses. For newcomers to the field, Kali Linux Penetration Testing Bible is your best guide to how ethical hacking really works.

Chapter 1: Mastering the Terminal Window

This chapter outlines the in and outs of the Linux system Terminal window and covers how to manage the file system like the pros. You will learn how to manage users and groups inside Kali, and you will see how to manipulate files and folders during your engagements and much more.

Chapter 2: Bash Scripting

Bash scripting is an essential skill for a penetration tester. In this chapter you will learn how to start to use programming principles such as variables, functions, conditions, loops, and much more.

Chapter 3: Network Hosts Scanning

This chapter teaches you how to conduct network scans like professionals. You will learn first about the basics of networking, and then you will delve deep into the port scanning techniques.

Chapter 4: Internet Information Gathering

This chapter discusses the passive information gathering phase in penetration testing. You will be introduced to how to deal with advanced search engine queries. Also, you will learn how to use Shodan and other tools to get the job done.

Chapter 5: Social Engineering Attacks

This chapter focuses on how to take advantage of human weakness to exploit organizations. You will learn about how to send phishing emails and steal credentials. On top of that, you will see how to use the Social Engineer Toolkit as a penetration tester. Finally, you will see how USB Rubber Ducky operates in similar SE attacks.

Chapter 6: Advanced Enumeration Phase

This chapter reviews how to handle the enumeration phase in a penetration testing engagement. Enumeration means collecting the necessary information that will allow us to exploit the specific service (e.g., FTP, SSH, etc.).

Chapter 7: Exploitation Phase

This chapter discusses some actual attacks and shows you how to get inside the systems. In the previous chapters, you had all the information about each service, and in this one, we will take this step further and exploit the vulnerabilities.

Chapter 8: Web Application Vulnerabilities

This chapter focuses on the basics of web application vulnerabilities. The goal is to allow you test web applications with ease during your engagements. Every company has a website these days, and it's crucial to understand this topic from A to Z.

Chapter 9: Web Penetration Testing and Secure Software Development Lifecycle

In this chapter, you will mainly learn about the methodology of web application penetration testing and how to use Burp Suite Pro. Finally, you will see how to implement a secure software development lifecycle (SSDLC) in an organization.

Chapter 10: Linux Privilege Escalation

This chapter focuses mainly on Linux operating system privilege escalation. The techniques in this chapter will allow you to gain root privileges on a compromised Linux OS.

Chapter 11: Windows Privilege Escalation

This chapter describes how to get administrator privileges on the compromised Windows OS. First you will learn about how to enumerate the Windows OS, and then you will see how to exploit the Windows system with practical examples.

Chapter 12: Pivoting and Lateral Movement

This chapter describes how to use the pivoting techniques to move laterally on the compromised network. In this chapter, you will learn how Windows hashes work under the hood and how to reuse admin credentials to get the job done.

Chapter 13: Cryptography and Hash Cracking

This chapter describes how to crack hashes during your engagements using Hashcat. Before starting on the cracking topic, you will learn about the basics of cryptography including hashing and encryption.

Chapter 14: Reporting

This chapter explains how to present professional penetration testing reports. Also, you will learn how to evaluate accurately the severity of your findings.

Chapter 15: Assembly Language and Reverse Engineering

This chapter will introduce you to the concept of reverse engineering using the assembly language. You will learn about the basics of the assembly language including registers, assembly instructions, memory segments, and much more.

Chapter 16: Buffer/Stack Overflow

This chapter will use what you learned in the previous chapter to exploit the stack using the buffer overflow technique.

Chapter 17: Programming with Python

This chapter discusses the basics of Python version 3. This programming language is the choice of hackers, so you should learn it too.

Chapter 18: Pentest Automation with Python

This chapter focuses on the automation of the penetration testing phases using the Python language. You will see a complete practical example that can use in your career.

Appendix A: Kali Linux Desktop at a Glance

This appendix focuses on how to manage the interface of the Kali Linux desktop environment. You will learn how to handle this operating system with ease and customize it to your liking.

Appendix B: Building a Lab Environment Using Docker

This appendix will delve deep with Docker, and you will see how images and containers work in practice. Both Docker and hypervisor technologies facilitate the creation of a live lab so we, penetration testers, can have fun with it.

Companion Download Files

As you work through the examples in this book, you may choose either to type in all the code manually or to use the source code files that accompany the book. All the source code used in this book is available for download from www.wiley.com/go/kalilinuxpenbible .

How to Contact the Publisher

If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

How to Contact the Author

We appreciate your input and questions about this book! Email the author at [email protected] , or message him on Twitter at @GusKhawaja .