O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux - An Ethical Hacker's Cookbook

Book Description

Over 120 recipes to perform advanced penetration testing with Kali Linux

About This Book

  • Practical recipes to conduct effective penetration testing using the powerful Kali Linux
  • Leverage tools like Metasploit, Wireshark, Nmap, and many more to detect vulnerabilities with ease
  • Confidently perform networking and application attacks using task-oriented recipes

Who This Book Is For

This book is aimed at IT security professionals, pentesters, and security analysts who have basic knowledge of Kali Linux and want to conduct advanced penetration testing techniques.

What You Will Learn

  • Installing, setting up and customizing Kali for pentesting on multiple platforms
  • Pentesting routers and embedded devices
  • Bug hunting 2017
  • Pwning and escalating through corporate network
  • Buffer overflows 101
  • Auditing wireless networks
  • Fiddling around with software-defned radio
  • Hacking on the run with NetHunter
  • Writing good quality reports

In Detail

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.

Style and approach

This is a recipe-based book that allows you to venture into some of the most cutting-edge practices and techniques to perform penetration testing with Kali Linux.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Conventions
    6. Reader feedback
    7. Customer support
      1. Downloading the example code
      2. Downloading the color images of this book
      3. Errata
      4. Piracy
      5. Questions
  2. Kali – An Introduction
    1. Introduction
    2. Configuring Kali Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Configuring the Xfce environment
      1. How to do it...
    4. Configuring the Mate environment
      1. How to do it...
    5. Configuring the LXDE environment
      1. How to do it...
    6. Configuring the e17 environment
      1. How to do it...
    7. Configuring the KDE environment
      1. How to do it...
    8. Prepping up with custom tools
      1. Getting ready
      2. How to do it...
        1. Dnscan
        2. Subbrute
        3. Dirsearch
    9. Pentesting VPN's ike-scan
      1. Getting ready
      2. How to do it...
        1. Cracking the PSK
      3. How it works...
    10. Setting up proxychains
      1. How to do it...
        1. Using proxychains with tor
    11. Going on a hunt with Routerhunter
      1. Getting ready
      2. How to do it...
  3. Gathering Intel and Planning Attack Strategies
    1. Introduction
    2. Getting a list of subdomains
      1. Fierce
        1. How to do it...
      2. DNSdumpster
        1. How to do it...
    3. Using Shodan for fun and profit
      1. Getting ready
      2. How to do it...
    4. Shodan Honeyscore
      1. How to do it...
    5. Shodan plugins
      1. How to do it...
      2. See also
    6. Using Nmap to find open ports
      1. How to do it...
        1. Using scripts
      2. See also
    7. Bypassing firewalls with Nmap
      1. TCP ACK scan
        1. How to do it...
        2. How it works...
      2. TCP Window scan
        1. How to do it...
      3. Idle scan
        1. How to do it...
        2. How it works...
    8. Searching for open directories
      1. The dirb tool
        1. How to do it...
        2. There's more...
        3. See also
    9. Performing deep magic with DMitry
      1. How to do it...
    10. Hunting for SSL flaws
      1. How to do it...
      2. See also
    11. Exploring connections with intrace
      1. How to do it...
    12. Digging deep with theharvester
      1. How to do it...
      2. How it works...
    13. Finding the technology behind web apps
      1. How to do it...
    14. Scanning IPs with masscan
      1. How to do it...
    15. Sniffing around with Kismet
      1. How to do it...
    16. Testing routers with firewalk
      1. How to do it...
      2. How it works...
  4. Vulnerability Assessment
    1. Introduction
    2. Using the infamous Burp
      1. How to do it...
    3. Exploiting WSDLs with Wsdler
      1. How to do it...
    4. Using Intruder
      1. How to do it...
    5. Web app pentest with Vega
      1. Getting ready
      2. How to do it...
    6. Exploring SearchSploit
      1. How to do it...
    7. Exploiting routers with RouterSploit
      1. Getting ready
      2. How to do it...
        1. Using the scanners command
        2. Using creds
    8. Using Metasploit
      1. How to do it...
    9. Automating Metasploit
      1. How to do it...
    10. Writing a custom resource script
      1. How to do it...
    11. Databases in Metasploit
      1. How to do it...
  5. Web App Exploitation – Beyond OWASP Top 10
    1. Introduction
    2. Exploiting XSS with XSS Validator
      1. Getting ready
      2. How to do it...
    3. Injection attacks with sqlmap
      1. How to do it...
      2. See also
    4. Owning all .svn and .git repositories
      1. How to do it...
    5. Winning race conditions
      1. How to do it...
      2. See also
    6. Exploiting JBoss with JexBoss
      1. How to do it...
    7. Exploiting PHP Object Injection
      1. How to do it...
      2. See also
    8. Backdoors using web shells
      1. How to do it...
    9. Backdoors using meterpreters
      1. How to do it...
  6. Network Exploitation on Current Exploitation
    1. Introduction
    2. Man in the middle with hamster and ferret
      1. Getting ready
      2. How to do it...
    3. Exploring the msfconsole
      1. How to do it...
    4. Railgun in Metasploit
      1. How to do it...
      2. There's more...
    5. Using the paranoid meterpreter
      1. How to do it...
      2. There's more...
    6. A tale of a bleeding heart
      1. How to do it...
    7. Redis exploitation
      1. How to do it...
    8. Say no to SQL – owning MongoDBs
      1. Getting ready
      2. How to do it...
    9. Embedded device hacking
      1. How to do it...
    10. Elasticsearch exploit
      1. How to do it...
      2. See also
    11. Good old Wireshark
      1. Getting ready
      2. How to do it...
      3. There's more...
    12. This is Sparta!
      1. Getting ready
      2. How to do it...
  7. Wireless Attacks – Getting Past Aircrack-ng
    1. Introduction
      1. The good old Aircrack
        1. Getting ready
        2. How to do it...
        3. How it works...
      2. Hands on with Gerix
        1. Getting ready
        2. How to do it...
      3. Dealing with WPAs
        1. How to do it...
      4. Owning employee accounts with Ghost Phisher
        1. How to do it...
      5. Pixie dust attack
        1. Getting ready
        2. How to do it...
        3. There's more...
  8. Password Attacks – The Fault in Their Stars
    1. Introduction
    2. Identifying different types of hash in the wild!
      1. How to do it...
        1. MD5
        2. MySQL less than v4.1
        3. MD5 (WordPress)
        4. MySQL 5
        5. Base64 encoding
      2. There's more...
    3. Using hash-identifier
      1. How to do it...
    4. Cracking with patator
      1. How to do it...
    5. Cracking hashes online
      1. How to do it...
        1. Hashkiller
        2. Crackstation
        3. OnlineHashCrack
    6. Playing with John the ripper
      1. How to do it...
      2. There's more...
    7. Johnny Bravo!
      1. How to do it...
    8. Using cewl
      1. How to do it...
    9. Generating word list with crunch
      1. How to do it...
  9. Have Shell Now What?
    1. Introduction
    2. Spawning a TTY Shell
      1. How to do it...
      2. There's more...
    3. Looking for weakness
      1. How to do it...
    4. Horizontal escalation
      1. How to do it...
    5. Vertical escalation
      1. How to do it...
    6. Node hopping – pivoting
      1. How to do it...
      2. There's more…
    7. Privilege escalation on Windows
      1. How to do it...
    8. Using PowerSploit
      1. How to do it…
      2. There's more…
    9. Pulling plaintext passwords with mimikatz
      1. How to do it…
    10. Dumping other saved passwords from the machine
      1. How to do it...
    11. Pivoting into the network
      1. How to do it...
    12. Backdooring for persistence
      1. How to do it...
  10. Buffer Overflows
    1. Introduction
    2. Exploiting stack-based buffer overflows
      1. How to do it...
    3. Exploiting buffer overflow on real software
      1. Getting ready
      2. How to do it...
    4. SEH bypass
      1. How to do it...
      2. See also
    5. Exploiting egg hunters
      1. Getting ready
      2. How to do it...
      3. See also
    6. An overview of ASLR and NX bypass
      1. How to do it...
      2. See also
  11. Playing with Software-Defined Radios
    1. Introduction
    2. Radio frequency scanners
      1. Getting ready
      2. How to do it...
    3. Hands-on with RTLSDR scanner
      1. How to do it...
    4. Playing around with gqrx
      1. How to do it...
      2. There's more...
    5. Kalibrating device for GSM tapping
      1. How to do it...
      2. There's more...
    6. Decoding ADS-B messages with Dump1090
      1. How to do it...
      2. There's more...
  12. Kali in Your Pocket – NetHunters and Raspberries
    1. Introduction
    2. Installing Kali on Raspberry Pi
      1. Getting ready
      2. How to do it...
    3. Installing NetHunter
      1. Getting ready
      2. How to do it...
    4. Superman typing – HID attacks
      1. How to do it...
    5. Can I charge my phone?
      1. How to do it...
    6. Setting up an evil access point
      1. How to do it...
  13. Writing Reports
    1. Introduction
    2. Generating reports using Dradis
      1. How to do it...
    3. Using MagicTree
      1. How to do it...
      2. There's more...