Kali Linux - An Ethical Hacker's Cookbook - Second Edition

Book Description

Discover end-to-end penetration testing solutions to enhance your ethical hacking skills

Key Features

  • Practical recipes to conduct effective penetration testing using the latest version of Kali Linux
  • Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease
  • Confidently perform networking and application attacks using task-oriented recipes

Book Description

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.

The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report.

By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book's crisp and task-oriented recipes.

What you will learn

  • Learn how to install, set up and customize Kali for pentesting on multiple platforms
  • Pentest routers and embedded devices
  • Get insights into fiddling around with software-defined radio
  • Pwn and escalate through a corporate network
  • Write good quality security reports
  • Explore digital forensics and memory analysis with Kali Linux

Who this book is for

If you are an IT security professional, pentester, or security analyst who wants to conduct advanced penetration testing techniques, then this book is for you. Basic knowledge of Kali Linux is assumed.

Publisher Resources

View/Submit Errata

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Kali Linux - An Ethical Hacker's Cookbook Second Edition
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Get in touch
      1. Reviews
    6. Disclaimer
  6. Kali - An Introduction
    1. Configuring Kali Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
    2. Configuring the Xfce environment
      1. How to do it...
    3. Configuring the MATE environment
      1. How to do it...
    4. Configuring the LXDE environment
      1. How to do it...
    5. Configuring the E17 environment
      1. How to do it...
    6. Configuring the KDE environment
      1. How to do it...
    7. Prepping with custom tools
      1. Getting ready
      2. How to do it...
        1. Aquatone
        2. Subfinder
      3. There's more...
    8. Zone Walking using DNSRecon
      1. Getting ready
      2. How to do it...
      3. There's more...
    9. Setting up I2P for anonymity
      1. How to do it...
      2. There's more...
    10. Pentesting VPN's ike-scan
      1. Getting ready
      2. How to do it...
        1. Cracking the PSK
      3. There's more...
    11. Setting up proxychains
      1. How to do it...
        1. Using proxychains with Tor
    12. Going on a hunt with Routerhunter
      1. Getting ready
      2. How to do it...
  7. Gathering Intel and Planning Attack Strategies
    1. Getting a list of subdomains
      1. How to do it...
    2. Using Shodan for fun and profit
      1. Getting ready
      2. How to do it...
    3. Shodan Honeyscore
      1. How to do it...
    4. Shodan plugins
      1. How to do it...
    5. Censys
      1. How to do it...
      2. See also
    6. Using Nmap to find open ports
      1. How to do it...
        1. Using scripts
      2. See also
    7. Bypassing firewalls with Nmap
      1. How to do it...
        1. TCP ACK scan (-sA)
        2. TCP Window scan (-sW)
        3. Idle scan
      2. How it works...
    8. Searching for open directories using GoBuster
      1. How to do it...
    9. Hunting for SSL flaws
      1. How to do it...
      2. See also
    10. Automating brute force with BruteSpray
      1. How to do it...
    11. Digging deep with TheHarvester
      1. How to do it...
      2. How it works...
    12. Finding technology behind webapps using WhatWeb
      1. How to do it...
    13. Scanning IPs with masscan
      1. How to do it...
    14. Finding origin servers with CloudBunny
      1. How to do it...
    15. Sniffing around with Kismet
      1. How to do it...
      2. See also
    16. Testing routers with Firewalk
      1. How to do it...
      2. How it works...
  8. Vulnerability Assessment - Poking for Holes
    1. Using the infamous Burp
      1. How to do it...
    2. Exploiting WSDLs with Wsdler
      1. How to do it...
    3. Using Intruder
      1. How to do it...
    4. Using golismero
      1. How to do it...
      2. See also
    5. Exploring Searchsploit
      1. How to do it...
    6. Exploiting routers with routersploit
      1. Getting ready
      2. How to do it...
    7. Using Metasploit
      1. How to do it...
    8. Automating Metasploit
      1. How to do it...
    9. Writing a custom resource script
      1. How to do it...
      2. See also
    10. Setting up a database in Metasploit
      1. How to do it...
    11. Generating payloads with MSFPC
      1. How to do it...
    12. Emulating threats with Cobalt Strike
      1. Getting ready
      2. How to do it...
      3. There's more...
  9. Web App Exploitation - Beyond OWASP Top 10
    1. Exploiting XSS with XSS Validator
      1. Getting ready
      2. How to do it...
    2. Injection attacks with sqlmap
      1. How to do it...
      2. See also
    3. Owning all .svn and .git repositories
      1. How to do it...
    4. Winning race conditions
      1. How to do it...
      2. See also
    5. Exploiting XXEs
      1. How to do it...
      2. See also
    6. Exploiting Jboss with JexBoss
      1. How to do it...
    7. Exploiting PHP Object Injection
      1. How to do it...
      2. See also
    8. Automating vulnerability detection using RapidScan
      1. Getting ready
      2. How to do it...
    9. Backdoors using meterpreter
      1. How to do it...
      2. See also
    10. Backdoors using webshells
      1. How to do it...
  10. Network Exploitation
    1. Introduction
    2. MITM with hamster and ferret
      1. Getting ready
      2. How to do it...
    3. Exploring the msfconsole
      1. How to do it...
    4. Railgun in Metasploit
      1. How to do it...
      2. There's more...
      3. See also 
    5. Using the paranoid meterpreter
      1. How to do it...
      2. There's more...
    6. The tale of a bleeding heart
      1. How to do it...
    7. Exploiting Redis
      1. How to do it...
    8. Saying no to SQL – owning MongoDBs
      1. Getting ready
      2. How to do it...
    9. Hacking embedded devices
      1. How to do it...
    10. Exploiting Elasticsearch
      1. How to do it...
      2. See also
    11. Good old Wireshark
      1. Getting ready
      2. How to do it...
      3. See also
    12. This is Sparta
      1. Getting ready
      2. How to do it...
    13. Exploiting Jenkins
      1. How to do it...
      2. See also
    14. Shellver – reverse shell cheatsheet
      1. Getting ready
      2. How to do it...
    15. Generating payloads with MSFvenom Payload Creator (MSFPC)
      1. How to do it...
  11. Wireless Attacks - Getting Past Aircrack-ng
    1. The good old Aircrack
      1. Getting ready
      2. How to do it...
      3. How it works...
    2. Hands-on with Gerix
      1. Getting ready
      2. How to do it...
    3. Dealing with WPAs
      1. How to do it...
    4. Owning employee accounts with Ghost Phisher
      1. How to do it...
    5. Pixie dust attack
      1. Getting ready
      2. How to do it...
      3. See also
    6. Setting up rogue access points with WiFi-Pumpkin
      1. Getting ready
      2. How to do it...
      3. See also
    7. Using Airgeddon for Wi-Fi attacks
      1. How to do it...
      2. See also
  12. Password Attacks - The Fault in Their Stars
    1. Identifying different types of hashes in the wild
      1. How to do it...
      2. See also
    2. Hash-identifier to the rescue
      1. How to do it...
    3. Cracking with Patator
      1. How to do it...
    4. Playing with John the Ripper
      1. How to do it...
      2. See also
    5. Johnny Bravo!
      1. How to do it...
    6. Using ceWL
      1. How to do it...
    7. Generating wordlists with crunch
      1. How to do it...
    8. Using Pipal
      1. How to do it...
  13. Have Shell, Now What?
    1. Spawning a TTY shell
      1. How to do it...
    2. Looking for weaknesses
      1. How to do it...
      2. There's more...
    3. Horizontal escalation
      1. How to do it...
    4. Vertical escalation
      1. How to do it...
    5. Node hopping – pivoting
      1. How to do it...
      2. There's more...
    6. Privilege escalation on Windows
      1. How to do it...
    7. Pulling a plaintext password with Mimikatz
      1. How to do it...
    8. Dumping other saved passwords from the machine
      1. How to do it...
    9. Pivoting
      1. How to do it...
    10. Backdooring for persistance
      1. How to do it...
    11. Age of Empire
      1. Getting ready
      2. How to do it...
      3. See also
    12. Automating Active Directory (AD) exploitation with DeathStar
      1. How to do it...
      2. See also
    13. Exfiltrating data through Dropbox
      1. How to do it...
    14. Data exfiltration using CloakifyFactory
      1. How to do it...
  14. Buffer Overflows
    1. Exploiting stack-based buffer overflows
      1. How to do it...
    2. Exploiting buffer overflows on real software
      1. Getting ready
      2. How to do it...
    3. SEH bypass
      1. How to do it...
      2. See also
    4. Exploiting egg hunters
      1. Getting ready
      2. How to do it...
      3. See also
    5. An overview of ASLR and NX bypass
      1. How to do it...
      2. See also
  15. Elementary, My Dear Watson - Digital Forensics
    1. Using the volatility framework
      1. Getting ready
      2. How to do it...
      3.  See also
    2. Using Binwalk
      1. How to do it...
      2. See also
    3. Capturing a forensic image with guymager
      1. How to do it...
  16. Playing with Software-Defined Radios
    1. Radio-frequency scanners
      1. Getting ready
      2. How to do it...
    2. Hands-on with the RTLSDR scanner
      1. How to do it...
    3. Playing around with gqrx
      1. How to do it...
      2. See also
    4. Kalibrating your device for GSM tapping
      1. How to do it...
      2. See also
    5. Decoding ADS-B messages with Dump1090
      1. How to do it...
      2. See also
  17. Kali in Your Pocket - NetHunters and Raspberries
    1. Installing Kali on Raspberry Pi
      1. Getting ready
      2. How to do it...
    2. Installing NetHunter
      1. Getting ready
      2. How to do it...
    3. Superman typing –  human interface device (HID) attacks
      1. How to do it...
    4. Can I charge my phone?
      1. How to do it...
    5. Setting up an evil access point
      1. How to do it...
  18. Writing Reports
    1. Using Dradis
      1. How to do it...
    2. Using MagicTree
      1. How to do it...
    3. Using Serpico
      1. Getting ready
      2. How to do it...
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product Information

  • Title: Kali Linux - An Ethical Hacker's Cookbook - Second Edition
  • Author(s): Himanshu Sharma
  • Release date: March 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781789952308