O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition

Book Description

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its fourth edition

Key Features

  • Rely on the most updated version of Kali to formulate your pentesting strategies
  • Test your corporate network against threats
  • Explore new cutting-edge wireless penetration tools and features

Book Description

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply the appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in successful penetration testing project engagement.

This fourth edition of Kali Linux 2018: Assuring Security by Penetration Testing starts with the installation of Kali Linux. You will be able to create a full test environment to safely practice scanning, vulnerability assessment, and exploitation. You'll explore the essentials of penetration testing by collecting relevant data on the target network with the use of several footprinting and discovery tools. As you make your way through the chapters, you'll focus on specific hosts and services via scanning and run vulnerability scans to discover various risks and threats within the target, which can then be exploited. In the concluding chapters, you'll apply techniques to exploit target systems in order to gain access and find a way to maintain that access. You'll also discover techniques and tools for assessing and attacking devices that are not physically connected to the network, including wireless networks.

By the end of this book, you will be able to use NetHunter, the mobile version of Kali Linux, and write a detailed report based on your findings.

What you will learn

  • Conduct the initial stages of a penetration test and understand its scope
  • Perform reconnaissance and enumeration of target networks
  • Obtain and crack passwords
  • Use Kali Linux NetHunter to conduct wireless penetration testing
  • Create proper penetration testing reports
  • Understand the PCI-DSS framework and tools used to carry out segmentation scans and penetration testing
  • Carry out wireless auditing assessments and penetration testing
  • Understand how a social engineering attack such as phishing works

Who this book is for

This fourth edition of Kali Linux 2018: Assuring Security by Penetration Testing is for pentesters, ethical hackers, and IT security professionals with basic knowledge of Unix/Linux operating systems. Prior knowledge of information security will help you understand the concepts in this book

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Kali Linux 2018: Assuring Security by Penetration Testing Fourth Edition
  3. Dedication
  4. Packt Upsell
    1. Why subscribe?
    2. Packt.com
  5. Contributors
    1. About the authors
    2. About the reviewers
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Conventions used
    4. Get in touch
      1. Reviews
  7. Installing and Configuring Kali Linux
    1. Technical requirements
    2. Kali Linux tool categories
    3. Downloading Kali Linux
    4. Using Kali Linux
      1. Running Kali using a Live DVD
      2. Installing on a hard disk
        1. Installing Kali on a physical machine
        2. Installing Kali on a virtual machine
          1. Installing Kali on a virtual machine from the ISO image
          2. Installing Kali Linux on a virtual machine using the Kali Linux VM image provided
      3. Saving or moving the virtual machine
      4. Installing Kali on a USB disk
    5. Configuring the virtual machine
      1. VirtualBox guest additions
      2. Setting up networking
        1. Setting up a wired connection
      3. Setting up a wireless connection
    6. Updating Kali Linux
    7. Setting up Kali Linux AMI on Amazon AWS Cloud
    8. Summary
    9. Questions
    10. Further reading
  8. Setting Up Your Test Lab
    1. Technical requirements
    2. Physical or virtual?
    3. Setting up a Windows environment in a VM
    4. Installing vulnerable servers
      1. Setting up Metasploitable 2 in a VM
      2. Setting up Metasploitable 3 in a VM
        1. Installing Packer
        2. Installing Vagrant
      3. Pre-built Metasploit 3
      4. Setting up BadStore in a VM
    5. Installing additional tools in Kali Linux
    6. Network services in Kali Linux
      1. HTTP
      2. MySQL
      3. SSH
    7. Additional labs and resources
    8. Summary
    9. Questions
    10. Further reading
  9. Penetration Testing Methodology
    1. Technical requirements
    2. Penetration testing methodology
      1. OWASP testing guide
      2. PCI penetration testing guide
      3. Penetration Testing Execution Standard
      4. NIST 800-115
      5. Open Source Security Testing Methodology Manual 
    3. General penetration testing framework
      1. Reconnaissance
      2. Scanning and enumeration
      3. Scanning
        1. ARP scanning
        2. The network mapper (Nmap)
          1. Nmap port scanner/TCP scan
        3. Nmap half-open/stealth scan
        4. Nmap OS-detection
        5. Nmap service-detection
        6. Nmap ping sweeps
      4. Enumeration
        1. SMB shares
          1. DNS zone transfer
          2. DNSRecon
        2. SNMP devices
        3. Packet captures
          1. tcpdump
          2. Wireshark
      5. Gaining access
        1. Exploits
          1. Exploits for Linux
          2. Exploits for Windows
      6. Escalating privileges
      7. Maintaining access
      8. Covering your tracks
      9. Reporting
    4. Summary
  10. Footprinting and Information Gathering
    1. Open Source Intelligence
    2. Using public resources
    3. Querying the domain registration information
    4. Analyzing the DNS records
      1. Host
      2. dig
      3. DMitry
      4. Maltego
    5. Getting network routing information
      1. tcptraceroute
      2. tctrace
    6. Utilizing the search engine
      1. SimplyEmail
    7. Google Hacking Database (GHDB)
    8. Metagoofil
    9. Automated footprinting and information gathering tools
      1. Devploit
      2. Red Hawk v2
      3. Using Shodan to find internet connected devices
        1. Search queries in Shodan
      4. Blue-Thunder-IP-Locator
    10. Summary
    11. Questions
    12. Further reading
  11. Scanning and Evasion Techniques
    1. Technical requirements
    2. Starting off with target discovery
    3. Identifying the target machine
      1. ping
      2. fping
      3. hping3
    4. OS fingerprinting
      1. p0f
    5. Introducing port scanning
    6. Understanding TCP/IP protocol
    7. Understanding TCP and UDP message formats
    8. The network scanner
      1. Nmap
      2. Nmap target specification
      3. Nmap TCP scan options
      4. Nmap UDP scan options
      5. Nmap port specification
      6. Nmap output options
      7. Nmap timing options
      8. Useful Nmap options
        1. Service version detection
        2. Operating system detection
        3. Disabling host discovery
        4. Aggressive scan
      9. Nmap for scanning the IPv6 target
      10. The Nmap scripting engine
      11. Nmap options for firewall/IDS evasion
    9. Scanning with Netdiscover
    10. Automated scanning with Striker
    11. Anonymity using Nipe
    12. Summary
    13. Questions
    14. Further Reading
  12. Vulnerability Scanning
    1. Technical requirements
    2. Types of vulnerabilities
      1. Local vulnerability
      2. Remote vulnerability
    3. Vulnerability taxonomy
    4. Automated vulnerability scanning
      1. Vulnerability scanning with Nessus 7
        1. Installing the Nessus vulnerability scanner
      2. Vulnerability scanning with OpenVAS
      3. Linux vulnerability scanning with Lynis
      4. Vulnerability scanning and enumeration using SPARTA
    5. Summary
    6. Questions
    7. Further reading
  13. Social Engineering
    1. Technical requirements
    2. Modeling human psychology
    3. Attack process
    4. Attack methods
      1. Impersonation
      2. Reciprocation
      3. Influential authority
      4. Scarcity
      5. Social relationships
      6. Curiosity
    5. Social Engineering Toolkit
      1. Anonymous USB attack
      2. Credential-harvesting
      3. Malicious Java applet
    6. Summary
  14. Target Exploitation
    1. Vulnerability research
    2. Vulnerability and exploit repositories
    3. Advanced exploitation toolkit
    4. MSFConsole
    5. MSFCLI
    6. Ninja 101 drills
      1. Scenario 1
      2. Scenario 2
        1. SMB usernames
        2. VNC blank authentication scanners
        3. PostGRESQL logins
      3. Scenario 3
        1. Bind shells
        2. Reverse shells
        3. Meterpreters
    7. Writing exploit modules
    8. Summary
  15. Privilege Escalation and Maintaining Access
    1. Technical requirements
    2. Privilege-escalation
      1. Local escalation
    3. Password-attack tools
      1. Offline attack tools
        1. John the Ripper
        2. Ophcrack
        3. samdump2
      2. Online attack tools
        1. CeWL
        2. Hydra
        3. Mimikatz
    4. Maintaining access
      1. Operating-system backdoors
        1. Cymothoa
        2. The Meterpreter backdoor
    5. Summary
  16. Web Application Testing
    1. Technical requirements
    2. Web analysis
      1. Nikto
      2. OWASP ZAP
      3. Burp Suite
      4. Paros proxy
      5. W3AF
      6. WebScarab
    3. Cross-Site Scripting
      1. Testing for XSS
    4. SQL injection
      1. Manual SQL injection
      2. Automated SQL injection
        1. sqlmap
    5. Command-execution, directory-traversal, and file-inclusion
      1. Directory-traversal and file-inclusion
      2. Command execution
    6. Summary
    7. Further reading
  17. Wireless Penetration Testing
    1. Technical requirements
    2. Wireless networking
      1. Overview of 802.11
        1. The Wired Equivalent Privacy standard
        2. Wi-Fi Protected Access (WPA)
    3. Wireless network reconnaissance
      1. Antennas
      2. Iwlist
      3. Kismet
      4. WAIDPS
    4. Wireless testing tools
      1. Aircrack-ng
        1. WPA pre-shared key-cracking
        2. WEP-cracking
      2. PixieWPS
      3. Wifite
      4. Fern Wifi-Cracker
      5. Evil Twin attack
    5. Post cracking
      1. MAC-spoofing
      2. Persistence
    6. Sniffing wireless traffic
      1. Sniffing WLAN traffic
      2. Passive sniffing
    7. Summary
  18. Mobile Penetration Testing with Kali NetHunter
    1. Technical requirements
    2. Kali NetHunter
      1. Deployment
        1. Network deployment
        2. Wireless deployment
        3. Host deployment
    3. Installing Kali NetHunter
    4. NetHunter icons
    5. NetHunter tools
      1. Nmap
      2. Metasploit
      3. MAC changer
    6. Third-party Android applications
      1. The NetHunter Terminal Application
      2. DriveDroid
      3. USB Keyboard
      4. Shodan
      5. Router Keygen
      6. cSploit
    7. Wireless attacks
      1. Wireless scanning
      2. WPA/WPA2 cracking
      3. WPS cracking
      4. Evil AP attack
        1. Mana evil AP
    8. HID attacks
      1. DuckHunter HID attacks
    9. Summary
    10. Questions
    11. Further reading
  19. PCI DSS Scanning and Penetration Testing
    1. PCI DSS v3.2.1 requirement 11.3
    2. Scoping the PCI DSS penetration test
      1. Gathering client requirements
      2. Creating the customer requirements form
      3. Preparing the test plan
      4. The test plan checklist
      5. Profiling test boundaries
      6. Defining business objectives
      7. Project management and scheduling
    3. Tools for executing the PCI DSS penetration test
    4. Summary
    5. Questions
    6. Further reading
  20. Tools for Penetration Testing Reporting
    1. Technical requirements
    2. Documentation and results verification
    3. Types of reports
      1. The executive report
      2. The management report
      3. The technical report
    4. Network penetration testing report
      1. Preparing your presentation
      2. Post-testing procedures
    5. Using the Dradis framework for penetration testing reporting
    6. Penetration testing reporting tools
      1. Faraday IDE
      2. MagicTree
    7. Summary
    8. Questions
    9. Further reading
  21. Assessments
    1. Chapter 1 – Assessment answers
    2. Chapter 2 – Assessment answers
    3. Chapter 4 – Assessment answers
    4. Chapter 5 – Assessment answers
    5. Chapter 6 – Assessment answers
    6. Chapter 12 – Assessment answers
    7. Chapter 13 – Assessment answers
    8. Chapter 14 – Assessment answers
  22. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think