O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux Cookbook - Second Edition

Book Description

Over 80 recipes to effectively test your network and boost your career in security

About This Book

  • Learn how to scan networks to find vulnerable computers and servers
  • Hack into devices to control them, steal their data, and make them yours
  • Target wireless networks, databases, and web servers, and password cracking to make the most of Kali Linux

Who This Book Is For

If you are looking to expand your career into penetration testing, you will need a good understanding of Kali Linux and the variety of tools it includes. This book will work as a perfect guide for anyone who wants to have a practical approach in leveraging penetration testing mechanisms using Kali Linux

What You Will Learn

  • Acquire the key skills of ethical hacking to perform penetration testing
  • Learn how to perform network reconnaissance
  • Discover vulnerabilities in hosts
  • Attack vulnerabilities to take control of workstations and servers
  • Understand password cracking to bypass security
  • Learn how to hack into wireless networks
  • Attack web and database servers to exfiltrate data
  • Obfuscate your command and control connections to avoid firewall and IPS detection

In Detail

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals.

This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional.

Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Style and approach

This book teaches you everything you need to know about Kali Linux from the perspective of a penetration tester. It is filled with powerful recipes and practical examples that will help you gain in-depth knowledge of Kali Linux.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Conventions
    6. Readers feedback
    7. Customer support
      1. Downloading the color images of this book
      2. Errata
      3. Piracy
      4. Questions
  2. Installing Kali and the Lab Setup
    1. Introduction
    2. Lab architecture and considerations
      1. How to do it...
        1. The hypervisor selection
        2. The hypervisor networking
        3. Vulnerable workstations
    3. Installing VirtualBox
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Installing Kali on VirtualBox
      1. Getting ready
      2. How to do it...
    5. Using Kali Linux from bootable media
      1. Getting ready
      2. How to do it...
    6. Upgrading Kali Linux
      1. Getting ready
      2. How to do it...
      3. There's more..
        1. apt-listchanges: news section
        2. The configuring macchanger
        3. The service restart
    7. Understanding the advanced customization and optimization of Kali
      1. Getting ready
      2. How to do it...
        1. Upgrading the Linux kernel
        2. Removing unneeded packages
        3. Adjusting or disabling the screen lock
        4. Correcting the Ethernet interface configuration
        5. Connecting and disconnecting Ethernet interfaces
    8. Installing Windows machines
      1. Getting ready
    9. Installing Metasploitable
      1. Getting ready
      2. How to do it...
    10. Installing OWASP-BWA
      1. Getting ready
      2. How to do it...
    11. Understanding hack me and other online resources
      1. There's more...
  3. Reconnaissance and Scanning
    1. Introduction
    2. Using KeepNote to organize our data
      1. Getting ready
      2. How to do it...
      3. There's more...
    3. Getting up and running with Maltego CE
      1. Getting ready
      2. How to do it...
      3. There's more...
    4. Gathering domain information
      1. Getting ready
      2. How to do it...
      3. There's more...
    5. Gathering public IP information
      1. Getting ready
      2. How to do it...
    6. Gathering external routing information
      1. Getting ready
      2. How to do it...
    7. Gathering internal routing information
      1. Getting ready
      2. How to do it...
      3. There's more...
    8.  Gathering cloud service information
      1. Getting ready
      2. How to do it...
    9. Identifying network hosts
      1. Getting ready
      2. How to do it... 
        1. A simple subnet scan
        2. Scan all the TCP ports of a host
        3. Performing a TCP SYN scan
        4. Performing a UDP port scan
        5. The nmap output formats
    10. Profiling hosts
      1. Getting ready
      2. How to do it...
        1. Operating systems and service detection
        2. Aggressive service detection
      3. There's more...
    11. Identifying whether there is a web application firewall
      1. Getting ready
      2. How to do it...
    12. Using SNMP to gather more information
      1. Getting ready
      2. How to do it...
      3. There's more...
  4. Vulnerability Analysis
    1. Introduction
    2. Installation and configuration of OpenVAS
      1. Getting ready
      2. How to do it...
    3. A basic vulnerability scanning with OpenVAS
      1. Getting ready
      2. How to do it...
    4. Advanced vulnerability scanning with OpenVAS
      1. Getting ready
      2. How to do it...
    5. Installation and Configuration of Nessus
      1. Getting ready
      2. How to do it...
    6. A basic vulnerability scanning with Nessus
      1. Getting ready
      2. How to do it...
    7. Advanced vulnerability scanning with Nessus
      1. Getting ready
      2. How to do it...
    8. The installation and configuration of Nexpose
      1. Getting ready
      2. How to do it...
    9. Basic vulnerability scanning with Nexpose
      1. Getting ready
      2. How to do it...
    10. Advanced vulnerability scanning with Nexpose
      1. Getting ready
      2. How to do it...
  5. Finding Exploits in the Target
    1. Introduction
    2. Searching the local exploit database
      1. Getting ready
      2. How to do it...
        1. Update searchsploit
        2. Run a simple query
        3. Understanding search options in searchsploit
    3. Searching the online exploit database
      1. Getting ready
      2. How to do it...
    4. The Metasploit setup and configuration
      1. Getting ready
      2. How to do it...
        1. Metasploit Framework initialization and startup
        2. Starting the Metasploit console
        3. Stopping the Metasploit console 
      3. There's more...
    5. The Armitage setup
      1. Getting ready
        1.  Armitage initialization and startup
        2. Stopping Armitage
    6. Basic exploit attacks with Armitage
      1. Getting ready
      2. How to do it...
        1. Import an nmap scan
        2. Perform an nmap scan from the Armitage interface
        3. Find attacks against a host
        4. Exploit the host
    7. Advanced attacks with Armitage
      1. Getting started
      2. How to do it...
        1. Initial exploitation
        2. Dump hashes
        3. Interacting with the Windows machine
        4. Browsing the target's files
      3. There's more...
    8. Using the backdoor factory and Armitage
      1. Getting ready
      2. How to do it...
  6. Social Engineering
    1. Introduction
    2. Phishing attacks
      1. Getting ready
      2. How to do it...
    3. Spear-phishing attacks
      1. Getting ready
      2. How to do it...
    4. Credential harvesting with SET
      1. Getting ready
      2. How to do it...
    5. Web jacking 
      1. Getting ready
      2. How to do it...
    6. PowerShell attack vector
      1. Getting ready
      2. How to do it...
    7. QRCode attack vector
      1. Getting ready
      2. How to do it...
      3. There's more...
    8. Infectious media generator
      1. Getting ready
      2. How to do it...
      3. There's more...
    9. Obfuscating and manipulating URLs
      1. Getting ready
      2. How to do it...
        1. URL shortener
        2. URL manipulation
        3. Simple URL link misdirections
      3. There's more...
    10. DNS spoofing and ARP spoofing
      1. Getting ready
      2. How to do it...
    11. DHCP spoofing 
      1. Getting ready
      2. How to do it...
      3. There's more...
  7. Password Cracking
    1. Introduction
    2. Resetting local Windows machine password
      1. Getting ready
      2. How to do it...
    3. Cracking remote Windows machine passwords
      1. Getting ready
      2. How to do it...
      3. There's more...
    4. Windows domain password attacks
      1. Getting ready
      2. How to do it...
    5. Cracking local Linux password hashes 
      1. Getting ready
      2. How to do it...
      3. There's more...
    6. Cracking password hashes with a wordlist
      1. Getting ready
      2. How to do it...
    7. Brute force password hashes
      1. Getting ready
      2. How to do it...
    8. Cracking FTP passwords
      1. Getting ready
      2. How to do it...
        1. You have a username but not a password
        2. You have a userlist
    9. Cracking Telnet and SSH passwords
      1. Getting ready
      2. How to do it...
        1. Cracking Telnet passwords with a userlist
        2. Cracking SSH password with a known user
    10. Cracking RDP and VNC passwords
      1. Getting ready
      2. How to do it...
    11. Cracking ZIP file passwords
      1. Getting ready
      2. How to do it...
  8. Privilege Escalation
    1. Introduction
    2. Establishing a connection as an elevated user 
      1. Getting ready
      2. How to do it...
    3. Remotely bypassing Windows UAC 
      1. Getting ready
      2. How to do it...
    4. Local Linux system check for privilege escalation 
      1. Getting ready
      2. How to do it...
    5. Local Linux privilege escalation 
      1. Getting ready
      2. How to do it...
    6. Remote Linux privilege escalation 
      1. Getting ready
      2. How to do it...
    7. DirtyCOW privilege escalation for Linux
      1. Getting ready
      2. How to do it...
  9. Wireless Specific Recipes
    1. Introduction
    2. Scanning for wireless networks
      1. Getting ready
      2. How to do it...
    3. Bypassing MAC-based authentication
      1. Getting ready
      2. How to do it...
    4. Breaking WEP encryption
      1. Getting ready
      2. How to do it...
    5. Obtaining WPA/WPA2 keys
      1. Getting ready
      2. How to do it...
    6. Exploiting guest access
      1. Getting ready
      2. How to do it...
    7. Rogue AP deployment
      1. Getting ready
      2. How to do it...
    8. Using wireless networks to scan internal networks
      1. Getting ready
      2. How to do it...
  10. Web and Database Specific Recipes
    1. Introduction
    2. Creating an offline copy of a web application
      1. Getting ready
      2. How to do it...
      3. There's more...
    3. Scanning for vulnerabilities
      1. Getting ready
      2. How to do it...
      3. There's more...
    4. Launching website attacks
      1. Getting ready
      2. How to do it...
    5. Scanning WordPress
      1. Getting ready
      2. How to do it...
    6. Hacking WordPress
      1. Getting ready
      2. How to do it...
    7. Performing SQL injection attacks
      1. Getting ready
      2. How to do it...
  11. Maintaining Access
    1. Introduction
    2. Pivoting and expanding access to the network
      1. Getting ready
      2. How to do it...
    3. Using persistence to maintain system access
      1. Getting ready
      2. How to do it...
    4. Using cymothoa to create a Linux backdoor
      1. Getting ready
      2. How to do it...
    5. Protocol spoofing using pingtunnel
      1. Getting ready
      2. How to do it...
    6. Protocol spoofing using httptunnel
      1. Getting ready
      2. How to do it...
    7. Hiding communications with cryptcat
      1. Getting ready
      2. How to do it...
      3. There's more...