Book description
Over 70 recipes for system administrators or DevOps to master Kali Linux 2 and perform effective security assessments
About This Book
- Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
- Improve your testing efficiency with the use of automated vulnerability scanners
- Work through step-by-step recipes to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and identify security anomalies
Who This Book Is For
This book is intended for those who want to know more about information security. In particular, it's ideal for system administrators and system architects who want to ensure that the infrastructure and systems they are creating and managing are secure. This book helps both beginners and intermediates by allowing them to use it as a reference book and to gain in-depth knowledge.
What You Will Learn
- Understand the importance of security assessments over merely setting up and managing systems/processes
- Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities
- Discover multiple solutions to escalate privileges on a compromised machine
- Identify security anomalies in order to make your infrastructure secure and further strengthen it
- Acquire the skills to prevent infrastructure and application vulnerabilities
- Exploit vulnerabilities that require a complex setup with the help of Metasploit
In Detail
With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities.
This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation.
In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.
Style and approach
This practical book is full of easy-to-follow recipes with based on real-world problems faced by the authors. Each recipe is divided into three sections, clearly defining what the recipe does, what you need, and how to do it. The carefully structured recipes allow you to go directly to your topic of interest.
Table of contents
-
Kali Linux Intrusion and Exploitation Cookbook
- Kali Linux Intrusion and Exploitation Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Preface
-
1. Getting Started - Setting Up an Environment
- Introduction
- Installing Kali Linux on Cloud - Amazon AWS
- Installing Kali Linux on Docker
- Installing NetHunter on OnePlus One
- Installing Kali Linux on a virtual machine
- Customizing Kali Linux for faster package updates
- Customizing Kali Linux for faster operations
- Configuring remote connectivity services - HTTP, TFTP, and SSH
- Configuring Nessus and Metasploit
- Configuring third-party tools
- Installing Docker on Kali Linux
- 2. Network Information Gathering
- 3. Network Vulnerability Assessment
-
4. Network Exploitation
- Introduction
- Gathering information for credential cracking
- Cracking FTP login using custom wordlist
- Cracking SSH login using custom wordlist
- Cracking HTTP logins using custom wordlist
- Cracking MySql and PostgreSQL login using custom wordlist
- Cracking Cisco login using custom wordlist
- Exploiting vulnerable services (Unix)
- Exploiting vulnerable services (Windows)
- Exploiting services using exploit-db scripts
-
5. Web Application Information Gathering
- Introduction
- Setting up API keys for recon-ng
- Using recon-ng for reconnaissance
- Gathering information using theharvester
- Using DNS protocol for information gathering
- Web application firewall detection
- HTTP and DNS load balancer detection
- Discovering hidden files/directories using DirBuster
- CMS and plugins detection using WhatWeb and p0f
- Finding SSL cipher vulnerabilities
-
6. Web Application Vulnerability Assessment
- Introduction
- Running vulnerable web applications in Docker
- Using W3af for vulnerability assessment
- Using Nikto for web server assessment
- Using Skipfish for vulnerability assessment
- Using Burp Proxy to intercept HTTP traffic
- Using Burp Intruder for customized attack automation
- Using Burp Sequencer to test the session randomness
-
7. Web Application Exploitation
- Introduction
- Using Burp for active/passive scanning
- Using sqlmap to find SQL Injection on the login page
- Exploiting SQL Injection on URL parameters using SQL Injection
- Using Weevely for file upload vulnerability
- Exploiting Shellshock using Burp
- Using Metasploit to exploit Heartbleed
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
- 8. System and Password Exploitation
- 9. Privilege Escalation and Exploitation
- 10. Wireless Exploitation
- A. Pen Testing 101 Basics
Product information
- Title: Kali Linux Intrusion and Exploitation Cookbook
- Author(s):
- Release date: April 2017
- Publisher(s): Packt Publishing
- ISBN: 9781783982165
You might also like
book
Kali Linux Network Scanning Cookbook - Second Edition
Over 100 practical recipes that leverage custom scripts and integrated tools in Kali Linux to help …
book
Kali Linux Web Penetration Testing Cookbook - Second Edition
Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's …
book
Linux Networking Cookbook
Over 40 recipes to help you set up and configure Linux networks About This Book Move …
book
Kali Linux Web Penetration Testing Cookbook
Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux …