O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux Intrusion and Exploitation Cookbook

Book Description

Over 70 recipes for system administrators or DevOps to master Kali Linux 2 and perform effective security assessments

About This Book

  • Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
  • Improve your testing efficiency with the use of automated vulnerability scanners
  • Work through step-by-step recipes to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and identify security anomalies

Who This Book Is For

This book is intended for those who want to know more about information security. In particular, it's ideal for system administrators and system architects who want to ensure that the infrastructure and systems they are creating and managing are secure. This book helps both beginners and intermediates by allowing them to use it as a reference book and to gain in-depth knowledge.

What You Will Learn

  • Understand the importance of security assessments over merely setting up and managing systems/processes
  • Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities
  • Discover multiple solutions to escalate privileges on a compromised machine
  • Identify security anomalies in order to make your infrastructure secure and further strengthen it
  • Acquire the skills to prevent infrastructure and application vulnerabilities
  • Exploit vulnerabilities that require a complex setup with the help of Metasploit

In Detail

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities.

This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation.

In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Style and approach

This practical book is full of easy-to-follow recipes with based on real-world problems faced by the authors. Each recipe is divided into three sections, clearly defining what the recipe does, what you need, and how to do it. The carefully structured recipes allow you to go directly to your topic of interest.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Kali Linux Intrusion and Exploitation Cookbook
    1. Kali Linux Intrusion and Exploitation Cookbook
    2. Credits
    3. About the Authors
    4. About the Reviewers
    5. www.PacktPub.com
      1. Why subscribe?
    6. Customer Feedback
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Sections
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. There's more…
        5. See also
      5. Conventions
      6. Reader feedback
      7. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. Getting Started - Setting Up an Environment
      1. Introduction
      2. Installing Kali Linux on Cloud - Amazon AWS
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      3. Installing Kali Linux on Docker
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      4. Installing NetHunter on OnePlus One
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      5. Installing Kali Linux on a virtual machine
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Customizing Kali Linux for faster package updates
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Customizing Kali Linux for faster operations
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Configuring remote connectivity services - HTTP, TFTP, and SSH
        1. Getting ready
        2. How to do it...
        3. How it works...
      9. Configuring Nessus and Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      10. Configuring third-party tools
        1. Getting ready
        2. How to do it...
        3. How it works...
      11. Installing Docker on Kali Linux
        1. Getting ready
        2. How to do it...
        3. How it works...
    9. 2. Network Information Gathering
      1. Introduction
      2. Discovering live servers over the network
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      3. Bypassing IDS/IPS/firewall
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      4. Discovering ports over the network
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      5. Using unicornscan for faster port scanning
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Service fingerprinting
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      7. Determining the OS using nmap and xprobe2
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      8. Service enumeration
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      9. Open-source information gathering
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    10. 3. Network Vulnerability Assessment
      1. Introduction
      2. Using nmap for manual vulnerability assessment
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also...
      3. Integrating nmap with Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      4. Walkthrough of Metasploitable assessment with Metasploit
        1. Getting ready...
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also...
      5. Vulnerability assessment with OpenVAS framework
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. PTES
          2. OWASP
          3. Web Application Hacker's Methodology
        5. See also...
    11. 4. Network Exploitation
      1. Introduction
      2. Gathering information for credential cracking
        1. Getting ready
        2. How to do it...
      3. Cracking FTP login using custom wordlist
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      4. Cracking SSH login using custom wordlist
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      5. Cracking HTTP logins using custom wordlist
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Cracking MySql and PostgreSQL login using custom wordlist
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      7. Cracking Cisco login using custom wordlist
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      8. Exploiting vulnerable services (Unix)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      9. Exploiting vulnerable services (Windows)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      10. Exploiting services using exploit-db scripts
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    12. 5. Web Application Information Gathering
      1. Introduction
      2. Setting up API keys for recon-ng
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Using recon-ng for reconnaissance
        1. Getting ready
        2. How to do it...
      4. Gathering information using theharvester
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Using DNS protocol for information gathering
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Web application firewall detection
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. HTTP and DNS load balancer detection
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Discovering hidden files/directories using DirBuster
        1. Getting ready
        2. How to do it...
        3. How it works...
      9. CMS and plugins detection using WhatWeb and p0f
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      10. Finding SSL cipher vulnerabilities
        1. Getting ready
        2. How to do it...
        3. How it works...
    13. 6. Web Application Vulnerability Assessment
      1. Introduction
      2. Running vulnerable web applications in Docker
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Using W3af for vulnerability assessment
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Using Nikto for web server assessment
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Using Skipfish for vulnerability assessment
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Using Burp Proxy to intercept HTTP traffic
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Using Burp Intruder for customized attack automation
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Using Burp Sequencer to test the session randomness
        1. Getting ready
        2. How to do it...
        3. How it works...
    14. 7. Web Application Exploitation
      1. Introduction
      2. Using Burp for active/passive scanning
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Using sqlmap to find SQL Injection on the login page
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Exploiting SQL Injection on URL parameters using SQL Injection
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. Getting ready
        5. How to do it...
        6. How it works...
      5. Using Weevely for file upload vulnerability
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Exploiting Shellshock using Burp
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Using Metasploit to exploit Heartbleed
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Using the FIMAP tool for file inclusion attacks (RFI/LFI)
        1. Getting ready
        2. How to do it...
        3. How it works...
    15. 8. System and Password Exploitation
      1. Introduction
      2. Using local password-attack tools
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      3. Cracking password hashes
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      4. Using Social-Engineering Toolkit
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      5. Using BeEF for browser exploitation
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Cracking NTLM hashes using rainbow tables
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    16. 9. Privilege Escalation and Exploitation
      1. Introduction
      2. Using WMIC to find privilege-escalation vulnerabilities
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      3. Sensitive-information gathering
        1. Getting ready
        2. How to do it...
        3. There's more...
      4. Unquoted service-path exploitation
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also...
      5. Service permission issues
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Misconfigured software installations/insecure file permissions
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also...
      7. Linux privilege escalation
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also...
    17. 10. Wireless Exploitation
      1. Introduction
      2. Setting up a wireless network
        1. Getting ready
        2. How to do it...
      3. Bypassing MAC address filtering
        1. Getting ready
        2. How to do it...
        3. There's more...
      4. Sniffing network traffic
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      5. Cracking WEP encryption
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Cracking WPA/WPA2 encryption
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      7. Cracking WPS
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      8. Denial-of-service attacks
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    18. A. Pen Testing 101 Basics
      1. Introduction
      2. What is penetration testing?
      3. What is vulnerability assessment
      4. Penetration testing versus vulnerability assessment
      5. Objectives of penetration testing
      6. Types of penetration testing
        1. Black box
        2. White box
        3. Gray box
      7. Who should be doing penetration testing?
      8. What is the goal here?
      9. General penetration testing phases
        1. Gathering requirements
        2. Preparing and planning
        3. Defining scope
        4. Conducting a penetration test
        5. Categorization of vulnerabilities
        6. Asset risk rating
        7. Reporting
      10. Conclusion