book

Kali Linux Penetration Testing Bible

by Gus Khawaja

June 2021

Intermediate to advanced

512 pages

11h 12m

English

Wiley

Read now

Unlock full access

What Does This Book Cover?Companion Download FilesHow to Contact the PublisherHow to Contact the Author
Kali Linux File SystemManaging Users and Groups in KaliFiles and Folders Management in Kali LinuxRemote Connections in KaliKali Linux System ManagementNetworking in Kali LinuxSummary
Basic Bash ScriptingPrinting to the Screen in BashVariablesScript ParametersUser InputFunctionsConditions and LoopsSummary
Basics of NetworkingNetwork ScanningDNS EnumerationSummary
Passive Footprinting and ReconnaissanceSummary
Spear Phishing AttacksPayloads and ListenersSocial Engineering with the USB Rubber DuckySummary
Transfer ProtocolsE‐mail ProtocolsDatabase ProtocolsCI/CD ProtocolsWeb Protocols 80/443Graphical Remoting ProtocolsFile Sharing ProtocolsSummary
Vulnerabilities AssessmentServices ExploitationSummary

Web Application VulnerabilitiesSummary
Web Enumeration and ExploitationSecure Software Development LifecycleSummary
Introduction to Kernel Exploits and Missing ConfigurationsKernel ExploitsSUID ExploitationOverriding the Passwd Users FileCRON Jobs Privilege EscalationsudoersExploiting Running ServicesAutomated ScriptsSummary
Windows System EnumerationFile TransfersWindows System ExploitationSummary
Dumping Windows HashesPivoting with Port RedirectionSummary
Basics of CryptographyCracking Secrets with HashcatSummary
Overview of Reports in Penetration TestingScoring SeveritiesReport PresentationSummary
CPU RegistersAssembly InstructionsData TypesMemory SegmentsAddressing ModesReverse Engineering ExampleSummary
Basics of Stack OverflowStack Overflow ExploitationSummary
Basics of PythonRunning Python ScriptsDebugging Python ScriptsPracticing PythonPython Basic SyntaxesVariablesMore Techniques in PythonSummary
Penetration Test RobotSummary
Downloading and Running a VM of Kali LinuxKali Xfce DesktopSummary
Docker TechnologySummary

Content preview from Kali Linux Penetration Testing Bible

CHAPTER 4Internet Information Gathering

Never underestimate the importance of the information gathering phase in penetration testing. I admit that I used to underestimate it myself, but over the years, I have realized how vital this phase can be. Once I was working on a project that was not yet deployed into the production environment, so practically speaking, there was no information yet on the internet, right? Out of curiosity, I entered the test environment URL on Google, and it turned out that one of the developers accidentally copied the internal network URLs to GitHub. That's just one example of the horror stories that I have witnessed during my career. Speaking of horror stories, one of them happened with a company out there. The developer pushed to GitHub the credentials of the AWS cloud host, and a hacker took advantage of this and connected remotely to the server. Of course, you can guess the rest.

The focus of this chapter is on the primary methodology of the penetration testing phase. You shouldn't run scanners blindly without learning what you're looking for. One of the steps that we already discussed in the previous chapter is the search for subdomains. This task is part of passive information gathering, too (if you use the web as a data source to get your results). You can go back to the previous chapter if you need a refresher.

Here's what you will learn in this chapter: