book

Kali Linux - Assuring Security by Penetration Testing - Second Edition

Name: Kali Linux - Assuring Security by Penetration Testing - Second Edition
ISBN: 9781849519489

by Tedi Heriyanto, Lee Allen, Shakeel Ali

April 2014

Intermediate to advanced

454 pages

10h 8m

English

Packt Publishing

Read now

Unlock full access

Kali Linux – Assuring Security by Penetration Testing
Table of Contents
Kali Linux – Assuring Security by Penetration Testing
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and moreWhy Subscribe?Free Access for Packt account holders
Disclaimer
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
I. Lab Preparation and Testing Procedures
1. Beginning with Kali Linux
A brief history of Kali Linux
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Running Kali using Live DVDInstalling on a hard diskInstalling Kali on a physical machineInstalling Kali on a virtual machineInstalling Kali on a virtual machine from the ISO imageInstalling Kali in a virtual machine using the provided Kali VM imageInstalling Kali on a USB disk
Configuring the virtual machine
VirtualBox guest additionsSetting up networkingSetting up a wired connectionSetting up a wireless connectionStarting the network serviceConfiguring shared foldersSaving the guest machine stateExporting a virtual machine
Updating Kali Linux
Network services in Kali Linux
HTTPMySQLSSH
Installing a vulnerable server
Installing additional weapons
Installing the Nessus vulnerability scannerInstalling the Cisco password cracker
Summary
2. Penetration Testing Methodology
Types of penetration testingBlack box testingWhite box testing
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual (OSSTMM)Key features and benefitsInformation Systems Security Assessment Framework (ISSAF)Key features and benefitsOpen Web Application Security Project (OWASP)Key features and benefitsWeb Application Security Consortium Threat Classification (WASC-TC)Key features and benefits
Penetration Testing Execution Standard (PTES)
Key features and benefits
General penetration testing framework
Target scopingInformation gatheringTarget discoveryEnumerating targetVulnerability mappingSocial engineeringTarget exploitationPrivilege escalationMaintaining accessDocumentation and reporting
The ethics
Summary
II. Penetration Testers Armory
3. Target Scoping
Gathering client requirementsCreating the customer requirements formThe deliverables assessment form
Preparing the test plan
The test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Using public resources
Querying the domain registration information
Analyzing the DNS records
hostdigdnsenumdnsdict6fierceDMitryMaltego
Getting network routing information
tcptraceroutetctrace
Utilizing the search engine
theharvesterMetagoofil
Summary
5. Target Discovery
Starting off with target discovery
Identifying the target machine
pingarpingfpinghping3npingalive6detect-new-ip6passive_discovery6nbtscan
OS fingerprinting
p0fNmap
Summary
6. Enumerating Target
Introducing port scanningUnderstanding the TCP/IP protocolUnderstanding the TCP and UDP message format
The network scanner
NmapNmap target specificationNmap TCP scan optionsNmap UDP scan optionsNmap port specificationNmap output optionsNmap timing optionsNmap useful optionsService version detectionOperating system detectionDisabling host discoveryAggressive scanNmap for scanning the IPv6 targetThe Nmap scripting engineNmap options for Firewall/IDS evasionUnicornscanZenmapAmap
SMB enumeration
SNMP enumeration
onesixtyonesnmpcheck
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilitiesLocal vulnerabilityRemote vulnerability
Vulnerability taxonomy
Open Vulnerability Assessment System (OpenVAS)
Tools used by OpenVAS
Cisco analysis
Cisco auditing toolCisco global exploiter
Fuzz analysis
BEDJBroFuzz
SMB analysis
Impacket Samrdump
SNMP analysis
SNMP Walk
Web application analysis
Database assessment toolsDBPwAuditSQLMapSQL NinjaWeb application assessmentBurp SuiteNikto2Paros proxyW3AFWafW00fWebScarab
Summary
8. Social Engineering
Modeling the human psychology
Attack process
Attack methods
ImpersonationReciprocationInfluential authority
Scarcity
Social relationship
Social Engineering Toolkit (SET)
Targeted phishing attack
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsoleMSFCLINinja 101 drillsScenario 1Scenario 2SNMP community scannerVNC blank authentication scannerIIS6 WebDAV unicode auth bypassScenario 3Bind shellReverse shellMeterpreterScenario 4Generating a binary backdoorAutomated browser exploitationWriting exploit modules
Summary
10. Privilege Escalation
Privilege escalation using a local exploit
Password attack tools
Offline attack toolshash-identifierHashcatRainbowCracksamdump2JohnJohnnyOphcrackCrunchOnline attack toolsCeWLHydraMedusa
Network spoofing tools
DNSChefSetting up a DNS proxyFaking a domainarpspoofEttercap
Network sniffers
dsnifftcpdumpWireshark
Summary
11. Maintaining Access
Using operating system backdoorsCymothoaIntersectThe meterpreter backdoor
Working with tunneling tools
dns2tcpiodineConfiguring the DNS serverRunning the iodine serverRunning the iodine clientncatproxychainsptunnelsocatGetting HTTP header informationTransferring filessslhstunnel4
Creating web backdoors
WeBaCooweevelyPHP meterpreter
Summary
12. Documentation and Reporting
Documentation and results verification
Types of reports
The executive reportThe management reportThe technical report
Network penetration testing report (sample contents)
Preparing your presentation
Post-testing procedures
Summary
III. Extra Ammunition
A. Supplementary Tools
Reconnaissance tool
Vulnerability scanner
NeXpose Community EditionInstalling NeXposeStarting the NeXpose communityLogging in to the NeXpose communityUsing the NeXpose community
Web application tools
GolismeroArachniBlindElephant
Network tool
NetcatOpen connectionService banner grabbingSimple chat serverFile transferPortscanningBackdoor shellReverse shell
Summary
B. Key Resources
Vulnerability disclosure and trackingPaid incentive programs
Reverse engineering resources
Penetration testing learning resources
Exploit development learning resources
Penetration testing on a vulnerable environment
Online web application challengesVirtual machines and ISO images
Network ports
Index

Content preview from Kali Linux - Assuring Security by Penetration Testing - Second Edition

Chapter 11. Maintaining Access

In the previous chapter, we talked about the privilege escalation process in the target machine. In this chapter, we will discuss the last penetration testing process by making the target machines accessible to us at any time.

After escalating the privilege to the target machines, the next step we should take is to create a mechanism to maintain our access to the target machines. So, in the future, if the vulnerability you exploited got patched or turned off, you can still access the system. You may need to consult with your customer about this before you do it on your customer systems.

Now, let's take a look at some of the tools that can help us maintain our access on the target machines. The tools are categorized ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

Publisher Resources

ISBN: 9781849519489

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Kali Linux - Assuring Security by Penetration Testing - Second Edition

by Tedi Heriyanto, Lee Allen, Shakeel Ali

Chapter 11. Maintaining Access

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.