book

The Ultimate Kali Linux Book - Second Edition

by Glen D. Singh

February 2022

Intermediate to advanced

742 pages

15h 41m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewer
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedDisclaimerShare Your Thoughts
Identifying threat actors and their intentUnderstanding what matters to threat actorsTimeResourcesFinancial factorsHack valueDiscovering cybersecurity terminologiesExploring the need for penetration testing and its phasesCreating a penetration testing battle planUnderstanding penetration testing approachesTypes of penetration testing Exploring hacking phases Reconnaissance or information gathering Scanning and enumerationGaining access Maintaining access Covering your tracks Understanding the Cyber Kill Chain frameworkReconnaissance WeaponizationDeliveryExploitationInstallationCommand and Control (C2)Actions on objectivesSummaryFurther reading
Technical requirementsUnderstanding the lab overview and its technologiesSetting up a hypervisor and virtually isolated networksPart 1 – deploying the hypervisorPart 2 – creating virtually isolated networksSetting up and working with Kali LinuxPart 1 – setting up Kali Linux as a virtual machinePart 2 – customizing the Kali Linux virtual machine and network adaptersPart 3 – getting started with Kali LinuxPart 4 – updating sources and packagesDeploying Metasploitable 2 as a target systemPart 1 – deploying Metasploitable 2Part 2 – configuring networking settingsImplementing Metasploitable 3 using VagrantPart 1 – setting up the Windows versionPart 2 – setting up the Linux versionSetting up vulnerability web application systemsPart 1 – deploying OWASP Juice ShopPart 2 – setting up OWASP Broken Web ApplicationsSummaryFurther reading
Technical requirementsBuilding an AD red team labPart 1 – installing Windows Server 2019 Part 2 – installing Windows 10 EnterprisePart 2 – setting up AD servicesPart 3 – promoting to a DCPart 4 – creating domain users and administrator accountsPart 5 – disabling antimalware protection and the domain firewallPart 6 – setting up for file sharing and service authentication attacks Part 7 – joining clients to the AD domainPart 8 – setting up for local account takeover and SMB attacks Setting up a wireless penetration testing labImplementing a RADIUS server SummaryFurther reading
Technical requirementsUnderstanding the importance of reconnaissance FootprintingUnderstanding passive information gatheringExploring open source intelligenceUsing OSINT strategies to gather intelligenceImportance of a sock puppetAnonymizing your traffic Profiling a target organization's IT infrastructureGathering employees' dataSocial media reconnaissance Gathering a company's infrastructure dataSummaryFurther reading
Technical requirementsUnderstanding active reconnaissanceExploring Google hacking strategies Exploring DNS reconnaissancePerforming DNS enumerationChecking for DNS zone transfer misconfigurationAutomating OSINTEnumerating subdomainsWorking with DNSmapExploring Sublist3rProfiling websites using EyeWitnessExploring active scanning techniquesSpoofing MAC addressesDiscovering live systems on a networkProbing open service ports, services, and operating systemsWorking with evasion techniquesEnumerating common network servicesScanning using MetasploitEnumerating SMBEnumerating SSHPerforming user enumeration through noisy authentication controlsFinding data leaks in the cloudSummaryFurther reading
Technical requirementsNessus and its policiesSetting up NessusScanning with NessusAnalyzing Nessus resultsExporting Nessus resultsVulnerability discovery using NmapWorking with Greenbone Vulnerability ManagerUsing web application scannersWhatWebNmap MetasploitNiktoWPScanSummaryFurther reading

Technical requirementsIntroduction to network penetration testingWorking with bind and reverse shellsRemote shells using NetcatCreating a bind shellCreating a reverse shellAntimalware evasion techniquesUsing MSFvenon to encode payloadsCreating payloads using ShellterWorking with wireless adaptersConnecting a wireless adapter to Kali LinuxConnecting a wireless adapter with an RTL8812AU chipsetManaging and monitoring wireless modesConfiguring monitor mode manuallyUsing Aircrack-ng to enable monitor modeSummaryFurther reading
Technical requirementsDiscovering live systemsProfiling a target systemExploring password-based attacksExploiting Windows Remote Desktop ProtocolCreating wordlists using keywordsCrunching those wordlistsIdentifying and exploiting vulnerable servicesExploiting a vulnerable service on a Linux systemExploiting SMB in Microsoft WindowsPassing the hashGaining access by exploiting SSHExploiting Windows Remote ManagementExploiting ElasticSearchExploiting Simple Network Management ProtocolUnderstanding watering hole attacksFurther reading
Technical requirementsPost-exploitation using MeterpreterCore operationsUser interface operationsFile transfersPrivilege escalationToken stealing and impersonationImplementing persistenceLateral movement and pivotingClearing tracksData encoding and exfiltrationEncoding executables using exe2hexData exfiltration using PacketWhisperUnderstanding MITM and packet sniffing attacksPerforming MITM attacks using EttercapSummaryFurther reading
Technical requirementsUnderstanding Active DirectoryEnumerating Active Directory Working with PowerViewExploring BloodhoundLeveraging network-based trustExploiting LLMNR and NetBIOS-NSExploiting trust between SMB and NTLMv2 within Active DirectorySummaryFurther reading
Technical requirementsUnderstanding KerberosAbusing trust on IPv6 with Active DirectoryPart 1: Setting up for the attackPart 2: Launching the attackPart 3: Taking over the domainAttacking Active DirectoryLateral movement with CrackMapExecVertical movement with KerberosLateral movement with MimikatzDomain dominance and persistenceGolden ticketSilver ticketSkeleton keySummaryFurther reading
Technical requirementsUnderstanding C2Setting up C2 operationsPart 1 – setting up EmpirePart 2 – managing usersPost-exploitation using EmpirePart 1 – creating a listenerPart 2 – creating a stagerPart 3 – working with agentsPart 4 – creating a new agentPart 5 – improving threat emulationPart 6 – setting up persistenceWorking with StarkillerPart 1 – starting StarkillerPart 2 – user managementPart 3 – working with modulesPart 4 – creating listenersPart 5 – creating stagersPart 6 – interacting with agentsPart 7 – credentials and reportingSummaryFurther reading
Technical requirementsIntroduction to wireless networkingSISO and MIMOWireless security standardsPerforming wireless reconnaissanceDetermining the associated clients for a specific networkCompromising WPA and WPA2 networksPerforming AP-less attacksExploiting enterprise wireless networksPart 1 – setting up for the attackPart 2 – choosing the targetPart 3 – starting the attackPart 4 – retrieving user credentialsCreating a Wi-Fi honeypotDiscovering WPA3 attacksPerforming a downgrade and dictionary attackSecuring your wireless networkSSID managementMAC filteringPower levels for antennasStrong passwordsSecuring enterprise wireless networksSummaryFurther reading
Technical requirementsFundamentals of social engineeringElements of social engineeringTypes of social engineeringHuman-basedComputer-basedMobile-basedSocial networkingDefending against social engineeringPlanning for each type of social engineering attackExploring social engineering tools and techniquesCreating a phishing websiteCreating infectious media SummaryFurther reading
Technical requirementsUnderstanding web applicationsFundamentals of HTTPExploring the OWASP Top 10: 2021Getting started with FoxyProxy and Burp Suite Part one – setting up FoxyProxyPart two – setting up Burp SuitePart three – getting familiar with Burp SuiteUnderstanding injection-based attacksPerforming a SQL injection attackExploring broken access control attacksExploring broken access controlDiscovering cryptographic failuresExploiting cryptographic failuresUnderstanding insecure designExploring security misconfigurationExploiting security misconfigurationsSummaryFurther reading
Technical requirementsIdentifying vulnerable and outdated componentsDiscovering vulnerable componentsExploiting identification and authentication failuresDiscovering authentication failuresUnderstanding software and data integrity failuresUnderstanding security logging and monitoring failuresPerforming server-side request forgeryAutomating SQL injection attacksPart 1 – discovering databasesPart 2 – retrieving sensitive informationUnderstanding cross-site scriptingPart 1 – discovering reflected XSSPart 2 – discovering stored XSSPerforming client-side attacksSummaryFurther reading
Technical requirementsGuidelines for penetration testersGaining written permissionBeing ethicalPenetration testing contractRules of engagementPenetration testing checklistInformation gatheringNetwork scanningEnumerationGaining accessCovering tracksReport writingCreating a hacker's tool bagSetting up remote accessNext steps aheadSummaryFurther reading
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from The Ultimate Kali Linux Book - Second Edition

Chapter 9: Advanced Network Penetration Testing — Post Exploitation

The exploitation phase of penetration testing focuses on gaining access to your target, such as a vulnerable host on a network. However, while the exploitation phase will seem like a victory, remember that as a penetration tester, your objective is to discover known and hidden security vulnerabilities within an organization's network and their assets. After exploiting a system or network, performing post-exploitation techniques will allow you to gather sensitive data such as users' login credentials and password hashes, impersonate high-privilege users on the network to gain access to other systems and servers, perform lateral movement to go deeper into restricted areas of the ...