Kali Linux - An Ethical Hacker's Cookbook - Second Edition: Practical recipes that combine strategies, attacks, and tools for advanced penetration testing, 2nd Edition
5/5
()
About this ebook
Discover end-to-end penetration testing solutions to enhance your ethical hacking skills
Key Features- Practical recipes to conduct effective penetration testing using the latest version of Kali Linux
- Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease
- Confidently perform networking and application attacks using task-oriented recipes
Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.
The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report.
By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.
What you will learn- Learn how to install, set up and customize Kali for pentesting on multiple platforms
- Pentest routers and embedded devices
- Get insights into fiddling around with software-defined radio
- Pwn and escalate through a corporate network
- Write good quality security reports
- Explore digital forensics and memory analysis with Kali Linux
If you are an IT security professional, pentester, or security analyst who wants to conduct advanced penetration testing techniques, then this book is for you. Basic knowledge of Kali Linux is assumed.
Related to Kali Linux - An Ethical Hacker's Cookbook - Second Edition
Related ebooks
Kali Linux Intrusion and Exploitation Cookbook Rating: 5 out of 5 stars5/5Metasploit Bootcamp Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsLearn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsKali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsPython Penetration Testing Essentials Rating: 5 out of 5 stars5/5Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsPenetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Penetration Testing Bootcamp Rating: 5 out of 5 stars5/5Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsBurp Suite Essentials Rating: 4 out of 5 stars4/5Penetration Testing with BackBox Rating: 0 out of 5 stars0 ratingsApplied Network Security Rating: 0 out of 5 stars0 ratingsLearning zANTI2 for Android Pentesting Rating: 0 out of 5 stars0 ratingsMastering Python Forensics Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Effective Python Penetration Testing Rating: 0 out of 5 stars0 ratingsLinux Networking Cookbook Rating: 0 out of 5 stars0 ratingsBuilding a Pentesting Lab for Wireless Networks Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5
Security For You
How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CISSP Study Guide Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsGame Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratings
Reviews for Kali Linux - An Ethical Hacker's Cookbook - Second Edition
1 rating0 reviews
Book preview
Kali Linux - An Ethical Hacker's Cookbook - Second Edition - Himanshu Sharma
Kali Linux - An Ethical Hacker's Cookbook
Second Edition
Practical recipes that combine strategies, attacks, and tools for advanced penetration testing
Himanshu Sharma
BIRMINGHAM - MUMBAI
Kali Linux - An Ethical Hacker's Cookbook Second Edition
Copyright © 2019 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Rohit Rajkumar
Content Development Editor: Ronn Kurien
Technical Editor: Prachi Sawant
Copy Editor: Safis Editing
Project Coordinator: Jagdish Prabhu
Proofreader: Safis Editing
Indexer: Manju Arasan
Graphics: Tom Scaria
Production Coordinator: Jayalaxmi Raja
First published: October 2017
Second edition: March 2019
Production reference: 1290319
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78995-230-8
www.packtpub.com
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
Packt.com
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
Himanshu Sharma has been active in the field of bug bounty since 2009, and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proof.
He has been a speaker at multiple international conferences, including Botconf '13, Confidence 2018, RSA Asia Pacific and Japan '18, and Hack In The Box 2019. He also spoke at the IEEE conference in California and Malaysia, as well as for TedX.
Currently, he is the cofounder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services. He has also authored the following books: Kali Linux – An Ethical Hacker's Cookbook, and Hands-On Red Team Tactics.
About the reviewers
Bhargav Tandel has over 7 years' experience in information security with companies including Reliance jio, Vodafone, and Wipro. His core expertise and passions are vulnerability assessment, penetration testing, Red Team, ethical hacking, and information security. He is currently pursuing the OSCP certification. He has the ability to solve complex problems involving a wide variety of information systems, work independently on large-scale projects, and thrive under pressure in fast-paced environments, all while directing multiple projects from concept to implementation.
I would like to thank my family and friends, who have always stood by me. My friends, Jigar Tank and Utkarsh Bhatt, have always been there for me. I would also like to thank Rakesh Dwivedi for giving me a reason to continue learning and growing.
Kunal Sehgal has been heading critical cybersecurity roles for financial organizations, for over 15 years now. He is an avid blogger and a regular speaker on cyber-related topics across Asia.
He also holds a bachelor's degree in computer applications from Panjab University, and a postgraduate diploma from Georgian College in cyberspace security. He holds numerous cyber certifications, including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Tenable Certified Nessus Auditor (TCNA), Certificate of Cloud Security Knowledge (CCSK), ISO 27001 Lead Auditor, Offensive Security Certified Professional (OSCP), and CompTIA Security+.
Dedicated to my darling daughter.
Shivanand Persad has a master's in business administration from the Australian Institute of Business, and a bachelor of science in electrical and computer engineering from the University of the West Indies. He possesses a wide variety of specializations, including controls and instrumentation systems, wireless and wired communication systems, strategic management, and business process re-engineering. With over a decade of experience across multiple engineering disciplines, and a lengthy tenure with one of the largest ISPs in the Caribbean, he continues to be passionate about technology and its continuous development. When he's not reading everything in sight, he enjoys archery, martial arts, biking, and tinkering.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents
Title Page
Copyright and Credits
Kali Linux - An Ethical Hacker's Cookbook Second Edition
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Get in touch
Reviews
Disclaimer
Kali - An Introduction
Configuring Kali Linux
Getting ready
How to do it...
How it works...
Configuring the Xfce environment
How to do it...
Configuring the MATE environment
How to do it...
Configuring the LXDE environment
How to do it...
Configuring the E17 environment
How to do it...
Configuring the KDE environment
How to do it...
Prepping with custom tools
Getting ready
How to do it...
Aquatone
Subfinder
There's more...
Zone Walking using DNSRecon
Getting ready
How to do it...
There's more...
Setting up I2P for anonymity
How to do it...
There's more...
Pentesting VPN's ike-scan
Getting ready
How to do it...
Cracking the PSK
There's more...
Setting up proxychains
How to do it...
Using proxychains with Tor
Going on a hunt with Routerhunter
Getting ready
How to do it...
Gathering Intel and Planning Attack Strategies
Getting a list of subdomains
How to do it...
Using Shodan for fun and profit
Getting ready
How to do it...
Shodan Honeyscore
How to do it...
Shodan plugins
How to do it...
Censys
How to do it...
See also
Using Nmap to find open ports
How to do it...
Using scripts
See also
Bypassing firewalls with Nmap
How to do it...
TCP ACK scan (-sA)
TCP Window scan (-sW)
Idle scan
How it works...
Searching for open directories using GoBuster
How to do it...
Hunting for SSL flaws
How to do it...
See also
Automating brute force with BruteSpray
How to do it...
Digging deep with TheHarvester
How to do it...
How it works...
Finding technology behind webapps using WhatWeb
How to do it...
Scanning IPs with masscan
How to do it...
Finding origin servers with CloudBunny
How to do it...
Sniffing around with Kismet
How to do it...
See also
Testing routers with Firewalk
How to do it...
How it works...
Vulnerability Assessment - Poking for Holes
Using the infamous Burp
How to do it...
Exploiting WSDLs with Wsdler
How to do it...
Using Intruder
How to do it...
Using golismero
How to do it...
See also
Exploring Searchsploit
How to do it...
Exploiting routers with routersploit
Getting ready
How to do it...
Using Metasploit
How to do it...
Automating Metasploit
How to do it...
Writing a custom resource script
How to do it...
See also
Setting up a database in Metasploit
How to do it...
Generating payloads with MSFPC
How to do it...
Emulating threats with Cobalt Strike
Getting ready
How to do it...
There's more...
Web App Exploitation - Beyond OWASP Top 10
Exploiting XSS with XSS Validator
Getting ready
How to do it...
Injection attacks with sqlmap
How to do it...
See also
Owning all .svn and .git repositories
How to do it...
Winning race conditions
How to do it...
See also
Exploiting XXEs
How to do it...
See also
Exploiting Jboss with JexBoss
How to do it...
Exploiting PHP Object Injection
How to do it...
See also
Automating vulnerability detection using RapidScan
Getting ready
How to do it...
Backdoors using meterpreter
How to do it...
See also
Backdoors using webshells
How to do it...
Network Exploitation
Introduction
MITM with hamster and ferret
Getting ready
How to do it...
Exploring the msfconsole
How to do it...
Railgun in Metasploit
How to do it...
There's more...
See also
Using the paranoid meterpreter
How to do it...
There's more...
The tale of a bleeding heart
How to do it...
Exploiting Redis
How to do it...
Saying no to SQL – owning MongoDBs
Getting ready
How to do it...
Hacking embedded devices
How to do it...
Exploiting Elasticsearch
How to do it...
See also
Good old Wireshark
Getting ready
How to do it...
See also
This is Sparta
Getting ready
How to do it...
Exploiting Jenkins
How to do it...
See also
Shellver – reverse shell cheatsheet
Getting ready
How to do it...
Generating payloads with MSFvenom Payload Creator (MSFPC)
How to do it...
Wireless Attacks - Getting Past Aircrack-ng
The good old Aircrack
Getting ready
How to do it...
How it works...
Hands-on with Gerix
Getting ready
How to do it...
Dealing with WPAs
How to do it...
Owning employee accounts with Ghost Phisher
How to do it...
Pixie dust attack
Getting ready
How to do it...
See also
Setting up rogue access points with WiFi-Pumpkin
Getting ready
How to do it...
See also
Using Airgeddon for Wi-Fi attacks
How to do it...
See also
Password Attacks - The Fault in Their Stars
Identifying different types of hashes in the wild
How to do it...
See also
Hash-identifier to the rescue
How to do it...
Cracking with Patator
How to do it...
Playing with John the Ripper
How to do it...
See also
Johnny Bravo!
How to do it...
Using ceWL
How to do it...
Generating wordlists with crunch
How to do it...
Using Pipal
How to do it...
Have Shell, Now What?
Spawning a TTY shell
How to do it...
Looking for weaknesses
How to do it...
There's more...
Horizontal escalation
How to do it...
Vertical escalation
How to do it...
Node hopping – pivoting
How to do it...
There's more...
Privilege escalation on Windows
How to do it...
Pulling a plaintext password with Mimikatz
How to do it...
Dumping other saved passwords from the machine
How to do it...
Pivoting
How to do it...
Backdooring for persistance
How to do it...
Age of Empire
Getting ready
How to do it...
See also
Automating Active Directory (AD) exploitation with DeathStar
How to do it...
See also
Exfiltrating data through Dropbox
How to do it...
Data exfiltration using CloakifyFactory
How to do it...
Buffer Overflows
Exploiting stack-based buffer overflows
How to do it...
Exploiting buffer overflows on real software
Getting ready
How to do it...
SEH bypass
How to do it...
See also
Exploiting egg hunters
Getting ready
How to do it...
See also
An overview of ASLR and NX bypass
How to do it...
See also
Elementary, My Dear Watson - Digital Forensics
Using the volatility framework
Getting ready
How to do it...
See also
Using Binwalk
How to do it...
See also
Capturing a forensic image with guymager
How to do it...
Playing with Software-Defined Radios
Radio-frequency scanners
Getting ready
How to do it...
Hands-on with the RTLSDR scanner
How to do it...
Playing around with gqrx
How to do it...
See also
Kalibrating your device for GSM tapping
How to do it...
See also
Decoding ADS-B messages with Dump1090
How to do it...
See also
Kali in Your Pocket - NetHunters and Raspberries
Installing Kali on Raspberry Pi
Getting ready
How to do it...
Installing NetHunter
Getting ready
How to do it...
Superman typing – human interface device (HID) attacks
How to do it...
Can I charge my phone?
How to do it...
Setting up an evil access point
How to do it...
Writing Reports
Using Dradis
How to do it...
Using MagicTree
How to do it...
Using Serpico
Getting ready
How to do it...
Other Books You May Enjoy
Leave a review - let other readers know what you think
Preface
This book begins with the installation and configuration of Kali Linux to help you perform your tests. You will then learn about methods that will help you gather intel and perform web application exploitation using tools such as Burp. Moving forward, you will also learn how to perform network exploitation by generating payloads using MSFPC, Metasploit, and Cobalt Strike. Next, you will learn about monitoring and cracking wireless networks using Aircrack, Fluxion, and Wifi-Pumpkin. After that, you will learn how to analyze, generate, and crack passwords using tools such as Patator, John the Ripper, and ceWL. Later, you will also learn about some of the tools that help in forensic investigations. Lastly, you will learn how to create an optimum quality pentest report!
By the end of this book, you will know how to conduct advanced and efficient penetration testing activities thanks to the book's crisp and task-oriented recipes.
Who this book is for
This book is aimed at IT security professionals, pentesters, and security analysts who have some basic knowledge of Kali Linux and who want to exploit advanced penetration testing techniques.
What this book covers
Chapter 1, Kali - An Introduction, explains that while Kali is already pre-equipped with hundreds of amazing tools and utilities to help penetration testers around the globe perform their job efficiently, in this chapter, we will primarily cover some custom tweaks that can be used to facilitate an even better pentesting experience for the users.
Chapter 2, Gathering Intel and Plan Attack Strategies, dives a little deeper into the content from the previous chapter and looks at a number of different tools available for gathering intel on our target. We start by using the infamous tools of Kali Linux. Gathering