0%

Book Description

Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing from scratch

Key Features

  • Get up and running with Kali Linux 2019.2
  • Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks
  • Learn to use Linux commands in the way ethical hackers do to gain control of your environment

Book Description

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects.

Through real-world examples, you'll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you'll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you'll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You'll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment.

By the end of this book, you'll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.

What you will learn

  • Explore the fundamentals of ethical hacking
  • Learn how to install and configure Kali Linux
  • Get up to speed with performing wireless network pentesting
  • Gain insights into passive and active information gathering
  • Understand web application pentesting
  • Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack

Who this book is for

If you are an IT security professional or a security consultant who wants to get started with penetration testing using Kali Linux 2019.2, then this book is for you. The book will also help if you're simply looking to learn more about ethical hacking and various security breaches. Although prior knowledge of Kali Linux is not necessary, some understanding of cybersecurity will be useful.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Learn Kali Linux 2019
  3. Dedication
  4. About Packt
    1. Why subscribe?
  5. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  7. Section 1: Kali Linux Basics
  8. Introduction to Hacking
    1. Who is a hacker?
      1. Types of hackers
        1. Black hat hacker
        2. White hat hacker
        3. Gray hat hacker
        4. Suicide hacker
        5. State-sponsored hacker
        6. Script kiddie
        7. Cyber terrorist
    2. Exploring important terminology
      1. Threat
      2. Asset
      3. Vulnerability
      4. Exploit
      5. Risk
      6. Zero-day
      7. Hack value
    3. Penetration testing phases
      1. Pre-engagement
      2. Information gathering
      3. Threat modeling
      4. Vulnerability analysis
      5. Exploitation
      6. Post-exploitation
      7. Report writing
    4. Penetration testing methodologies
      1. OWASP
      2. NIST
      3. OSSTMM
      4. SANS 25
    5. Penetration testing approaches
      1. White box
      2. Black box
      3. Gray box
    6. Types of penetration testing
      1. Web application penetration testing
      2. Mobile application penetration testing
      3. Social engineering penetration testing
      4. Network penetration testing
      5. Cloud penetration testing
      6. Physical penetration testing
    7. Hacking phases
      1. Reconnaissance or information gathering
      2. Scanning
      3. Gaining access
      4. Maintaining access
      5. Covering tracks
    8. Summary
    9. Questions
    10. Further reading
  9. Setting Up Kali - Part 1
    1. Technical requirements
    2. Lab overview
      1. Virtualization
        1. Hypervisors
          1. Type 1 hypervisor
          2. Type 2 hypervisor
      2. Additional components
        1. Virtual switches
        2. Operating systems
    3. Building our lab
      1. Creating a virtual network
      2. Setting up Kali Linux
      3. Attaching the virtual network to a virtual machine
      4. Installing Nessus
      5. Setting up Android emulators
      6. Installing Metasploitable 2
    4. Summary
    5. Questions
    6. Further reading
  10. Setting Up Kali - Part 2
    1. Technical requirements
    2. Installing Windows as a VM
      1. Creating a user account
      2. Opting out of automatic updates
      3. Setting a static IP address
      4. Adding additional interfaces
    3. Installing Ubuntu 8.10
      1. Creating and using snapshots
    4. Troubleshooting Kali Linux
      1. Network adapter and USB incompatibility 
      2. VM memory problems
    5. Summary
    6. Further reading
  11. Getting Comfortable with Kali Linux 2019
    1. Technical requirements
    2. Understanding Kali Linux
    3. What's new in Kali Linux 2019?
    4. Basics of Kali Linux
      1. The Terminal and Linux commands
      2. Navigating in Kali Linux
      3. Updating sources and installing programs
      4. The find, locate, and which commands
        1. The locate command
        2. The which command
        3. The find command
      5. Managing Kali Linux services
    5. Summary
    6. Questions
    7. Further reading
  12. Section 2: Reconnaissance
  13. Passive Information Gathering
    1. Technical requirements
    2. Reconnaissance and footprinting
      1. Reconnaissance
      2. Footprinting
    3. Understanding passive information gathering
    4. Understanding OSINT
    5. Using the top OSINT tools
      1. Maltego
      2. Recon-ng
      3. theHarvester
      4. Shodan
      5. OSRFramework
    6. Identifying target technology and security controls
      1. Discovering technologies using Shodan
      2. The power of Netcraft
      3. Recognizing technologies with WhatWeb
    7. Finding data leaks in cloud resources
    8. Understanding Google hacking and search operators
    9. Leveraging whois and copying websites with HTTrack
      1. whois
      2. HTTrack
    10. Finding subdomains using Sublist3r
    11. Summary
    12. Questions
    13. Further reading
  14. Active Information Gathering
    1. Technical requirements
    2. Understanding active information gathering
    3. DNS interrogation
      1. What is DNS and why do we need it on a network?
      2. Performing DNS enumeration and zone transfer using dnsenum
      3. Using the host utility to perform DNS analysis
      4. Finding subdomains with dnsmap
      5. DNS interrogation using Fierce
    4. Scanning
    5. Nmap
      1. Performing a ping sweep with Nmap
      2. Obtaining operating system and service versions using Nmap
      3. Scanning host devices with ICMP disabled
      4. Performing a stealth scan using Nmap
      5. Scanning UDP ports using Nmap
      6. Evading detection using Nmap
        1. Evading firewalls with Nmap
        2. Checking for a stateful firewall
    6. NSE scripts
    7. Zenmap
    8. Hping3
    9. SMB, LDAP enumeration, and null sessions
      1. SMBmap and SMBclient
      2. Enum4linux
      3. LDAP enumeration
      4. Null sessions
    10. User enumeration through noisy authentication controls
    11. Web footprints and enumeration with EyeWitness
    12. Metasploit auxiliary modules
    13. Summary
    14. Questions
    15. Further reading
  15. Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019
  16. Working with Vulnerability Scanners
    1. Technical requirements
    2. Nessus and its policies
      1. Nessus policies
    3. Scanning with Nessus
    4. Exporting Nessus results
    5. Analyzing Nessus results
    6. Using web application scanners
      1. Nikto
      2. WPScan
      3. Burp Suite
        1. Using Intruder for brute force
    7. Summary
    8. Questions
    9. Further reading
  17. Understanding Network Penetration Testing
    1. Technical requirements
    2. Introduction to network penetration testing
      1. Types of penetration test
    3. Understanding the MAC address
      1. How to spoof the MAC address
    4. Connecting a wireless adapter to Kali Linux
    5. Managing and monitoring wireless modes
      1. Enabling monitor mode manually
      2. Enabling monitor mode using airmon-ng
    6. Summary
    7. Questions
    8. Further reading
  18. Network Penetration Testing - Pre-Connection Attacks
    1. Technical requirements
    2. Getting started with packet sniffing using airodump-ng
    3. Targeted packet sniffing using airodump-ng
    4. Deauthenticating clients on a wireless network
    5. Creating a rogue AP/evil twin
    6. Performing a password spraying attack
    7. Setting up watering hole attacks
    8. Exploiting weak encryption to steal credentials
    9. Summary
    10. Questions
    11. Further reading
  19. Network Penetration Testing - Gaining Access
    1. Technical requirements
    2. Gaining access
    3. WEP cracking
    4. WPA cracking
    5. Securing your network from the aforementioned attacks
      1. SSID management
      2. MAC filtering
      3. Power levels for antennas
      4. Strong passwords
      5. Securing enterprise wireless networks
    6. Configuring wireless security settings to secure your network
    7. Exploiting vulnerable perimeter systems with Metasploit
      1. EternalBlue exploitation
    8. Penetration testing Citrix and RDP-based remote access systems
      1. Citrix penetration testing
      2. Breaking into RDP
      3. Leveraging user credentials
    9. Plugging PWN boxes and other tools directly into a network
    10. Bypassing NAC
    11. Summary
    12. Questions
    13. Further reading
  20. Network Penetration Testing - Post-Connection Attacks
    1. Technical requirements
    2. Gathering information
      1. Scanning using Netdiscover
      2. Scanning using AutoScan-Network
      3. Scanning using Zenmap
    3. MITM attacks
      1. ARPspoof
      2. MITMf
      3. Use cases of MITMf
    4. Session hijacking
    5. DHCP attacks
    6. Exploiting LLMNR and NetBIOS-NS
    7. WPAD protocol attacks
    8. Wireshark
      1. Basic overview of Wireshark and how to use it in MITM attacks
      2. Configuring a SPAN port
      3. Configuring a monitor (sniffer) interface on Wireshark
      4. Parsing Wireshark packet captures to find the goods
    9. Escalating privileges
    10. Lateral movement tactics
    11. PowerShell tradecraft
      1. Removing Windows Defender virus definitions
      2. Disabling Windows Antimalware Scan Interface
    12. Launching a VLAN hopping attack
    13. Summary
    14. Questions
    15. Further reading
  21. Network Penetration Testing - Detection and Security
    1. Technical requirements
    2. Using Wireshark to understand ARP
    3. Detecting ARP poisoning attacks
    4. Detecting suspicious activity
    5. MITM remediation techniques
      1. Encryption
      2. Dynamic ARP inspection
      3. Sniffing remediation techniques
    6. Summary
    7. Questions
    8. Further reading
  22. Client-Side Attacks - Social Engineering
    1. Technical requirements
    2. Basics of social engineering
    3. Types of social engineering
      1. Human-based social engineering
        1. Eavesdropping
        2. Shoulder surfing
        3. Dumpster diving
      2. Computer-based social engineering
        1. Phishing
        2. Spear phishing
      3. Mobile-based social engineering
      4. Social engineering through social networking
      5. Phone-based social engineering (vishing)
    4. Defending against social engineering
      1. Protecting your perimeter security
      2. Protecting the help desk and general staff
      3. Additional countermeasures
      4. Detecting phishing emails
    5. Recon for social engineering (doxing)
    6. Planning for each type of social engineering attack
    7. Social engineering tools
      1. Social-Engineer Toolkit
      2. Ghost Phisher
    8. Summary
    9. Questions
    10. Further reading
  23. Performing Website Penetration Testing
    1. Technical requirements
    2. Information gathering
      1. Discovering technologies that are being used on a website
      2. Discovering websites on the same server
      3. Discovering sensitive files
      4. robots.txt
      5. Analyzing discovered files
    3. Cryptography
    4. File upload and file inclusion vulnerabilities
      1. XSS
        1. Stored XSS
        2. Reflected XSS
      2. CSRF
      3. SQLi
      4. Insecure deserialization
      5. Common misconfigurations
      6. Vulnerable components
      7. IDOR
    5. Exploiting file upload vulnerabilities
    6. Exploiting code execution vulnerabilities
    7. Exploiting LFI vulnerabilities
    8. Preventing vulnerabilities
    9. Summary
    10. Questions
    11. Further reading
  24. Website Penetration Testing - Gaining Access
    1. Technical requirements
    2. Exploring the dangers of SQL injection
      1. Dangers from SQL injection vulnerabilities
      2. Bypassing logins using SQL injection
    3. SQL injection vulnerabilities and exploitation
      1. Discovering SQL injections with POST
      2. Detecting SQL injections and extracting data using SQLmap
      3. Preventing SQL injection
    4. Cross-Site Scripting vulnerabilities
      1. Understanding XSS
      2. Discovering reflected XSS
      3. Discovering stored XSS
      4. Exploiting XSS – hooking vulnerable page visitors to BeEF
    5. Discovering vulnerabilities automatically
      1. Burp Suite
      2. Acunetix
      3. OWASP ZAP
    6. Summary
    7. Questions
    8. Further reading
  25. Best Practices
    1. Technical requirements
    2. Guidelines for penetration testers
      1. Gaining written permission
      2. Being ethical
      3. Penetration testing contract
      4. Rules of engagement
      5. Additional tips and tricks
    3. Web application security blueprints and checklists
      1. OWASP
      2. Penetration testing execution standard
      3. Reporting
      4. Penetration testing checklist
        1. Information gathering
        2. Network scanning
        3. Enumeration
        4. Gaining access
        5. Covering tracks
    4. Summary
    5. Questions
    6. Further reading
  26. Assessments
    1. Chapter 1: Introduction to Hacking
    2. Chapter 2: Setting Up Kali - Part
    3. Chapter 4: Getting Comfortable with Kali Linux 2019
    4. Chapter 5: Passive Information Gathering
    5. Chapter 6: Active Information Gathering
    6. Chapter 7: Working with Vulnerability Scanners
    7. Chapter 8: Understanding Network Penetration Testing
    8. Chapter 9: Network Penetration Testing - Pre-Connection Attacks
    9. Chapter 10: Network Penetration Testing - Gaining Access
    10. Chapter 11: Network Penetration Testing - Post-Connection Attacks
    11. Chapter 12: Network Penetration Testing - Detection and Security
    12. Chapter 13: Client-Side Attacks - Social Engineering
    13. Chapter 14: Performing Website Penetration Testing
    14. Chapter 15: Website Penetration Testing - Gaining Access 
    15. Chapter 16: Best Practices
  27. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
44.192.132.66