This book is dedicated to my parents: my late mother, Krishna Deb, and my late father, Sushil Kumar Sinha .
You taught me to appreciate the value of reading and lifelong learning. I hope death has not defeated your longing for happiness.
May you rest in peace .
This book is intended to be used only in an ethical manner. Performing any illegal actions using the information available in this book may invite legal trouble, and if you have any bad intentions, you will likely be arrested and prosecuted to the full extent of the law.
The publisher Apress and the author take no responsibility if you misuse any information available in this book.
Tip
Always use VirtualBox or a virtual machine to experiment with your hacking skills.
You must use this information in a testing environment as shown in this book and, in some special cases, get proper permission from the appropriate authorities.
You can get started in white-hat ethical hacking using Kali Linux, and this book starts you on that road by giving you an overview of security trends, where you will learn about the OSI security architecture. This will form the foundation for the rest of Beginning Ethical Hacking with Kali Linux .
With the theory out of the way, you’ll move on to an introduction to VirtualBox, networking terminologies, and common Linux commands, followed by the step-by-step procedures to build your own web server and acquire the skill to be anonymous. When you have finished the examples in the first part of your book, you will have all you need to carry out safe and ethical hacking experiments.
After an introduction to Kali Linux, you will carry out your first penetration tests with Python and code raw binary packets for use in those tests. You will learn how to find secret directories of a target system, how to use a TCP client in Python and services, and how to do port scanning using Nmap. Along the way, you will learn how to collect important information; how to track e-mail; and how to use important tools such as DMitry, Maltego, and others. You’ll also take a look at the five phases of penetration testing.
After that, this book will cover SQL mapping and vulnerability analysis where you will learn about sniffing and spoofing, why ARP poisoning is a threat, how SniffJoke prevents poisoning, how to analyze protocols with Wireshark, and how to use sniffing packets with Scapy. Then, you will learn how to detect SQL injection vulnerabilities, how to use Sqlmap, and how to do brute-force or password attacks. In addition, you will learn how to use important hacking tools such as OpenVas, Nikto, Vega, and Burp Suite.
The book will also explain the information assurance model and the hacking framework Metasploit, taking you through important commands, exploits, and payload basics. Moving on to hashes and passwords, you will learn password testing and hacking techniques with John the Ripper and Rainbow. You will then dive into classic and modern encryption techniques where you will learn to work with the conventional cryptosystem.
In the final chapter, you will use all the skills of hacking to exploit a remote Windows and Linux system, and you will learn how to “own” a remote target entirely.
Who This Book Is For
This book is primarily for information security professionals. However, security enthusiasts and absolute beginners will also find this book helpful. For absolute beginners, knowledge of high school algebra, the number system, and the Python programming language is a plus. However, this book provides an explanation of the foundational rules so you can understand the relationship between them and ethical hacking, information security, and the hacking-related tools of Kali Linux.
For more advanced professionals, the book also includes in-depth analysis.
Whether you are new to ethical hacking or a seasoned veteran, this book will help you understand and master many of the powerful and useful hacking-related tools of Kali Linux and the techniques that are widely used in the industry today.
To start with, you need a virtual box or virtual machine, so proceed to Chapter 1 .
I wish to record my gratitude to my wife, Kaberi, for her unwavering support and encouragement in the preparation of this book.
I am extremely grateful to Mr. Matthew Moodie, lead development editor, for his numerous valuable suggestions, complementary opinions, and thorough thumbing; as well as editor Nikhil Karkal, coordinating editor Divya Modi, and the whole Apress team for their persistent support and help. I also wish to thank Vaibhav Chavan, the technical reviewer, for their valued suggestions.
In the preparation of this book, I consulted open source documentation and numerous textbooks on a variety of subjects related to ethical hacking and want to thank the countless authors who wrote them. I hereby acknowledge my special indebtedness to Nmap original author Gordon Lyon (Fyodor) and the developer of the Metasploit Framework, H.D. Moore. I am also thankful for the ever-helpful open source community.
Table of Contents
About the Author and About the Technical Reviewer
About the Author
is a certified .NET Windows and web developer, specializing in Python, security programming, and PHP; he won Microsoft’s Community Contributor Award in 2011. Sanjib Sinha has also written Beginning Ethical Hacking with Python and Beginning Laravel for Apress.
About the Technical Reviewer
holds a certification in ethical hacking and has worked as a security analyst in the IT world as well as in the banking, insurance, and e-commerce industries. He now works as a security analyst in Mumbai and has more than five years of experience in the IT industry. He has hands-on experience in Kali Linux and other tools such as the Metasploit Framework, Burp Suite, Nessus, and more.