2. Network Information Gathering
by Ishan Girdhar, Dhruv Shah
Kali Linux Intrusion and Exploitation Cookbook
- Kali Linux Intrusion and Exploitation Cookbook
- Kali Linux Intrusion and Exploitation Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Getting Started - Setting Up an Environment
- Introduction
- Installing Kali Linux on Cloud - Amazon AWS
- Installing Kali Linux on Docker
- Installing NetHunter on OnePlus One
- Installing Kali Linux on a virtual machine
- Customizing Kali Linux for faster package updates
- Customizing Kali Linux for faster operations
- Configuring remote connectivity services - HTTP, TFTP, and SSH
- Configuring Nessus and Metasploit
- Configuring third-party tools
- Installing Docker on Kali Linux
- 2. Network Information Gathering
- 3. Network Vulnerability Assessment
- 4. Network Exploitation
- Introduction
- Gathering information for credential cracking
- Cracking FTP login using custom wordlist
- Cracking SSH login using custom wordlist
- Cracking HTTP logins using custom wordlist
- Cracking MySql and PostgreSQL login using custom wordlist
- Cracking Cisco login using custom wordlist
- Exploiting vulnerable services (Unix)
- Exploiting vulnerable services (Windows)
- Exploiting services using exploit-db scripts
- 5. Web Application Information Gathering
- Introduction
- Setting up API keys for recon-ng
- Using recon-ng for reconnaissance
- Gathering information using theharvester
- Using DNS protocol for information gathering
- Web application firewall detection
- HTTP and DNS load balancer detection
- Discovering hidden files/directories using DirBuster
- CMS and plugins detection using WhatWeb and p0f
- Finding SSL cipher vulnerabilities
- 6. Web Application Vulnerability Assessment
- Introduction
- Running vulnerable web applications in Docker
- Using W3af for vulnerability assessment
- Using Nikto for web server assessment
- Using Skipfish for vulnerability assessment
- Using Burp Proxy to intercept HTTP traffic
- Using Burp Intruder for customized attack automation
- Using Burp Sequencer to test the session randomness
- 7. Web Application Exploitation
- Introduction
- Using Burp for active/passive scanning
- Using sqlmap to find SQL Injection on the login page
- Exploiting SQL Injection on URL parameters using SQL Injection
- Using Weevely for file upload vulnerability
- Exploiting Shellshock using Burp
- Using Metasploit to exploit Heartbleed
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
- 8. System and Password Exploitation
- 9. Privilege Escalation and Exploitation
- 10. Wireless Exploitation
- A. Pen Testing 101 Basics
In this chapter, we will cover the following recipes:
- Discovering live servers over the network
- Bypassing IDS/IPS/firewall
- Discovering ports over the network
- Using unicornscan for faster port scanning
- Service fingerprinting
- Determining the OS using nmap and xprobe2
- Service enumeration
- Open-source information gathering
In this chapter, we will look at how to detect live servers and network devices over the network, and perform service fingerprinting and enumeration for information gathering. Gathering information is of the utmost importance for a successful vulnerability assessment and penetration test. Moving forward, we will run scanners to find vulnerabilities in the detected services. Along with that, we will write bash scripts so that we can speed up the process of discovery-enumerate-scan.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.