Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Table of Contents
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Beginning with Kali Linux
A brief history of Kali Linux
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Running Kali using Live DVD
Installing on a hard disk
Installing Kali on a physical machine
Installing kali on a virtual machine
Installing Kali on a virtual machine from the ISO image
Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
Saving or Moving the virtual machine
Installing Kali on a USB disk
Configuring the virtual machine
VirtualBox Guest Additions
Setting up Networking
Setting up a wired connection
Setting up a wireless connection
Updating Kali Linux
Network services in Kali Linux
HTTP
MySQL
SSH
Installing a vulnerable server
Installing additional weapons
Installing the Nessus vulnerability scanner
Installing the Cisco password cracker
Summary
2. Penetration Testing Methodology
Types of penetration testing
Black box testing
White box testing
Gray box testing
Deciding on a test
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual
Key features and benefits of OSSTMM
Information Systems Security Assessment Framework
Key features and benefits of ISSAF
Open Web Application Security Project
Key features and benefits of OWASP
Web Application Security Consortium Threat Classification
Key features and benefits of WASC-TC
Penetration Testing Execution Standard
Key features and benefits of PTES
General penetration testing framework
Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting
The ethics
Summary
3. Target Scoping
Gathering client requirements
Creating the customer requirements form
The deliverables assessment form
Preparing the test plan
The test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Host
dig
dnsenum
fierce
DMitry
Maltego
Getting network routing information
tcptraceroute
tctrace
Utilizing the search engine
theharvester
SimplyEmail
Metagoofil
Accessing leaked information
The Onion Router
Installing the TOR Browser
Summary
5. Target Discovery
Starting off with target discovery
Identifying the target machine
ping
arping
fping
hping3
nping
alive6
detect-new-ip6
passive_discovery6
nbtscan
OS fingerprinting
p0f
Nmap
Summary
6. Enumerating Target
Introducing port scanning
Understanding the TCP/IP protocol
Understanding the TCP and UDP message format
The network scanner
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Useful Nmap options
Service version detection
Operating system detection
Disabling host discovery
Aggressive scan
Nmap for scanning the IPv6 target
The Nmap scripting engine
Nmap options for Firewall/IDS evasion
Unicornscan
Zenmap
Amap
SMB enumeration
SNMP enumeration
onesixtyone
snmpcheck
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Automated vulnerability scanning
Nessus
Network vulnerability scanning
Cisco analysis
Cisco auditing tool
Cisco global exploiter
SMB analysis
Impacket Samrdump
SNMP analysis
SNMP Walk
Web application analysis
Nikto2
OWASP ZAP
Burp Suite
Paros proxy
W3AF
WafW00f
WebScarab
Fuzz analysis
BED
JBroFuzz
Database assessment tools
SQLMap
SQL Ninja
Summary
8. Social Engineering
Modeling the human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship
Curiosity
Social Engineering Toolkit
Anonymous USB Attack
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario 1
Scenario 2
SMB usernames
VNC blank authentication scanner
PostGRESQL login
Scenario 3
Bind shell
Reverse shell
Meterpreter
Scenario 4
Generating a binary backdoor
Automated browser exploitation
Writing exploit modules
Summary
10. Privilege Escalation
Privilege escalation using a local exploit
Password attack tools
Offline attack tools
hash-identifier
Hashcat
RainbowCrack
samdump2
John
Johnny
Ophcrack
Crunch
Online attack tools
CeWL
Hydra
Medusa
Mimikatz
Network spoofing tools
DNSChef
Setting up a DNS proxy
Faking a domain
arpspoof
Ettercap
Network sniffers
dsniff
tcpdump
Wireshark
Summary
11. Maintaining Access
Using operating system backdoors
Cymothoa
Intersect
The meterpreter backdoor
Working with tunneling tools
dns2tcp
iodine
Configuring the DNS server
Running the iodine server
Running the iodine client
ncat
proxychains
ptunnel
socat
Getting HTTP header information
Transferring files
sslh
stunnel4
Creating web backdoors
WeBaCoo
PHP meterpreter
Summary
12. Wireless Penetration Testing
Wireless networking
Overview of 802.11
Wired Equivalent Privacy Standard
Wi-Fi Protected Access
Wireless network recon
Antennas
Iwlist
Kismet
WAIDPS
Wireless testing tools
Aircrack-ng
WPA Pre-shared Key cracking
WEP cracking
PixieWPS
Wifite
Fern Wifi Cracker
Post cracking
MAC spoofing
Persistence
Sniffing wireless traffic
Sniffing WLAN traffic
Passive sniffing
Summary
13. Kali Nethunter
Kali Nethunter
Deployment
Network deployment
Wireless deployment
Host deployment
Installing Kali Nethunter
Nethunter icons
Nethunter tools
Nmap
Metasploit
MAC changer
Third-party applications
Wireless attacks
Wireless scanning
Nethunter tools
Third-party apps
WPA/WPA2 cracking
WPS cracking
Evil AP attack
Mana Evil AP
HID attacks
Summary
14. Documentation and Reporting
Documentation and results verification
Types of reports
The executive report
The management report
The technical report
Network penetration testing report (sample contents)
Preparing your presentation
Post-testing procedures
Summary
A. Supplementary Tools
Reconnaissance tool
Vulnerability scanner
NeXpose Community Edition
Installing NeXpose
Starting the NeXpose community
Logging in to the NeXpose community
Using the NeXpose community
Web application tools
Vega
BlindElephant
Network tool
Netcat
Open connection
Service banner grabbing
Creating a simple chat server
File transfer
Port scanning
Backdoor shell
Reverse shell
Summary
B. Key Resources
Vulnerability disclosure and tracking
Paid incentive programs
Reverse engineering resources
Penetration testing learning resources
Exploit development learning resources
Penetration testing on a vulnerable environment
Online web application challenges
Virtual machines and ISO images
Network ports
Index
← Prev
Back
Next →
← Prev
Back
Next →