Kali Linux penetration testing bible / Gus Khawaja.

Format:

Book

Author/Creator:

Khawaja, Gus, author.

Language:

English

Subjects (All):

Penetration testing (Computer security).

Physical Description:

1 online resource (515 pages)

Place of Publication:

Hoboken, New Jersey : Wiley, [2021]

Summary:

Your ultimate guide to pentesting with Kali Linux Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. TheKali Linux Penetration Testing Bible isthehands-on and methodology guide for pentesting with Kali. You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide. * Build a modern dockerized environment * Discover the fundamentals of the bash language in Linux * Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more) * Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation * Apply practical and efficient pentesting workflows * Learn about Modern Web Application Security Secure SDLC * Automate your penetration testing with Python

Contents:

Cover

Title Page

Copyright Page

About the Author

About the Technical Editor

Acknowledgments

Contents at a Glance

Contents

Introduction

What Does This Book Cover?

Companion Download Files

How to Contact the Publisher

How to Contact the Author

Chapter 1 Mastering the Terminal Window

Kali Linux File System

Terminal Window Basic Commands

Tmux Terminal Window

Starting Tmux

Tmux Key Bindings

Tmux Session Management

Navigating Inside Tmux

Tmux Commands Reference

Managing Users and Groups in Kali

Users Commands

Groups Commands

Managing Passwords in Kali

Files and Folders Management in Kali Linux

Displaying Files and Folders

Permissions

Manipulating Files in Kali

Searching for Files

Files Compression

Manipulating Directories in Kali

Mounting a Directory

Managing Text Files in Kali Linux

Vim vs. Nano

Searching and Filtering Text

Remote Connections in Kali

Remote Desktop Protocol

Secure Shell

SSH with Credentials

Passwordless SSH

Kali Linux System Management

Linux Host Information

Linux OS Information

Linux Hardware Information

Managing Running Services

Package Management

Process Management

Networking in Kali Linux

Network Interface

IPv4 Private Address Ranges

Static IP Addressing

DNS

Established Connections

File Transfers

Summary

Chapter 2 Bash Scripting

Basic Bash Scripting

Printing to the Screen in Bash

Variables

Commands Variable

Script Parameters

User Input

Functions

Conditions and Loops

Conditions

Loops

File Iteration

Chapter 3 Network Hosts Scanning

Basics of Networking

Networking Protocols

TCP

UDP

Other Networking Protocols

IP Addressing

IPv4

Subnets and CIDR

IPv6

Port Numbers

Network Scanning.

Identifying Live Hosts

Ping

ARP

Nmap

Port Scanning and Services Enumeration

TCP Port SYN Scan

Basics of Using Nmap Scans

Services Enumeration

Operating System Fingerprinting

Nmap Scripting Engine

NSE Category Scan

NSE Arguments

DNS Enumeration

DNS Brute-Force

DNS Zone Transfer

DNS Subdomains Tools

Fierce

Chapter 4 Internet Information Gathering

Passive Footprinting and Reconnaissance

Internet Search Engines

Shodan

Google Queries

Information Gathering Using Kali Linux

Whois Database

TheHarvester

DMitry

Maltego

Chapter 5 Social Engineering Attacks

Spear Phishing Attacks

Sending an E-mail

The Social Engineer Toolkit

Sending an E-mail Using Python

Stealing Credentials

Payloads and Listeners

Bind Shell vs. Reverse Shell

Bind Shell

Reverse Shell

Reverse Shell Using SET

Social Engineering with the USB Rubber Ducky

A Practical Reverse Shell Using USB Rubber Ducky and PowerShell

Generating a PowerShell Script

Starting a Listener

Hosting the PowerShell Script

Running PowerShell

Download and Execute the PS Script

Replicating the Attack Using the USB Rubber Ducky

Chapter 6 Advanced Enumeration Phase

Transfer Protocols

FTP (Port 21)

Exploitation Scenarios for an FTP Server

Enumeration Workflow

Service Scan

Advanced Scripting Scan with Nmap

More Brute-Forcing Techniques

SSH (Port 22)

Exploitation Scenarios for an SSH Server

Brute-Forcing SSH with Hydra

Advanced Brute-Forcing Techniques

Telnet (Port 23)

Exploitation Scenarios for Telnet Server

Advanced Scripting Scan

Brute-Forcing with Hydra

E-mail Protocols

SMTP (Port 25)

Nmap Basic Enumeration.

Nmap Advanced Enumeration

Enumerating Users

POP3 (Port 110) and IMAP4 (Port 143)

Brute-Forcing POP3 E-mail Accounts

Database Protocols

Microsoft SQL Server (Port 1433)

Oracle Database Server (Port 1521)

MySQL (Port 3306)

CI/CD Protocols

Docker (Port 2375)

Jenkins (Port 8080/50000)

Brute-Forcing a Web Portal Using Hydra

Step 1: Enable a Proxy

Step 2: Intercept the Form Request

Step 3: Extracting Form Data and Brute-Forcing with Hydra

Web Protocols 80/443

Graphical Remoting Protocols

RDP (Port 3389)

RDP Brute-Force

VNC (Port 5900)

File Sharing Protocols

SMB (Port 445)

Brute-Forcing SMB

SNMP (Port UDP 161)

SNMP Enumeration

Chapter 7 Exploitation Phase

Vulnerabilities Assessment

Vulnerability Assessment Workflow

Vulnerability Scanning with OpenVAS

Installing OpenVAS

Scanning with OpenVAS

Exploits Research

SearchSploit

Services Exploitation

Exploiting FTP Service

FTP Login

Remote Code Execution

Spawning a Shell

Exploiting SSH Service

SSH Login

Telnet Service Exploitation

Telnet Login

Sniffing for Cleartext Information

E-mail Server Exploitation

Docker Exploitation

Testing the Docker Connection

Creating a New Remote Kali Container

Getting a Shell into the Kali Container

Docker Host Exploitation

Exploiting Jenkins

Reverse Shells

Using Shells with Metasploit

Exploiting the SMB Protocol

Connecting to SMB Shares

SMB Eternal Blue Exploit

Chapter 8 Web Application Vulnerabilities

Web Application Vulnerabilities

Mutillidae Installation

Apache Web Server Installation

Firewall Setup

Installing PHP

Database Installation and Setup

Cross-Site Scripting

Reflected XSS

Stored XSS

Exploiting XSS Using the Header.

Bypassing JavaScript Validation

SQL Injection

Querying the Database

Bypassing the Login Page

Execute Database Commands Using SQLi

SQL Injection Automation with SQLMap

Testing for SQL Injection

Command Injection

File Inclusion

Local File Inclusion

Remote File Inclusion

Cross-Site Request Forgery

The Attacker Scenario

The Victim Scenario

File Upload

Simple File Upload

Bypassing Validation

Encoding

OWASP Top 10

Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle

Web Enumeration and Exploitation

Burp Suite Pro

Web Pentest Using Burp Suite

More Enumeration

Crawling

Vulnerability Assessment

Manual Web Penetration Testing Checklist

Common Checklist

Special Pages Checklist

Secure Software Development Lifecycle

Analysis/Architecture Phase

Application Threat Modeling

Assets

Entry Points

Third Parties

Trust Levels

Data Flow Diagram

Development Phase

Testing Phase

Production Environment (Final Deployment)

Chapter 10 Linux Privilege Escalation

Introduction to Kernel Exploits and Missing Configurations

Kernel Exploits

Kernel Exploit: Dirty Cow

SUID Exploitation

Overriding the Passwd Users File

CRON Jobs Privilege Escalation

CRON Basics

Crontab

Anacrontab

Enumerating and Exploiting CRON

sudoers

sudo Privilege Escalation

Exploiting the Find Command

Editing the sudoers File

Exploiting Running Services

Automated Scripts

Chapter 11 Windows Privilege Escalation

Windows System Enumeration

System Information

Windows Architecture

Listing the Disk Drives

Installed Patches

Who Am I?

List Users and Groups

Networking Information

Showing Weak Permissions

Listing Installed Programs

Listing Tasks and Processes.

File Transfers

Windows Host Destination

Linux Host Destination

Windows System Exploitation

Windows Kernel Exploits

Getting the OS Version

Find a Matching Exploit

Executing the Payload and Getting a Root Shell

The Metasploit PrivEsc Magic

Exploiting Windows Applications

Running As in Windows

PSExec Tool

Exploiting Services in Windows

Interacting with Windows Services

Misconfigured Service Permissions

Overriding the Service Executable

Unquoted Service Path

Weak Registry Permissions

Exploiting the Scheduled Tasks

Windows PrivEsc Automated Tools

PowerUp

WinPEAS

Chapter 12 Pivoting and Lateral Movement

Dumping Windows Hashes

Windows NTLM Hashes

SAM File and Hash Dump

Using the Hash

Mimikatz

Dumping Active Directory Hashes

Reusing Passwords and Hashes

Pass the Hash

Pivoting with Port Redirection

Port Forwarding Concepts

SSH Tunneling and Local Port Forwarding

Remote Port Forwarding Using SSH

Dynamic Port Forwarding

Dynamic Port Forwarding Using SSH

Chapter 13 Cryptography and Hash Cracking

Basics of Cryptography

Hashing Basics

One-Way Hash Function

Hashing Scenarios

Hashing Algorithms

Message Digest 5

Secure Hash Algorithm

Hashing Passwords

Securing Passwords with Hash

Hash-Based Message Authenticated Code

Encryption Basics

Symmetric Encryption

Advanced Encryption Standard

Asymmetric Encryption

Rivest Shamir Adleman

Cracking Secrets with Hashcat

Benchmark Testing

Cracking Hashes in Action

Attack Modes

Straight Mode

Combinator

Mask and Brute-Force Attacks

Brute-Force Attack

Hybrid Attacks

Cracking Workflow

Chapter 14 Reporting

Overview of Reports in Penetration Testing

Scoring Severities.

Common Vulnerability Scoring System Version 3.1.

Notes:

Description based on print version record.

ISBN:

9781119719076

1119719070

9781119719649

111971964X

OCLC:

1249475410