Hacking with Kali : Practical Penetration Testing Techniques.

Format:

Book

Author/Creator:

Broad, James.

Contributor:

Bindner, Andrew.

Language:

English

Subjects (All):

Penetration testing (Computer security).

Physical Description:

1 online resource (238 pages)

Edition:

1st ed.

Place of Publication:

San Diego : Elsevier Science & Technology Books, 2013.

Contents:

Front Cover

Hacking with Kali

Copyright Page

Dedication

Contents

1 Introduction

Book Overview and Key Learning Points

Book Audience

Technical Professionals

Security Engineers

Students in Information Security and Information Assurance Programs

Who This Book Is Not for

Diagrams, Figures, and Screen Captures

Welcome

Penetration Testing Lifecycle

Terms

Penetration Testing, Pentesting

Red Team, Red Teaming

Ethical Hacking

White Hat

Black Hat

Grey Hat

Vulnerability Assessment, Vulnerability Analysis

Security Controls Assessment

Malicious User Testing, Mal User Testing

Social Engineering

Phishing

Spear Phishing

Dumpster Diving

Live CD, Live Disk, or LiveOS

Kali History

References

2 Download and Install Kali Linux

Chapter Overview and Key Learning Points

Kali Linux

System Information

Selecting a Hardware Platform for Installation

Hard Drive Selection

Partitioning the Hard Drive

Security During Installation

Downloading Kali

Hard Drive Installation

Booting Kali for the First Time

Installation-Setting the Defaults

Installation-Initial Network Setup

Passwords

Configuring the System Clock

Partitioning Disks

Configure the Package Manager

Installing the GRUB Loader

Completing the Installation

Thumb Drive Installation

Windows (Nonpersistent)

Linux (Persistent)

SD Card Installation

Summary

3 Software, Patches, and Upgrades

APT Package Handling Utility

Installing Applications or Packages

Update

Upgrade

Distribution Upgrade

Remove

Auto Remove

Purge

Clean

Autoclean

Putting It All Together

Debian Package Manager

Install

Checking for Installed Package

Tarballs

Creation of a Tarball.

Extracting Files from a Tarball

Compressing a Tarball

A Practical Guide to Installing Nessus

Update and Clean the System Prior to Installing Nessus

Install and Configure Nessus

Conclusion

4 Configuring Kali Linux

About This Chapter

The Basics of Networking

Private Addressing

Default Gateway

Name Server

DHCP

Basic Subnetting

Kali Linux Default Settings

Using the Graphical User Interface to Configure Network Interfaces

Using the Command Line to Configure Network Interfaces

Starting and Stopping the Interface

DHCP from the Command Prompt

Using the GUI to Configure Wireless Cards

Connection Name

Connect Automatically Checkbox

Wireless Tab

Service Set Identifier

Mode

Basic Service Set Identification

Device MAC Address

Cloned MAC Address

Maximum Transmission Unit

Wireless Security Tab

Security Drop Down

Wired Equivalent Privacy

Lightweight Extensible Authentication Protocol

WiFi Protected Access

Passwords and Keys

IPv4 Settings Tab

Save

Web Server

Using the GUI to Start, Stop, or Restart the Apache Server

Starting, Stopping, and Restarting Apache at the Command Prompt

The Default Web Page

FTP Server

SSH Server

Generate SSH Keys

Managing the SSH Service from the Kali GUI

Managing the SSH Server from the Command Line

Accessing the Remote System

Configure and Access External Media

Manually Mounting a Drive

Updating Kali

Upgrading Kali

Adding a Repository Source

5 Building a Penetration Testing Lab

Before Reading This Chapter: Build a Lab

Building a Lab on a Dime

VMWare Player

VirtualBox

Installing VirtualBox on Microsoft Windows 7

Setting Up a Virtual Attack Platform.

Set Up a Virtual Machine for Kali Linux in VirtualBox

Metasploitable2

Installing Metasploitable2

Extending Your Lab

The Magical Code Injection Rainbow

Installation of MCIR

6 Introduction to the Penetration Test Lifecycle

Introduction to the Lifecycle

Phase 1: Reconnaissance

Phase 2: Scanning

Phase 3: Exploitation

Phase 4: Maintaining Access

Phase 5: Reporting

7 Reconnaissance

Introduction

Trusted Agents

Start with the Targets Own Website

Website Mirroring

Google Searches

All These Words

This Exact Word or Phrase

Any of These Words

None of These Words

Numbers Ranging from

Language

Region

Last Updated

Site or Domain

Terms Appearing

Safe Search

Reading Level

File Type

Usage Rights

Compiling an Advanced Google Search

Google Hacking

Google Hacking Database

Social Media

Create a Doppleganger

Job Sites

DNS and DNS Attacks

Query a Name Server

Zone Transfer

Reference

8 Scanning

Introduction to Scanning

Understanding Network Traffic

Understanding Ports and Firewalls

Understanding IP Protocols

TCP

UDP

ICMP

PING

Traceroute

NMAP the King of Scanners

The Nmap Command Structure

Scanning Options

-sS Stealth Scan

-sT TCP Connect Scan

-sU UDP Scan

-sA

Timing Templates

-T0 Paranoid

-T1 Sneaky

-T2 Polite

-T3 Normal

-T4 Aggressive

-T5 Insane

Targeting

IP Address Ranges

Scan List

Selecting Ports

Output Options

-oN Normal Output

-oX Extensible Markup Language (XML) Output

-oG GREPable Output

-oS ScRipT Kidd|# oUTpuT

Nmap Scripting Engine

HPING3

Nessus

Scanning with Nessus

Adding a Nessus User.

Configuration

Configuring a Scan

9 Exploitation

Exploitation

Attack Vectors Versus Attack Types

Local Exploits

Searching for Local Exploits

Remote Exploits

An Overview of Metasploit

A Brief History

Professional Versus Express Editions

Nexpose and Compliance

Overt Versus Covert

The Basic Framework

Exploit Modules

Auxiliary Modules

Payloads

Bind Shells

Reverse Shells

Meterpreter Shell

Listeners

Shellcode

Accessing Metasploit

Startup/Shutdown Service

Update the Database

Scanning with Metasploit

Using Metasploit

Meterpreter-Session Management

Actions Inside of a Session

Access File system

Command Shell

Postexploitation Modules

Web Server and Web Application Exploitation

OWASP

Testing Web Applications

Step 1-Manual Review

Step 2-Fingerprinting

NetCat (nc)

Telnet (telnet)

SSLScan (sslscan)

Step 3-Scanning

Arachni-Web Application Security Scanner Framework

Using the Arachni Web Application Scanner

w3af-Web Application Attack and Audit Framework

Using w3af

Nikto

Using Nikto

Websploit

10 Maintaining Access

Terminology and Core Concepts

Malware

Backdoors

Trojan Horse

Viruses

Resident

Nonresident

Worms

Keyloggers

Botnets

Colocation

Remote Communications

Command and Control

Backdoors with Metasploit

Creating an Executable Binary from a Payload (Unencoded)

Creating an Executable Binary from a Payload (Encoded)

Creating an Encoded Trojan Horse

Set Up a Metasploit Listener

Persistent Backdoors

Detectability

Backdoors for Web Services

11 Reports and Templates.

Chapter Overview and Key Learning Points

Reporting

Executive Summary

Engagement Procedure

Target Architecture and Composition

Findings

Recommended Actions

Appendices

Presentation

Report and Evidence Storage

Appendix A: Tribal Chicken

Comprehensive Setup and Configuration Guide for Kali Linux 1.0.5

Materials List

Install and Configure Ubuntu

Install Kali Linux 1.0.5

Customize the Interface

Running Updates

Building an ISO using Tribal Chicken

Burning an ISO to a DVD or Blu-Ray Disc

Testing and Validation (Short Version)

Appendix B: Kali Penetration Testing Tools

Index.

Notes:

Description based on publisher supplied metadata and other sources.

Other Format:

Print version: Broad, James Hacking with Kali

ISBN:

9780124078833

OCLC:

870340083