Kali Linux Penetration Testing Bible

Your ultimate guide to pentesting with Kali Linux

Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.

You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.

• Build a modern dockerized environment
• Discover the fundamentals of the bash language in Linux
• Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
• Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
• Apply practical and efficient pentesting workflows
• Learn about Modern Web Application Security Secure SDLC
• Automate your penetration testing with Python

Auteur

Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.

Texte du rabat

Your ultimate guide to pentesting with Kali Linux Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali. You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide. Build a modern dockerized environment Discover the fundamentals of the bash language in Linux Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more) Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation Apply practical and efficient pentesting workflows Learn about Modern Web Application Security Secure SDLC * Automate your penetration testing with Python

Contenu

Introduction xx Chapter 1 Mastering the Terminal Window 1 Kali Linux File System 2 Terminal Window Basic Commands 3 Tmux Terminal Window 6 Starting Tmux 6 Tmux Key Bindings 7 Tmux Session Management 7 Navigating Inside Tmux 9 Tmux Commands Reference 9 Managing Users and Groups in Kali 10 Users Commands 10 Groups Commands 14 Managing Passwords in Kali 14 Files and Folders Management in Kali Linux 15 Displaying Files and Folders 15 Permissions 16 Manipulating Files in Kali 19 Searching for Files 20 Files Compression 21 Manipulating Directories in Kali 23 Mounting a Directory 23 Managing Text Files in Kali Linux 24 Vim vs. Nano 26 Searching and Filtering Text 27 Remote Connections in Kali 29 Remote Desktop Protocol 29 Secure Shell 30 SSH with Credentials 30 Passwordless SSH 32 Kali Linux System Management 34 Linux Host Information 36 Linux OS Information 36 Linux Hardware Information 36 Managing Running Services 38 Package Management 39 Process Management 41 Networking in Kali Linux 42 Network Interface 42 IPv4 Private Address Ranges 42 Static IP Addressing 43 DNS 45 Established Connections 46 File Transfers 47 Summary 48 Chapter 2 Bash Scripting 49 Basic Bash Scripting 50 Printing to the Screen in Bash 50 Variables 52 Commands Variable 54 Script Parameters 54 User Input 56 Functions 56 Conditions and Loops 57 Conditions 58 Loops 60 File Iteration 61 Summary 63 Chapter 3 Network Hosts Scanning 65 Basics of Networking 65 Networking Protocols 66 TCP 66 UDP 67 Other Networking Protocols 67 IP Addressing 69 IPv4 69 Subnets and CIDR 69 IPv6 70 Port Numbers 71 Network Scanning 72 Identifying Live Hosts 72 Ping 73 ARP 73 Nmap 73 Port Scanning and Services Enumeration 74 TCP Port SYN Scan 75 UDP 75 Basics of Using Nmap Scans 76 Services Enumeration 77 Operating System Fingerprinting 79 Nmap Scripting Engine 80 NSE Category Scan 82 NSE Arguments 84 DNS Enumeration 84 DNS Brute-Force 85 DNS Zone Transfer 86 DNS Subdomains Tools 87 Fierce 87 Summary 88 Chapter 4 Internet Information Gathering 89 Passive Footprinting and Reconnaissance 90 Internet Search Engines 90 Shodan 91 Google Queries 92 Information Gathering Using Kali Linux 94 Whois Database 95 TheHarvester 97 DMitry 99 Maltego 99 Summary 103 Chapter 5 Social Engineering Attacks 105 Spear Phishing Attacks 105 Sending an E-mail 106 The Social Engineer Toolkit 106 Sending an E-mail Using Python 108 Stealing Credentials 109 Payloads and Listeners 110 Bind Shell vs. Reverse Shell 111 Bind Shell 111 Reverse Shell 112 Reverse Shell Using SET 113 Social Engineering with the USB Rubber Ducky 115 A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117 Generating a PowerShell Script 118 Starting a Listener 118 Hosting the PowerShell Script 119 Running PowerShell 120 Download and Execute the PS Script 120 Reverse Shell 121 Replicating the Attack Using the USB Rubber Ducky 122 Summary 122 Chapter 6 Advanced Enumeration Phase 125 Transfer Protocols 126 FTP (Port 21) 126 Exploitation Scenarios for an FTP Server 126 Enumeration Workflow 127 Service Scan 127 Advanced Scripting Scan with Nmap 128 More Brute-Forcing Techniques 129 SSH (Port 22) 130 Exploitation Scenarios for an SSH Server 130 Advanced Scripting Scan with Nmap 131 Brute-Forcing SSH with Hydra 132 Advanced Brute-Forcing Techniques 133 Telnet (Port 23) 134 Exploitation Scenarios for Telnet Server 135 Enumeration Workflow 135 Service Scan 135 Advanced Scripting Scan 136 Brute-Forcing with Hydra 136 E-mail Protocols 136 SMTP (Port 25) 137 Nmap Basic Enumeration 137 Nmap Advanced Enumeration 137 Enumerating Users 138 POP3 (Port 110) and IMAP4 (Port 143) 141 Brute-Forcing POP3 E-mail Accounts 141 Database Protocols 142 Microsoft SQL Server (Port 1433) 142 Oracle Database Server (Port 1521) 143 MySQL (Port 3306) 143 CI/CD Protocols 143 Docker (Port 2375) 144 Jenkins (Port 8080/50000) 145 Brute-Forcing a Web Portal Using Hydra 147 Step 1: Enable a Proxy 148 Step 2: Intercept the Form Request 149 Step 3: Extracting Form Data and Brute-Forcing with Hydra 150 Web Protocols 80/443 151 Graphical Remoting Protocols 152 RDP (Port 3389) 152 RDP Brute-Force 152 VNC (Port 5900) 153 File Sharing Protocols 154 SMB (Port 445) 154 Brute-Forcing SMB 156 SNMP (Port UDP 161) 157 SNMP Enumeration 157 Summary 159 Chapter 7 Exploitation Phase 161 Vulnerabilities Assessment 162 Vulnerability Assessment Workflow 162 Vulnerability Scanning with OpenVAS 164 Installing OpenVAS 164 Scanning with OpenVAS 165 Exploits Research 169 SearchSploit 171 Services Exploitation 173 Exploiting FTP Service 173 FTP Login 173 Remote Code Execution 174 Spawning a Shell 177 Exploiting SSH Service 178 SSH Login 178 Telnet Service Exploitation 179 Telnet Login 179 Sniffing for Cleartext Information 180 E-mail Server Exploitation 183 Docker Exploitation 185 Testing the Docker Connection 185 Creating a New Remote Kali Container 186 Getting a Shell into the Kali Container 187 Docker Host Exploitation 188 Exploiting Jenkins 190 Reverse Shells 193 Using Shells with Metasploit 194 Exploiting the SMB Protocol 196 Connecting to SMB Shares 196 SMB Eternal Blue Exploit 197 Summary 198 Chapter 8 Web Application Vulnerabilities 199 Web Application Vulnerabilities 200 Mutillidae Installation 200 Apache Web Server Installa…