Kali Linux: Assuring Security By Penetration Testing电子书

Kali Linux – Assuring Security by Penetration Testing

Table of Contents

Kali Linux – Assuring Security by Penetration Testing

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Disclaimer

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

I. Lab Preparation and Testing Procedures

1. Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Running Kali using Live DVD

Installing on a hard disk

Installing Kali on a physical machine

Installing Kali on a virtual machine

Installing Kali on a virtual machine from the ISO image

Installing Kali in a virtual machine using the provided Kali VM image

Installing Kali on a USB disk

Configuring the virtual machine

VirtualBox guest additions

Setting up networking

Setting up a wired connection

Setting up a wireless connection

Starting the network service

Configuring shared folders

Saving the guest machine state

Exporting a virtual machine

Updating Kali Linux

Network services in Kali Linux

HTTP

MySQL

SSH

Installing a vulnerable server

Installing additional weapons

Installing the Nessus vulnerability scanner

Installing the Cisco password cracker

Summary

2. Penetration Testing Methodology

Types of penetration testing

Black box testing

White box testing

Vulnerability assessment versus penetration testing

Security testing methodologies

Open Source Security Testing Methodology Manual (OSSTMM)

Key features and benefits

Information Systems Security Assessment Framework (ISSAF)

Key features and benefits

Open Web Application Security Project (OWASP)

Key features and benefits

Web Application Security Consortium Threat Classification (WASC-TC)

Key features and benefits

Penetration Testing Execution Standard (PTES)

Key features and benefits

General penetration testing framework

Target scoping

Information gathering

Target discovery

Enumerating target

Vulnerability mapping

Social engineering

Target exploitation

Privilege escalation

Maintaining access

Documentation and reporting

The ethics

Summary

II. Penetration Testers Armory

3. Target Scoping

Gathering client requirements

Creating the customer requirements form

The deliverables assessment form

Preparing the test plan

The test plan checklist

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

4. Information Gathering

Using public resources

Querying the domain registration information

Analyzing the DNS records

host

dig

dnsenum

dnsdict6

fierce

DMitry

Maltego

Getting network routing information

tcptraceroute

tctrace

Utilizing the search engine

theharvester

Metagoofil

Summary

5. Target Discovery

Starting off with target discovery

Identifying the target machine

ping

arping

fping

hping3

nping

alive6

detect-new-ip6

passive_discovery6

nbtscan

OS fingerprinting

p0f

Nmap

Summary

6. Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Nmap

Nmap target specification

Nmap TCP scan options

Nmap UDP scan options

Nmap port specification

Nmap output options

Nmap timing options

Nmap useful options

Service version detection

Operating system detection

Disabling host discovery

Aggressive scan

Nmap for scanning the IPv6 target

The Nmap scripting engine

Nmap options for Firewall/IDS evasion

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

onesixtyone

snmpcheck

VPN enumeration

ike-scan

Summary

7. Vulnerability Mapping

Types of vulnerabilities

Local vulnerability

Remote vulnerability

Vulnerability taxonomy

Open Vulnerability Assessment System (OpenVAS)

Tools used by OpenVAS

Cisco analysis

Cisco auditing tool

Cisco global exploiter

Fuzz analysis

BED

JBroFuzz

SMB analysis

Impacket Samrdump

SNMP analysis

SNMP Walk

Web application analysis

Database assessment tools

DBPwAudit

SQLMap

SQL Ninja

Web application assessment

Burp Suite

Nikto2

Paros proxy

W3AF

WafW00f

WebScarab

Summary

8. Social Engineering

Modeling the human psychology

Attack process

Attack methods

Impersonation

Reciprocation

Influential authority

Scarcity

Social relationship

Social Engineering Toolkit (SET)

Targeted phishing attack

Summary

9. Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Scenario 1

Scenario 2

SNMP community scanner

VNC blank authentication scanner

IIS6 WebDAV unicode auth bypass

Scenario 3

Bind shell

Reverse shell

Meterpreter

Scenario 4

Generating a binary backdoor

Automated browser exploitation

Writing exploit modules

Summary

10. Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Offline attack tools

hash-identifier

Hashcat

RainbowCrack

samdump2

John

Johnny

Ophcrack

Crunch

Online attack tools

CeWL

Hydra

Medusa

Network spoofing tools

DNSChef

Setting up a DNS proxy

Faking a domain

arpspoof

Ettercap

Network sniffers

dsniff

tcpdump

Wireshark

Summary

11. Maintaining Access

Using operating system backdoors

Cymothoa

Intersect

The meterpreter backdoor

Working with tunneling tools

dns2tcp

iodine

Configuring the DNS server

Running the iodine server

Running the iodine client

ncat

proxychains

ptunnel

socat

Getting HTTP header information

Transferring files

sslh

stunnel4

Creating web backdoors

WeBaCoo

weevely

PHP meterpreter

Summary

12. Documentation and Reporting

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

III. Extra Ammunition

A. Supplementary Tools

Reconnaissance tool

Vulnerability scanner

NeXpose Community Edition

Installing NeXpose

Starting the NeXpose community

Logging in to the NeXpose community

Using the NeXpose community

Web application tools

Golismero

Arachni

BlindElephant

Network tool

Netcat

Open connection

Service banner grabbing

Simple chat server

File transfer

Portscanning

Backdoor shell

Reverse shell

Summary

B. Key Resources

Vulnerability disclosure and tracking

Paid incentive programs

Reverse engineering resources

Penetration testing learning resources

Exploit development learning resources

Penetration testing on a vulnerable environment

Online web application challenges

Virtual machines and ISO images

Network ports

Index