Kali Linux 2: Windows Penetration Testing电子书

Kali Linux 2: Windows Penetration Testing

Table of Contents

Kali Linux 2: Windows Penetration Testing

Credits

About the Authors

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Sharpening the Saw

Installing Kali Linux to an encrypted USB drive

Prerequisites for installation

Booting Up

Installing configuration

Setting up the drive

Booting your new installation of Kali

Running Kali from the live CD

Installing and configuring applications

Gedit – the Gnome text editor

Terminator – the terminal emulator for multitasking

EtherApe – the graphical protocol analysis tool

Setting up and configuring OpenVAS

Reporting the tests

KeepNote – the standalone document organizer

Dradis – the web-based document organizer

Running services on Kali Linux

Exploring the Kali Linux Top 10 and more

Summary

2. Information Gathering and Vulnerability Assessment

Footprinting the network

Exploring the network with Nmap

Zenmap

The difference verbosity makes

Scanning a network range

Where can you find instructions on this thing?

A return to OpenVAS

Using Maltego

Using Unicorn-Scan

Monitoring resource use with Htop

Monkeying around the network

Summary

3. Exploitation Tools (Pwnage)

Choosing the appropriate time and tool

Choosing the right version of Metasploit

Starting Metasploit

Creating workspaces to organize your attack

Using the hosts and services commands

Using advanced footprinting

Interpreting the scan and building on the result

Exploiting poor patch management

Finding out whether anyone is home

Using the pivot

Mapping the network to pivot

Creating the attack path

Grabbing system on the target

Setting Up the route

Exploring the inner network

Abusing the Windows NET USE command

Adding a Windows user from the command line

Summary

4. Web Application Exploitation

Surveying the webscape

Concept of Robots.txt

Concept of .htaccess

Quick solutions to cross-site scripting

Reducing buffer overflows

Avoiding SQL injection

Arm yourself with Armitage

Working with a single known host

Discovering new machines with NMap

Zinging Windows servers with OWASP ZAP

Using ZAP as an attack proxy

Reading the ZAP interface

Search and destroy with Burp Suite

Targeting the test subject

Using Burp Suite as a Proxy

Installing the Burp Suite security certificate

Spidering a site with Burp Spider

Summary

5. Sniffing and Spoofing

Sniffing and spoofing network traffic

Sniffing network traffic

Basic sniffing with tcpdump

More basic sniffing with WinDump (Windows tcpdump)

Packet hunting with Wireshark

Dissecting the packet

Swimming with Wireshark

Spoofing network traffic

Ettercap

Using Ettercap on the command line

Summary

6. Password Attacks

Password attack planning

Cracking the NTLM code (Revisited)

Password lists

Cleaning a password list

My friend Johnny

John the Ripper (command line)

xHydra

Adding a tool to the main menu in Kali 2.x

Summary

7. Windows Privilege Escalation

Gaining access with Metasploit

Replacing the executable

Local privilege escalation with a standalone tool

Escalating privileges with physical access

Robbing the Hives with samdump2

Owning the registry with chntpw

Weaseling in with Weevely

Preparing to use Weevely

Creating an agent

Testing Weevely locally

Testing Weevely on a Windows server

Getting help in Weevely

Getting the system info

Using filesystem commands in Weevely

Writing into files

Summary

8. Maintaining Remote Access

Maintaining access

Covering our tracks

Maintaining access with Ncat

Phoning Home with Metasploit

The Dropbox

Cracking the NAC (Network Access Controller)

Creating a Spear-Phishing Attack with the Social Engineering Toolkit

Using Backdoor-Factory to Evade Antivirus

Summary

9. Reverse Engineering and Stress Testing

Setting up a test environment

Creating your victim machine(s)

Testing your testing environment

Reverse engineering theory

One general theory of reverse engineering

Working with Boolean logic

Reviewing a while loop structure

Reviewing the for loop structure

Understanding the decision points

Practicing reverse engineering

Demystifying debuggers

Using the Valgrind Debugger to discover memory leaks

Translating your app to assembler with the EDB-Debugger

EDB-Debugger symbol mapper

Running OllyDbg

Introduction to disassemblers

Running JAD

Create your own disassembling code with Capstone

Some miscellaneous reverse engineering tools

Running Radare2

Additional members of the Radare2 tool suite

Running rasm2

Running rahash2

Running radiff2

Running rafind2

Running rax2

Stresstesting Windows

Dealing with Denial

Putting the network under Siege

Configuring your Siege engine

Summary

10. Forensics

Getting into Digital Forensics

Exploring Guymager

Starting Kali for Forensics

Acquiring a drive to be legal evidence

Cloning With Guymager

Diving into Autopsy

Mounting image files

Summary

Index