Kali Linux Cookbook - Second Edition电子书

Title Page

Second Edition

Copyright

Kali Linux Cookbook

Second Edition

Credits

About the Authors

About the Reviewers

www.PacktPub.com

why subscribe

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Readers feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

Installing Kali and the Lab Setup

Introduction

Lab architecture and considerations

How to do it...

The hypervisor selection

The hypervisor networking

Vulnerable workstations

Installing VirtualBox

Getting ready

How to do it...

How it works...

Installing Kali on VirtualBox

Getting ready

How to do it...

Using Kali Linux from bootable media

Getting ready

How to do it...

Upgrading Kali Linux

Getting ready

How to do it...

There's more..

apt-listchanges: news section

The configuring macchanger

The service restart

Understanding the advanced customization and optimization of Kali

Getting ready

How to do it...

Upgrading the Linux kernel

Removing unneeded packages

Adjusting or disabling the screen lock

Correcting the Ethernet interface configuration

Connecting and disconnecting Ethernet interfaces

Installing Windows machines

Getting ready

Installing Metasploitable

Getting ready

How to do it...

Installing OWASP-BWA

Getting ready

How to do it...

Understanding hack me and other online resources

There's more...

Reconnaissance and Scanning

Introduction

Using KeepNote to organize our data

Getting ready

How to do it...

There's more...

Getting up and running with Maltego CE

Getting ready

How to do it...

There's more...

Gathering domain information

Getting ready

How to do it...

There's more...

Gathering public IP information

Getting ready

How to do it...

Gathering external routing information

Getting ready

How to do it...

Gathering internal routing information

Getting ready

How to do it...

There's more...

Gathering cloud service information

Getting ready

How to do it...

Identifying network hosts

Getting ready

How to do it...

A simple subnet scan

Scan all the TCP ports of a host

Performing a TCP SYN scan

Performing a UDP port scan

The nmap output formats

Profiling hosts

Getting ready

How to do it...

Operating systems and service detection

Aggressive service detection

There's more...

Identifying whether there is a web application firewall

Getting ready

How to do it...

Using SNMP to gather more information

Getting ready

How to do it...

There's more...

Vulnerability Analysis

Introduction

Installation and configuration of OpenVAS

Getting ready

How to do it...

A basic vulnerability scanning with OpenVAS

Getting ready

How to do it...

Advanced vulnerability scanning with OpenVAS

Getting ready

How to do it...

Installation and Configuration of Nessus

Getting ready

How to do it...

A basic vulnerability scanning with Nessus

Getting ready

How to do it...

Advanced vulnerability scanning with Nessus

Getting ready

How to do it...

The installation and configuration of Nexpose

Getting ready

How to do it...

Basic vulnerability scanning with Nexpose

Getting ready

How to do it...

Advanced vulnerability scanning with Nexpose

Getting ready

How to do it...

Finding Exploits in the Target

Introduction

Searching the local exploit database

Getting ready

How to do it...

Update searchsploit

Run a simple query

Understanding search options in searchsploit

Searching the online exploit database

Getting ready

How to do it...

The Metasploit setup and configuration

Getting ready

How to do it...

Metasploit Framework initialization and startup

Starting the Metasploit console

Stopping the Metasploit console

There's more...

The Armitage setup

Getting ready

Armitage initialization and startup

Stopping Armitage

Basic exploit attacks with Armitage

Getting ready

How to do it...

Import an nmap scan

Perform an nmap scan from the Armitage interface

Find attacks against a host

Exploit the host

Advanced attacks with Armitage

Getting started

How to do it...

Initial exploitation

Dump hashes

Interacting with the Windows machine

Browsing the target's files

There's more...

Using the backdoor factory and Armitage

Getting ready

How to do it...

Social Engineering

Introduction

Phishing attacks

Getting ready

How to do it...

Spear-phishing attacks

Getting ready

How to do it...

Credential harvesting with SET

Getting ready

How to do it...

Web jacking

Getting ready

How to do it...

PowerShell attack vector

Getting ready

How to do it...

QRCode attack vector

Getting ready

How to do it...

There's more...

Infectious media generator

Getting ready

How to do it...

There's more...

Obfuscating and manipulating URLs

Getting ready

How to do it...

URL shortener

URL manipulation

Simple URL link misdirections

There's more...

DNS spoofing and ARP spoofing

Getting ready

How to do it...

DHCP spoofing

Getting ready

How to do it...

There's more...

Password Cracking

Introduction

Resetting local Windows machine password

Getting ready

How to do it...

Cracking remote Windows machine passwords

Getting ready

How to do it...

There's more...

Windows domain password attacks

Getting ready

How to do it...

Cracking local Linux password hashes

Getting ready

How to do it...

There's more...

Cracking password hashes with a wordlist

Getting ready

How to do it...

Brute force password hashes

Getting ready

How to do it...

Cracking FTP passwords

Getting ready

How to do it...

You have a username but not a password

You have a userlist

Cracking Telnet and SSH passwords

Getting ready

How to do it...

Cracking Telnet passwords with a userlist

Cracking SSH password with a known user

Cracking RDP and VNC passwords

Getting ready

How to do it...

Cracking ZIP file passwords

Getting ready

How to do it...

Privilege Escalation

Introduction

Establishing a connection as an elevated user

Getting ready

How to do it...

Remotely bypassing Windows UAC

Getting ready

How to do it...

Local Linux system check for privilege escalation

Getting ready

How to do it...

Local Linux privilege escalation

Getting ready

How to do it...

Remote Linux privilege escalation

Getting ready

How to do it...

DirtyCOW privilege escalation for Linux

Getting ready

How to do it...

Wireless Specific Recipes

Introduction

Scanning for wireless networks

Getting ready

How to do it...

Bypassing MAC-based authentication

Getting ready

How to do it...

Breaking WEP encryption

Getting ready

How to do it...

Obtaining WPA/WPA2 keys

Getting ready

How to do it...

Exploiting guest access

Getting ready

How to do it...

Rogue AP deployment

Getting ready

How to do it...

Using wireless networks to scan internal networks

Getting ready

How to do it...

Web and Database Specific Recipes

Introduction

Creating an offline copy of a web application

Getting ready

How to do it...

There's more...

Scanning for vulnerabilities

Getting ready

How to do it...

There's more...

Launching website attacks

Getting ready

How to do it...

Scanning WordPress

Getting ready

How to do it...

Hacking WordPress

Getting ready

How to do it...

Performing SQL injection attacks

Getting ready

How to do it...

Maintaining Access

Introduction

Pivoting and expanding access to the network

Getting ready

How to do it...

Using persistence to maintain system access

Getting ready

How to do it...

Using cymothoa to create a Linux backdoor

Getting ready

How to do it...

Protocol spoofing using pingtunnel

Getting ready

How to do it...

Protocol spoofing using httptunnel

Getting ready

How to do it...

Hiding communications with cryptcat

Getting ready

How to do it...

There's more...