Kali Linux - An Ethical Hacker's Cookbook电子书

Title Page

Copyright

Kali Linux - An Ethical Hacker's Cookbook

Credits

Disclaimer

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Kali – An Introduction

Introduction

Configuring Kali Linux

Getting ready

How to do it...

How it works...

Configuring the Xfce environment

How to do it...

Configuring the Mate environment

How to do it...

Configuring the LXDE environment

How to do it...

Configuring the e17 environment

How to do it...

Configuring the KDE environment

How to do it...

Prepping up with custom tools

Getting ready

How to do it...

Dnscan

Subbrute

Dirsearch

Pentesting VPN's ike-scan

Getting ready

How to do it...

Cracking the PSK

How it works...

Setting up proxychains

How to do it...

Using proxychains with tor

Going on a hunt with Routerhunter

Getting ready

How to do it...

Gathering Intel and Planning Attack Strategies

Introduction

Getting a list of subdomains

Fierce

How to do it...

DNSdumpster

How to do it...

Using Shodan for fun and profit

Getting ready

How to do it...

Shodan Honeyscore

How to do it...

Shodan plugins

How to do it...

See also

Using Nmap to find open ports

How to do it...

Using scripts

See also

Bypassing firewalls with Nmap

TCP ACK scan

How to do it...

How it works...

TCP Window scan

How to do it...

Idle scan

How to do it...

How it works...

Searching for open directories

The dirb tool

How to do it...

There's more...

See also

Performing deep magic with DMitry

How to do it...

Hunting for SSL flaws

How to do it...

See also

Exploring connections with intrace

How to do it...

Digging deep with theharvester

How to do it...

How it works...

Finding the technology behind web apps

How to do it...

Scanning IPs with masscan

How to do it...

Sniffing around with Kismet

How to do it...

Testing routers with firewalk

How to do it...

How it works...

Vulnerability Assessment

Introduction

Using the infamous Burp

How to do it...

Exploiting WSDLs with Wsdler

How to do it...

Using Intruder

How to do it...

Web app pentest with Vega

Getting ready

How to do it...

Exploring SearchSploit

How to do it...

Exploiting routers with RouterSploit

Getting ready

How to do it...

Using the scanners command

Using creds

Using Metasploit

How to do it...

Automating Metasploit

How to do it...

Writing a custom resource script

How to do it...

Databases in Metasploit

How to do it...

Web App Exploitation – Beyond OWASP Top 10

Introduction

Exploiting XSS with XSS Validator

Getting ready

How to do it...

Injection attacks with sqlmap

How to do it...

See also

Owning all .svn and .git repositories

How to do it...

Winning race conditions

How to do it...

See also

Exploiting JBoss with JexBoss

How to do it...

Exploiting PHP Object Injection

How to do it...

See also

Backdoors using web shells

How to do it...

Backdoors using meterpreters

How to do it...

Network Exploitation on Current Exploitation

Introduction

Man in the middle with hamster and ferret

Getting ready

How to do it...

Exploring the msfconsole

How to do it...

Railgun in Metasploit

How to do it...

There's more...

Using the paranoid meterpreter

How to do it...

There's more...

A tale of a bleeding heart

How to do it...

Redis exploitation

How to do it...

Say no to SQL – owning MongoDBs

Getting ready

How to do it...

Embedded device hacking

How to do it...

Elasticsearch exploit

How to do it...

See also

Good old Wireshark

Getting ready

How to do it...

There's more...

This is Sparta!

Getting ready

How to do it...

Wireless Attacks – Getting Past Aircrack-ng

Introduction

The good old Aircrack

Getting ready

How to do it...

How it works...

Hands on with Gerix

Getting ready

How to do it...

Dealing with WPAs

How to do it...

Owning employee accounts with Ghost Phisher

How to do it...

Pixie dust attack

Getting ready

How to do it...

There's more...

Password Attacks – The Fault in Their Stars

Introduction

Identifying different types of hash in the wild!

How to do it...

MD5

MySQL less than v4.1

MD5 (WordPress)

MySQL 5

Base64 encoding

There's more...

Using hash-identifier

How to do it...

Cracking with patator

How to do it...

Cracking hashes online

How to do it...

Hashkiller

Crackstation

OnlineHashCrack

Playing with John the ripper

How to do it...

There's more...

Johnny Bravo!

How to do it...

Using cewl

How to do it...

Generating word list with crunch

How to do it...

Have Shell Now What?

Introduction

Spawning a TTY Shell

How to do it...

There's more...

Looking for weakness

How to do it...

Horizontal escalation

How to do it...

Vertical escalation

How to do it...

Node hopping – pivoting

How to do it...

There's more…

Privilege escalation on Windows

How to do it...

Using PowerSploit

How to do it…

There's more…

Pulling plaintext passwords with mimikatz

How to do it…

Dumping other saved passwords from the machine

How to do it...

Pivoting into the network

How to do it...

Backdooring for persistence

How to do it...

Buffer Overflows

Introduction

Exploiting stack-based buffer overflows

How to do it...

Exploiting buffer overflow on real software

Getting ready

How to do it...

SEH bypass

How to do it...

See also

Exploiting egg hunters

Getting ready

How to do it...

See also

An overview of ASLR and NX bypass

How to do it...

See also

Playing with Software-Defined Radios

Introduction

Radio frequency scanners

Getting ready

How to do it...

Hands-on with RTLSDR scanner

How to do it...

Playing around with gqrx

How to do it...

There's more...

Kalibrating device for GSM tapping

How to do it...

There's more...

Decoding ADS-B messages with Dump1090

How to do it...

There's more...

Kali in Your Pocket – NetHunters and Raspberries

Introduction

Installing Kali on Raspberry Pi

Getting ready

How to do it...

Installing NetHunter

Getting ready

How to do it...

Superman typing – HID attacks

How to do it...

Can I charge my phone?

How to do it...

Setting up an evil access point

How to do it...

Writing Reports

Introduction

Generating reports using Dradis

How to do it...

Using MagicTree

How to do it...

There's more...