Mastering Kali Linux for Advanced Penetration Testing电子书

Mastering Kali Linux for Advanced Penetration Testing

Table of Contents

Mastering Kali Linux for Advanced Penetration Testing

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

The "Kill Chain" approach to penetration testing

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Disclaimer

1. The Attacker's Kill Chain

1. Starting with Kali Linux

Kali Linux

Configuring network services and secure communications

Adjusting network proxy settings

Securing communications with Secure Shell

Updating Kali Linux

The Debian package management system

Packages and repositories

Dpkg

Using Advanced Packaging Tools

Configuring and customizing Kali Linux

Resetting the root password

Adding a non-root user

Speeding up Kali operations

Sharing folders with Microsoft Windows

Creating an encrypted folder with TrueCrypt

Managing third-party applications

Installing third-party applications

Running third-party applications with non-root privileges

Effective management of penetration tests

Summary

2. Identifying the Target – Passive Reconnaissance

Basic principles of reconnaissance

Open Source intelligence

DNS reconnaissance and route mapping

WHOIS

DNS reconnaissance

IPv4

IPv6

Mapping the route to the target

Obtaining user information

Gathering names and e-mail addresses

Gathering document metadata

Profiling users for password lists

Summary

3. Active Reconnaissance and Vulnerability Scanning

Stealth scanning strategies

Adjusting source IP stack and tool identification settings

Modifying packet parameters

Using proxies with anonymity networks (Tor and Privoxy)

Identifying the network infrastructure

Enumerating hosts

Live host discovery

Port, operating system, and service discovery

Port scanning

Fingerprinting the operating system

Determining active services

Employing comprehensive reconnaissance applications

nmap

The recon-ng framework

Maltego

Vulnerability scanning

Summary

4. Exploit

Threat modeling

Using online and local vulnerability resources

The Metasploit Framework

Exploiting a vulnerable application

Exploiting multiple targets with Armitage

Team testing with Armitage

Scripting the Armitage attack

Bypassing IDs and antivirus detection

Summary

5. Post Exploit – Action on the Objective

Bypassing Windows User Account Control

Conducting a rapid reconnaissance of a compromised system

Using the WMIC scripting language

Finding and taking sensitive data – pillaging the target

Creating additional accounts

Using Metasploit for post-exploit activities

Escalating user privileges on a compromised host

Replaying authentication tokens using incognito

Manipulating access credentials with Windows Credential Editor

Escalating from Administrator to SYSTEM

Accessing new accounts with horizontal escalation

Covering your tracks

Summary

6. Post Exploit – Persistence

Compromising the existing system and application files for remote access

Remotely enabling the Telnet service

Remotely enabling Windows Terminal Services

Remotely enabling Virtual Network Computing

Using persistent agents

Employing Netcat as a persistent agent

Maintaining persistence with the Metasploit Framework

Using the metsvc script

Using the persistence script

Creating a standalone persistent agent with Metasploit

Redirecting ports to bypass network controls

Example 1 – simple port redirection

Example 2 – bidirectional port redirection

Summary

2. The Delivery Phase

7. Physical Attacks and Social Engineering

Social Engineering Toolkit

Spear Phishing Attack

Using a website attack vector – Java Applet Attack Method

Using a website attack vector – Credential Harvester Attack Method

Using a website attack vector – Tabnabbing Attack Method

Using a website attack vector - Multi-Attack Web Method

Using the PowerShell alphanumeric shellcode injection attack

Hiding executables and obfuscating the attacker's URL

Escalating an attack using DNS redirection

Physical access and hostile devices

Raspberry Pi attack vectors

Summary

8. Exploiting Wireless Communications

Configuring Kali for wireless attacks

Wireless reconnaissance

Kismet

Bypassing a Hidden Service Set Identifier

Bypassing the MAC address authentication

Compromising a WEP encryption

Attacking WPA and WPA2

Brute-force attacks

Attacking wireless routers with Reaver

Cloning an access point

Denial-of-service attacks

Summary

9. Reconnaissance and Exploitation of Web-based Applications

Conducting reconnaissance of websites

Vulnerability scanners

Extending the functionality of traditional vulnerability scanners

Extending the functionality of web browsers

Web-service-specific vulnerability scanners

Testing security with client-side proxies

Server exploits

Application-specific attacks

Brute-forcing access credentials

Injection attacks against databases

Maintaining access with web backdoors

Summary

10. Exploiting Remote Access Communications

Exploiting operating system communication protocols

Compromising Remote Desktop Protocol

Compromising Secure Shell

Exploiting third-party remote access applications

Attacking Secure Sockets Layer

Configuring Kali for SSLv2 scanning

Reconnaissance of SSL connections

Using sslstrip to conduct a man-in-the-middle attack

Denial-of-service attacks against SSL

Attacking an IPSec Virtual Private Network

Scanning for VPN gateways

Fingerprinting the VPN gateway

Capturing pre-shared keys

Performing offline PSK cracking

Identifying default user accounts

Summary

11. Client-side Exploitation

Attacking a system using hostile scripts

Conducting attacks using VBScript

Attacking systems using Windows PowerShell

The Cross-Site Scripting Framework

The Brower Exploitation Framework – BeEF

Installing and configuring the Browser Exploitation Framework

A walkthrough of the BeEF browser

Integrating BeEF and Metasploit attacks

Using BeEF as a tunneling proxy

Summary

A. Installing Kali Linux

Downloading Kali Linux

Basic Installation of Kali Linux

Installing Kali Linux to a virtual machine

Full disk encryption and nuking the master key

Setting up a test environment

Vulnerable operating systems and applications

Index