Kali Linux Penetration Testing Bible

A comprehensive how-to pentest book, using the popular Kali Linux tools  Kali is a popular Linux distribution used by security professionals and is becoming an important tool for daily use and for certifications. Penetration testers need to master Kali's hundreds of tools for pentesting, digita...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Khawaja, Gus
Format: E-Book
Sprache:Englisch
Veröffentlicht: Newark John Wiley & Sons, Incorporated 2021
Wiley-Blackwell
Ausgabe:1
ISBN:9781119719083, 1119719089
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Inhaltsangabe:
  • Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editor -- Acknowledgments -- Contents at a Glance -- Contents -- Introduction -- What Does This Book Cover? -- Companion Download Files -- How to Contact the Publisher -- How to Contact the Author -- Chapter 1 Mastering the Terminal Window -- Kali Linux File System -- Terminal Window Basic Commands -- Tmux Terminal Window -- Starting Tmux -- Tmux Key Bindings -- Tmux Session Management -- Navigating Inside Tmux -- Tmux Commands Reference -- Managing Users and Groups in Kali -- Users Commands -- Groups Commands -- Managing Passwords in Kali -- Files and Folders Management in Kali Linux -- Displaying Files and Folders -- Permissions -- Manipulating Files in Kali -- Searching for Files -- Files Compression -- Manipulating Directories in Kali -- Mounting a Directory -- Managing Text Files in Kali Linux -- Vim vs. Nano -- Searching and Filtering Text -- Remote Connections in Kali -- Remote Desktop Protocol -- Secure Shell -- SSH with Credentials -- Passwordless SSH -- Kali Linux System Management -- Linux Host Information -- Linux OS Information -- Linux Hardware Information -- Managing Running Services -- Package Management -- Process Management -- Networking in Kali Linux -- Network Interface -- IPv4 Private Address Ranges -- Static IP Addressing -- DNS -- Established Connections -- File Transfers -- Summary -- Chapter 2 Bash Scripting -- Basic Bash Scripting -- Printing to the Screen in Bash -- Variables -- Commands Variable -- Script Parameters -- User Input -- Functions -- Conditions and Loops -- Conditions -- Loops -- File Iteration -- Summary -- Chapter 3 Network Hosts Scanning -- Basics of Networking -- Networking Protocols -- TCP -- UDP -- Other Networking Protocols -- IP Addressing -- IPv4 -- Subnets and CIDR -- IPv6 -- Port Numbers -- Network Scanning
  • File Transfers -- Windows Host Destination -- Linux Host Destination -- Windows System Exploitation -- Windows Kernel Exploits -- Getting the OS Version -- Find a Matching Exploit -- Executing the Payload and Getting a Root Shell -- The Metasploit PrivEsc Magic -- Exploiting Windows Applications -- Running As in Windows -- PSExec Tool -- Exploiting Services in Windows -- Interacting with Windows Services -- Misconfigured Service Permissions -- Overriding the Service Executable -- Unquoted Service Path -- Weak Registry Permissions -- Exploiting the Scheduled Tasks -- Windows PrivEsc Automated Tools -- PowerUp -- WinPEAS -- Summary -- Chapter 12 Pivoting and Lateral Movement -- Dumping Windows Hashes -- Windows NTLM Hashes -- SAM File and Hash Dump -- Using the Hash -- Mimikatz -- Dumping Active Directory Hashes -- Reusing Passwords and Hashes -- Pass the Hash -- Pivoting with Port Redirection -- Port Forwarding Concepts -- SSH Tunneling and Local Port Forwarding -- Remote Port Forwarding Using SSH -- Dynamic Port Forwarding -- Dynamic Port Forwarding Using SSH -- Summary -- Chapter 13 Cryptography and Hash Cracking -- Basics of Cryptography -- Hashing Basics -- One-Way Hash Function -- Hashing Scenarios -- Hashing Algorithms -- Message Digest 5 -- Secure Hash Algorithm -- Hashing Passwords -- Securing Passwords with Hash -- Hash-Based Message Authenticated Code -- Encryption Basics -- Symmetric Encryption -- Advanced Encryption Standard -- Asymmetric Encryption -- Rivest Shamir Adleman -- Cracking Secrets with Hashcat -- Benchmark Testing -- Cracking Hashes in Action -- Attack Modes -- Straight Mode -- Combinator -- Mask and Brute-Force Attacks -- Brute-Force Attack -- Hybrid Attacks -- Cracking Workflow -- Summary -- Chapter 14 Reporting -- Overview of Reports in Penetration Testing -- Scoring Severities
  • Common Vulnerability Scoring System Version 3.1
  • Bypassing JavaScript Validation -- SQL Injection -- Querying the Database -- Bypassing the Login Page -- Execute Database Commands Using SQLi -- SQL Injection Automation with SQLMap -- Testing for SQL Injection -- Command Injection -- File Inclusion -- Local File Inclusion -- Remote File Inclusion -- Cross-Site Request Forgery -- The Attacker Scenario -- The Victim Scenario -- File Upload -- Simple File Upload -- Bypassing Validation -- Encoding -- OWASP Top 10 -- Summary -- Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle -- Web Enumeration and Exploitation -- Burp Suite Pro -- Web Pentest Using Burp Suite -- More Enumeration -- Nmap -- Crawling -- Vulnerability Assessment -- Manual Web Penetration Testing Checklist -- Common Checklist -- Special Pages Checklist -- Secure Software Development Lifecycle -- Analysis/Architecture Phase -- Application Threat Modeling -- Assets -- Entry Points -- Third Parties -- Trust Levels -- Data Flow Diagram -- Development Phase -- Testing Phase -- Production Environment (Final Deployment) -- Summary -- Chapter 10 Linux Privilege Escalation -- Introduction to Kernel Exploits and Missing Configurations -- Kernel Exploits -- Kernel Exploit: Dirty Cow -- SUID Exploitation -- Overriding the Passwd Users File -- CRON Jobs Privilege Escalation -- CRON Basics -- Crontab -- Anacrontab -- Enumerating and Exploiting CRON -- sudoers -- sudo Privilege Escalation -- Exploiting the Find Command -- Editing the sudoers File -- Exploiting Running Services -- Automated Scripts -- Summary -- Chapter 11 Windows Privilege Escalation -- Windows System Enumeration -- System Information -- Windows Architecture -- Listing the Disk Drives -- Installed Patches -- Who Am I? -- List Users and Groups -- Networking Information -- Showing Weak Permissions -- Listing Installed Programs -- Listing Tasks and Processes
  • Identifying Live Hosts -- Ping -- ARP -- Nmap -- Port Scanning and Services Enumeration -- TCP Port SYN Scan -- UDP -- Basics of Using Nmap Scans -- Services Enumeration -- Operating System Fingerprinting -- Nmap Scripting Engine -- NSE Category Scan -- NSE Arguments -- DNS Enumeration -- DNS Brute-Force -- DNS Zone Transfer -- DNS Subdomains Tools -- Fierce -- Summary -- Chapter 4 Internet Information Gathering -- Passive Footprinting and Reconnaissance -- Internet Search Engines -- Shodan -- Google Queries -- Information Gathering Using Kali Linux -- Whois Database -- TheHarvester -- DMitry -- Maltego -- Summary -- Chapter 5 Social Engineering Attacks -- Spear Phishing Attacks -- Sending an E-mail -- The Social Engineer Toolkit -- Sending an E-mail Using Python -- Stealing Credentials -- Payloads and Listeners -- Bind Shell vs. Reverse Shell -- Bind Shell -- Reverse Shell -- Reverse Shell Using SET -- Social Engineering with the USB Rubber Ducky -- A Practical Reverse Shell Using USB Rubber Ducky and PowerShell -- Generating a PowerShell Script -- Starting a Listener -- Hosting the PowerShell Script -- Running PowerShell -- Download and Execute the PS Script -- Reverse Shell -- Replicating the Attack Using the USB Rubber Ducky -- Summary -- Chapter 6 Advanced Enumeration Phase -- Transfer Protocols -- FTP (Port 21) -- Exploitation Scenarios for an FTP Server -- Enumeration Workflow -- Service Scan -- Advanced Scripting Scan with Nmap -- More Brute-Forcing Techniques -- SSH (Port 22) -- Exploitation Scenarios for an SSH Server -- Advanced Scripting Scan with Nmap -- Brute-Forcing SSH with Hydra -- Advanced Brute-Forcing Techniques -- Telnet (Port 23) -- Exploitation Scenarios for Telnet Server -- Enumeration Workflow -- Service Scan -- Advanced Scripting Scan -- Brute-Forcing with Hydra -- E-mail Protocols -- SMTP (Port 25) -- Nmap Basic Enumeration
  • Nmap Advanced Enumeration -- Enumerating Users -- POP3 (Port 110) and IMAP4 (Port 143) -- Brute-Forcing POP3 E-mail Accounts -- Database Protocols -- Microsoft SQL Server (Port 1433) -- Oracle Database Server (Port 1521) -- MySQL (Port 3306) -- CI/CD Protocols -- Docker (Port 2375) -- Jenkins (Port 8080/50000) -- Brute-Forcing a Web Portal Using Hydra -- Step 1: Enable a Proxy -- Step 2: Intercept the Form Request -- Step 3: Extracting Form Data and Brute-Forcing with Hydra -- Web Protocols 80/443 -- Graphical Remoting Protocols -- RDP (Port 3389) -- RDP Brute-Force -- VNC (Port 5900) -- File Sharing Protocols -- SMB (Port 445) -- Brute-Forcing SMB -- SNMP (Port UDP 161) -- SNMP Enumeration -- Summary -- Chapter 7 Exploitation Phase -- Vulnerabilities Assessment -- Vulnerability Assessment Workflow -- Vulnerability Scanning with OpenVAS -- Installing OpenVAS -- Scanning with OpenVAS -- Exploits Research -- SearchSploit -- Services Exploitation -- Exploiting FTP Service -- FTP Login -- Remote Code Execution -- Spawning a Shell -- Exploiting SSH Service -- SSH Login -- Telnet Service Exploitation -- Telnet Login -- Sniffing for Cleartext Information -- E-mail Server Exploitation -- Docker Exploitation -- Testing the Docker Connection -- Creating a New Remote Kali Container -- Getting a Shell into the Kali Container -- Docker Host Exploitation -- Exploiting Jenkins -- Reverse Shells -- Using Shells with Metasploit -- Exploiting the SMB Protocol -- Connecting to SMB Shares -- SMB Eternal Blue Exploit -- Summary -- Chapter 8 Web Application Vulnerabilities -- Web Application Vulnerabilities -- Mutillidae Installation -- Apache Web Server Installation -- Firewall Setup -- Installing PHP -- Database Installation and Setup -- Mutillidae Installation -- Cross-Site Scripting -- Reflected XSS -- Stored XSS -- Exploiting XSS Using the Header