Kali Linux - An Ethical Hacker's Cookbook
eBook - ePub

Kali Linux - An Ethical Hacker's Cookbook

Practical recipes that combine strategies, attacks, and tools for advanced penetration testing, 2nd Edition

  1. 472 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Kali Linux - An Ethical Hacker's Cookbook

Practical recipes that combine strategies, attacks, and tools for advanced penetration testing, 2nd Edition

About this book

Discover end-to-end penetration testing solutions to enhance your ethical hacking skills

Key Features

  • Practical recipes to conduct effective penetration testing using the latest version of Kali Linux
  • Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease
  • Confidently perform networking and application attacks using task-oriented recipes

Book Description

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.

The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report.

By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book's crisp and task-oriented recipes.

What you will learn

  • Learn how to install, set up and customize Kali for pentesting on multiple platforms
  • Pentest routers and embedded devices
  • Get insights into fiddling around with software-defined radio
  • Pwn and escalate through a corporate network
  • Write good quality security reports
  • Explore digital forensics and memory analysis with Kali Linux

Who this book is for

If you are an IT security professional, pentester, or security analyst who wants to conduct advanced penetration testing techniques, then this book is for you. Basic knowledge of Kali Linux is assumed.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Kali Linux - An Ethical Hacker's Cookbook by Himanshu Sharma in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2019
eBook ISBN
9781789953701
Edition
2
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Vulnerability Assessment - Poking for Holes

In the previous chapters, we learned about various recipes so that we can collect information about our target. Now, we need to start hunting for vulnerabilities. To become a good pentester, we need to make sure that no small detail is overlooked. In this chapter, we will look at various tools that can be used to find and exploit different types of vulnerabilities with Burp Suite. We will also look at the usage of Metasploit and Cobalt Strike for advanced exploitation.
In this chapter, we will cover the following recipes:
  • Using the infamous Burp
  • Exploiting WSDLs with Wsdler
  • Using intruder
  • Using golismero
  • Exploring searchsploit
  • Exploiting routers with routersploit
  • Using Metasploit
  • Automating Metasploit
  • Writing a custom resource script
  • Setting up a database in Metasploit
  • Generating payloads with MSFPC
  • Emulating threats with Cobalt Strike

Using the infamous Burp

Burp has been around for years now; it is a collection of multiple tools that were built into Java by PortSwigger web security. It has various products, such as a decoder, proxy, scanner, intruder, and repeater. Burp features an extender that allows a user to load different extensions, which can be used to make pentesting even more efficient. We will learn about some of them in the following recipes.

How to do it...

Let's perform the following steps:
  1. Kali already has a free version of Burp, but we need a full version to fully use its features. Let's open up Burp:
  1. Click on Start Burp and Burp will load up, as shown in the following screenshot:
  1. Before we start hunting for bugs, let's install some extensions that may come in handy. Select BApp Store from the Extender menu:
  1. We will see a list of extensions. Here are some of the extensions we have to install:
    • J2EEScan
    • Wsdler
    • Java Deserialization Scanner (DS)
    • Heartbleed
  1. Click Install after selecting each of these extensions.
  2. Let's prepare ourselves for scanning. Fire up a browser and go to its preferences.
  3. Go to the Network settings:
  1. Add the proxy IP and port:
  1. Verify the IP and port with Burp's proxy options:
  1. Click Intercept is on to start intercepting the requests:
  1. Let's browse the website we need to scan:
    • Once all requests are captured, go to Target and select the domain.
    • To perform a scan, select indiv...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. About Packt
  4. Contributors
  5. Preface
  6. Kali - An Introduction
  7. Gathering Intel and Planning Attack Strategies
  8. Vulnerability Assessment - Poking for Holes
  9. Web App Exploitation - Beyond OWASP Top 10
  10. Network Exploitation
  11. Wireless Attacks - Getting Past Aircrack-ng
  12. Password Attacks - The Fault in Their Stars
  13. Have Shell, Now What?
  14. Buffer Overflows
  15. Elementary, My Dear Watson - Digital Forensics
  16. Playing with Software-Defined Radios
  17. Kali in Your Pocket - NetHunters and Raspberries
  18. Writing Reports
  19. Other Books You May Enjoy