Kali Linux - An Ethical Hacker's Cookbook
Practical recipes that combine strategies, attacks, and tools for advanced penetration testing, 2nd Edition
Himanshu Sharma
- 472 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
Kali Linux - An Ethical Hacker's Cookbook
Practical recipes that combine strategies, attacks, and tools for advanced penetration testing, 2nd Edition
Himanshu Sharma
Ă propos de ce livre
Discover end-to-end penetration testing solutions to enhance your ethical hacking skills
Key Features
- Practical recipes to conduct effective penetration testing using the latest version of Kali Linux
- Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease
- Confidently perform networking and application attacks using task-oriented recipes
Book Description
Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.
The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report.
By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book's crisp and task-oriented recipes.
What you will learn
- Learn how to install, set up and customize Kali for pentesting on multiple platforms
- Pentest routers and embedded devices
- Get insights into fiddling around with software-defined radio
- Pwn and escalate through a corporate network
- Write good quality security reports
- Explore digital forensics and memory analysis with Kali Linux
Who this book is for
If you are an IT security professional, pentester, or security analyst who wants to conduct advanced penetration testing techniques, then this book is for you. Basic knowledge of Kali Linux is assumed.
Foire aux questions
Informations
Vulnerability Assessment - Poking for Holes
- Using the infamous Burp
- Exploiting WSDLs with Wsdler
- Using intruder
- Using golismero
- Exploring searchsploit
- Exploiting routers with routersploit
- Using Metasploit
- Automating Metasploit
- Writing a custom resource script
- Setting up a database in Metasploit
- Generating payloads with MSFPC
- Emulating threats with Cobalt Strike
Using the infamous Burp
How to do it...
- Kali already has a free version of Burp, but we need a full version to fully use its features. Let's open up Burp:
- Click on Start Burp and Burp will load up, as shown in the following screenshot:
- Before we start hunting for bugs, let's install some extensions that may come in handy. Select BApp Store from the Extender menu:
- We will see a list of extensions. Here are some of the extensions we have to install:
- J2EEScan
- Wsdler
- Java Deserialization Scanner (DS)
- Heartbleed
- Click Install after selecting each of these extensions.
- Let's prepare ourselves for scanning. Fire up a browser and go to its preferences.
- Go to the Network settings:
- Add the proxy IP and port:
- Verify the IP and port with Burp's proxy options:
- Click Intercept is on to start intercepting the requests:
- Let's browse the website we need to scan:
- Once all requests are captured, go to Target and select the domain.
- To perform a scan, select indiv...