book

Kali Linux Intrusion and Exploitation Cookbook

Name: Kali Linux Intrusion and Exploitation Cookbook
ISBN: 9781783982165

by Dhruv Shah, Ishan Girdhar

April 2017

Intermediate to advanced

512 pages

7h 59m

English

Packt Publishing

Read now

Unlock full access

Kali Linux Intrusion and Exploitation Cookbook
Kali Linux Intrusion and Exploitation Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for

Sections
Getting readyHow to do it…How it works…There's more…See also
Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
1. Getting Started - Setting Up an Environment
Introduction
Installing Kali Linux on Cloud - Amazon AWS
Getting readyHow to do it...How it works...There's more...
Installing Kali Linux on Docker
Getting readyHow to do it...How it works...There's more...
Installing NetHunter on OnePlus One
Getting readyHow to do it...How it works...There's more...
Installing Kali Linux on a virtual machine
Getting readyHow to do it...How it works...
Customizing Kali Linux for faster package updates
Getting readyHow to do it...How it works...
Customizing Kali Linux for faster operations
Getting readyHow to do it...How it works...
Configuring remote connectivity services - HTTP, TFTP, and SSH
Getting readyHow to do it...How it works...
Configuring Nessus and Metasploit
Getting readyHow to do it...How it works...There's more...
Configuring third-party tools
Getting readyHow to do it...How it works...
Installing Docker on Kali Linux
Getting readyHow to do it...How it works...
2. Network Information Gathering
Introduction
Discovering live servers over the network
Getting readyHow to do it...How it works...There's more...See also
Bypassing IDS/IPS/firewall
Getting readyHow to do it...How it works...There's more...
Discovering ports over the network
Getting readyHow to do it...How it works...There's more...See also
Using unicornscan for faster port scanning
Getting readyHow to do it...How it works...There's more...
Service fingerprinting
Getting readyHow to do it...How it works...There's more...
Determining the OS using nmap and xprobe2
Getting readyHow to do it...How it works...There's more...
Service enumeration
Getting readyHow to do it...How it works...There's more...
Open-source information gathering
Getting readyHow to do it...How it works...There's more...
3. Network Vulnerability Assessment
Introduction
Using nmap for manual vulnerability assessment
Getting readyHow to do it...How it works...There's more...See also...
Integrating nmap with Metasploit
Getting readyHow to do it...How it works...There's more...
Walkthrough of Metasploitable assessment with Metasploit
Getting ready...How to do it...How it works...There's more...See also...
Vulnerability assessment with OpenVAS framework
Getting readyHow to do it...How it works...There's more...PTESOWASPWeb Application Hacker's MethodologySee also...
4. Network Exploitation
Introduction
Gathering information for credential cracking
Getting readyHow to do it...
Cracking FTP login using custom wordlist
Getting readyHow to do it...How it works...There's more...
Cracking SSH login using custom wordlist
Getting readyHow to do it...How it works...There's more...
Cracking HTTP logins using custom wordlist
Getting readyHow to do it...How it works...There's more...
Cracking MySql and PostgreSQL login using custom wordlist
Getting readyHow to do it...How it works...There's more...
Cracking Cisco login using custom wordlist
Getting readyHow to do it...How it works...There's more...
Exploiting vulnerable services (Unix)
Getting readyHow to do it...How it works...There's more...
Exploiting vulnerable services (Windows)
Getting readyHow to do it...How it works...There's more...
Exploiting services using exploit-db scripts
Getting readyHow to do it...How it works...There's more...
5. Web Application Information Gathering
Introduction
Setting up API keys for recon-ng
Getting readyHow to do it...How it works...
Using recon-ng for reconnaissance
Getting readyHow to do it...
Gathering information using theharvester
Getting readyHow to do it...How it works...
Using DNS protocol for information gathering
Getting readyHow to do it...How it works...There's more...
Web application firewall detection
Getting readyHow to do it...How it works...
HTTP and DNS load balancer detection
Getting readyHow to do it...How it works...
Discovering hidden files/directories using DirBuster
Getting readyHow to do it...How it works...
CMS and plugins detection using WhatWeb and p0f
Getting readyHow to do it...How it works...There's more...
Finding SSL cipher vulnerabilities
Getting readyHow to do it...How it works...
6. Web Application Vulnerability Assessment
Introduction
Running vulnerable web applications in Docker
Getting readyHow to do it...How it works...
Using W3af for vulnerability assessment
Getting readyHow to do it...How it works...
Using Nikto for web server assessment
Getting readyHow to do it...How it works...
Using Skipfish for vulnerability assessment
Getting readyHow to do it...How it works...
Using Burp Proxy to intercept HTTP traffic
Getting readyHow to do it...How it works...
Using Burp Intruder for customized attack automation
Getting readyHow to do it...How it works...
Using Burp Sequencer to test the session randomness
Getting readyHow to do it...How it works...
7. Web Application Exploitation
Introduction
Using Burp for active/passive scanning
Getting readyHow to do it...How it works...
Using sqlmap to find SQL Injection on the login page
Getting readyHow to do it...How it works...
Exploiting SQL Injection on URL parameters using SQL Injection
Getting readyHow to do it...How it works...Getting readyHow to do it...How it works...
Using Weevely for file upload vulnerability
Getting readyHow to do it...How it works...
Exploiting Shellshock using Burp
Getting readyHow to do it...How it works...
Using Metasploit to exploit Heartbleed
Getting readyHow to do it...How it works...
Using the FIMAP tool for file inclusion attacks (RFI/LFI)
Getting readyHow to do it...How it works...
8. System and Password Exploitation
Introduction
Using local password-attack tools
Getting readyHow to do it...How it works...There's more...
Cracking password hashes
Getting readyHow to do it...How it works...There's more...
Using Social-Engineering Toolkit
Getting readyHow to do it...How it works...There's more...
Using BeEF for browser exploitation
Getting readyHow to do it...How it works...There's more...
Cracking NTLM hashes using rainbow tables
Getting readyHow to do it...How it works...There's more...
9. Privilege Escalation and Exploitation
Introduction
Using WMIC to find privilege-escalation vulnerabilities
Getting readyHow to do it...How it works...There's more...
Sensitive-information gathering
Getting readyHow to do it...There's more...
Unquoted service-path exploitation
Getting readyHow to do it...How it works...There's more...See also...
Service permission issues
Getting readyHow to do it...How it works...There's more...
Misconfigured software installations/insecure file permissions
Getting readyHow to do it...How it works...There's more...See also...
Linux privilege escalation
Getting readyHow to do it...How it works...There's more...See also...
10. Wireless Exploitation
Introduction
Setting up a wireless network
Getting readyHow to do it...
Bypassing MAC address filtering
Getting readyHow to do it...There's more...
Sniffing network traffic
Getting readyHow to do it...How it works...There's more...
Cracking WEP encryption
Getting readyHow to do it...How it works...There's more...
Cracking WPA/WPA2 encryption
Getting readyHow to do it...How it works...There's more...
Cracking WPS
Getting readyHow to do it...How it works...There's more...
Denial-of-service attacks
Getting readyHow to do it...How it works...There's more...
A. Pen Testing 101 Basics
Introduction
What is penetration testing?
What is vulnerability assessment
Penetration testing versus vulnerability assessment
Objectives of penetration testing
Types of penetration testing
Black boxWhite boxGray box
Who should be doing penetration testing?
What is the goal here?
General penetration testing phases
Gathering requirementsPreparing and planningDefining scopeConducting a penetration testCategorization of vulnerabilitiesAsset risk ratingReporting
Conclusion

Content preview from Kali Linux Intrusion and Exploitation Cookbook

Finding SSL cipher vulnerabilities

In this recipe, we will learn to use tools to scan for vulnerable SSL ciphers and SSL-related vulnerabilities.

Getting ready

For this recipe, you will require an Internet connection.

How to do it...

Open the terminal and launch the SSLScan tool, as shown in the following screenshot:
To scan your target using SSLScan, run the following command:
```
sslscan demo.testfire.net
```
SSLScan will test the SSL certificate for the all the ciphers it supports. Weak ciphers will be shown in red and yellow. Strong ciphers will be shown in green:
```
root@Intrusion-Exploitation:~# sslscan demo.testfire.net
Version: -static
OpenSSL 1.0.1m-dev ...
```

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux

Publisher Resources

ISBN: 9781783982165

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design