The Ultimate Kali Linux Book - Second Edition

The Ultimate Kali Linux Book - Second Edition

by Glen D. Singh
Released February 2022
Publisher(s): Packt Publishing
ISBN: 9781801818933

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The most comprehensive guide to ethical hacking and penetration testing with Kali Linux, from beginner to professional

Key Features

  • Learn to compromise enterprise networks with Kali Linux
  • Gain comprehensive insights into security concepts using advanced real-life hacker techniques
  • Use Kali Linux in the same way ethical hackers and penetration testers do to gain control of your environment
  • Purchase of the print or Kindle book includes a free eBook in the PDF format

Book Description

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.

This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.

What you will learn

  • Explore the fundamentals of ethical hacking
  • Understand how to install and configure Kali Linux
  • Perform asset and network discovery techniques
  • Focus on how to perform vulnerability assessments
  • Exploit the trust in Active Directory domain services
  • Perform advanced exploitation with Command and Control (C2) techniques
  • Implement advanced wireless hacking techniques
  • Become well-versed with exploiting vulnerable web applications

Who this book is for

This pentesting book is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. If you do not have any prior knowledge and are looking to become an expert in penetration testing using the Kali Linux operating system (OS), then this book is for you.

Table of contents

  1. The Ultimate Kali Linux Book Second Edition
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Disclaimer
    7. Share Your Thoughts
  6. Section 1: Getting Started with Penetration Testing
  7. Chapter 1: Introduction to Ethical Hacking
    1. Identifying threat actors and their intent
    2. Understanding what matters to threat actors
      1. Time
      2. Resources
      3. Financial factors
      4. Hack value
    3. Discovering cybersecurity terminologies
    4. Exploring the need for penetration testing and its phases
      1. Creating a penetration testing battle plan
    5. Understanding penetration testing approaches
      1. Types of penetration testing
    6. Exploring hacking phases
      1. Reconnaissance or information gathering
      2. Scanning and enumeration
      3. Gaining access
      4. Maintaining access
      5. Covering your tracks
    7. Understanding the Cyber Kill Chain framework
      1. Reconnaissance
      2. Weaponization
      3. Delivery
      4. Exploitation
      5. Installation
      6. Command and Control (C2)
      7. Actions on objectives
    8. Summary
    9. Further reading
  8. Chapter 2: Building a Penetration Testing Lab
    1. Technical requirements
    2. Understanding the lab overview and its technologies
    3. Setting up a hypervisor and virtually isolated networks
      1. Part 1 – deploying the hypervisor
      2. Part 2 – creating virtually isolated networks
    4. Setting up and working with Kali Linux
      1. Part 1 – setting up Kali Linux as a virtual machine
      2. Part 2 – customizing the Kali Linux virtual machine and network adapters
      3. Part 3 – getting started with Kali Linux
      4. Part 4 – updating sources and packages
    5. Deploying Metasploitable 2 as a target system
      1. Part 1 – deploying Metasploitable 2
      2. Part 2 – configuring networking settings
    6. Implementing Metasploitable 3 using Vagrant
      1. Part 1 – setting up the Windows version
      2. Part 2 – setting up the Linux version
    7. Setting up vulnerability web application systems
      1. Part 1 – deploying OWASP Juice Shop
      2. Part 2 – setting up OWASP Broken Web Applications
    8. Summary
    9. Further reading
  9. Chapter 3: Setting Up for Advanced Hacking Techniques
    1. Technical requirements
    2. Building an AD red team lab
      1. Part 1 – installing Windows Server 2019
      2. Part 2 – installing Windows 10 Enterprise
      3. Part 2 – setting up AD services
      4. Part 3 – promoting to a DC
      5. Part 4 – creating domain users and administrator accounts
      6. Part 5 – disabling antimalware protection and the domain firewall
      7. Part 6 – setting up for file sharing and service authentication attacks
      8. Part 7 – joining clients to the AD domain
      9. Part 8 – setting up for local account takeover and SMB attacks
    3. Setting up a wireless penetration testing lab
      1. Implementing a RADIUS server
    4. Summary
    5. Further reading
  10. Section 2: Reconnaissance and Network Penetration Testing
  11. Chapter 4: Reconnaissance and Footprinting
    1. Technical requirements
    2. Understanding the importance of reconnaissance
      1. Footprinting
    3. Understanding passive information gathering
    4. Exploring open source intelligence
    5. Using OSINT strategies to gather intelligence
      1. Importance of a sock puppet
      2. Anonymizing your traffic
      3. Profiling a target organization's IT infrastructure
      4. Gathering employees' data
      5. Social media reconnaissance
      6. Gathering a company's infrastructure data
    6. Summary
    7. Further reading
  12. Chapter 5: Exploring Active Information Gathering
    1. Technical requirements
    2. Understanding active reconnaissance
    3. Exploring Google hacking strategies
    4. Exploring DNS reconnaissance
      1. Performing DNS enumeration
      2. Checking for DNS zone transfer misconfiguration
      3. Automating OSINT
    5. Enumerating subdomains
      1. Working with DNSmap
      2. Exploring Sublist3r
    6. Profiling websites using EyeWitness
    7. Exploring active scanning techniques
      1. Spoofing MAC addresses
      2. Discovering live systems on a network
      3. Probing open service ports, services, and operating systems
      4. Working with evasion techniques
    8. Enumerating common network services
      1. Scanning using Metasploit
      2. Enumerating SMB
      3. Enumerating SSH
    9. Performing user enumeration through noisy authentication controls
    10. Finding data leaks in the cloud
    11. Summary
    12. Further reading
  13. Chapter 6: Performing Vulnerability Assessments
    1. Technical requirements
    2. Nessus and its policies
      1. Setting up Nessus
      2. Scanning with Nessus
      3. Analyzing Nessus results
      4. Exporting Nessus results
    3. Vulnerability discovery using Nmap
    4. Working with Greenbone Vulnerability Manager
    5. Using web application scanners
      1. WhatWeb
      2. Nmap
      3. Metasploit
      4. Nikto
      5. WPScan
    6. Summary
    7. Further reading
  14. Chapter 7: Understanding Network Penetration Testing
    1. Technical requirements
    2. Introduction to network penetration testing
    3. Working with bind and reverse shells
      1. Remote shells using Netcat
      2. Creating a bind shell
      3. Creating a reverse shell
    4. Antimalware evasion techniques
      1. Using MSFvenon to encode payloads
      2. Creating payloads using Shellter
    5. Working with wireless adapters
      1. Connecting a wireless adapter to Kali Linux
      2. Connecting a wireless adapter with an RTL8812AU chipset
    6. Managing and monitoring wireless modes
      1. Configuring monitor mode manually
      2. Using Aircrack-ng to enable monitor mode
    7. Summary
    8. Further reading
  15. Chapter 8: Performing Network Penetration Testing
    1. Technical requirements
    2. Discovering live systems
    3. Profiling a target system
    4. Exploring password-based attacks
      1. Exploiting Windows Remote Desktop Protocol
      2. Creating wordlists using keywords
      3. Crunching those wordlists
    5. Identifying and exploiting vulnerable services
      1. Exploiting a vulnerable service on a Linux system
      2. Exploiting SMB in Microsoft Windows
      3. Passing the hash
      4. Gaining access by exploiting SSH
      5. Exploiting Windows Remote Management
      6. Exploiting ElasticSearch
      7. Exploiting Simple Network Management Protocol
    6. Understanding watering hole attacks
    7. Further reading
  16. Section 3: Red Teaming Techniques
  17. Chapter 9: Advanced Network Penetration Testing — Post Exploitation
    1. Technical requirements
    2. Post-exploitation using Meterpreter
      1. Core operations
      2. User interface operations
      3. File transfers
      4. Privilege escalation
      5. Token stealing and impersonation
      6. Implementing persistence
      7. Lateral movement and pivoting
      8. Clearing tracks
    3. Data encoding and exfiltration
      1. Encoding executables using exe2hex
      2. Data exfiltration using PacketWhisper
    4. Understanding MITM and packet sniffing attacks
      1. Performing MITM attacks using Ettercap
    5. Summary
    6. Further reading
  18. Chapter 10: Working with Active Directory Attacks
    1. Technical requirements
    2. Understanding Active Directory
    3. Enumerating Active Directory
      1. Working with PowerView
      2. Exploring Bloodhound
    4. Leveraging network-based trust
      1. Exploiting LLMNR and NetBIOS-NS
      2. Exploiting trust between SMB and NTLMv2 within Active Directory
    5. Summary
    6. Further reading
  19. Chapter 11: Advanced Active Directory Attacks
    1. Technical requirements
    2. Understanding Kerberos
    3. Abusing trust on IPv6 with Active Directory
      1. Part 1: Setting up for the attack
      2. Part 2: Launching the attack
      3. Part 3: Taking over the domain
    4. Attacking Active Directory
      1. Lateral movement with CrackMapExec
      2. Vertical movement with Kerberos
      3. Lateral movement with Mimikatz
    5. Domain dominance and persistence
      1. Golden ticket
      2. Silver ticket
      3. Skeleton key
    6. Summary
    7. Further reading
  20. Chapter 12: Delving into Command and Control Tactics
    1. Technical requirements
    2. Understanding C2
    3. Setting up C2 operations
      1. Part 1 – setting up Empire
      2. Part 2 – managing users
    4. Post-exploitation using Empire
      1. Part 1 – creating a listener
      2. Part 2 – creating a stager
      3. Part 3 – working with agents
      4. Part 4 – creating a new agent
      5. Part 5 – improving threat emulation
      6. Part 6 – setting up persistence
    5. Working with Starkiller
      1. Part 1 – starting Starkiller
      2. Part 2 – user management
      3. Part 3 – working with modules
      4. Part 4 – creating listeners
      5. Part 5 – creating stagers
      6. Part 6 – interacting with agents
      7. Part 7 – credentials and reporting
    6. Summary
    7. Further reading
  21. Chapter 13: Advanced Wireless Penetration Testing
    1. Technical requirements
    2. Introduction to wireless networking
      1. SISO and MIMO
      2. Wireless security standards
    3. Performing wireless reconnaissance
      1. Determining the associated clients for a specific network
    4. Compromising WPA and WPA2 networks
    5. Performing AP-less attacks
    6. Exploiting enterprise wireless networks
      1. Part 1 – setting up for the attack
      2. Part 2 – choosing the target
      3. Part 3 – starting the attack
      4. Part 4 – retrieving user credentials
    7. Creating a Wi-Fi honeypot
    8. Discovering WPA3 attacks
      1. Performing a downgrade and dictionary attack
    9. Securing your wireless network
      1. SSID management
      2. MAC filtering
      3. Power levels for antennas
      4. Strong passwords
      5. Securing enterprise wireless networks
    10. Summary
    11. Further reading
  22. Section 4: Social Engineering and Web Application Attacks
  23. Chapter 14: Performing Client-Side Attacks – Social Engineering
    1. Technical requirements
    2. Fundamentals of social engineering
      1. Elements of social engineering
    3. Types of social engineering
      1. Human-based
      2. Computer-based
      3. Mobile-based
      4. Social networking
    4. Defending against social engineering
    5. Planning for each type of social engineering attack
    6. Exploring social engineering tools and techniques
      1. Creating a phishing website
      2. Creating infectious media
    7. Summary
    8. Further reading
  24. Chapter 15: Understanding Website Application Security
    1. Technical requirements
    2. Understanding web applications
      1. Fundamentals of HTTP
    3. Exploring the OWASP Top 10: 2021
    4. Getting started with FoxyProxy and Burp Suite
      1. Part one – setting up FoxyProxy
      2. Part two – setting up Burp Suite
      3. Part three – getting familiar with Burp Suite
    5. Understanding injection-based attacks
      1. Performing a SQL injection attack
    6. Exploring broken access control attacks
      1. Exploring broken access control
    7. Discovering cryptographic failures
      1. Exploiting cryptographic failures
    8. Understanding insecure design
    9. Exploring security misconfiguration
      1. Exploiting security misconfigurations
    10. Summary
    11. Further reading
  25. Chapter 16: Advanced Website Penetration Testing
    1. Technical requirements
    2. Identifying vulnerable and outdated components
      1. Discovering vulnerable components
    3. Exploiting identification and authentication failures
      1. Discovering authentication failures
    4. Understanding software and data integrity failures
    5. Understanding security logging and monitoring failures
    6. Performing server-side request forgery
    7. Automating SQL injection attacks
      1. Part 1 – discovering databases
      2. Part 2 – retrieving sensitive information
    8. Understanding cross-site scripting
      1. Part 1 – discovering reflected XSS
      2. Part 2 – discovering stored XSS
    9. Performing client-side attacks
    10. Summary
    11. Further reading
  26. Chapter 17: Best Practices for the Real World
    1. Technical requirements
    2. Guidelines for penetration testers
      1. Gaining written permission
      2. Being ethical
      3. Penetration testing contract
      4. Rules of engagement
    3. Penetration testing checklist
      1. Information gathering
      2. Network scanning
      3. Enumeration
      4. Gaining access
      5. Covering tracks
      6. Report writing
    4. Creating a hacker's tool bag
    5. Setting up remote access
    6. Next steps ahead
    7. Summary
    8. Further reading
    9. Why subscribe?
  27. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: The Ultimate Kali Linux Book - Second Edition
  • Author(s): Glen D. Singh
  • Release date: February 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801818933