The Ultimate Kali Linux Book - Third Edition

The Ultimate Kali Linux Book - Third Edition

by Glen D. Singh
Released April 2024
Publisher(s): Packt Publishing
ISBN: 9781835085806

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Excel in penetration testing by delving into the latest ethical hacking tools and techniques from scratch Purchase of the print or Kindle book includes a free eBook in PDF format.

Key Features

  • Learn to think like an adversary to strengthen your cyber defences
  • Execute sophisticated real-life penetration tests, uncovering vulnerabilities in enterprise networks that go beyond the surface level
  • Securely manipulate environments using Kali Linux, ensuring you're fully equipped to safeguard your systems against real-world threats

Book Description

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals.

In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications.

The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

What you will learn

  • Establish a firm foundation in ethical hacking
  • Install and configure Kali Linux 2024.1
  • Build a penetration testing lab environment and perform vulnerability assessments
  • Understand the various approaches a penetration tester can undertake for an assessment
  • Gathering information from Open Source Intelligence (OSINT) data sources
  • Use Nmap to discover security weakness on a target system on a network
  • Implement advanced wireless pentesting techniques
  • Become well-versed with exploiting vulnerable web applications

Who this book is for

This pentesting book is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. If you do not have any prior knowledge and are looking to become an expert in penetration testing using the Kali Linux, then this book is for you.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
  2. Introduction to Ethical Hacking
    1. Understanding the need for cybersecurity
    2. Exploring cybersecurity terminology
    3. Identifying threat actors and their intent
    4. Understanding what matters to threat actors
      1. Time
      2. Resources
      3. Financial factors
      4. Hack value
    5. Exploring the importance of penetration testing
    6. Penetration testing methodologies
      1. Pre-engagement phase
      2. Information-gathering phase
      3. Threat modeling
      4. Vulnerability analysis
      5. Exploitation
      6. Post-exploitation
      7. Report writing
    7. Discovering penetration testing approaches
    8. Types of penetration testing
      1. Web application penetration testing
      2. Mobile application penetration testing
      3. Social engineering penetration testing
      4. Network penetration testing (external and internal)
      5. Cloud penetration testing
      6. Physical penetration testing
    9. Exploring the phases of penetration testing
      1. Reconnaissance
      2. Scanning and enumeration
      3. Gaining access (exploitation)
      4. Maintaining access
      5. Covering your tracks
    10. Understanding the Cyber Kill Chain framework
      1. Reconnaissance
      2. Weaponization
      3. Delivery
      4. Exploitation
      5. Installation
      6. Command and Control (C2)
      7. Actions on objectives
    11. Summary
    12. Further reading
  3. Building a Penetration Testing Lab
    1. Technical requirements
    2. An overview of the lab setup and technologies used
    3. Setting up a hypervisor and virtual networks
      1. Part 1 – setting up the hypervisor
      2. Part 2 – creating virtually isolated networks
    4. Setting up and working with Kali Linux
      1. Part 1 – deploying Kali Linux as a virtual machine
      2. Part 2 – customizing Kali Linux and its network adapters
      3. Part 3 – getting started with Kali Linux
      4. Part 4 – updating repository sources and packages
    5. Setting up a vulnerable web application
    6. Deploying Metasploitable 2 as a vulnerable machine
      1. Part 1 – deploying Metasploitable 2
      2. Part 2 – configuring network settings
    7. Building and deploying Metasploitable 3
      1. Part 1 – building the Windows server version
      2. Part 2 – building the Linux server version
    8. Summary
    9. Further reading
  4. Setting Up for Advanced Penetration Testing Techniques
    1. Technical requirements
    2. Building an Active Directory red team lab
      1. Part 1 – Setting up Windows Server
      2. Part 2 – Configuring virtual machine additional features
      3. Part 3 – Setting Active Directory Domain Services
      4. Part 4 – Creating domain users and administrator accounts
      5. Part 5 – Disabling antimalware protection and the domain firewall
      6. Part 6 – Setting up for service authentication attacks
      7. Part 7 – Installing Windows 10 Enterprise
      8. Part 8 – Adding the clients to the domain
      9. Part 9 – Setting up for account takeover and file sharing attacks
    3. Setting up a wireless penetration testing lab
      1. Brief overview of wireless network security
      2. Setting up a RADIUS server
        1. Part 1 – Install a Ubuntu server
        2. Part 2 – Setting up FreeRadius
        3. Part 3 – Setting the wireless router with RADIUS
    4. Summary
    5. Further reading
  5. Passive Reconnaissance
    1. Technical requirements
    2. The importance of reconnaissance
    3. Exploring passive reconnaissance
      1. Open source intelligence
      2. How much data should be collected?
    4. Creating a sock puppet
    5. Anonymizing internet-based traffic
      1. VPN
      2. Proxychains
      3. TOR
    6. Summary
    7. Further reading
  6. Exploring Open-Source Intelligence
    1. Technical requirements
    2. Google hacking techniques
    3. Domain reconnaissance
      1. Collecting WHOIS data
      2. Performing DNS enumeration
      3. Exploiting DNS zone transfer
      4. Automation using SpiderFoot
    4. Sub-domain harvesting
      1. Enumeration with DNSMap
      2. Sub-domain discovery with Knockpy
    5. Identifying organizational infrastructure
      1. Data leakage on job websites
      2. Finding vulnerable systems using Shodan
      3. Discovering exposed systems with Censys
      4. Mapping external systems using Maltego
      5. Identifying infrastructure with Netcraft
      6. Using Recon-ng for data harvesting
      7. Data collection with theHarvester
    6. Harvesting employees’ data using Hunter
    7. Automating social media reconnaissance with Sherlock
    8. Summary
    9. Further reading
  7. Active Reconnaissance
    1. Technical requirements
    2. Understanding active information
    3. Profiling websites using EyeWitness
    4. Exploring active scanning techniques
      1. Changing your MAC address
      2. Performing live host discovery
      3. Identifying open ports, services, and operating systems
    5. Using scanning evasion techniques
      1. Avoiding detection with decoys
      2. Using MAC and IP spoofing techniques
      3. Stealth scanning techniques
    6. Enumerating network services
      1. Enumerating SMB services
      2. Enumerating SMTP services
      3. Enumerating SNMP services
    7. Discovering data leaks in the cloud
    8. Summary
    9. Further reading
  8. Performing Vulnerability Assessments
    1. Technical requirements
    2. Getting started with Nessus
      1. Part 1 – installing Nessus
      2. Part 2 – identifying vulnerabilities
      3. Part 3 – vulnerability analysis
      4. Part 4 – exporting vulnerability reports
    3. Vulnerability identification using Nmap
    4. Working with Greenbone Vulnerability Manager
      1. Part 1 – installing GVM
      2. Part 2 – vulnerability identification
      3. Part 3 – vulnerability analysis and reporting
    5. Using web application scanners
      1. WhatWeb
      2. Nmap
      3. Nikto
      4. Metasploit
      5. WPScan
    6. Summary
    7. Further reading
  9. Understanding Network Penetration Testing
    1. Technical requirements
    2. Introduction to network penetration testing
    3. Working with bind and reverse shells
      1. Working with remote shells using Netcat
      2. Setting up a bind shell
      3. Setting up reverse shells
    4. Antimalware evasion techniques
      1. Encoding payloads with MSFvenom
      2. Creating custom payloads with Shellter
    5. Working with wireless adapters
      1. Connecting wireless adapters to Kali Linux
      2. Connecting a wireless adapter with an RTL8812AU chipset
    6. Managing and Monitoring wireless modes
      1. Configuring Monitoring mode
      2. Using aircrack-ng to enable monitor mode
    7. Summary
    8. Further reading
  10. Performing Network Penetration Testing
    1. Technical requirements
    2. Exploring password-based attacks
      1. Creating a keyword-based wordlist
      2. Generating a custom wordlist using Crunch
      3. Gaining access by exploiting SSH
      4. Exploiting Remote Desktop Protocol
    3. Performing host discovery
      1. Profiling a targeted system
    4. Identifying and exploiting vulnerable services
      1. Exploiting Linux-based systems
      2. Compromising Windows-based systems
        1. Exploiting vulnerable SMB services
      3. Cracking hashes with Hashcat
      4. Exploiting Windows Remote Management
      5. Exploiting ElasticSearch
      6. Exploiting Simple Network Management Protocol
    5. Summary
    6. Further reading
  11. Post-Exploitation Techniques
    1. Technical requirements
    2. Pass-the-hash techniques
      1. Gaining a shell with PTH-WinExe
      2. Working with Impacket
      3. Pass-the-hash for remote desktop
    3. Post exploitation using Meterpreter
      1. Core operations
      2. User interface options
      3. File transfers
      4. Privilege escalation
      5. Token stealing and impersonation
      6. Setting up persistence
      7. Lateral movement and pivoting
      8. Clearing tracks
    4. Data encoding and exfiltration
      1. Encoding using exe2hex
      2. Exfiltration with PacketWhisper
        1. Part 1 – setting up the environment
        2. Part 2 – changing the DNS settings on the targeted system
        3. Part 3 – performing data exfiltration
        4. Part 4 – reassembling data
      3. Man-in-the-Middle (MiTM) attacks
        1. Intercepting traffic with MiTM attacks
    5. Summary
    6. Further reading
  12. Delving into Command and Control Tactics
    1. Technical requirements
    2. Understanding C2
    3. Setting up C2 operations
      1. Part 1 – Empire client-server model
      2. Part 2 – Managing users on Empire
    4. Post-exploitation using Empire
      1. Part 1 – Creating a listener
        1. Part 2 – Creating a stager
        2. Part 3 – Working with agents
        3. Part 4 – Creating a new agent
        4. Part 5 – Threat emulation
        5. Part 6 – Setting up persistence
    5. Working with Starkiller
      1. Part 1 – Starkiller
        1. Part 2 – User management
        2. Part 3 – Working with modules
        3. Part 4 – Creating listeners
        4. Part 5 – Creating stagers
        5. Part 6 – Interacting with agents
        6. Part 7 – Credentials and reporting
    6. Summary
    7. Further reading
  13. Working with Active Directory Attacks
    1. Technical requirements
    2. Understanding Active Directory
    3. Enumerating Active Directory
      1. Working with PowerView
      2. Exploring BloodHound
        1. Part 1 – setting up BloodHound
        2. Part 2 – remote data collection with BloodHound.py
        3. Part 3 – data analysis using BloodHound
    4. Leveraging network-based trust
      1. Exploiting LLMNR and NetBIOS-NS
      2. Exploiting SMB and NTLMv2 within Active Directory
        1. Retrieving the SAM database
        2. Obtaining a reverse shell
    5. Summary
    6. Further reading
  14. Advanced Active Directory Attacks
    1. Technical requirements
    2. Understanding Kerberos
    3. Abusing trust on IPv6 with Active Directory
      1. Part 1: setting up for an attack
      2. Part 2: launching the attack
      3. Part 3: taking over the domain
    4. Attacking Active Directory
      1. Lateral movement with CrackMapExec
      2. Vertical movement with Kerberos
      3. Lateral movement with Mimikatz
        1. Part 1: setting up the attack
        2. Part 2: grabbing credentials
    5. Domain dominance and persistence
      1. Golden ticket
      2. Silver ticket
      3. Skeleton key
    6. Summary
    7. Further reading
  15. Advanced Wireless Penetration Testing
    1. Technical Requirements
    2. Introduction to Wireless Networking
      1. Single-In Single-Out (SISO) and Multiple-In Multiple-Out (MIMO)
      2. Wireless security standards
    3. Performing Wireless Reconnaissance
      1. Identifying the associated clients of a targeted network
    4. Compromising WPA/WPA2 Networks
    5. Performing AP-less Attacks
    6. Exploiting Enterprise Networks
      1. Part 1 – setting up for the attack
      2. Part 2 – choosing the target
      3. Part 3 – starting the attack
      4. Part 4 – retrieving user credentials
    7. Setting Up a Wi-Fi Honeypot
    8. Exploiting WPA3 Attacks
      1. Performing a Downgrade and Dictionary Attack
    9. Summary
    10. Further Reading
  16. Social Engineering Attacks
    1. Technical requirements
    2. Fundamentals of social engineering
      1. Elements of social engineering
    3. Types of social engineering
      1. Human-based social engineering
      2. Computer-based social engineering
      3. Mobile-based social engineering
      4. Social networking
    4. Planning for each type of social engineering attack
    5. Defending against social engineering
    6. Exploring social engineering tools and techniques
      1. Creating infectious media
      2. Creating a phishing website
      3. Creating a fake wireless network
    7. Summary
    8. Further reading
  17. Understanding Website Application Security
    1. Technical requirements
    2. Understanding web applications
      1. The fundamentals of HTTP
    3. Exploring the OWASP Top 10: 2021
    4. Getting started with FoxyProxy and Burp Suite
      1. Part 1 - setting up FoxyProxy
      2. Part 2 - setting up Burp Suite
      3. Part 3 - getting familiar with Burp Suite
    5. Understanding injection-based attacks
      1. Performing an SQLi attack
    6. Exploring broken access control attacks
    7. Discovering cryptographic failures
    8. Understanding insecure design
    9. Exploring security misconfiguration
    10. Summary
    11. Further reading
  18. Advanced Website Penetration Testing
    1. Technical requirements
    2. Identifying vulnerable and outdated components
    3. Exploiting identification and authentication failures
      1. Discovering authentication failures
    4. Understanding software and data integrity failures
    5. Exploring server-side request forgery
    6. Understanding security logging and monitoring failures
      1. Identifying logging security vulnerabilities
    7. Understanding cross-site scripting
      1. Part 1 – Discovering reflected XSS
      2. Part 2 – Performing DOM-based XSS
      3. Part 3 – Discovering stored XSS
    8. Automating SQL injection attacks
      1. Part 1 – Discovering databases
      2. Part 2 – Retrieving sensitive information
    9. Performing client-side attacks
    10. Summary
    11. Further reading
  19. Best Practices for the Real World
    1. Technical requirements
    2. Guidelines for penetration testers
      1. Gaining written permission
      2. Being ethical
      3. Penetration testing contract
      4. Rules of engagement
    3. Penetration testing checklist
      1. Pre-engagement
      2. Reconnaissance
      3. Enumeration
      4. Vulnerability assessment
      5. Exploitation
      6. Post-exploitation
      7. Covering tracks
      8. Report writing
    4. Creating a hacker’s toolkit
      1. ESP8266 microcontroller
      2. WiFi Pineapple Nano
      3. Bash Bunny
      4. Packet Squirrel
      5. LAN Turtle
      6. Mini USB-powered network switch
      7. Retractable network cable
      8. Flipper Zero
    5. Setting up remote access
    6. Next steps ahead
    7. Summary
    8. Further reading
  20. Appendix
    1. Setting Up a Penetration Testing Lab on Ubuntu Desktop
    2. Technical requirements
    3. An overview of the lab setup and technologies used
    4. Setting up a hypervisor and virtual networks
    5. Setting up Kali Linux on Ubuntu
    6. Setting up Metasploitable 3 on Ubuntu
      1. Part 1 – building the Windows Server version
      2. Part 2 – building the Linux Server version
    7. Summary
  21. Index

Product information

  • Title: The Ultimate Kali Linux Book - Third Edition
  • Author(s): Glen D. Singh
  • Release date: April 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835085806