Kali Linux Penetration Testing Bible
Реклама. ООО «ЛитРес», ИНН: 7719571260.
Оглавление
Gus Khawaja. Kali Linux Penetration Testing Bible
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
Kali Linux Penetration Testing Bible
Introduction
What Does This Book Cover?
Chapter 1: Mastering the Terminal Window
Chapter 2: Bash Scripting
Chapter 3: Network Hosts Scanning
Chapter 4: Internet Information Gathering
Chapter 5: Social Engineering Attacks
Chapter 6: Advanced Enumeration Phase
Chapter 7: Exploitation Phase
Chapter 8: Web Application Vulnerabilities
Chapter 9: Web Penetration Testing and Secure Software Development Lifecycle
Chapter 10: Linux Privilege Escalation
Chapter 11: Windows Privilege Escalation
Chapter 12: Pivoting and Lateral Movement
Chapter 13: Cryptography and Hash Cracking
Chapter 14: Reporting
Chapter 15: Assembly Language and Reverse Engineering
Chapter 16: Buffer/Stack Overflow
Chapter 17: Programming with Python
Chapter 18: Pentest Automation with Python
Appendix A: Kali Linux Desktop at a Glance
Appendix B: Building a Lab Environment Using Docker
Companion Download Files
How to Contact the Publisher
How to Contact the Author
CHAPTER 1 Mastering the Terminal Window
Kali Linux File System
Terminal Window Basic Commands
Tmux Terminal Window
Starting Tmux
Tmux Key Bindings
Tmux Session Management
Window Rename
Window Creation
Splitting Windows
Navigating Inside Tmux
Tmux Commands Reference
Managing Users and Groups in Kali
Users Commands
Groups Commands
Managing Passwords in Kali
Files and Folders Management in Kali Linux
Displaying Files and Folders
Permissions
TIP
Manipulating Files in Kali
Searching for Files
TIP
TIP
Files Compression
Tar Archive
Gz Archive
Bz2 Archive
Zip Archive
Manipulating Directories in Kali
Mounting a Directory
Managing Text Files in Kali Linux
Vim vs. Nano
Searching and Filtering Text
Remote Connections in Kali
Remote Desktop Protocol
Secure Shell
SSH with Credentials
Passwordless SSH
TIP
Kali Linux System Management
Linux Host Information
Linux OS Information
Linux Hardware Information
Managing Running Services
Package Management
Process Management
Networking in Kali Linux
Network Interface
IPv4 Private Address Ranges
Static IP Addressing
DNS
Established Connections
File Transfers
TIP
Summary
CHAPTER 2 Bash Scripting
Basic Bash Scripting
Printing to the Screen in Bash
Variables
Commands Variable
Script Parameters
TIP
User Input
Functions
Conditions and Loops
Conditions
Loops
File Iteration
Summary
CHAPTER 3 Network Hosts Scanning
Basics of Networking
Networking Protocols
TCP
UDP
Other Networking Protocols
ICMP
ARP
IP Addressing
IPv4
Subnets and CIDR
IPv6
Port Numbers
Network Scanning
Identifying Live Hosts
Ping
ARP
Nmap
Port Scanning and Services Enumeration
TCP Port SYN Scan
UDP
Basics of Using Nmap Scans
Services Enumeration
TIP
Operating System Fingerprinting
Nmap Scripting Engine
NSE Category Scan
NSE Arguments
DNS Enumeration
DNS Brute‐Force
TIP
DNS Zone Transfer
DNS Subdomains Tools
Fierce
Summary
CHAPTER 4 Internet Information Gathering
Passive Footprinting and Reconnaissance
Internet Search Engines
Shodan
Google Queries
Information Gathering Using Kali Linux
Whois Database
TheHarvester
DMitry
Maltego
Transform Hub
Creating a Graph
Summary
CHAPTER 5 Social Engineering Attacks
Spear Phishing Attacks
Sending an E‐mail
The Social Engineer Toolkit
Sending an E‐mail Using Python
Stealing Credentials
Payloads and Listeners
Bind Shell vs. Reverse Shell
Bind Shell
Reverse Shell
Reverse Shell Using SET
Social Engineering with the USB Rubber Ducky
A Practical Reverse Shell Using USB Rubber Ducky and PowerShell
Generating a PowerShell Script
Starting a Listener
Hosting the PowerShell Script
Running PowerShell
Download and Execute the PS Script
Reverse Shell
Replicating the Attack Using the USB Rubber Ducky
Summary
CHAPTER 6 Advanced Enumeration Phase
Transfer Protocols
FTP (Port 21)
Exploitation Scenarios for an FTP Server
Enumeration Workflow
Service Scan
Advanced Scripting Scan with Nmap
More Brute‐Forcing Techniques
SSH (Port 22)
Exploitation Scenarios for an SSH Server
Advanced Scripting Scan with Nmap
Brute‐Forcing SSH with Hydra
Advanced Brute‐Forcing Techniques
Telnet (Port 23)
Exploitation Scenarios for Telnet Server
Enumeration Workflow
Service Scan
Advanced Scripting Scan
Brute‐Forcing with Hydra
E‐mail Protocols
SMTP (Port 25)
Nmap Basic Enumeration
Nmap Advanced Enumeration
Enumerating Users
POP3 (Port 110) and IMAP4 (Port 143)
Brute‐Forcing POP3 E‐mail Accounts
Database Protocols
Microsoft SQL Server (Port 1433)
Oracle Database Server (Port 1521)
MySQL (Port 3306)
CI/CD Protocols
Docker (Port 2375)
Jenkins (Port 8080/50000)
Brute‐Forcing a Web Portal Using Hydra
NOTE
Step 1: Enable a Proxy
Step 2: Intercept the Form Request
Step 3: Extracting Form Data and Brute‐Forcing with Hydra
Web Protocols 80/443
NOTE
Graphical Remoting Protocols
RDP (Port 3389)
RDP Brute‐Force
VNC (Port 5900)
File Sharing Protocols
SMB (Port 445)
Brute‐Forcing SMB
SNMP (Port UDP 161)
SNMP Enumeration
Summary
CHAPTER 7 Exploitation Phase
Vulnerabilities Assessment
Vulnerability Assessment Workflow
Vulnerability Scanning with OpenVAS
Installing OpenVAS
NOTE
Scanning with OpenVAS
Create a Target List
Create a Scanner Task
Reviewing the Report
Exploits Research
SearchSploit
Services Exploitation
Exploiting FTP Service
FTP Login
Remote Code Execution
TIP
Spawning a Shell
Exploiting SSH Service
SSH Login
Telnet Service Exploitation
Telnet Login
Sniffing for Cleartext Information
E‐mail Server Exploitation
Docker Exploitation
Testing the Docker Connection
Creating a New Remote Kali Container
Download Kali Image
Check Whether the Image Has Been Downloaded
Running the Container
Checking Whether the Container Is Running
Getting a Shell into the Kali Container
Docker Host Exploitation
SSH Key Generation
Key Transfer
Exploiting Jenkins
Reverse Shells
Using Shells with Metasploit
MSFvenom options
Exploiting the SMB Protocol
Connecting to SMB Shares
SMB Eternal Blue Exploit
Summary
CHAPTER 8 Web Application Vulnerabilities
Web Application Vulnerabilities
Mutillidae Installation
Apache Web Server Installation
Firewall Setup
Installing PHP
Database Installation and Setup
Mutillidae Installation
Cross‐Site Scripting
Reflected XSS
Stored XSS
NOTE
Exploiting XSS Using the Header
Bypassing JavaScript Validation
SQL Injection
Querying the Database
Bypassing the Login Page
Execute Database Commands Using SQLi
SQL Injection Automation with SQLMap
Testing for SQL Injection
Command Injection
File Inclusion
Local File Inclusion
Remote File Inclusion
TIP
Cross‐Site Request Forgery
The Attacker Scenario
The Victim Scenario
File Upload
Simple File Upload
Bypassing Validation
File Rename
TIP
Content Type
Payload Contents
Encoding
OWASP Top 10
Summary
CHAPTER 9 Web Penetration Testing and Secure Software Development Lifecycle
Web Enumeration and Exploitation
Burp Suite Pro
NOTE
Web Pentest Using Burp Suite
Loading Burp Suite Pro
Burp Proxy
Target Tab
Enumerating the Site Items (Spidering/Contents Discovery)
Automated Vulnerabilities Scan
The Repeater Tab
The Intruder Tab
Burp Extender
Creating a Report in Burp
More Enumeration
Nmap
Crawling
Vulnerability Assessment
Manual Web Penetration Testing Checklist
Common Checklist
Special Pages Checklist
Upload Page
Login Page
User Registration
Reset/Change Password
Secure Software Development Lifecycle
Analysis/Architecture Phase
Application Threat Modeling
Assets
Entry Points
Third Parties
Trust Levels
Data Flow Diagram
Development Phase
Testing Phase
Production Environment (Final Deployment)
Summary
CHAPTER 10 Linux Privilege Escalation
Introduction to Kernel Exploits and Missing Configurations
Kernel Exploits
Kernel Exploit: Dirty Cow
SUID Exploitation
Overriding the Passwd Users File
CRON Jobs Privilege Escalation
CRON Basics
Crontab
Anacrontab
Enumerating and Exploiting CRON
sudoers
sudo Privilege Escalation
Exploiting the Find Command
Editing the sudoers File
Exploiting Running Services
Automated Scripts
Summary
CHAPTER 11 Windows Privilege Escalation
Windows System Enumeration
System Information
Windows Architecture
Listing the Disk Drives
Installed Patches
Who Am I?
List Users and Groups
Networking Information
Showing Weak Permissions
Listing Installed Programs
Listing Tasks and Processes
File Transfers
Windows Host Destination
Linux Host Destination
Windows System Exploitation
Windows Kernel Exploits
Getting the OS Version
Find a Matching Exploit
Executing the Payload and Getting a Root Shell
The Metasploit PrivEsc Magic
Exploiting Windows Applications
Running As in Windows
PSExec Tool
Exploiting Services in Windows
Interacting with Windows Services
Misconfigured Service Permissions
Overriding the Service Executable
Unquoted Service Path
Weak Registry Permissions
Exploiting the Scheduled Tasks
Windows PrivEsc Automated Tools
PowerUp
WinPEAS
Summary
CHAPTER 12 Pivoting and Lateral Movement
Dumping Windows Hashes
TIP
Windows NTLM Hashes
SAM File and Hash Dump
Using the Hash
Mimikatz
Dumping Active Directory Hashes
Reusing Passwords and Hashes
TIP
Pass the Hash
TIP
Pivoting with Port Redirection
Port Forwarding Concepts
SSH Tunneling and Local Port Forwarding
Remote Port Forwarding Using SSH
Dynamic Port Forwarding
Dynamic Port Forwarding Using SSH
Summary
CHAPTER 13 Cryptography and Hash Cracking
Basics of Cryptography
Hashing Basics
One‐Way Hash Function
Hashing Scenarios
Hashing Algorithms
Message Digest 5
Secure Hash Algorithm
Hashing Passwords
Securing Passwords with Hash
Before, without Salting
After, with Salting
Hash‐Based Message Authenticated Code
Encryption Basics
Symmetric Encryption
Advanced Encryption Standard
Asymmetric Encryption
Rivest Shamir Adleman
Cracking Secrets with Hashcat
Benchmark Testing
Cracking Hashes in Action
Attack Modes
Straight Mode
Creating a Large Dictionary File
Dictionary Rules
Combinator
Combinator Rules
Mask and Brute‐Force Attacks
Keyspace
Masks
Built‐in Charset Variables
Static Charsets
Custom Charsets
Hashcat Charset Files
Brute‐Force Attack
Hybrid Attacks
Cracking Workflow
Summary
CHAPTER 14 Reporting
Overview of Reports in Penetration Testing
Scoring Severities
Common Vulnerability Scoring System Version 3.1
Report Presentation
Cover Page
History Logs
Report Summary
Vulnerabilities Section
Summary
CHAPTER 15 Assembly Language and Reverse Engineering
CPU Registers
General CPU Registers
Index Registers
Pointer Registers
Segment Registers
Flag Registers
Assembly Instructions
Little Endian
Data Types
Memory Segments
Addressing Modes
Reverse Engineering Example
Visual Studio Code for C/C++
Immunity Debugger for Reverse Engineering
Summary
CHAPTER 16 Buffer/Stack Overflow
Basics of Stack Overflow
Stack Overview
PUSH Instruction
POP Instruction
C Program Example
Buffer Analysis with Immunity Debugger
Stack Overflow
Stack Overflow Mechanism
Stack Overflow Exploitation
Lab Overview
Vulnerable Application
Phase 1: Testing
Testing the Happy Path
Testing the Crash
Phase 2: Buffer Size
Pattern Creation
Offset Location
Phase 3: Controlling EIP
Adding the JMP Instruction
Phase 4: Injecting the Payload and Getting a Remote Shell
Payload Generation
Bad Characters
Shellcode Python Script
Summary
CHAPTER 17 Programming with Python
Basics of Python
Running Python Scripts
Debugging Python Scripts
Installing VS Code on Kali
Practicing Python
NOTE
Python Basic Syntaxes
Python Shebang
Comments in Python
Line Indentation and Importing Modules
Input and Output
Printing CLI Arguments
Variables
Numbers
Arithmetic Operators
Strings
String Formatting
String Functions
Lists
Reading Values in a List
Updating List Items
Removing a list item
Tuples
Dictionary
More Techniques in Python
Functions
Returning Values
Optional Arguments
Global Variables
Changing Global Variables
Conditions
if/else Statement
Comparison Operators
Loop Iterations
while Loop
for Loop
Managing Files
Exception Handling
Text Escape Characters
Custom Objects in Python
Summary
CHAPTER 18 Pentest Automation with Python
Penetration Test Robot
Application Workflow
NOTE
Python Packages
Application Start
Input Validation
Code Refactoring
Scanning for Live Hosts
Ports and Services Scanning
Attacking Credentials and Saving the Results
Summary
APPENDIX A Kali Linux Desktop at a Glance
Downloading and Running a VM of Kali Linux
REFERENCE
Virtual Machine First Boot
Kali Xfce Desktop
Kali Xfce Menu
Search Bar
Favorites Menu Item
Usual Applications
Other Menu Items
Kali Xfce Settings Manager
Advanced Network Configuration
Appearance
Style
Icons
Fonts
Settings
Desktop
Background
Menus
Icons
Display
General
Advanced
File Manager
Display
Side Pane
Behavior
Advanced
Keyboard
Behavior
Application Shortcuts
Layout
MIME Type Editor
Mouse and Touchpad
Panel
Display
Appearance
Items
Workspaces
Window Manager
Style
Keyboard
Focus
Practical Example of Desktop Customization
Edit the Top Panel
Remove Icons
Adding a New Bottom Panel
Panel Addition
Changing the Desktop Look
Changing Desktop Background
Changing Desktop Icons
Installing Kali Linux from Scratch
Summary
APPENDIX B Building a Lab Environment Using Docker
Docker Technology
Docker Basics
Docker Installation
Images and Registries
Containers
TIP
TIP
Dockerfile
Volumes
Networking
Mutillidae Docker Container
Summary
Index
About the Author
About the Technical Editor
Acknowledgments
WILEY END USER LICENSE AGREEMENT
Отрывок из книги
Gus Khawaja
.....
$less [file name]
To sort a text file, simply use the sort command:
.....