The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, 2nd Edition
- Length: 742 pages
- Edition: 2
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-02-24
- ISBN-10: 1801818932
- ISBN-13: 9781801818933
- Sales Rank: #46879 (See Top 100 Books)
Explore the latest ethical hacking tools and techniques to perform penetration testing from scratch
Key Features
- Learn to compromise enterprise networks with Kali Linux
- Gain comprehensive insights into security concepts using advanced real-life hacker techniques
- Use Kali Linux in the same way ethical hackers and penetration testers do to gain control of your environment
Book Description
Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.
This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.
By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.
What you will learn
- Explore the fundamentals of ethical hacking
- Understand how to install and configure Kali Linux
- Perform asset and network discovery techniques
- Focus on how to perform vulnerability assessments
- Exploit the trust in Active Directory domain services
- Perform advanced exploitation with Command and Control (C2) techniques
- Implement advanced wireless hacking techniques
- Become well-versed with exploiting vulnerable web applications
Who this book is for
This pentesting book is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. If you do not have any prior knowledge and are looking to become an expert in penetration testing using the Kali Linux operating system (OS), then this book is for you.
The Ultimate Kali Linux Book Second Edition Contributors About the author About the reviewer Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Disclaimer Share Your Thoughts Section 1: Getting Started with Penetration Testing Chapter 1: Introduction to Ethical Hacking Identifying threat actors and their intent Understanding what matters to threat actors Time Resources Financial factors Hack value Discovering cybersecurity terminologies Exploring the need for penetration testing and its phases Creating a penetration testing battle plan Understanding penetration testing approaches Types of penetration testing Exploring hacking phases Reconnaissance or information gathering Scanning and enumeration Gaining access Maintaining access Covering your tracks Understanding the Cyber Kill Chain framework Reconnaissance Weaponization Delivery Exploitation Installation Command and Control (C2) Actions on objectives Summary Further reading Chapter 2: Building a Penetration Testing Lab Technical requirements Understanding the lab overview and its technologies Setting up a hypervisor and virtually isolated networks Part 1 – deploying the hypervisor Part 2 – creating virtually isolated networks Setting up and working with Kali Linux Part 1 – setting up Kali Linux as a virtual machine Part 2 – customizing the Kali Linux virtual machine and network adapters Part 3 – getting started with Kali Linux Part 4 – updating sources and packages Deploying Metasploitable 2 as a target system Part 1 – deploying Metasploitable 2 Part 2 – configuring networking settings Implementing Metasploitable 3 using Vagrant Part 1 – setting up the Windows version Part 2 – setting up the Linux version Setting up vulnerability web application systems Part 1 – deploying OWASP Juice Shop Part 2 – setting up OWASP Broken Web Applications Summary Further reading Chapter 3: Setting Up for Advanced Hacking Techniques Technical requirements Building an AD red team lab Part 1 – installing Windows Server 2019 Part 2 – installing Windows 10 Enterprise Part 2 – setting up AD services Part 3 – promoting to a DC Part 4 – creating domain users and administrator accounts Part 5 – disabling antimalware protection and the domain firewall Part 6 – setting up for file sharing and service authentication attacks Part 7 – joining clients to the AD domain Part 8 – setting up for local account takeover and SMB attacks Setting up a wireless penetration testing lab Implementing a RADIUS server Summary Further reading Section 2: Reconnaissance and Network Penetration Testing Chapter 4: Reconnaissance and Footprinting Technical requirements Understanding the importance of reconnaissance Footprinting Understanding passive information gathering Exploring open source intelligence Using OSINT strategies to gather intelligence Importance of a sock puppet Anonymizing your traffic Profiling a target organization's IT infrastructure Gathering employees' data Social media reconnaissance Gathering a company's infrastructure data Summary Further reading Chapter 5: Exploring Active Information Gathering Technical requirements Understanding active reconnaissance Exploring Google hacking strategies Exploring DNS reconnaissance Performing DNS enumeration Checking for DNS zone transfer misconfiguration Automating OSINT Enumerating subdomains Working with DNSmap Exploring Sublist3r Profiling websites using EyeWitness Exploring active scanning techniques Spoofing MAC addresses Discovering live systems on a network Probing open service ports, services, and operating systems Working with evasion techniques Enumerating common network services Scanning using Metasploit Enumerating SMB Enumerating SSH Performing user enumeration through noisy authentication controls Finding data leaks in the cloud Summary Further reading Chapter 6: Performing Vulnerability Assessments Technical requirements Nessus and its policies Setting up Nessus Scanning with Nessus Analyzing Nessus results Exporting Nessus results Vulnerability discovery using Nmap Working with Greenbone Vulnerability Manager Using web application scanners WhatWeb Nmap Metasploit Nikto WPScan Summary Further reading Chapter 7: Understanding Network Penetration Testing Technical requirements Introduction to network penetration testing Working with bind and reverse shells Remote shells using Netcat Creating a bind shell Creating a reverse shell Antimalware evasion techniques Using MSFvenon to encode payloads Creating payloads using Shellter Working with wireless adapters Connecting a wireless adapter to Kali Linux Connecting a wireless adapter with an RTL8812AU chipset Managing and monitoring wireless modes Configuring monitor mode manually Using Aircrack-ng to enable monitor mode Summary Further reading Chapter 8: Performing Network Penetration Testing Technical requirements Discovering live systems Profiling a target system Exploring password-based attacks Exploiting Windows Remote Desktop Protocol Creating wordlists using keywords Crunching those wordlists Identifying and exploiting vulnerable services Exploiting a vulnerable service on a Linux system Exploiting SMB in Microsoft Windows Passing the hash Gaining access by exploiting SSH Exploiting Windows Remote Management Exploiting ElasticSearch Exploiting Simple Network Management Protocol Understanding watering hole attacks Further reading Section 3: Red Teaming Techniques Chapter 9: Advanced Network Penetration Testing — Post Exploitation Technical requirements Post-exploitation using Meterpreter Core operations User interface operations File transfers Privilege escalation Token stealing and impersonation Implementing persistence Lateral movement and pivoting Clearing tracks Data encoding and exfiltration Encoding executables using exe2hex Data exfiltration using PacketWhisper Understanding MITM and packet sniffing attacks Performing MITM attacks using Ettercap Summary Further reading Chapter 10: Working with Active Directory Attacks Technical requirements Understanding Active Directory Enumerating Active Directory Working with PowerView Exploring Bloodhound Leveraging network-based trust Exploiting LLMNR and NetBIOS-NS Exploiting trust between SMB and NTLMv2 within Active Directory Summary Further reading Chapter 11: Advanced Active Directory Attacks Technical requirements Understanding Kerberos Abusing trust on IPv6 with Active Directory Part 1: Setting up for the attack Part 2: Launching the attack Part 3: Taking over the domain Attacking Active Directory Lateral movement with CrackMapExec Vertical movement with Kerberos Lateral movement with Mimikatz Domain dominance and persistence Golden ticket Silver ticket Skeleton key Summary Further reading Chapter 12: Delving into Command and Control Tactics Technical requirements Understanding C2 Setting up C2 operations Part 1 – setting up Empire Part 2 – managing users Post-exploitation using Empire Part 1 – creating a listener Part 2 – creating a stager Part 3 – working with agents Part 4 – creating a new agent Part 5 – improving threat emulation Part 6 – setting up persistence Working with Starkiller Part 1 – starting Starkiller Part 2 – user management Part 3 – working with modules Part 4 – creating listeners Part 5 – creating stagers Part 6 – interacting with agents Part 7 – credentials and reporting Summary Further reading Chapter 13: Advanced Wireless Penetration Testing Technical requirements Introduction to wireless networking SISO and MIMO Wireless security standards Performing wireless reconnaissance Determining the associated clients for a specific network Compromising WPA and WPA2 networks Performing AP-less attacks Exploiting enterprise wireless networks Part 1 – setting up for the attack Part 2 – choosing the target Part 3 – starting the attack Part 4 – retrieving user credentials Creating a Wi-Fi honeypot Discovering WPA3 attacks Performing a downgrade and dictionary attack Securing your wireless network SSID management MAC filtering Power levels for antennas Strong passwords Securing enterprise wireless networks Summary Further reading Section 4: Social Engineering and Web Application Attacks Chapter 14: Performing Client-Side Attacks – Social Engineering Technical requirements Fundamentals of social engineering Elements of social engineering Types of social engineering Human-based Computer-based Mobile-based Social networking Defending against social engineering Planning for each type of social engineering attack Exploring social engineering tools and techniques Creating a phishing website Creating infectious media Summary Further reading Chapter 15: Understanding Website Application Security Technical requirements Understanding web applications Fundamentals of HTTP Exploring the OWASP Top 10: 2021 Getting started with FoxyProxy and Burp Suite Part one – setting up FoxyProxy Part two – setting up Burp Suite Part three – getting familiar with Burp Suite Understanding injection-based attacks Performing a SQL injection attack Exploring broken access control attacks Exploring broken access control Discovering cryptographic failures Exploiting cryptographic failures Understanding insecure design Exploring security misconfiguration Exploiting security misconfigurations Summary Further reading Chapter 16: Advanced Website Penetration Testing Technical requirements Identifying vulnerable and outdated components Discovering vulnerable components Exploiting identification and authentication failures Discovering authentication failures Understanding software and data integrity failures Understanding security logging and monitoring failures Performing server-side request forgery Automating SQL injection attacks Part 1 – discovering databases Part 2 – retrieving sensitive information Understanding cross-site scripting Part 1 – discovering reflected XSS Part 2 – discovering stored XSS Performing client-side attacks Summary Further reading Chapter 17: Best Practices for the Real World Technical requirements Guidelines for penetration testers Gaining written permission Being ethical Penetration testing contract Rules of engagement Penetration testing checklist Information gathering Network scanning Enumeration Gaining access Covering tracks Report writing Creating a hacker's tool bag Setting up remote access Next steps ahead Summary Further reading Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.