Learning Kali Linux: Security Testing, Penetration Testing, and Ethical Hacking
400Learning Kali Linux: Security Testing, Penetration Testing, and Ethical Hacking
400Paperback
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Author Ric Messier takes you through the foundations of Kali Linux and explains methods for conducting tests on networks, web applications, wireless security, password vulnerability, and more. You'll discover different techniques for extending Kali tools and creating your own toolset.
- Learn tools for stress testing network stacks and applications
- Perform network reconnaissance to determine what's available to attackers
- Execute penetration tests using automated exploit tools such as Metasploit
- Use cracking tools to see if passwords meet complexity requirements
- Test wireless capabilities by injecting frames and cracking passwords
- Assess web application vulnerabilities with automated or proxy-based tools
- Create advanced attack techniques by extending Kali tools or developing your own
- Use Kali Linux to generate reports once testing is complete
Product Details
ISBN-13: | 9781492028697 |
---|---|
Publisher: | O'Reilly Media, Incorporated |
Publication date: | 08/10/2018 |
Pages: | 400 |
Sales rank: | 349,632 |
Product dimensions: | 6.90(w) x 9.10(h) x 1.00(d) |
About the Author
Table of Contents
Preface ix
1 Foundations of Kali Linux 1
Heritage of Linux 1
About Linux 3
Acquiring and Installing Kali Linux 5
Desktops 8
GNOME Desktop 9
Logging In Through the Desktop Manager 12
XFCE Desktop 12
Cinnamon and MATE 13
Using the Command Line 15
File and Directory Management 17
Process Management 21
Other Utilities 24
User Management 25
Service Management 26
Package Management 28
Log Management 32
Summary 34
Useful Resources 35
2 Network Security Testing Basics 37
Security Testing 37
Network Security Testing 40
Monitoring 40
Layers 42
Stress Testing 45
Denial-of-Service Tools 51
Encryption Testing 55
Packet Captures 60
Using TCPdump 61
Berkeley Packet Filters 63
Wireshark 65
Poisoning Attacks 69
ARP Spoofing 69
DNS Spoofing 72
Summary 73
Useful Resources 74
3 Reconnaissance 75
What Is Reconnaissance? 75
Open Source Intelligence 77
Google Hacking 79
Automating Information Grabbing 81
Recon-NG 85
Maltego 88
DNS Reconnaissance and whois 92
DNS Reconnaissance 92
Regional Internet Registries 96
Passive Reconnaissance 99
Port Scanning 101
TCP Scanning 102
UDP Scanning 102
Port Scanning with NMAP 103
High-Speed Scanning 106
Service Scanning 109
Manual Interaction 110
Summary 112
Useful Resources 113
4 Looking for Vulnerabilities 115
Understanding Vulnerabilities 116
Vulnerability Types 117
Buffer Overflow 117
Race Condition 119
Input Validation 120
Access Control 120
Local Vulnerabilities 121
Using lynis for Local Checks 122
Open VAS Local Scanning 124
Root Kits 126
Remote Vulnerabilities 128
Quick Start with Open VAS 129
Creating a Scan 132
Open VAS Reports 135
Network Device Vulnerabilities 139
Auditing Devices 139
Database Vulnerabilities 142
Identifying New Vulnerabilities 143
Summary 146
Useful Resources 147
5 Automated Exploits 149
What Is an Exploit? 150
Cisco Attacks 151
Management Protocols 152
Other Devices 153
Exploit Database 155
Metasploit 157
Starting with Metasploit 158
Working with Metasploit Modules 159
Importing Data 161
Exploiting Systems 165
Armitage 168
Social Engineering 170
Summary 173
Useful Resources 173
6 Owning Metasploit 175
Scanning for Targets 176
Port Scanning 176
SMB Scanning 180
Vulnerability Scans 181
Exploiting Your Target 182
Using Meterpreter 185
Meterpreter Basics 185
User Information 186
Process Manipulation 189
Privilege Escalation 192
Pivoting to Other Networks 196
Maintaining Access 199
Summary 202
Useful Resources 203
7 Wireless Security Testing 205
The Scope of Wireless 205
802.11 206
Bluetooth 207
Zigbee 208
WiFi Attacks and Testing Tools 208
802.11 Terminology and Functioning 209
Identifying Networks 210
WPS Attacks 213
Automating Multiple Tests 215
Injection Attacks 217
Password Cracking on WiFi 218
Besside-ng 219
coWPAtty 220
Aircrack-ng 221
Fern 224
Going Rogue 225
Hosting an Access Point 226
Phishing Users 228
Wireless Honeypot 232
Bluetooth Testing 233
Scanning 233
Service Identification 235
Other Bluetooth Testing 238
Zigbee Testing 239
Summary 240
Useful Resources 240
8 Web Application Testing 241
Web Architecture 241
Firewall 243
Load Balancer 243
Web Server 244
Application Server 244
Database Server 245
Web-Based Attacks 246
SQL Injection 247
XML Entity Injection 248
Command Injection 249
Cross-Site Scripting 250
Cross-Site Request Forgery 251
Session Hijacking 253
Using Proxies 255
Burp Suite 255
Zed Attack Proxy 259
WebScarab 265
Paros Proxy 266
Proxystrike 268
Automated Web Attacks 269
Recon 269
Vega 272
Nikto 274
Dirbuster and gobuster 276
Java-Based Application Servers 278
SQL-Based Attacks 279
Assorted Tasks 283
Summary 285
Useful Resources 285
9 Cracking Passwords 287
Password Storage 287
Security Account Manager 289
PAM and Crypt 290
Acquiring Passwords 291
Local Cracking 294
John the Ripper 296
Rainbow Tables 298
HashCat 304
Remote Cracking 306
Hydra 306
Patator 308
Web-Based Cracking 309
Summary 313
Useful Resources 313
10 Advanced Techniques and Concepts 315
Programming Basics 316
Compiled Languages 316
Interpreted Languages 320
Intermediate Languages 321
Compiling and Building 323
Programming Errors 324
Buffer Overflows 325
Heap Overflows 327
Return to LIBC 329
Writing Nmap Modules 330
Extending Metasploit 333
Disassembling and Reverse Engineering 336
Debugging 337
Disassembling 341
Tracing Programs 343
Other File Types 345
Maintaining Access and Cleanup 346
Metasploit and Cleanup 346
Maintaining Access 347
Summary 349
Useful Resources 349
11 Reporting 351
Determining Threat Potential and Severity 352
Writing Reports 354
Audience 354
Executive Summary 355
Methodology 356
Findings 357
Taking Notes 358
Text Editors 358
GUI-Based Editors 360
Notes 361
Capturing Data 362
Organizing Your Data 364
Dradis Framework 365
CaseFile 368
Summary 370
Useful Resources 370
Index 371