Kali Linux 2018:Assuring Security by Penetration Testing
Shiva V. N Parasram Alex Samm Damian Boodoo Gerard Johansen Lee Allen Tedi Heriyanto Shakeel Ali更新时间:2021-06-24 18:19:59
最新章节:Leave a review - let other readers know what you thinkcoverpage
Title Page
Dedication
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Reviews
Installing and Configuring Kali Linux
Technical requirements
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Running Kali using a Live DVD
Installing on a hard disk
Installing Kali on a physical machine
Installing Kali on a virtual machine
Installing Kali on a virtual machine from the ISO image
Installing Kali Linux on a virtual machine using the Kali Linux VM image provided
Saving or moving the virtual machine
Installing Kali on a USB disk
Configuring the virtual machine
VirtualBox guest additions
Setting up networking
Setting up a wired connection
Setting up a wireless connection
Updating Kali Linux
Setting up Kali Linux AMI on Amazon AWS Cloud
Summary
Questions
Further reading
Setting Up Your Test Lab
Technical requirements
Physical or virtual?
Setting up a Windows environment in a VM
Installing vulnerable servers
Setting up Metasploitable 2 in a VM
Setting up Metasploitable 3 in a VM
Installing Packer
Installing Vagrant
Pre-built Metasploit 3
Setting up BadStore in a VM
Installing additional tools in Kali Linux
Network services in Kali Linux
HTTP
MySQL
SSH
Additional labs and resources
Summary
Questions
Further reading
Penetration Testing Methodology
Technical requirements
Penetration testing methodology
OWASP testing guide
PCI penetration testing guide
Penetration Testing Execution Standard
NIST 800-115
Open Source Security Testing Methodology Manual
General penetration testing framework
Reconnaissance
Scanning and enumeration
Scanning
ARP scanning
The network mapper (Nmap)
Nmap port scanner/TCP scan
Nmap half-open/stealth scan
Nmap OS-detection
Nmap service-detection
Nmap ping sweeps
Enumeration
SMB shares
DNS zone transfer
DNSRecon
SNMP devices
Packet captures
tcpdump
Wireshark
Gaining access
Exploits
Exploits for Linux
Exploits for Windows
Escalating privileges
Maintaining access
Covering your tracks
Reporting
Summary
Footprinting and Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Host
dig
DMitry
Maltego
Getting network routing information
tcptraceroute
tctrace
Utilizing the search engine
SimplyEmail
Google Hacking Database (GHDB)
Metagoofil
Automated footprinting and information gathering tools
Devploit
Red Hawk v2
Using Shodan to find internet connected devices
Search queries in Shodan
Blue-Thunder-IP-Locator
Summary
Questions
Further reading
Scanning and Evasion Techniques
Technical requirements
Starting off with target discovery
Identifying the target machine
ping
fping
hping3
OS fingerprinting
p0f
Introducing port scanning
Understanding TCP/IP protocol
Understanding TCP and UDP message formats
The network scanner
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Useful Nmap options
Service version detection
Operating system detection
Disabling host discovery
Aggressive scan
Nmap for scanning the IPv6 target
The Nmap scripting engine
Nmap options for firewall/IDS evasion
Scanning with Netdiscover
Automated scanning with Striker
Anonymity using Nipe
Summary
Questions
Further Reading
Vulnerability Scanning
Technical requirements
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Automated vulnerability scanning
Vulnerability scanning with Nessus 7
Installing the Nessus vulnerability scanner
Vulnerability scanning with OpenVAS
Linux vulnerability scanning with Lynis
Vulnerability scanning and enumeration using SPARTA
Summary
Questions
Further reading
Social Engineering
Technical requirements
Modeling human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationships
Curiosity
Social Engineering Toolkit
Anonymous USB attack
Credential-harvesting
Malicious Java applet
Summary
Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario 1
Scenario 2
SMB usernames
VNC blank authentication scanners
PostGRESQL logins
Scenario 3
Bind shells
Reverse shells
Meterpreters
Writing exploit modules
Summary
Privilege Escalation and Maintaining Access
Technical requirements
Privilege-escalation
Local escalation
Password-attack tools
Offline attack tools
John the Ripper
Ophcrack
samdump2
Online attack tools
CeWL
Hydra
Mimikatz
Maintaining access
Operating-system backdoors
Cymothoa
The Meterpreter backdoor
Summary
Web Application Testing
Technical requirements
Web analysis
Nikto
OWASP ZAP
Burp Suite
Paros proxy
W3AF
WebScarab
Cross-Site Scripting
Testing for XSS
SQL injection
Manual SQL injection
Automated SQL injection
sqlmap
Command-execution directory-traversal and file-inclusion
Directory-traversal and file-inclusion
Command execution
Summary
Further reading
Wireless Penetration Testing
Technical requirements
Wireless networking
Overview of 802.11
The Wired Equivalent Privacy standard
Wi-Fi Protected Access (WPA)
Wireless network reconnaissance
Antennas
Iwlist
Kismet
WAIDPS
Wireless testing tools
Aircrack-ng
WPA pre-shared key-cracking
WEP-cracking
PixieWPS
Wifite
Fern Wifi-Cracker
Evil Twin attack
Post cracking
MAC-spoofing
Persistence
Sniffing wireless traffic
Sniffing WLAN traffic
Passive sniffing
Summary
Mobile Penetration Testing with Kali NetHunter
Technical requirements
Kali NetHunter
Deployment
Network deployment
Wireless deployment
Host deployment
Installing Kali NetHunter
NetHunter icons
NetHunter tools
Nmap
Metasploit
MAC changer
Third-party Android applications
The NetHunter Terminal Application
DriveDroid
USB Keyboard
Shodan
Router Keygen
cSploit
Wireless attacks
Wireless scanning
WPA/WPA2 cracking
WPS cracking
Evil AP attack
Mana evil AP
HID attacks
DuckHunter HID attacks
Summary
Questions
Further reading
PCI DSS Scanning and Penetration Testing
PCI DSS v3.2.1 requirement 11.3
Scoping the PCI DSS penetration test
Gathering client requirements
Creating the customer requirements form
Preparing the test plan
The test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Tools for executing the PCI DSS penetration test
Summary
Questions
Further reading
Tools for Penetration Testing Reporting
Technical requirements
Documentation and results verification
Types of reports
The executive report
The management report
The technical report
Network penetration testing report
Preparing your presentation
Post-testing procedures
Using the Dradis framework for penetration testing reporting
Penetration testing reporting tools
Faraday IDE
MagicTree
Summary
Questions
Further reading
Assessments
Chapter 1 – Assessment answers
Chapter 2 – Assessment answers
Chapter 4 – Assessment answers
Chapter 5 – Assessment answers
Chapter 6 – Assessment answers
Chapter 12 – Assessment answers
Chapter 13 – Assessment answers
Chapter 14 – Assessment answers
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-24 18:19:59