Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Kali Linux Penetration Testing Bible
Taschenbuch von Gus Khawaja
Sprache: Englisch

41,25 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
Your ultimate guide to pentesting with Kali Linux

Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.

You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.
* Build a modern dockerized environment
* Discover the fundamentals of the bash language in Linux
* Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
* Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
* Apply practical and efficient pentesting workflows
* Learn about Modern Web Application Security Secure SDLC
* Automate your penetration testing with Python
Your ultimate guide to pentesting with Kali Linux

Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.

You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.
* Build a modern dockerized environment
* Discover the fundamentals of the bash language in Linux
* Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
* Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
* Apply practical and efficient pentesting workflows
* Learn about Modern Web Application Security Secure SDLC
* Automate your penetration testing with Python
Über den Autor

Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.

Inhaltsverzeichnis

Introduction xx

Chapter 1 Mastering the Terminal Window 1

Kali Linux File System 2

Terminal Window Basic Commands 3

Tmux Terminal Window 6

Starting Tmux 6

Tmux Key Bindings 7

Tmux Session Management 7

Navigating Inside Tmux 9

Tmux Commands Reference 9

Managing Users and Groups in Kali 10

Users Commands 10

Groups Commands 14

Managing Passwords in Kali 14

Files and Folders Management in Kali Linux 15

Displaying Files and Folders 15

Permissions 16

Manipulating Files in Kali 19

Searching for Files 20

Files Compression 21

Manipulating Directories in Kali 23

Mounting a Directory 23

Managing Text Files in Kali Linux 24

Vim vs. Nano 26

Searching and Filtering Text 27

Remote Connections in Kali 29

Remote Desktop Protocol 29

Secure Shell 30

SSH with Credentials 30

Passwordless SSH 32

Kali Linux System Management 34

Linux Host Information 36

Linux OS Information 36

Linux Hardware Information 36

Managing Running Services 38

Package Management 39

Process Management 41

Networking in Kali Linux 42

Network Interface 42

IPv4 Private Address Ranges 42

Static IP Addressing 43

DNS 45

Established Connections 46

File Transfers 47

Summary 48

Chapter 2 Bash Scripting 49

Basic Bash Scripting 50

Printing to the Screen in Bash 50

Variables 52

Commands Variable 54

Script Parameters 54

User Input 56

Functions 56

Conditions and Loops 57

Conditions 58

Loops 60

File Iteration 61

Summary 63

Chapter 3 Network Hosts Scanning 65

Basics of Networking 65

Networking Protocols 66

TCP 66

UDP 67

Other Networking Protocols 67

IP Addressing 69

IPv4 69

Subnets and CIDR 69

IPv6 70

Port Numbers 71

Network Scanning 72

Identifying Live Hosts 72

Ping 73

ARP 73

Nmap 73

Port Scanning and Services Enumeration 74

TCP Port SYN Scan 75

UDP 75

Basics of Using Nmap Scans 76

Services Enumeration 77

Operating System Fingerprinting 79

Nmap Scripting Engine 80

NSE Category Scan 82

NSE Arguments 84

DNS Enumeration 84

DNS Brute-Force 85

DNS Zone Transfer 86

DNS Subdomains Tools 87

Fierce 87

Summary 88

Chapter 4 Internet Information Gathering 89

Passive Footprinting and Reconnaissance 90

Internet Search Engines 90

Shodan 91

Google Queries 92

Information Gathering Using Kali Linux 94

Whois Database 95

TheHarvester 97

DMitry 99

Maltego 99

Summary 103

Chapter 5 Social Engineering Attacks 105

Spear Phishing Attacks 105

Sending an E-mail 106

The Social Engineer Toolkit 106

Sending an E-mail Using Python 108

Stealing Credentials 109

Payloads and Listeners 110

Bind Shell vs. Reverse Shell 111

Bind Shell 111

Reverse Shell 112

Reverse Shell Using SET 113

Social Engineering with the USB Rubber Ducky 115

A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117

Generating a PowerShell Script 118

Starting a Listener 118

Hosting the PowerShell Script 119

Running PowerShell 120

Download and Execute the PS Script 120

Reverse Shell 121

Replicating the Attack Using the USB Rubber Ducky 122

Summary 122

Chapter 6 Advanced Enumeration Phase 125

Transfer Protocols 126

FTP (Port 21) 126

Exploitation Scenarios for an FTP Server 126

Enumeration Workflow 127

Service Scan 127

Advanced Scripting Scan with Nmap 128

More Brute-Forcing Techniques 129

SSH (Port 22) 130

Exploitation Scenarios for an SSH Server 130

Advanced Scripting Scan with Nmap 131

Brute-Forcing SSH with Hydra 132

Advanced Brute-Forcing Techniques 133

Telnet (Port 23) 134

Exploitation Scenarios for Telnet Server 135

Enumeration Workflow 135

Service Scan 135

Advanced Scripting Scan 136

Brute-Forcing with Hydra 136

E-mail Protocols 136

SMTP (Port 25) 137

Nmap Basic Enumeration 137

Nmap Advanced Enumeration 137

Enumerating Users 138

POP3 (Port 110) and IMAP4 (Port 143) 141

Brute-Forcing POP3 E-mail Accounts 141

Database Protocols 142

Microsoft SQL Server (Port 1433) 142

Oracle Database Server (Port 1521) 143

MySQL (Port 3306) 143

CI/CD Protocols 143

Docker (Port 2375) 144

Jenkins (Port 8080/50000) 145

Brute-Forcing a Web Portal Using Hydra 147

Step 1: Enable a Proxy 148

Step 2: Intercept the Form Request 149

Step 3: Extracting Form Data and Brute-Forcing with Hydra 150

Web Protocols 80/443 151

Graphical Remoting Protocols 152

RDP (Port 3389) 152

RDP Brute-Force 152

VNC (Port 5900) 153

File Sharing Protocols 154

SMB (Port 445) 154

Brute-Forcing SMB 156

SNMP (Port UDP 161) 157

SNMP Enumeration 157

Summary 159

Chapter 7 Exploitation Phase 161

Vulnerabilities Assessment 162

Vulnerability Assessment Workflow 162

Vulnerability Scanning with OpenVAS 164

Installing OpenVAS 164

Scanning with OpenVAS 165

Exploits Research 169

SearchSploit 171

Services Exploitation 173

Exploiting FTP Service 173

FTP Login 173

Remote Code Execution 174

Spawning a Shell 177

Exploiting SSH Service 178

SSH Login 178

Telnet Service Exploitation 179

Telnet Login 179

Sniffing for Cleartext Information 180

E-mail Server Exploitation 183

Docker Exploitation 185

Testing the Docker Connection 185

Creating a New Remote Kali Container 186

Getting a Shell into the Kali Container 187

Docker Host Exploitation 188

Exploiting Jenkins 190

Reverse Shells 193

Using Shells with Metasploit 194

Exploiting the SMB Protocol 196

Connecting to SMB Shares 196

SMB Eternal Blue Exploit 197

Summary 198

Chapter 8 Web Application Vulnerabilities 199

Web Application Vulnerabilities 200

Mutillidae Installation 200

Apache Web Server Installation 200

Firewall Setup 201

Installing PHP 201

Database Installation and Setup 201

Mutillidae Installation 202

Cross-Site Scripting 203

Reflected XSS 203

Stored XSS 204

Exploiting XSS Using the Header 205

Bypassing JavaScript Validation 207

SQL Injection 208

Querying the Database 208

Bypassing the Login Page 211

Execute Database Commands Using SQLi 211

SQL Injection Automation with SQLMap 215

Testing for SQL Injection 216

Command Injection 217

File Inclusion 217

Local File Inclusion 218

Remote File Inclusion 219

Cross-Site Request Forgery 220

The Attacker Scenario 221

The Victim Scenario 222

File Upload 223

Simple File Upload 223

Bypassing Validation 225

Encoding 227

OWASP Top 10 228

Summary 229

Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231

Web Enumeration and Exploitation 231

Burp Suite Pro 232

Web Pentest Using Burp Suite 232

More Enumeration 245

Nmap 246

Crawling 246

Vulnerability Assessment 247

Manual Web Penetration Testing Checklist 247

Common Checklist 248

Special Pages Checklist 248

Secure Software Development Lifecycle 250

Analysis/Architecture Phase 251

Application Threat Modeling 251

Assets 251

Entry Points 252

Third Parties 252

Trust Levels 252

Data Flow Diagram 252

Development Phase 252

Testing Phase 255

Production Environment (Final Deployment) 255

Summary 255

Chapter 10 Linux Privilege Escalation 257

Introduction to Kernel Exploits and Missing Configurations 258

Kernel Exploits 258

Kernel Exploit: Dirty Cow 258

SUID Exploitation 261

Overriding the Passwd Users File 263

CRON Jobs Privilege Escalation 264

CRON Basics 265

Crontab 265

Anacrontab 266

Enumerating and Exploiting CRON 266

sudoers 268

sudo Privilege Escalation 268

Exploiting the Find Command 268

Editing the sudoers File 269

Exploiting Running Services 270

Automated Scripts 270

Summary 271

Chapter 11 Windows Privilege Escalation 273

Windows System Enumeration 273

System Information 274

Windows Architecture 275

Listing the Disk Drives 276

Installed Patches 276

Who Am I? 276

List Users and Groups 277

Networking Information 279

Showing Weak Permissions 282

Listing Installed Programs 283

Listing Tasks and Processes 283

File Transfers 284

Windows Host Destination 284

Linux Host Destination 285

Windows System Exploitation 286

Windows Kernel Exploits 287

Getting the OS Version 287

Find a Matching Exploit 288

Executing the Payload and Getting a Root Shell 289

The Metasploit PrivEsc Magic 289

Exploiting Windows Applications 293

Running As in Windows 295

PSExec Tool 296

Exploiting Services in Windows 297

Interacting with Windows...

Details
Erscheinungsjahr: 2021
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 512 S.
ISBN-13: 9781119719083
ISBN-10: 1119719089
Sprache: Englisch
Herstellernummer: 1W119719080
Einband: Kartoniert / Broschiert
Autor: Khawaja, Gus
Hersteller: Wiley John + Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 233 x 189 x 28 mm
Von/Mit: Gus Khawaja
Erscheinungsdatum: 05.07.2021
Gewicht: 0,954 kg
Artikel-ID: 119590393
Über den Autor

Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.

Inhaltsverzeichnis

Introduction xx

Chapter 1 Mastering the Terminal Window 1

Kali Linux File System 2

Terminal Window Basic Commands 3

Tmux Terminal Window 6

Starting Tmux 6

Tmux Key Bindings 7

Tmux Session Management 7

Navigating Inside Tmux 9

Tmux Commands Reference 9

Managing Users and Groups in Kali 10

Users Commands 10

Groups Commands 14

Managing Passwords in Kali 14

Files and Folders Management in Kali Linux 15

Displaying Files and Folders 15

Permissions 16

Manipulating Files in Kali 19

Searching for Files 20

Files Compression 21

Manipulating Directories in Kali 23

Mounting a Directory 23

Managing Text Files in Kali Linux 24

Vim vs. Nano 26

Searching and Filtering Text 27

Remote Connections in Kali 29

Remote Desktop Protocol 29

Secure Shell 30

SSH with Credentials 30

Passwordless SSH 32

Kali Linux System Management 34

Linux Host Information 36

Linux OS Information 36

Linux Hardware Information 36

Managing Running Services 38

Package Management 39

Process Management 41

Networking in Kali Linux 42

Network Interface 42

IPv4 Private Address Ranges 42

Static IP Addressing 43

DNS 45

Established Connections 46

File Transfers 47

Summary 48

Chapter 2 Bash Scripting 49

Basic Bash Scripting 50

Printing to the Screen in Bash 50

Variables 52

Commands Variable 54

Script Parameters 54

User Input 56

Functions 56

Conditions and Loops 57

Conditions 58

Loops 60

File Iteration 61

Summary 63

Chapter 3 Network Hosts Scanning 65

Basics of Networking 65

Networking Protocols 66

TCP 66

UDP 67

Other Networking Protocols 67

IP Addressing 69

IPv4 69

Subnets and CIDR 69

IPv6 70

Port Numbers 71

Network Scanning 72

Identifying Live Hosts 72

Ping 73

ARP 73

Nmap 73

Port Scanning and Services Enumeration 74

TCP Port SYN Scan 75

UDP 75

Basics of Using Nmap Scans 76

Services Enumeration 77

Operating System Fingerprinting 79

Nmap Scripting Engine 80

NSE Category Scan 82

NSE Arguments 84

DNS Enumeration 84

DNS Brute-Force 85

DNS Zone Transfer 86

DNS Subdomains Tools 87

Fierce 87

Summary 88

Chapter 4 Internet Information Gathering 89

Passive Footprinting and Reconnaissance 90

Internet Search Engines 90

Shodan 91

Google Queries 92

Information Gathering Using Kali Linux 94

Whois Database 95

TheHarvester 97

DMitry 99

Maltego 99

Summary 103

Chapter 5 Social Engineering Attacks 105

Spear Phishing Attacks 105

Sending an E-mail 106

The Social Engineer Toolkit 106

Sending an E-mail Using Python 108

Stealing Credentials 109

Payloads and Listeners 110

Bind Shell vs. Reverse Shell 111

Bind Shell 111

Reverse Shell 112

Reverse Shell Using SET 113

Social Engineering with the USB Rubber Ducky 115

A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117

Generating a PowerShell Script 118

Starting a Listener 118

Hosting the PowerShell Script 119

Running PowerShell 120

Download and Execute the PS Script 120

Reverse Shell 121

Replicating the Attack Using the USB Rubber Ducky 122

Summary 122

Chapter 6 Advanced Enumeration Phase 125

Transfer Protocols 126

FTP (Port 21) 126

Exploitation Scenarios for an FTP Server 126

Enumeration Workflow 127

Service Scan 127

Advanced Scripting Scan with Nmap 128

More Brute-Forcing Techniques 129

SSH (Port 22) 130

Exploitation Scenarios for an SSH Server 130

Advanced Scripting Scan with Nmap 131

Brute-Forcing SSH with Hydra 132

Advanced Brute-Forcing Techniques 133

Telnet (Port 23) 134

Exploitation Scenarios for Telnet Server 135

Enumeration Workflow 135

Service Scan 135

Advanced Scripting Scan 136

Brute-Forcing with Hydra 136

E-mail Protocols 136

SMTP (Port 25) 137

Nmap Basic Enumeration 137

Nmap Advanced Enumeration 137

Enumerating Users 138

POP3 (Port 110) and IMAP4 (Port 143) 141

Brute-Forcing POP3 E-mail Accounts 141

Database Protocols 142

Microsoft SQL Server (Port 1433) 142

Oracle Database Server (Port 1521) 143

MySQL (Port 3306) 143

CI/CD Protocols 143

Docker (Port 2375) 144

Jenkins (Port 8080/50000) 145

Brute-Forcing a Web Portal Using Hydra 147

Step 1: Enable a Proxy 148

Step 2: Intercept the Form Request 149

Step 3: Extracting Form Data and Brute-Forcing with Hydra 150

Web Protocols 80/443 151

Graphical Remoting Protocols 152

RDP (Port 3389) 152

RDP Brute-Force 152

VNC (Port 5900) 153

File Sharing Protocols 154

SMB (Port 445) 154

Brute-Forcing SMB 156

SNMP (Port UDP 161) 157

SNMP Enumeration 157

Summary 159

Chapter 7 Exploitation Phase 161

Vulnerabilities Assessment 162

Vulnerability Assessment Workflow 162

Vulnerability Scanning with OpenVAS 164

Installing OpenVAS 164

Scanning with OpenVAS 165

Exploits Research 169

SearchSploit 171

Services Exploitation 173

Exploiting FTP Service 173

FTP Login 173

Remote Code Execution 174

Spawning a Shell 177

Exploiting SSH Service 178

SSH Login 178

Telnet Service Exploitation 179

Telnet Login 179

Sniffing for Cleartext Information 180

E-mail Server Exploitation 183

Docker Exploitation 185

Testing the Docker Connection 185

Creating a New Remote Kali Container 186

Getting a Shell into the Kali Container 187

Docker Host Exploitation 188

Exploiting Jenkins 190

Reverse Shells 193

Using Shells with Metasploit 194

Exploiting the SMB Protocol 196

Connecting to SMB Shares 196

SMB Eternal Blue Exploit 197

Summary 198

Chapter 8 Web Application Vulnerabilities 199

Web Application Vulnerabilities 200

Mutillidae Installation 200

Apache Web Server Installation 200

Firewall Setup 201

Installing PHP 201

Database Installation and Setup 201

Mutillidae Installation 202

Cross-Site Scripting 203

Reflected XSS 203

Stored XSS 204

Exploiting XSS Using the Header 205

Bypassing JavaScript Validation 207

SQL Injection 208

Querying the Database 208

Bypassing the Login Page 211

Execute Database Commands Using SQLi 211

SQL Injection Automation with SQLMap 215

Testing for SQL Injection 216

Command Injection 217

File Inclusion 217

Local File Inclusion 218

Remote File Inclusion 219

Cross-Site Request Forgery 220

The Attacker Scenario 221

The Victim Scenario 222

File Upload 223

Simple File Upload 223

Bypassing Validation 225

Encoding 227

OWASP Top 10 228

Summary 229

Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231

Web Enumeration and Exploitation 231

Burp Suite Pro 232

Web Pentest Using Burp Suite 232

More Enumeration 245

Nmap 246

Crawling 246

Vulnerability Assessment 247

Manual Web Penetration Testing Checklist 247

Common Checklist 248

Special Pages Checklist 248

Secure Software Development Lifecycle 250

Analysis/Architecture Phase 251

Application Threat Modeling 251

Assets 251

Entry Points 252

Third Parties 252

Trust Levels 252

Data Flow Diagram 252

Development Phase 252

Testing Phase 255

Production Environment (Final Deployment) 255

Summary 255

Chapter 10 Linux Privilege Escalation 257

Introduction to Kernel Exploits and Missing Configurations 258

Kernel Exploits 258

Kernel Exploit: Dirty Cow 258

SUID Exploitation 261

Overriding the Passwd Users File 263

CRON Jobs Privilege Escalation 264

CRON Basics 265

Crontab 265

Anacrontab 266

Enumerating and Exploiting CRON 266

sudoers 268

sudo Privilege Escalation 268

Exploiting the Find Command 268

Editing the sudoers File 269

Exploiting Running Services 270

Automated Scripts 270

Summary 271

Chapter 11 Windows Privilege Escalation 273

Windows System Enumeration 273

System Information 274

Windows Architecture 275

Listing the Disk Drives 276

Installed Patches 276

Who Am I? 276

List Users and Groups 277

Networking Information 279

Showing Weak Permissions 282

Listing Installed Programs 283

Listing Tasks and Processes 283

File Transfers 284

Windows Host Destination 284

Linux Host Destination 285

Windows System Exploitation 286

Windows Kernel Exploits 287

Getting the OS Version 287

Find a Matching Exploit 288

Executing the Payload and Getting a Root Shell 289

The Metasploit PrivEsc Magic 289

Exploiting Windows Applications 293

Running As in Windows 295

PSExec Tool 296

Exploiting Services in Windows 297

Interacting with Windows...

Details
Erscheinungsjahr: 2021
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 512 S.
ISBN-13: 9781119719083
ISBN-10: 1119719089
Sprache: Englisch
Herstellernummer: 1W119719080
Einband: Kartoniert / Broschiert
Autor: Khawaja, Gus
Hersteller: Wiley John + Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 233 x 189 x 28 mm
Von/Mit: Gus Khawaja
Erscheinungsdatum: 05.07.2021
Gewicht: 0,954 kg
Artikel-ID: 119590393
Sicherheitshinweis