41,25 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.
You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.
* Build a modern dockerized environment
* Discover the fundamentals of the bash language in Linux
* Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
* Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
* Apply practical and efficient pentesting workflows
* Learn about Modern Web Application Security Secure SDLC
* Automate your penetration testing with Python
Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.
You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.
* Build a modern dockerized environment
* Discover the fundamentals of the bash language in Linux
* Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
* Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
* Apply practical and efficient pentesting workflows
* Learn about Modern Web Application Security Secure SDLC
* Automate your penetration testing with Python
Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.
Introduction xx
Chapter 1 Mastering the Terminal Window 1
Kali Linux File System 2
Terminal Window Basic Commands 3
Tmux Terminal Window 6
Starting Tmux 6
Tmux Key Bindings 7
Tmux Session Management 7
Navigating Inside Tmux 9
Tmux Commands Reference 9
Managing Users and Groups in Kali 10
Users Commands 10
Groups Commands 14
Managing Passwords in Kali 14
Files and Folders Management in Kali Linux 15
Displaying Files and Folders 15
Permissions 16
Manipulating Files in Kali 19
Searching for Files 20
Files Compression 21
Manipulating Directories in Kali 23
Mounting a Directory 23
Managing Text Files in Kali Linux 24
Vim vs. Nano 26
Searching and Filtering Text 27
Remote Connections in Kali 29
Remote Desktop Protocol 29
Secure Shell 30
SSH with Credentials 30
Passwordless SSH 32
Kali Linux System Management 34
Linux Host Information 36
Linux OS Information 36
Linux Hardware Information 36
Managing Running Services 38
Package Management 39
Process Management 41
Networking in Kali Linux 42
Network Interface 42
IPv4 Private Address Ranges 42
Static IP Addressing 43
DNS 45
Established Connections 46
File Transfers 47
Summary 48
Chapter 2 Bash Scripting 49
Basic Bash Scripting 50
Printing to the Screen in Bash 50
Variables 52
Commands Variable 54
Script Parameters 54
User Input 56
Functions 56
Conditions and Loops 57
Conditions 58
Loops 60
File Iteration 61
Summary 63
Chapter 3 Network Hosts Scanning 65
Basics of Networking 65
Networking Protocols 66
TCP 66
UDP 67
Other Networking Protocols 67
IP Addressing 69
IPv4 69
Subnets and CIDR 69
IPv6 70
Port Numbers 71
Network Scanning 72
Identifying Live Hosts 72
Ping 73
ARP 73
Nmap 73
Port Scanning and Services Enumeration 74
TCP Port SYN Scan 75
UDP 75
Basics of Using Nmap Scans 76
Services Enumeration 77
Operating System Fingerprinting 79
Nmap Scripting Engine 80
NSE Category Scan 82
NSE Arguments 84
DNS Enumeration 84
DNS Brute-Force 85
DNS Zone Transfer 86
DNS Subdomains Tools 87
Fierce 87
Summary 88
Chapter 4 Internet Information Gathering 89
Passive Footprinting and Reconnaissance 90
Internet Search Engines 90
Shodan 91
Google Queries 92
Information Gathering Using Kali Linux 94
Whois Database 95
TheHarvester 97
DMitry 99
Maltego 99
Summary 103
Chapter 5 Social Engineering Attacks 105
Spear Phishing Attacks 105
Sending an E-mail 106
The Social Engineer Toolkit 106
Sending an E-mail Using Python 108
Stealing Credentials 109
Payloads and Listeners 110
Bind Shell vs. Reverse Shell 111
Bind Shell 111
Reverse Shell 112
Reverse Shell Using SET 113
Social Engineering with the USB Rubber Ducky 115
A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117
Generating a PowerShell Script 118
Starting a Listener 118
Hosting the PowerShell Script 119
Running PowerShell 120
Download and Execute the PS Script 120
Reverse Shell 121
Replicating the Attack Using the USB Rubber Ducky 122
Summary 122
Chapter 6 Advanced Enumeration Phase 125
Transfer Protocols 126
FTP (Port 21) 126
Exploitation Scenarios for an FTP Server 126
Enumeration Workflow 127
Service Scan 127
Advanced Scripting Scan with Nmap 128
More Brute-Forcing Techniques 129
SSH (Port 22) 130
Exploitation Scenarios for an SSH Server 130
Advanced Scripting Scan with Nmap 131
Brute-Forcing SSH with Hydra 132
Advanced Brute-Forcing Techniques 133
Telnet (Port 23) 134
Exploitation Scenarios for Telnet Server 135
Enumeration Workflow 135
Service Scan 135
Advanced Scripting Scan 136
Brute-Forcing with Hydra 136
E-mail Protocols 136
SMTP (Port 25) 137
Nmap Basic Enumeration 137
Nmap Advanced Enumeration 137
Enumerating Users 138
POP3 (Port 110) and IMAP4 (Port 143) 141
Brute-Forcing POP3 E-mail Accounts 141
Database Protocols 142
Microsoft SQL Server (Port 1433) 142
Oracle Database Server (Port 1521) 143
MySQL (Port 3306) 143
CI/CD Protocols 143
Docker (Port 2375) 144
Jenkins (Port 8080/50000) 145
Brute-Forcing a Web Portal Using Hydra 147
Step 1: Enable a Proxy 148
Step 2: Intercept the Form Request 149
Step 3: Extracting Form Data and Brute-Forcing with Hydra 150
Web Protocols 80/443 151
Graphical Remoting Protocols 152
RDP (Port 3389) 152
RDP Brute-Force 152
VNC (Port 5900) 153
File Sharing Protocols 154
SMB (Port 445) 154
Brute-Forcing SMB 156
SNMP (Port UDP 161) 157
SNMP Enumeration 157
Summary 159
Chapter 7 Exploitation Phase 161
Vulnerabilities Assessment 162
Vulnerability Assessment Workflow 162
Vulnerability Scanning with OpenVAS 164
Installing OpenVAS 164
Scanning with OpenVAS 165
Exploits Research 169
SearchSploit 171
Services Exploitation 173
Exploiting FTP Service 173
FTP Login 173
Remote Code Execution 174
Spawning a Shell 177
Exploiting SSH Service 178
SSH Login 178
Telnet Service Exploitation 179
Telnet Login 179
Sniffing for Cleartext Information 180
E-mail Server Exploitation 183
Docker Exploitation 185
Testing the Docker Connection 185
Creating a New Remote Kali Container 186
Getting a Shell into the Kali Container 187
Docker Host Exploitation 188
Exploiting Jenkins 190
Reverse Shells 193
Using Shells with Metasploit 194
Exploiting the SMB Protocol 196
Connecting to SMB Shares 196
SMB Eternal Blue Exploit 197
Summary 198
Chapter 8 Web Application Vulnerabilities 199
Web Application Vulnerabilities 200
Mutillidae Installation 200
Apache Web Server Installation 200
Firewall Setup 201
Installing PHP 201
Database Installation and Setup 201
Mutillidae Installation 202
Cross-Site Scripting 203
Reflected XSS 203
Stored XSS 204
Exploiting XSS Using the Header 205
Bypassing JavaScript Validation 207
SQL Injection 208
Querying the Database 208
Bypassing the Login Page 211
Execute Database Commands Using SQLi 211
SQL Injection Automation with SQLMap 215
Testing for SQL Injection 216
Command Injection 217
File Inclusion 217
Local File Inclusion 218
Remote File Inclusion 219
Cross-Site Request Forgery 220
The Attacker Scenario 221
The Victim Scenario 222
File Upload 223
Simple File Upload 223
Bypassing Validation 225
Encoding 227
OWASP Top 10 228
Summary 229
Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231
Web Enumeration and Exploitation 231
Burp Suite Pro 232
Web Pentest Using Burp Suite 232
More Enumeration 245
Nmap 246
Crawling 246
Vulnerability Assessment 247
Manual Web Penetration Testing Checklist 247
Common Checklist 248
Special Pages Checklist 248
Secure Software Development Lifecycle 250
Analysis/Architecture Phase 251
Application Threat Modeling 251
Assets 251
Entry Points 252
Third Parties 252
Trust Levels 252
Data Flow Diagram 252
Development Phase 252
Testing Phase 255
Production Environment (Final Deployment) 255
Summary 255
Chapter 10 Linux Privilege Escalation 257
Introduction to Kernel Exploits and Missing Configurations 258
Kernel Exploits 258
Kernel Exploit: Dirty Cow 258
SUID Exploitation 261
Overriding the Passwd Users File 263
CRON Jobs Privilege Escalation 264
CRON Basics 265
Crontab 265
Anacrontab 266
Enumerating and Exploiting CRON 266
sudoers 268
sudo Privilege Escalation 268
Exploiting the Find Command 268
Editing the sudoers File 269
Exploiting Running Services 270
Automated Scripts 270
Summary 271
Chapter 11 Windows Privilege Escalation 273
Windows System Enumeration 273
System Information 274
Windows Architecture 275
Listing the Disk Drives 276
Installed Patches 276
Who Am I? 276
List Users and Groups 277
Networking Information 279
Showing Weak Permissions 282
Listing Installed Programs 283
Listing Tasks and Processes 283
File Transfers 284
Windows Host Destination 284
Linux Host Destination 285
Windows System Exploitation 286
Windows Kernel Exploits 287
Getting the OS Version 287
Find a Matching Exploit 288
Executing the Payload and Getting a Root Shell 289
The Metasploit PrivEsc Magic 289
Exploiting Windows Applications 293
Running As in Windows 295
PSExec Tool 296
Exploiting Services in Windows 297
Interacting with Windows...
Erscheinungsjahr: | 2021 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 512 S. |
ISBN-13: | 9781119719083 |
ISBN-10: | 1119719089 |
Sprache: | Englisch |
Herstellernummer: | 1W119719080 |
Einband: | Kartoniert / Broschiert |
Autor: | Khawaja, Gus |
Hersteller: | Wiley John + Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 233 x 189 x 28 mm |
Von/Mit: | Gus Khawaja |
Erscheinungsdatum: | 05.07.2021 |
Gewicht: | 0,954 kg |
Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.
Introduction xx
Chapter 1 Mastering the Terminal Window 1
Kali Linux File System 2
Terminal Window Basic Commands 3
Tmux Terminal Window 6
Starting Tmux 6
Tmux Key Bindings 7
Tmux Session Management 7
Navigating Inside Tmux 9
Tmux Commands Reference 9
Managing Users and Groups in Kali 10
Users Commands 10
Groups Commands 14
Managing Passwords in Kali 14
Files and Folders Management in Kali Linux 15
Displaying Files and Folders 15
Permissions 16
Manipulating Files in Kali 19
Searching for Files 20
Files Compression 21
Manipulating Directories in Kali 23
Mounting a Directory 23
Managing Text Files in Kali Linux 24
Vim vs. Nano 26
Searching and Filtering Text 27
Remote Connections in Kali 29
Remote Desktop Protocol 29
Secure Shell 30
SSH with Credentials 30
Passwordless SSH 32
Kali Linux System Management 34
Linux Host Information 36
Linux OS Information 36
Linux Hardware Information 36
Managing Running Services 38
Package Management 39
Process Management 41
Networking in Kali Linux 42
Network Interface 42
IPv4 Private Address Ranges 42
Static IP Addressing 43
DNS 45
Established Connections 46
File Transfers 47
Summary 48
Chapter 2 Bash Scripting 49
Basic Bash Scripting 50
Printing to the Screen in Bash 50
Variables 52
Commands Variable 54
Script Parameters 54
User Input 56
Functions 56
Conditions and Loops 57
Conditions 58
Loops 60
File Iteration 61
Summary 63
Chapter 3 Network Hosts Scanning 65
Basics of Networking 65
Networking Protocols 66
TCP 66
UDP 67
Other Networking Protocols 67
IP Addressing 69
IPv4 69
Subnets and CIDR 69
IPv6 70
Port Numbers 71
Network Scanning 72
Identifying Live Hosts 72
Ping 73
ARP 73
Nmap 73
Port Scanning and Services Enumeration 74
TCP Port SYN Scan 75
UDP 75
Basics of Using Nmap Scans 76
Services Enumeration 77
Operating System Fingerprinting 79
Nmap Scripting Engine 80
NSE Category Scan 82
NSE Arguments 84
DNS Enumeration 84
DNS Brute-Force 85
DNS Zone Transfer 86
DNS Subdomains Tools 87
Fierce 87
Summary 88
Chapter 4 Internet Information Gathering 89
Passive Footprinting and Reconnaissance 90
Internet Search Engines 90
Shodan 91
Google Queries 92
Information Gathering Using Kali Linux 94
Whois Database 95
TheHarvester 97
DMitry 99
Maltego 99
Summary 103
Chapter 5 Social Engineering Attacks 105
Spear Phishing Attacks 105
Sending an E-mail 106
The Social Engineer Toolkit 106
Sending an E-mail Using Python 108
Stealing Credentials 109
Payloads and Listeners 110
Bind Shell vs. Reverse Shell 111
Bind Shell 111
Reverse Shell 112
Reverse Shell Using SET 113
Social Engineering with the USB Rubber Ducky 115
A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117
Generating a PowerShell Script 118
Starting a Listener 118
Hosting the PowerShell Script 119
Running PowerShell 120
Download and Execute the PS Script 120
Reverse Shell 121
Replicating the Attack Using the USB Rubber Ducky 122
Summary 122
Chapter 6 Advanced Enumeration Phase 125
Transfer Protocols 126
FTP (Port 21) 126
Exploitation Scenarios for an FTP Server 126
Enumeration Workflow 127
Service Scan 127
Advanced Scripting Scan with Nmap 128
More Brute-Forcing Techniques 129
SSH (Port 22) 130
Exploitation Scenarios for an SSH Server 130
Advanced Scripting Scan with Nmap 131
Brute-Forcing SSH with Hydra 132
Advanced Brute-Forcing Techniques 133
Telnet (Port 23) 134
Exploitation Scenarios for Telnet Server 135
Enumeration Workflow 135
Service Scan 135
Advanced Scripting Scan 136
Brute-Forcing with Hydra 136
E-mail Protocols 136
SMTP (Port 25) 137
Nmap Basic Enumeration 137
Nmap Advanced Enumeration 137
Enumerating Users 138
POP3 (Port 110) and IMAP4 (Port 143) 141
Brute-Forcing POP3 E-mail Accounts 141
Database Protocols 142
Microsoft SQL Server (Port 1433) 142
Oracle Database Server (Port 1521) 143
MySQL (Port 3306) 143
CI/CD Protocols 143
Docker (Port 2375) 144
Jenkins (Port 8080/50000) 145
Brute-Forcing a Web Portal Using Hydra 147
Step 1: Enable a Proxy 148
Step 2: Intercept the Form Request 149
Step 3: Extracting Form Data and Brute-Forcing with Hydra 150
Web Protocols 80/443 151
Graphical Remoting Protocols 152
RDP (Port 3389) 152
RDP Brute-Force 152
VNC (Port 5900) 153
File Sharing Protocols 154
SMB (Port 445) 154
Brute-Forcing SMB 156
SNMP (Port UDP 161) 157
SNMP Enumeration 157
Summary 159
Chapter 7 Exploitation Phase 161
Vulnerabilities Assessment 162
Vulnerability Assessment Workflow 162
Vulnerability Scanning with OpenVAS 164
Installing OpenVAS 164
Scanning with OpenVAS 165
Exploits Research 169
SearchSploit 171
Services Exploitation 173
Exploiting FTP Service 173
FTP Login 173
Remote Code Execution 174
Spawning a Shell 177
Exploiting SSH Service 178
SSH Login 178
Telnet Service Exploitation 179
Telnet Login 179
Sniffing for Cleartext Information 180
E-mail Server Exploitation 183
Docker Exploitation 185
Testing the Docker Connection 185
Creating a New Remote Kali Container 186
Getting a Shell into the Kali Container 187
Docker Host Exploitation 188
Exploiting Jenkins 190
Reverse Shells 193
Using Shells with Metasploit 194
Exploiting the SMB Protocol 196
Connecting to SMB Shares 196
SMB Eternal Blue Exploit 197
Summary 198
Chapter 8 Web Application Vulnerabilities 199
Web Application Vulnerabilities 200
Mutillidae Installation 200
Apache Web Server Installation 200
Firewall Setup 201
Installing PHP 201
Database Installation and Setup 201
Mutillidae Installation 202
Cross-Site Scripting 203
Reflected XSS 203
Stored XSS 204
Exploiting XSS Using the Header 205
Bypassing JavaScript Validation 207
SQL Injection 208
Querying the Database 208
Bypassing the Login Page 211
Execute Database Commands Using SQLi 211
SQL Injection Automation with SQLMap 215
Testing for SQL Injection 216
Command Injection 217
File Inclusion 217
Local File Inclusion 218
Remote File Inclusion 219
Cross-Site Request Forgery 220
The Attacker Scenario 221
The Victim Scenario 222
File Upload 223
Simple File Upload 223
Bypassing Validation 225
Encoding 227
OWASP Top 10 228
Summary 229
Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231
Web Enumeration and Exploitation 231
Burp Suite Pro 232
Web Pentest Using Burp Suite 232
More Enumeration 245
Nmap 246
Crawling 246
Vulnerability Assessment 247
Manual Web Penetration Testing Checklist 247
Common Checklist 248
Special Pages Checklist 248
Secure Software Development Lifecycle 250
Analysis/Architecture Phase 251
Application Threat Modeling 251
Assets 251
Entry Points 252
Third Parties 252
Trust Levels 252
Data Flow Diagram 252
Development Phase 252
Testing Phase 255
Production Environment (Final Deployment) 255
Summary 255
Chapter 10 Linux Privilege Escalation 257
Introduction to Kernel Exploits and Missing Configurations 258
Kernel Exploits 258
Kernel Exploit: Dirty Cow 258
SUID Exploitation 261
Overriding the Passwd Users File 263
CRON Jobs Privilege Escalation 264
CRON Basics 265
Crontab 265
Anacrontab 266
Enumerating and Exploiting CRON 266
sudoers 268
sudo Privilege Escalation 268
Exploiting the Find Command 268
Editing the sudoers File 269
Exploiting Running Services 270
Automated Scripts 270
Summary 271
Chapter 11 Windows Privilege Escalation 273
Windows System Enumeration 273
System Information 274
Windows Architecture 275
Listing the Disk Drives 276
Installed Patches 276
Who Am I? 276
List Users and Groups 277
Networking Information 279
Showing Weak Permissions 282
Listing Installed Programs 283
Listing Tasks and Processes 283
File Transfers 284
Windows Host Destination 284
Linux Host Destination 285
Windows System Exploitation 286
Windows Kernel Exploits 287
Getting the OS Version 287
Find a Matching Exploit 288
Executing the Payload and Getting a Root Shell 289
The Metasploit PrivEsc Magic 289
Exploiting Windows Applications 293
Running As in Windows 295
PSExec Tool 296
Exploiting Services in Windows 297
Interacting with Windows...
Erscheinungsjahr: | 2021 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 512 S. |
ISBN-13: | 9781119719083 |
ISBN-10: | 1119719089 |
Sprache: | Englisch |
Herstellernummer: | 1W119719080 |
Einband: | Kartoniert / Broschiert |
Autor: | Khawaja, Gus |
Hersteller: | Wiley John + Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 233 x 189 x 28 mm |
Von/Mit: | Gus Khawaja |
Erscheinungsdatum: | 05.07.2021 |
Gewicht: | 0,954 kg |