Mastering Kali Linux for Advanced Penetration Testing -- Table of Contents -- Mastering Kali Linux for Advanced Penetration Testing -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers, and more -- Why subscribe? -- Free access for Packt account holders -- Preface -- The "Kill Chain" approach to penetration testing -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- Disclaimer -- 1. The Attacker's Kill Chain -- 1. Starting with Kali Linux -- Kali Linux -- Configuring network services and secure communications -- Adjusting network proxy settings -- Securing communications with Secure Shell -- Updating Kali Linux -- The Debian package management system -- Packages and repositories -- Dpkg -- Using Advanced Packaging Tools -- Configuring and customizing Kali Linux -- Resetting the root password -- Adding a non-root user -- Speeding up Kali operations -- Sharing folders with Microsoft Windows -- Creating an encrypted folder with TrueCrypt -- Managing third-party applications -- Installing third-party applications -- Running third-party applications with non-root privileges -- Effective management of penetration tests -- Summary -- 2. Identifying the Target - Passive Reconnaissance -- Basic principles of reconnaissance -- Open Source intelligence -- DNS reconnaissance and route mapping -- WHOIS -- DNS reconnaissance -- IPv4 -- IPv6 -- Mapping the route to the target -- Obtaining user information -- Gathering names and e-mail addresses -- Gathering document metadata -- Profiling users for password lists -- Summary -- 3. Active Reconnaissance and Vulnerability Scanning -- Stealth scanning strategies -- Adjusting source IP stack and tool identification settings.

Modifying packet parameters -- Using proxies with anonymity networks (Tor and Privoxy) -- Identifying the network infrastructure -- Enumerating hosts -- Live host discovery -- Port, operating system, and service discovery -- Port scanning -- Fingerprinting the operating system -- Determining active services -- Employing comprehensive reconnaissance applications -- nmap -- The recon-ng framework -- Maltego -- Vulnerability scanning -- Summary -- 4. Exploit -- Threat modeling -- Using online and local vulnerability resources -- The Metasploit Framework -- Exploiting a vulnerable application -- Exploiting multiple targets with Armitage -- Team testing with Armitage -- Scripting the Armitage attack -- Bypassing IDs and antivirus detection -- Summary -- 5. Post Exploit - Action on the Objective -- Bypassing Windows User Account Control -- Conducting a rapid reconnaissance of a compromised system -- Using the WMIC scripting language -- Finding and taking sensitive data - pillaging the target -- Creating additional accounts -- Using Metasploit for post-exploit activities -- Escalating user privileges on a compromised host -- Replaying authentication tokens using incognito -- Manipulating access credentials with Windows Credential Editor -- Escalating from Administrator to SYSTEM -- Accessing new accounts with horizontal escalation -- Covering your tracks -- Summary -- 6. Post Exploit - Persistence -- Compromising the existing system and application files for remote access -- Remotely enabling the Telnet service -- Remotely enabling Windows Terminal Services -- Remotely enabling Virtual Network Computing -- Using persistent agents -- Employing Netcat as a persistent agent -- Maintaining persistence with the Metasploit Framework -- Using the metsvc script -- Using the persistence script -- Creating a standalone persistent agent with Metasploit.

Redirecting ports to bypass network controls -- Example 1 - simple port redirection -- Example 2 - bidirectional port redirection -- Summary -- 2. The Delivery Phase -- 7. Physical Attacks and Social Engineering -- Social Engineering Toolkit -- Spear Phishing Attack -- Using a website attack vector - Java Applet Attack Method -- Using a website attack vector - Credential Harvester Attack Method -- Using a website attack vector - Tabnabbing Attack Method -- Using a website attack vector - Multi-Attack Web Method -- Using the PowerShell alphanumeric shellcode injection attack -- Hiding executables and obfuscating the attacker's URL -- Escalating an attack using DNS redirection -- Physical access and hostile devices -- Raspberry Pi attack vectors -- Summary -- 8. Exploiting Wireless Communications -- Configuring Kali for wireless attacks -- Wireless reconnaissance -- Kismet -- Bypassing a Hidden Service Set Identifier -- Bypassing the MAC address authentication -- Compromising a WEP encryption -- Attacking WPA and WPA2 -- Brute-force attacks -- Attacking wireless routers with Reaver -- Cloning an access point -- Denial-of-service attacks -- Summary -- 9. Reconnaissance and Exploitation of Web-based Applications -- Conducting reconnaissance of websites -- Vulnerability scanners -- Extending the functionality of traditional vulnerability scanners -- Extending the functionality of web browsers -- Web-service-specific vulnerability scanners -- Testing security with client-side proxies -- Server exploits -- Application-specific attacks -- Brute-forcing access credentials -- Injection attacks against databases -- Maintaining access with web backdoors -- Summary -- 10. Exploiting Remote Access Communications -- Exploiting operating system communication protocols -- Compromising Remote Desktop Protocol -- Compromising Secure Shell.

Exploiting third-party remote access applications -- Attacking Secure Sockets Layer -- Configuring Kali for SSLv2 scanning -- Reconnaissance of SSL connections -- Using sslstrip to conduct a man-in-the-middle attack -- Denial-of-service attacks against SSL -- Attacking an IPSec Virtual Private Network -- Scanning for VPN gateways -- Fingerprinting the VPN gateway -- Capturing pre-shared keys -- Performing offline PSK cracking -- Identifying default user accounts -- Summary -- 11. Client-side Exploitation -- Attacking a system using hostile scripts -- Conducting attacks using VBScript -- Attacking systems using Windows PowerShell -- The Cross-Site Scripting Framework -- The Brower Exploitation Framework - BeEF -- Installing and configuring the Browser Exploitation Framework -- A walkthrough of the BeEF browser -- Integrating BeEF and Metasploit attacks -- Using BeEF as a tunneling proxy -- Summary -- A. Installing Kali Linux -- Downloading Kali Linux -- Basic Installation of Kali Linux -- Installing Kali Linux to a virtual machine -- Full disk encryption and nuking the master key -- Setting up a test environment -- Vulnerable operating systems and applications -- Index.