Front Cover -- Hacking with Kali -- Copyright Page -- Dedication -- Contents -- 1 Introduction -- Book Overview and Key Learning Points -- Book Audience -- Technical Professionals -- Security Engineers -- Students in Information Security and Information Assurance Programs -- Who This Book Is Not for -- Diagrams, Figures, and Screen Captures -- Welcome -- Penetration Testing Lifecycle -- Terms -- Penetration Testing, Pentesting -- Red Team, Red Teaming -- Ethical Hacking -- White Hat -- Black Hat -- Grey Hat -- Vulnerability Assessment, Vulnerability Analysis -- Security Controls Assessment -- Malicious User Testing, Mal User Testing -- Social Engineering -- Phishing -- Spear Phishing -- Dumpster Diving -- Live CD, Live Disk, or LiveOS -- Kali History -- References -- 2 Download and Install Kali Linux -- Chapter Overview and Key Learning Points -- Kali Linux -- System Information -- Selecting a Hardware Platform for Installation -- Hard Drive Selection -- Partitioning the Hard Drive -- Security During Installation -- Downloading Kali -- Hard Drive Installation -- Booting Kali for the First Time -- Installation-Setting the Defaults -- Installation-Initial Network Setup -- Passwords -- Configuring the System Clock -- Partitioning Disks -- Configure the Package Manager -- Installing the GRUB Loader -- Completing the Installation -- Thumb Drive Installation -- Windows (Nonpersistent) -- Linux (Persistent) -- SD Card Installation -- Summary -- 3 Software, Patches, and Upgrades -- Chapter Overview and Key Learning Points -- APT Package Handling Utility -- Installing Applications or Packages -- Update -- Upgrade -- Distribution Upgrade -- Remove -- Auto Remove -- Purge -- Clean -- Autoclean -- Putting It All Together -- Debian Package Manager -- Install -- Remove -- Checking for Installed Package -- Tarballs -- Creation of a Tarball.

Extracting Files from a Tarball -- Compressing a Tarball -- A Practical Guide to Installing Nessus -- Update and Clean the System Prior to Installing Nessus -- Install and Configure Nessus -- Conclusion -- 4 Configuring Kali Linux -- Chapter Overview and Key Learning Points -- About This Chapter -- The Basics of Networking -- Private Addressing -- Default Gateway -- Name Server -- DHCP -- Basic Subnetting -- Kali Linux Default Settings -- Using the Graphical User Interface to Configure Network Interfaces -- Using the Command Line to Configure Network Interfaces -- Starting and Stopping the Interface -- DHCP from the Command Prompt -- Using the GUI to Configure Wireless Cards -- Connection Name -- Connect Automatically Checkbox -- Wireless Tab -- Service Set Identifier -- Mode -- Basic Service Set Identification -- Device MAC Address -- Cloned MAC Address -- Maximum Transmission Unit -- Wireless Security Tab -- Security Drop Down -- Wired Equivalent Privacy -- Lightweight Extensible Authentication Protocol -- WiFi Protected Access -- Passwords and Keys -- IPv4 Settings Tab -- Save -- Web Server -- Using the GUI to Start, Stop, or Restart the Apache Server -- Starting, Stopping, and Restarting Apache at the Command Prompt -- The Default Web Page -- FTP Server -- SSH Server -- Generate SSH Keys -- Managing the SSH Service from the Kali GUI -- Managing the SSH Server from the Command Line -- Accessing the Remote System -- Configure and Access External Media -- Manually Mounting a Drive -- Updating Kali -- Upgrading Kali -- Adding a Repository Source -- Summary -- 5 Building a Penetration Testing Lab -- Chapter Overview and Key Learning Points -- Before Reading This Chapter: Build a Lab -- Building a Lab on a Dime -- VMWare Player -- VirtualBox -- Installing VirtualBox on Microsoft Windows 7 -- Setting Up a Virtual Attack Platform.

Set Up a Virtual Machine for Kali Linux in VirtualBox -- Metasploitable2 -- Installing Metasploitable2 -- Extending Your Lab -- The Magical Code Injection Rainbow -- Installation of MCIR -- 6 Introduction to the Penetration Test Lifecycle -- Chapter Overview and Key Learning Points -- Introduction to the Lifecycle -- Phase 1: Reconnaissance -- Phase 2: Scanning -- Phase 3: Exploitation -- Phase 4: Maintaining Access -- Phase 5: Reporting -- Summary -- 7 Reconnaissance -- Chapter Overview and Key Learning Points -- Introduction -- Trusted Agents -- Start with the Targets Own Website -- Website Mirroring -- Google Searches -- All These Words -- This Exact Word or Phrase -- Any of These Words -- None of These Words -- Numbers Ranging from -- Language -- Region -- Last Updated -- Site or Domain -- Terms Appearing -- Safe Search -- Reading Level -- File Type -- Usage Rights -- Compiling an Advanced Google Search -- Google Hacking -- Google Hacking Database -- Social Media -- Create a Doppleganger -- Job Sites -- DNS and DNS Attacks -- Query a Name Server -- Zone Transfer -- Reference -- 8 Scanning -- Chapter Overview and Key Learning Points -- Introduction to Scanning -- Understanding Network Traffic -- Understanding Ports and Firewalls -- Understanding IP Protocols -- TCP -- UDP -- ICMP -- PING -- Traceroute -- NMAP the King of Scanners -- The Nmap Command Structure -- Scanning Options -- -sS Stealth Scan -- -sT TCP Connect Scan -- -sU UDP Scan -- -sA -- Timing Templates -- -T0 Paranoid -- -T1 Sneaky -- -T2 Polite -- -T3 Normal -- -T4 Aggressive -- -T5 Insane -- Targeting -- IP Address Ranges -- Scan List -- Selecting Ports -- Output Options -- -oN Normal Output -- -oX Extensible Markup Language (XML) Output -- -oG GREPable Output -- -oS ScRipT Kidd

Configuration -- Configuring a Scan -- Summary -- 9 Exploitation -- Chapter Overview and Key Learning Points -- Introduction -- Exploitation -- Attack Vectors Versus Attack Types -- Local Exploits -- Searching for Local Exploits -- Remote Exploits -- An Overview of Metasploit -- A Brief History -- Professional Versus Express Editions -- Nexpose and Compliance -- Overt Versus Covert -- The Basic Framework -- Exploit Modules -- Auxiliary Modules -- Payloads -- Bind Shells -- Reverse Shells -- Meterpreter Shell -- Listeners -- Shellcode -- Accessing Metasploit -- Startup/Shutdown Service -- Update the Database -- Scanning with Metasploit -- Using Metasploit -- Meterpreter-Session Management -- Actions Inside of a Session -- Access File system -- Command Shell -- Postexploitation Modules -- Web Server and Web Application Exploitation -- OWASP -- Testing Web Applications -- Step 1-Manual Review -- Step 2-Fingerprinting -- NetCat (nc) -- Telnet (telnet) -- SSLScan (sslscan) -- Step 3-Scanning -- Arachni-Web Application Security Scanner Framework -- Using the Arachni Web Application Scanner -- w3af-Web Application Attack and Audit Framework -- Using w3af -- Nikto -- Using Nikto -- Websploit -- Conclusion -- 10 Maintaining Access -- Chapter Overview and Key Learning Points -- Introduction -- Terminology and Core Concepts -- Malware -- Backdoors -- Trojan Horse -- Viruses -- Resident -- Nonresident -- Worms -- Keyloggers -- Botnets -- Colocation -- Remote Communications -- Command and Control -- Backdoors -- Backdoors with Metasploit -- Creating an Executable Binary from a Payload (Unencoded) -- Creating an Executable Binary from a Payload (Encoded) -- Creating an Encoded Trojan Horse -- Set Up a Metasploit Listener -- Persistent Backdoors -- Detectability -- Backdoors for Web Services -- Keyloggers -- Summary -- Reference -- 11 Reports and Templates.

Chapter Overview and Key Learning Points -- Reporting -- Executive Summary -- Engagement Procedure -- Target Architecture and Composition -- Findings -- Recommended Actions -- Conclusion -- Appendices -- Presentation -- Report and Evidence Storage -- Summary -- Appendix A: Tribal Chicken -- Comprehensive Setup and Configuration Guide for Kali Linux 1.0.5 -- Introduction -- Materials List -- Install and Configure Ubuntu -- Install Kali Linux 1.0.5 -- Customize the Interface -- Running Updates -- Building an ISO using Tribal Chicken -- Burning an ISO to a DVD or Blu-Ray Disc -- Testing and Validation (Short Version) -- Appendix B: Kali Penetration Testing Tools -- Index.