Kali Linux - Assuring Security by Penetration Testing -- Table of Contents -- Kali Linux - Assuring Security by Penetration Testing -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Disclaimer -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- I. Lab Preparation and Testing Procedures -- 1. Beginning with Kali Linux -- A brief history of Kali Linux -- Kali Linux tool categories -- Downloading Kali Linux -- Using Kali Linux -- Running Kali using Live DVD -- Installing on a hard disk -- Installing Kali on a physical machine -- Installing Kali on a virtual machine -- Installing Kali on a virtual machine from the ISO image -- Installing Kali in a virtual machine using the provided Kali VM image -- Installing Kali on a USB disk -- Configuring the virtual machine -- VirtualBox guest additions -- Setting up networking -- Setting up a wired connection -- Setting up a wireless connection -- Starting the network service -- Configuring shared folders -- Saving the guest machine state -- Exporting a virtual machine -- Updating Kali Linux -- Network services in Kali Linux -- HTTP -- MySQL -- SSH -- Installing a vulnerable server -- Installing additional weapons -- Installing the Nessus vulnerability scanner -- Installing the Cisco password cracker -- Summary -- 2. Penetration Testing Methodology -- Types of penetration testing -- Black box testing -- White box testing -- Vulnerability assessment versus penetration testing -- Security testing methodologies -- Open Source Security Testing Methodology Manual (OSSTMM) -- Key features and benefits.

Information Systems Security Assessment Framework (ISSAF) -- Key features and benefits -- Open Web Application Security Project (OWASP) -- Key features and benefits -- Web Application Security Consortium Threat Classification (WASC-TC) -- Key features and benefits -- Penetration Testing Execution Standard (PTES) -- Key features and benefits -- General penetration testing framework -- Target scoping -- Information gathering -- Target discovery -- Enumerating target -- Vulnerability mapping -- Social engineering -- Target exploitation -- Privilege escalation -- Maintaining access -- Documentation and reporting -- The ethics -- Summary -- II. Penetration Testers Armory -- 3. Target Scoping -- Gathering client requirements -- Creating the customer requirements form -- The deliverables assessment form -- Preparing the test plan -- The test plan checklist -- Profiling test boundaries -- Defining business objectives -- Project management and scheduling -- Summary -- 4. Information Gathering -- Using public resources -- Querying the domain registration information -- Analyzing the DNS records -- host -- dig -- dnsenum -- dnsdict6 -- fierce -- DMitry -- Maltego -- Getting network routing information -- tcptraceroute -- tctrace -- Utilizing the search engine -- theharvester -- Metagoofil -- Summary -- 5. Target Discovery -- Starting off with target discovery -- Identifying the target machine -- ping -- arping -- fping -- hping3 -- nping -- alive6 -- detect-new-ip6 -- passive_discovery6 -- nbtscan -- OS fingerprinting -- p0f -- Nmap -- Summary -- 6. Enumerating Target -- Introducing port scanning -- Understanding the TCP/IP protocol -- Understanding the TCP and UDP message format -- The network scanner -- Nmap -- Nmap target specification -- Nmap TCP scan options -- Nmap UDP scan options -- Nmap port specification -- Nmap output options -- Nmap timing options.

Nmap useful options -- Service version detection -- Operating system detection -- Disabling host discovery -- Aggressive scan -- Nmap for scanning the IPv6 target -- The Nmap scripting engine -- Nmap options for Firewall/IDS evasion -- Unicornscan -- Zenmap -- Amap -- SMB enumeration -- SNMP enumeration -- onesixtyone -- snmpcheck -- VPN enumeration -- ike-scan -- Summary -- 7. Vulnerability Mapping -- Types of vulnerabilities -- Local vulnerability -- Remote vulnerability -- Vulnerability taxonomy -- Open Vulnerability Assessment System (OpenVAS) -- Tools used by OpenVAS -- Cisco analysis -- Cisco auditing tool -- Cisco global exploiter -- Fuzz analysis -- BED -- JBroFuzz -- SMB analysis -- Impacket Samrdump -- SNMP analysis -- SNMP Walk -- Web application analysis -- Database assessment tools -- DBPwAudit -- SQLMap -- SQL Ninja -- Web application assessment -- Burp Suite -- Nikto2 -- Paros proxy -- W3AF -- WafW00f -- WebScarab -- Summary -- 8. Social Engineering -- Modeling the human psychology -- Attack process -- Attack methods -- Impersonation -- Reciprocation -- Influential authority -- Scarcity -- Social relationship -- Social Engineering Toolkit (SET) -- Targeted phishing attack -- Summary -- 9. Target Exploitation -- Vulnerability research -- Vulnerability and exploit repositories -- Advanced exploitation toolkit -- MSFConsole -- MSFCLI -- Ninja 101 drills -- Scenario 1 -- Scenario 2 -- SNMP community scanner -- VNC blank authentication scanner -- IIS6 WebDAV unicode auth bypass -- Scenario 3 -- Bind shell -- Reverse shell -- Meterpreter -- Scenario 4 -- Generating a binary backdoor -- Automated browser exploitation -- Writing exploit modules -- Summary -- 10. Privilege Escalation -- Privilege escalation using a local exploit -- Password attack tools -- Offline attack tools -- hash-identifier -- Hashcat -- RainbowCrack -- samdump2 -- John.

Johnny -- Ophcrack -- Crunch -- Online attack tools -- CeWL -- Hydra -- Medusa -- Network spoofing tools -- DNSChef -- Setting up a DNS proxy -- Faking a domain -- arpspoof -- Ettercap -- Network sniffers -- dsniff -- tcpdump -- Wireshark -- Summary -- 11. Maintaining Access -- Using operating system backdoors -- Cymothoa -- Intersect -- The meterpreter backdoor -- Working with tunneling tools -- dns2tcp -- iodine -- Configuring the DNS server -- Running the iodine server -- Running the iodine client -- ncat -- proxychains -- ptunnel -- socat -- Getting HTTP header information -- Transferring files -- sslh -- stunnel4 -- Creating web backdoors -- WeBaCoo -- weevely -- PHP meterpreter -- Summary -- 12. Documentation and Reporting -- Documentation and results verification -- Types of reports -- The executive report -- The management report -- The technical report -- Network penetration testing report (sample contents) -- Preparing your presentation -- Post-testing procedures -- Summary -- III. Extra Ammunition -- A. Supplementary Tools -- Reconnaissance tool -- Vulnerability scanner -- NeXpose Community Edition -- Installing NeXpose -- Starting the NeXpose community -- Logging in to the NeXpose community -- Using the NeXpose community -- Web application tools -- Golismero -- Arachni -- BlindElephant -- Network tool -- Netcat -- Open connection -- Service banner grabbing -- Simple chat server -- File transfer -- Portscanning -- Backdoor shell -- Reverse shell -- Summary -- B. Key Resources -- Vulnerability disclosure and tracking -- Paid incentive programs -- Reverse engineering resources -- Penetration testing learning resources -- Exploit development learning resources -- Penetration testing on a vulnerable environment -- Online web application challenges -- Virtual machines and ISO images -- Network ports -- Index.