Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Published by
Packt Publishing, 2016
- Cover
- Table of Contents
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Credits
- Disclaimer
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Preface
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- 1. Beginning with Kali Linux
- Kali Linux tool categories
- Downloading Kali Linux
- Using Kali Linux
- Configuring the virtual machine
- Updating Kali Linux
- Network services in Kali Linux
- Installing a vulnerable server
- Installing additional weapons
- Summary
- 2. Penetration Testing Methodology
- Vulnerability assessment versus penetration testing
- Security testing methodologies
- General penetration testing framework
- Information gathering
- The ethics
- Summary
- 3. Target Scoping
- Preparing the test plan
- Profiling test boundaries
- Defining business objectives
- Project management and scheduling
- Summary
- 4. Information Gathering
- Using public resources
- Querying the domain registration information
- Analyzing the DNS records
- Getting network routing information
- Utilizing the search engine
- Metagoofil
- Accessing leaked information
- Summary
- 5. Target Discovery
- Identifying the target machine
- OS fingerprinting
- Summary
- 6. Enumerating Target
- Understanding the TCP/IP protocol
- Understanding the TCP and UDP message format
- The network scanner
- Unicornscan
- Zenmap
- Amap
- SMB enumeration
- SNMP enumeration
- VPN enumeration
- Summary
- 7. Vulnerability Mapping
- Vulnerability taxonomy
- Automated vulnerability scanning
- Network vulnerability scanning
- Web application analysis
- Fuzz analysis
- Database assessment tools
- Summary
- 8. Social Engineering
- Attack process
- Attack methods
- Social Engineering Toolkit
- Summary
- 9. Target Exploitation
- Vulnerability and exploit repositories
- Advanced exploitation toolkit
- MSFConsole
- MSFCLI
- Ninja 101 drills
- Writing exploit modules
- Summary
- 10. Privilege Escalation
- Password attack tools
- Network spoofing tools
- Network sniffers
- Summary
- 11. Maintaining Access
- Working with tunneling tools
- Creating web backdoors
- Summary
- 12. Wireless Penetration Testing
- Wireless network recon
- Wireless testing tools
- Post cracking
- Sniffing wireless traffic
- Summary
- 13. Kali Nethunter
- Installing Kali Nethunter
- Nethunter icons
- Nethunter tools
- Third-party applications
- Wireless attacks
- HID attacks
- Summary
- 14. Documentation and Reporting
- Types of reports
- The executive report
- The management report
- The technical report
- Network penetration testing report (sample contents)
- Preparing your presentation
- Post-testing procedures
- Summary
- A. Supplementary Tools
- Web application tools
- Network tool
- Summary
- B. Key Resources
- Paid incentive programs
- Reverse engineering resources
- Penetration testing learning resources
- Exploit development learning resources
- Penetration testing on a vulnerable environment
- Online web application challenges
- Virtual machines and ISO images
- Network ports
- Index
Metagoogil is a tool that utilizes the Google search engine to get metadata from the documents available in the target domain. Currently, it supports the following document types:
- Word document (
.docx,.doc) - Spreadsheet document (
.xlsx,.xls,.ods) - Presentation file (
.pptx,.ppt,.odp) - PDF file (
.pdf)
Metagoogil works by performing the following actions:
- Searching for all of the preceding file types in the target domain using the Google search engine
- Downloading all of the documents found and saving them to the local disk
- Extracting the metadata from the downloaded documents
- Saving the result in an HTML file
The metadata that can be found are as follows:
- Usernames
- Software versions
- Server or machine names
This information can be used later on to help in the penetration testing phase. Metagoofil is not part of the standard Kali Linux v 2.0 distribution. To install, all you need to do is use the apt-get command:
# apt-get install metagoofil
After the installer package has finished, you can access Metagoofil from the command line:
# metagoofil
This will display a simple usage instruction and example on your screen. As an example of Metagoofil usage, we will collect all the DOC and PDF documents (-t, .doc, .pdf) from a target domain (-d hackthissite.org) and save them to a directory named test (-o test). We limit the search for each file type to 20 files (-l 20) and only download five files (-n 5). The report generated will be saved to test.html (-f test.html). We use the following command:
# metagoofil -d example.com -l 20 -t doc,pdf –n 5 -f test.html -o test
The redacted result of this command is as follows:
[-] Starting online search... [-] Searching for doc files, with a limit of 20 Searching 100 results... Results: 5 files found Starting to download 5 of them: ---------------------------------------- [1/5] /webhp?hl=en [x] Error downloading /webhp?hl=en [2/5] /intl/en/ads [x] Error downloading /intl/en/ads [3/5] /services [x] Error downloading /services [4/5] /intl/en/policies/privacy/ [5/5] /intl/en/policies/terms/ [-] Searching for pdf files, with a limit of 20 Searching 100 results... Results: 25 files found Starting to download 5 of them: ---------------------------------------- [1/5] /webhp?hl=en [x] Error downloading /webhp?hl=en [2/5] https://mirror.hackthissite.org/hackthiszine/hackthiszine3.pdf [3/5] https://mirror.hackthissite.org/hackthiszine/hackthiszine12_print.pdf [4/5] https://mirror.hackthissite.org/hackthiszine/hackthiszine12.pdf [5/5] https://mirror.hackthissite.org/hackthiszine/hackthiszine4.pdf processing [+] List of users found: -------------------------- emadison [+] List of software found: ----------------------------- Adobe PDF Library 7.0 Adobe InDesign CS2 (4.0) Acrobat Distiller 8.0.0 (Windows) PScript5.dll Version 5.2.2 [+] List of paths and servers found: --------------------------------------- [+] List of e-mails found: ---------------------------- whooka@gmail.com htsdevs@gmail.com never@guess narc@narc.net kfiralfia@hotmail.com user@localhost user@remotehost. user@remotehost.com security@lists. recipient@provider.com subscribe@lists.hackbloc.org staff@hackbloc.org johndoe@yahoo.com staff@hackbloc.org johndoe@yahoo.com subscribe@lists.hackbloc.org htsdevs@gmail.com hackbloc@gmail.com webmaster@www.ndcp.edu.phpass webmaster@www.ndcp.edu.phwebmaster@www.ndcp.edu.ph [webmaster@ndcp [root@ndcp D[root@ndcp window...[root@ndcp .[root@ndcp goods[root@ndcp liberation_asusual@ya- pjames_e@yahoo.com.au
You can see from the preceding result that we get a lot of information from the documents we have collected, such as the usernames and path information. We can use the obtained usernames to look for patterns in the usernames and for launching a brute force password attack on the usernames. But, be aware that doing a brute force password attack on an account may have the risk of locking the user accounts. The path information can be used to guess the operating system that is used by the target. We got all of this information without going to the domain website ourselves.
Metagoofil is also able to generate information in a report format. The following screenshot shows the generated report in HTML:
In the report generated, we get information about usernames, software version, e-mail addresses, and server information from the target domain.