Hjem

Introduction xx
Chapter 1 Mastering the Terminal Window 1 Kali Linux File System 2 Terminal Window Basic Commands 3 Tmux Terminal Window 6 Starting Tmux 6 Tmux Key Bindings 7 Tmux Session Management 7 Navigating Inside Tmux 9 Tmux Commands Reference 9 Managing Users and Groups in Kali 10 Users Commands 10 Groups Commands 14 Managing Passwords in Kali 14 Files and Folders Management in Kali Linux 15 Displaying Files and Folders 15 Permissions 16 Manipulating Files in Kali 19 Searching for Files 20 Files Compression 21 Manipulating Directories in Kali 23 Mounting a Directory 23 Managing Text Files in Kali Linux 24 Vim vs. Nano 26 Searching and Filtering Text 27 Remote Connections in Kali 29 Remote Desktop Protocol 29 Secure Shell 30 SSH with Credentials 30 Passwordless SSH 32 Kali Linux System Management 34 Linux Host Information 36 Linux OS Information 36 Linux Hardware Information 36 Managing Running Services 38 Package Management 39 Process Management 41 Networking in Kali Linux 42 Network Interface 42 IPv4 Private Address Ranges 42 Static IP Addressing 43 DNS 45 Established Connections 46 File Transfers 47 Summary 48
Chapter 2 Bash Scripting 49 Basic Bash Scripting 50 Printing to the Screen in Bash 50 Variables 52 Commands Variable 54 Script Parameters 54 User Input 56 Functions 56 Conditions and Loops 57 Conditions 58 Loops 60 File Iteration 61 Summary 63
Chapter 3 Network Hosts Scanning 65 Basics of Networking 65 Networking Protocols 66 TCP 66 UDP 67 Other Networking Protocols 67 IP Addressing 69 IPv4 69 Subnets and CIDR 69 IPv6 70 Port Numbers 71 Network Scanning 72 Identifying Live Hosts 72 Ping 73 ARP 73 Nmap 73 Port Scanning and Services Enumeration 74 TCP Port SYN Scan 75 UDP 75 Basics of Using Nmap Scans 76 Services Enumeration 77 Operating System Fingerprinting 79 Nmap Scripting Engine 80 NSE Category Scan 82 NSE Arguments 84 DNS Enumeration 84 DNS Brute-Force 85 DNS Zone Transfer 86 DNS Subdomains Tools 87 Fierce 87 Summary 88
Chapter 4 Internet Information Gathering 89 Passive Footprinting and Reconnaissance 90 Internet Search Engines 90 Shodan 91 Google Queries 92 Information Gathering Using Kali Linux 94 Whois Database 95 TheHarvester 97 DMitry 99 Maltego 99 Summary 103
Chapter 5 Social Engineering Attacks 105 Spear Phishing Attacks 105 Sending an E-mail 106 The Social Engineer Toolkit 106 Sending an E-mail Using Python 108 Stealing Credentials 109 Payloads and Listeners 110 Bind Shell vs. Reverse Shell 111 Bind Shell 111 Reverse Shell 112 Reverse Shell Using SET 113 Social Engineering with the USB Rubber Ducky 115 A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117 Generating a PowerShell Script 118 Starting a Listener 118 Hosting the PowerShell Script 119 Running PowerShell 120 Download and Execute the PS Script 120 Reverse Shell 121 Replicating the Attack Using the USB Rubber Ducky 122 Summary 122
Chapter 6 Advanced Enumeration Phase 125 Transfer Protocols 126 FTP (Port 21) 126 Exploitation Scenarios for an FTP Server 126 Enumeration Workflow 127 Service Scan 127 Advanced Scripting Scan with Nmap 128 More Brute-Forcing Techniques 129 SSH (Port 22) 130 Exploitation Scenarios for an SSH Server 130 Advanced Scripting Scan with Nmap 131 Brute-Forcing SSH with Hydra 132 Advanced Brute-Forcing Techniques 133 Telnet (Port 23) 134 Exploitation Scenarios for Telnet Server 135 Enumeration Workflow 135 Service Scan 135 Advanced Scripting Scan 136 Brute-Forcing with Hydra 136 E-mail Protocols 136 SMTP (Port 25) 137 Nmap Basic Enumeration 137 Nmap Advanced Enumeration 137 Enumerating Users 138 POP3 (Port 110) and IMAP4 (Port 143) 141 Brute-Forcing POP3 E-mail Accounts 141 Database Protocols 142 Microsoft SQL Server (Port 1433) 142 Oracle Database Server (Port 1521) 143 MySQL (Port 3306) 143 CI/CD Protocols 143 Docker (Port 2375) 144 Jenkins (Port 8080/50000) 145 Brute-Forcing a Web Portal Using Hydra 147 Step
1: Enable a Proxy 148 Step
2: Intercept the Form Request 149 Step
3: Extracting Form Data and Brute-Forcing with Hydra 150 Web Protocols 80/443 151 Graphical Remoting Protocols 152 RDP (Port 3389) 152 RDP Brute-Force 152 VNC (Port 5900) 153 File Sharing Protocols 154 SMB (Port 445) 154 Brute-Forcing SMB 156 SNMP (Port UDP 161) 157 SNMP Enumeration 157 Summary 159
Chapter 7 Exploitation Phase 161 Vulnerabilities Assessment 162 Vulnerability Assessment Workflow 162 Vulnerability Scanning with OpenVAS 164 Installing OpenVAS 164 Scanning with OpenVAS 165 Exploits Research 169 SearchSploit 171 Services Exploitation 173 Exploiting FTP Service 173 FTP Login 173 Remote Code Execution 174 Spawning a Shell 177 Exploiting SSH Service 178 SSH Login 178 Telnet Service Exploitation 179 Telnet Login 179 Sniffing for Cleartext Information 180 E-mail Server Exploitation 183 Docker Exploitation 185 Testing the Docker Connection 185 Creating a New Remote Kali Container 186 Getting a Shell into the Kali Container 187 Docker Host Exploitation 188 Exploiting Jenkins 190 Reverse Shells 193 Using Shells with Metasploit 194 Exploiting the SMB Protocol 196 Connecting to SMB Shares 196 SMB Eternal Blue Exploit 197 Summary 198
Chapter 8 Web Application Vulnerabilities 199 Web Application Vulnerabilities 200 Mutillidae Installation 200 Apache Web Server Installation 200 Firewall Setup 201 Installing PHP 201 Database Installation and Setup 201 Mutillidae Installation 202 Cross-Site Scripting 203 Reflected XSS 203 Stored XSS 204 Exploiting XSS Using the Header 205 Bypassing JavaScript Validation 207 SQL Injection 208 Querying the Database 208 Bypassing the Login Page 211 Execute Database Commands Using SQLi 211 SQL Injection Automation with SQLMap 215 Testing for SQL Injection 216 Command Injection 217 File Inclusion 217 Local File Inclusion 218 Remote File Inclusion 219 Cross-Site Request Forgery 220 The Attacker Scenario 221 The Victim Scenario 222 File Upload 223 Simple File Upload 223 Bypassing Validation 225 Encoding 227 OWASP Top 10 228 Summary 229
Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231 Web Enumeration and Exploitation 231 Burp Suite Pro 232 Web Pentest Using Burp Suite 232 More Enumeration 245 Nmap 246 Crawling 246 Vulnerability Assessment 247 Manual Web Penetration Testing Checklist 247 Common Checklist 248 Special Pages Checklist 248 Secure Software Development Lifecycle 250 Analysis/Architecture Phase 251 Application Threat Modeling 251 Assets 251 Entry Points 252 Third Parties 252 Trust Levels 252 Data Flow Diagram 252 Development Phase 252 Testing Phase 255 Production Environment (Final Deployment) 255 Summary 255
Chapter 10 Linux Privilege Escalation 257 Introduction to Kernel Exploits and Missing Configurations 258 Kernel Exploits 258 Kernel Exploit: Dirty Cow 258 SUID Exploitation 261 Overriding the Passwd Users File 263 CRON Jobs Privilege Escalation 264 CRON Basics 265 Crontab 265 Anacrontab 266 Enumerating and Exploiting CRON 266 sudoers 268 sudo Privilege Escalation 268 Exploiting the Find Command 268 Editing the sudoers File 269 Exploiting Running Services 270 Automated Scripts 270 Summary 271
Chapter 11 Windows Privilege Escalation 273 Windows System Enumeration 273 System Information 274 Windows Architecture 275 Listing the Disk Drives 276 Installed Patches 276 Who Am I? 276 List Users and Groups 277 Networking Information 279 Showing Weak Permissions 282 Listing Installed Programs 283 Listing Tasks and Processes 283 File Transfers 284 Windows Host Destination 284 Linux Host Destination 285 Windows System Exploitation 286 Windows Kernel Exploits 287 Getting the OS Version 287 Find a Matching Exploit 288 Executing the Payload and Getting a Root Shell 289 The Metasploit PrivEsc Magic 289 Exploiting Windows Applications 293 Running As in Windows 295 PSExec Tool 296 Exploiting Services in Windows 297 Interacting with Windows Servic