28,99 €

inkl. MwSt.
Sofort lieferbar
14 °P sammeln
    Broschiertes Buch

Your ultimate guide to pentesting with Kali LinuxKali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester,…mehr

Your ultimate guide to pentesting with Kali LinuxKali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali's varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali.You'll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you're new to the field or an established pentester, you'll find what you need in this comprehensive guide.* Build a modern dockerized environment* Discover the fundamentals of the bash language in Linux* Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)* Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation* Apply practical and efficient pentesting workflows* Learn about Modern Web Application Security Secure SDLC* Automate your penetration testing with Python
  • Produktdetails
  • Verlag: Wiley / Wiley & Sons
  • Artikelnr. des Verlages: 1W119719080
  • 1. Auflage
  • Erscheinungstermin: 5. Juli 2021
  • Englisch
  • Abmessung: 233mm x 189mm x 28mm
  • Gewicht: 814g
  • ISBN-13: 9781119719083
  • ISBN-10: 1119719089
  • Artikelnr.: 60977656
Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.
Introduction xxChapter 1 Mastering the Terminal Window 1Kali Linux File System 2Terminal Window Basic Commands 3Tmux Terminal Window 6Starting Tmux 6Tmux Key Bindings 7Tmux Session Management 7Navigating Inside Tmux 9Tmux Commands Reference 9Managing Users and Groups in Kali 10Users Commands 10Groups Commands 14Managing Passwords in Kali 14Files and Folders Management in Kali Linux 15Displaying Files and Folders 15Permissions 16Manipulating Files in Kali 19Searching for Files 20Files Compression 21Manipulating Directories in Kali 23Mounting a Directory 23Managing Text Files in Kali Linux 24Vim vs. Nano 26Searching and Filtering Text 27Remote Connections in Kali 29Remote Desktop Protocol 29Secure Shell 30SSH with Credentials 30Passwordless SSH 32Kali Linux System Management 34Linux Host Information 36Linux OS Information 36Linux Hardware Information 36Managing Running Services 38Package Management 39Process Management 41Networking in Kali Linux 42Network Interface 42IPv4 Private Address Ranges 42Static IP Addressing 43DNS 45Established Connections 46File Transfers 47Summary 48Chapter 2 Bash Scripting 49Basic Bash Scripting 50Printing to the Screen in Bash 50Variables 52Commands Variable 54Script Parameters 54User Input 56Functions 56Conditions and Loops 57Conditions 58Loops 60File Iteration 61Summary 63Chapter 3 Network Hosts Scanning 65Basics of Networking 65Networking Protocols 66TCP 66UDP 67Other Networking Protocols 67IP Addressing 69IPv4 69Subnets and CIDR 69IPv6 70Port Numbers 71Network Scanning 72Identifying Live Hosts 72Ping 73ARP 73Nmap 73Port Scanning and Services Enumeration 74TCP Port SYN Scan 75UDP 75Basics of Using Nmap Scans 76Services Enumeration 77Operating System Fingerprinting 79Nmap Scripting Engine 80NSE Category Scan 82NSE Arguments 84DNS Enumeration 84DNS Brute-Force 85DNS Zone Transfer 86DNS Subdomains Tools 87Fierce 87Summary 88Chapter 4 Internet Information Gathering 89Passive Footprinting and Reconnaissance 90Internet Search Engines 90Shodan 91Google Queries 92Information Gathering Using Kali Linux 94Whois Database 95TheHarvester 97DMitry 99Maltego 99Summary 103Chapter 5 Social Engineering Attacks 105Spear Phishing Attacks 105Sending an E-mail 106The Social Engineer Toolkit 106Sending an E-mail Using Python 108Stealing Credentials 109Payloads and Listeners 110Bind Shell vs. Reverse Shell 111Bind Shell 111Reverse Shell 112Reverse Shell Using SET 113Social Engineering with the USB Rubber Ducky 115A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117Generating a PowerShell Script 118Starting a Listener 118Hosting the PowerShell Script 119Running PowerShell 120Download and Execute the PS Script 120Reverse Shell 121Replicating the Attack Using the USB Rubber Ducky 122Summary 122Chapter 6 Advanced Enumeration Phase 125Transfer Protocols 126FTP (Port 21) 126Exploitation Scenarios for an FTP Server 126Enumeration Workflow 127Service Scan 127Advanced Scripting Scan with Nmap 128More Brute-Forcing Techniques 129SSH (Port 22) 130Exploitation Scenarios for an SSH Server 130Advanced Scripting Scan with Nmap 131Brute-Forcing SSH with Hydra 132Advanced Brute-Forcing Techniques 133Telnet (Port 23) 134Exploitation Scenarios for Telnet Server 135Enumeration Workflow 135Service Scan 135Advanced Scripting Scan 136Brute-Forcing with Hydra 136E-mail Protocols 136SMTP (Port 25) 137Nmap Basic Enumeration 137Nmap Advanced Enumeration 137Enumerating Users 138POP3 (Port 110) and IMAP4 (Port 143) 141Brute-Forcing POP3 E-mail Accounts 141Database Protocols 142Microsoft SQL Server (Port 1433) 142Oracle Database Server (Port 1521) 143MySQL (Port 3306) 143CI/CD Protocols 143Docker (Port 2375) 144Jenkins (Port 8080/50000) 145Brute-Forcing a Web Portal Using Hydra 147Step 1: Enable a Proxy 148Step 2: Intercept the Form Request 149Step 3: Extracting Form Data and Brute-Forcing with Hydra 150Web Protocols 80/443 151Graphical Remoting Protocols 152RDP (Port 3389) 152RDP Brute-Force 152VNC (Port 5900) 153File Sharing Protocols 154SMB (Port 445) 154Brute-Forcing SMB 156SNMP (Port UDP 161) 157SNMP Enumeration 157Summary 159Chapter 7 Exploitation Phase 161Vulnerabilities Assessment 162Vulnerability Assessment Workflow 162Vulnerability Scanning with OpenVAS 164Installing OpenVAS 164Scanning with OpenVAS 165Exploits Research 169SearchSploit 171Services Exploitation 173Exploiting FTP Service 173FTP Login 173Remote Code Execution 174Spawning a Shell 177Exploiting SSH Service 178SSH Login 178Telnet Service Exploitation 179Telnet Login 179Sniffing for Cleartext Information 180E-mail Server Exploitation 183Docker Exploitation 185Testing the Docker Connection 185Creating a New Remote Kali Container 186Getting a Shell into the Kali Container 187Docker Host Exploitation 188Exploiting Jenkins 190Reverse Shells 193Using Shells with Metasploit 194Exploiting the SMB Protocol 196Connecting to SMB Shares 196SMB Eternal Blue Exploit 197Summary 198Chapter 8 Web Application Vulnerabilities 199Web Application Vulnerabilities 200Mutillidae Installation 200Apache Web Server Installation 200Firewall Setup 201Installing PHP 201Database Installation and Setup 201Mutillidae Installation 202Cross-Site Scripting 203Reflected XSS 203Stored XSS 204Exploiting XSS Using the Header 205Bypassing JavaScript Validation 207SQL Injection 208Querying the Database 208Bypassing the Login Page 211Execute Database Commands Using SQLi 211SQL Injection Automation with SQLMap 215Testing for SQL Injection 216Command Injection 217File Inclusion 217Local File Inclusion 218Remote File Inclusion 219Cross-Site Request Forgery 220The Attacker Scenario 221The Victim Scenario 222File Upload 223Simple File Upload 223Bypassing Validation 225Encoding 227OWASP Top 10 228Summary 229Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231Web Enumeration and Exploitation 231Burp Suite Pro 232Web Pentest Using Burp Suite 232More Enumeration 245Nmap 246Crawling 246Vulnerability Assessment 247Manual Web Penetration Testing Checklist 247Common Checklist 248Special Pages Checklist 248Secure Software Development Lifecycle 250Analysis/Architecture Phase 251Application Threat Modeling 251Assets 251Entry Points 252Third Parties 252Trust Levels 252Data Flow Diagram 252Development Phase 252Testing Phase 255Production Environment (Final Deployment) 255Summary 255Chapter 10 Linux Privilege Escalation 257Introduction to Kernel Exploits and Missing Configurations 258Kernel Exploits 258Kernel Exploit: Dirty Cow 258SUID Exploitation 261Overriding the Passwd Users File 263CRON Jobs Privilege Escalation 264CRON Basics 265Crontab 265Anacrontab 266Enumerating and Exploiting CRON 266sudoers 268sudo Privilege Escalation 268Exploiting the Find Command 268Editing the sudoers File 269Exploiting Running Services 270Automated Scripts 270Summary 271Chapter 11 Windows Privilege Escalation 273Windows System Enumeration 273System Information 274Windows Architecture 275Listing the Disk Drives 276Installed Patches 276Who Am I? 276List Users and Groups 277Networking Information 279Showing Weak Permissions 282Listing Installed Programs 283Listing Tasks and Processes 283File Transfers 284Windows Host Destination 284Linux Host Destination 285Windows System Exploitation 286Windows Kernel Exploits 287Getting the OS Version 287Find a Matching Exploit 288Executing the Payload and Getting a Root Shell 289The Metasploit PrivEsc Magic 289Exploiting Windows Applications 293Running As in Windows 295PSExec Tool 296Exploiting Services in Windows 297Interacting with Windows Services 297Misconfigured Service Permissions 297Overriding the Service Executable 299Unquoted Service Path 299Weak Registry Permissions 301Exploiting the Scheduled Tasks 302Windows PrivEsc Automated Tools 302PowerUp 302WinPEAS 303Summary 304Chapter 12 Pivoting and Lateral Movement 305Dumping Windows Hashes 306Windows NTLM Hashes 306SAM File and Hash Dump 307Using the Hash 308Mimikatz 308Dumping Active Directory Hashes 310Reusing Passwords and Hashes 310Pass the Hash 311Pivoting with Port Redirection 312Port Forwarding Concepts 312SSH Tunneling and Local Port Forwarding 314Remote Port Forwarding Using SSH 315Dynamic Port Forwarding 316Dynamic Port Forwarding Using SSH 316Summary 317Chapter 13 Cryptography and Hash Cracking 319Basics of Cryptography 319Hashing Basics 320One-Way Hash Function 320Hashing Scenarios 321Hashing Algorithms 321Message Digest 5 321Secure Hash Algorithm 323Hashing Passwords 323Securing Passwords with Hash 324Hash-Based Message Authenticated Code 325Encryption Basics 326Symmetric Encryption 326Advanced Encryption Standard 326Asymmetric Encryption 328Rivest Shamir Adleman 329Cracking Secrets with Hashcat 331Benchmark Testing 332Cracking Hashes in Action 334Attack Modes 336Straight Mode 336Combinator 337Mask and Brute-Force Attacks 339Brute-Force Attack 342Hybrid Attacks 342Cracking Workflow 343Summary 344Chapter 14 Reporting 345Overview of Reports in Penetration Testing 345Scoring Severities 346Common Vulnerability Scoring System Version 3.1 346Report Presentation 349Cover Page 350History Logs 350Report Summary 350Vulnerabilities Section 350Summary 351Chapter 15 Assembly Language and Reverse Engineering 353CPU Registers 353General CPU Registers 354Index Registers 355Pointer Registers 355Segment Registers 355Flag Registers 357Assembly Instructions 358Little Endian 360Data Types 360Memory Segments 361Addressing Modes 361Reverse Engineering Example 361Visual Studio Code for C/C++ 362Immunity Debugger for Reverse Engineering 363Summary 368Chapter 16 Buffer/Stack Overflow 369Basics of Stack Overflow 369Stack Overview 370PUSH Instruction 370POP Instruction 371C Program Example 371Buffer Analysis with Immunity Debugger 372Stack Overflow 376Stack Overflow Mechanism 377Stack Overflow Exploitation 378Lab Overview 379Vulnerable Application 379Phase 1: Testing 379Testing the Happy Path 379Testing the Crash 381Phase 2: Buffer Size 382Pattern Creation 382Offset Location 382Phase 3: Controlling EIP 383Adding the JMP Instruction 384Phase 4: Injecting the Payload and Getting a Remote Shell 386Payload Generation 386Bad Characters 386Shellcode Python Script 387Summary 388Chapter 17 Programming with Python 389Basics of Python 389Running Python Scripts 390Debugging Python Scripts 391Installing VS Code on Kali 391Practicing Python 392Python Basic Syntaxes 393Python Shebang 393Comments in Python 393Line Indentation and Importing Modules 394Input and Output 394Printing CLI Arguments 395Variables 395Numbers 395Arithmetic Operators 397Strings 397String Formatting 397String Functions 398Lists 399Reading Values in a List 399Updating List Items 399Removing a list item 400Tuples 400Dictionary 400More Techniques in Python 400Functions 400Returning Values 401Optional Arguments 401Global Variables 402Changing Global Variables 402Conditions 403if/else Statement 403Comparison Operators 403Loop Iterations 404while Loop 404for Loop 405Managing Files 406Exception Handling 407Text Escape Characters 407Custom Objects in Python 408Summary 409Chapter 18 Pentest Automation with Python 411Penetration Test Robot 411Application Workflow 412Python Packages 414Application Start 414Input Validation 415Code Refactoring 417Scanning for Live Hosts 418Ports and Services Scanning 420Attacking Credentials and Saving the Results 423Summary 426Appendix A Kali Linux Desktop at a Glance 427Downloading and Running a VM of Kali Linux 428Virtual Machine First Boot 428Kali Xfce Desktop 429Kali Xfce Menu 430Search Bar 430Favorites Menu Item 430Usual Applications 432Other Menu Items 433Kali Xfce Settings Manager 433Advanced Network Configuration 435Appearance 436Desktop 439Display 441File Manager 442Keyboard 445MIME Type Editor 447Mouse and Touchpad 448Panel 449Workspaces 450Window Manager 451Practical Example of Desktop Customization 454Edit the Top Panel 454Adding a New Bottom Panel 454Changing the Desktop Look 457Installing Kali Linux from Scratch 458Summary 466Appendix B Building a Lab Environment Using Docker 467Docker Technology 468Docker Basics 468Docker Installation 468Images and Registries 469Containers 470Dockerfile 472Volumes 472Networking 473Mutillidae Docker Container 474Summary 475Index 477