Kali Linux Penetration Testing Bible - Gus Khawaja

Blick ins Buch

Kali Linux Penetration Testing Bible (eBook)

Gus Khawaja (Autor)

eBook Download: EPUB

2021
John Wiley & Sons (Verlag)
978-1-119-71907-6 (ISBN)

Lese- und Medienproben

Ebook-Leseprobe (EPUB)

A comprehensive how-to pentest book, using the popular Kali Linux tools

Kali is a popular Linux distribution used by security professionals and is becoming an important tool for daily use and for certifications. Penetration testers need to master Kali's hundreds of tools for pentesting, digital forensics, and reverse engineering. Kali Linux Penetration Testing Bible is a hands-on guide for getting the most from Kali Linux for pentesting. This book is for working cybersecurity professionals in offensive, hands-on roles, including red teamers, white hat hackers, and ethical hackers. Defensive specialists will also find this book valuable, as they need to be familiar with the tools used by attackers.

This is the most comprehensive pentesting book on the market, covering every aspect of the art and science of penetration testing. It covers topics like building a modern Dockerized environment, the basics of bash language in Linux, finding vulnerabilities in different ways, identifying false positives, and practical penetration testing workflows. You'll also learn to automate penetration testing with Python and dive into advanced subjects like buffer overflow, privilege escalation, and beyond.

Gain a thorough understanding of the hundreds of penetration testing tools available in Kali Linux
Master the entire range of techniques for ethical hacking, so you can be more effective in your job and gain coveted certifications
Learn how penetration testing works in practice and fill the gaps in your knowledge to become a pentesting expert
Discover the tools and techniques that hackers use, so you can boost your network's defenses

For established penetration testers, this book fills all the practical gaps, so you have one complete resource that will help you as your career progresses. For newcomers to the field, Kali Linux Penetration Testing Bible is your best guide to how ethical hacking really works.

Your ultimate guide to pentesting with Kali Linux Kali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali s varied library of tools to be effective at their work. The Kali Linux Penetration Testing Bible is the hands-on and methodology guide for pentesting with Kali. You ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you re new to the field or an established pentester, you ll find what you need in this comprehensive guide. Build a modern dockerized environment Discover the fundamentals of the bash language in Linux Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more) Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation Apply practical and efficient pentesting workflows Learn about Modern Web Application Security Secure SDLC Automate your penetration testing with Python

Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.

CHAPTER 1
Mastering the Terminal Window

Kali Linux can be summarized in two simple words: terminal window. If you master your terminal window skills, then you will be one of those elite ethical hackers. In this chapter, you will learn all the essentials of the terminal window so you can start using Kali Linux like a boss.

If you already know how to manage the terminal window, please use this chapter as a reference, or maybe go over it quickly in case there is something new that you haven't learned before. The main goal of this chapter is not only to show you the commands of Kali Linux but to help you deeply understand it through practical examples.

Kali Linux is a Debian‐based operating system developed by Offensive Security, so if you're used to Ubuntu, for example, the commands in the terminal window will look the same since Debian and Kali share an equal distribution.

Here's what this chapter covers:

Kali Linux file system
Terminal window basics
Managing users and groups
Manipulating files and folders
Handling remote connections
Kali Linux system management
Dealing with networking in Kali Linux

Kali Linux File System

Understanding the structure of the file system in Kali Linux is crucial. The directory structure of your Kali OS is based on the Unix Filesystem Hierarchy Standard (FHS), and that's how the directories are structured inside Kali Linux. In Windows, the root directory is C:/ , but in Kali Linux, it's a forward slash ( / ). Do not confuse the term root directory with the root user's home directory, which is /root , because they are two different things; the latter is the home directory for the root user. Speaking about the root user, it's essential to understand that this user is the equivalent to the Administrator user on Windows operating systems. In the Kali 2020.1 release, Offensive Security introduced the nonroot user by default, which means that you'll need to execute the sudo command if you want to run high‐privilege tools.

To get a visual representation of the Kali Linux file system directories, open the terminal window and execute the ls command to list the contents of the root system directory. Take note that by default you will be in the user home directory. To change it, you must execute the cd / command:

kali@kali:~$ cd / kali@kali:/$ ls

bin boot dev etc home initrd.img initrd.img.old lib lib32 lib64 libx32 lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinuz vmlinuz.old

/bin (binaries): This directory holds Linux binaries like the ls command that we executed earlier.
/sbin (system binaries): This directory contains system binary files that serve as administrative commands (e.g., fdisk ).
/ boot : This directory contains the Linux bootloader files.
/ dev (devices): This directory contains the device configuration files (e.g., /dev/null ).
/ sys : This is similar to /dev , which contains configurations about devices and drivers.
/ etc (etcetera): This directory contains all the administration system files (e.g., /etc/passwd shows all the system users in Kali).
/ lib (libraries): This directory contains the shared libraries for the binaries inside /bin and /sbin .
/ proc (processes): This directory holds the processes and kernel information files.
/ lost+found : As the name says, this directory contains the files that have been recovered.
/ mnt (mount): This directory contains the mounted directories (e.g., a remote file share).
/ media : This directory holds the removable media mounted directories (e.g., DVD).
/ opt (option): This directory is used for add‐on software package installation. Also, it is used when installing software by users (e.g., hacking tools that you download from GitHub).
/ tmp (temporary): This is a temporary folder used temporarily; the contents are wiped after each reboot. The tmp folder is a good place to download your tools for privilege escalation once you get a limited shell.
/ usr (user): This directory contains many subdirectories. In fact, /usr/share is a folder that you need to memorize because most of the tools that you use in Kali Linux (e.g., Nmap, Metasploit, etc.) are stored there, and it contains the wordlists dictionary files ( /usr/share/wordlists/ ).
/ home : This is the home for Kali Linux users (e.g., /home/john/ ).
/ root : This is the root user home directory.
/ srv (serve): This folder holds some data related to system server functionalities (e.g., data for FTP servers).
/ var (variable): This folder holds variable data for databases, logs, and websites. For example, /var/www/html/ contains the files for the Apache web server.
/ run (runtime): This directory contains runtime system data (e.g., currently logged‐in users).

Terminal Window Basic Commands

There are lots of common commands that we use as penetration testers on a daily basis. Many of these commands will be listed in the upcoming sections or later in this book. In this section, you will see all the general standard tools that I personally use frequently. You will also learn the basic commands that are identified for general use.

First, to open the terminal window from the desktop, you can use the Ctrl+Alt+T key combination instead of opening the application from its icon using the mouse cursor.

If you want to get help for any command that you want to execute, just append ‐h or ‐ ‐ help to it (some commands require you to use only one of them). For example, if you want to see the different options for the cat command, just type cat ‐‐help in your terminal window to get all the help needed regarding this tool. In the next command ( cat ‐h ), you'll see that the ‐h option does not work for the cat command. Instead, I used the ‐ ‐help option. (The cat command is used frequently to display the contents of a text file in the terminal window.)

kali@kali:~$ cat -h cat: invalid option -- 'h' Try 'cat --help' for more information. kali@kali:~$ cat --help Usage: cat [OPTION]… [FILE]… Concatenate FILE(s) to standard output. With no FILE, or when FILE is -, read standard input. -A, --show-all equivalent to -vET -b, --number-nonblank number nonempty output lines, overrides -n -e equivalent to -vE -E, --show-ends display $ at end of each line -n, --number number all output lines -s, --squeeze-blank suppress repeated empty output lines -t equivalent to -vT -T, --show-tabs display TAB characters as ^I -u (ignored) -v, --show-nonprinting use ^ and M- notation, except for LFD and TAB --help display this help and exit --version output version information and exit Examples: cat f - g Output f's contents, then standard input, then g's contents. cat Copy standard input to standard output. GNU coreutils online help: <https://www.gnu.org/software/coreutils/> Full documentation at: <https://www.gnu.org/software/coreutils/cat> or available locally via: info '(coreutils) cat invocation'

To clear the terminal window text, execute the clear command or press Ctrl+L to get the job done.

To open a new terminal window tab, from your current terminal session press Ctrl+Shift+T.

To complete the input (e.g., a filename or a command name) automatically, I use the Tab key. What if multiple files start with the same text? Then, if you hit Tab twice, the terminal window will display all the options in place. (The best way to understand this chapter is to open the terminal window and practice while reading the instructions.)

Let's look at an example. In my home directory, I have two files, test.sh and test.txt . Once I start typing cat tes , I hit Tab once, and it shows me cat test. . This means I have multiple files with the same name. Then I hit Tab twice, and it shows me the list of files in the current directory. Finally, I can open the desired file, which is test.txt :

root@kali:~# cat test. Test.sh test.txt root@kali:~ cat test.txt test

To stop the execution of any tool while it's running, you can use the Ctrl+C shortcut to stop it.

To exit the terminal window and...

Erscheint lt. Verlag	26.4.2021
Sprache	englisch
Themenwelt	Mathematik / Informatik ► Informatik ► Netzwerke
Schlagworte	Buffer Overflow • Computer Science • Informatik • kali cybersecurity • kali linux cybersecurity • kali linux security • kali penetration testing • Kali pentesting • kali security • Lateral Movement • linux pentesting • modern web application • Networking / Security • network scan • Netzwerke / Sicherheit • Netzwerksicherheit • OSINT • Penetrationstest • privilege escalation • SDLC
ISBN-10	1-119-71907-0 / 1119719070
ISBN-13	978-1-119-71907-6 / 9781119719076

Informationen gemäß Produktsicherheitsverordnung (GPSR)
Haben Sie eine Frage zum Produkt?

EPUB (Adobe DRM)

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.