Kali Linux 2: Windows Penetration Testing

Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers

Wolf Halton . Bo Weaver

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 2.00 USD
 422 p
 File Size
 23,313 KB
 File Type
 PDF format
 2016 Packt Publishing   

About the Author
Wolf Halton is a widely recognized authority on computer and internet security, an Amazon best selling author on computer security, and the CEO of Atlanta Cloud Technology. He specializes in business continuity, security engineering, open source consulting, marketing automation, virtualization and datacenter restructuring, and Linux evangelism. Wolf started hacking Windows in 1993 and loaded Linux for the first time in 2002. Wolf attributes whatever successes he has had to his darling bride, Helen, without whose tireless encouragement he would have never come so far so fast. To contact Wolf, e-mail him at wolf@atlantacloudtech.com.

Bo Weaver is an old-school ponytailed geek who misses the old days of black screens and green text, when mice were only found under the subflooring and monitors only had eight colors. His first involvement with networks was in 1972, while working on an R&D project called ARPANET in the US Navy. Here, he also learned the power of Unix and how to "outsmart" the operating system. In the early days of BBS systems, he helped set up, secure, and maintain these systems in the South. He later worked with many in the industry to set up Internet providers and secured these environments. Bo has been working with and using Linux daily since the 1990s, and he is a promoter of open source (yes, Bo runs on Linux). He has also worked in physical security fields as a private investigator and in executive protection. Bo is now the senior penetration tester for Compliancepoint, an Atlanta-based security consulting company, where he works remotely from under a tree in the North Georgia mountains. Bo is Cherokee and works with Native American youth to help keep their traditions alive and strong. He is also the father of a geek son, Ross, a hacker in his own right, and the grandfather of two grandchildren, Rachel and Austin, who at their young age can Nmap a network. To contact Bo, e-mail him at bo@boweaver.com.

About the Reviewer
Paolo Stagno, aka VoidSec, is a cyber security analyst and security researcher.

He specializes in penetration testing, vulnerability assessment, cybercrime,
and underground intelligence for a wide range of high-profile clients across
top-tier international banks, major companies, and industries using
bleeding-edge technologies in the cyberspace arena.
He has attended various international conferences as a speaker, 
such as DEFCON, BlackHat, and Droidcon.

He is also the leader and founder of the security blog VoidSec (http://voidsec.com). During the last few years, especially in Italy, the underground hacking community died, not for a lack of ideas or skills but because we lost two fundamental requirements: a meeting place and the possibility to share. VoidSec.com intends to give to all hackers a meeting place, where ideas can be shared freely, where the ones who know can share their knowledge with the community and the inexperienced can learn.

Table of Contents
Preface vii
Chapter 1: Sharpening the Saw 1
Installing Kali Linux to an encrypted USB drive 2
Prerequisites for installation 4
Booting Up 4
Installing configuration 5
Setting up the drive 8
Booting your new installation of Kali 19
Running Kali from the live CD 22
Installing and configuring applications 24
Gedit – the Gnome text editor 24
Terminator – the terminal emulator for multitasking 24
EtherApe – the graphical protocol analysis tool 25
Setting up and configuring OpenVAS 26
Reporting the tests 33
KeepNote – the standalone document organizer 34
Dradis – the web-based document organizer 35
Running services on Kali Linux 35
Exploring the Kali Linux Top 10 and more 36
Summary 37
Chapter 2: Information Gathering and Vulnerability Assessment 39
Footprinting the network 39
Exploring the network with Nmap 40
Zenmap 42
The difference verbosity makes 45
Scanning a network range 47
Where can you find instructions on this thing? 54
A return to OpenVAS 59
Using Maltego 65
Using Unicorn-Scan 72
Monitoring resource use with Htop 77
Monkeying around the network 78
Summary 79
Chapter 3: Exploitation Tools (Pwnage) 81
Choosing the appropriate time and tool 81
Choosing the right version of Metasploit 83
Starting Metasploit 84
Creating workspaces to organize your attack 89
Using the hosts and services commands 91
Using advanced footprinting 92
Interpreting the scan and building on the result 97
Exploiting poor patch management 99
Finding out whether anyone is home 103
Using the pivot 104
Mapping the network to pivot 105
Creating the attack path 106
Grabbing system on the target 107
Setting Up the route 109
Exploring the inner network 110
Abusing the Windows NET USE command 114
Adding a Windows user from the command line 114
Summary 121
Chapter 4: Web Application Exploitation 123
Surveying the webscape 123
Concept of Robots.txt 124
Concept of .htaccess 124
Quick solutions to cross-site scripting 127
Reducing buffer overflows 128
Avoiding SQL injection 128
Arm yourself with Armitage 130
Working with a single known host 132
Discovering new machines with NMap 135
Zinging Windows servers with OWASP ZAP 142
Using ZAP as an attack proxy 148
Reading the ZAP interface 153
Search and destroy with Burp Suite 154
Targeting the test subject 156
Using Burp Suite as a Proxy 157
Installing the Burp Suite security certificate 158
Spidering a site with Burp Spider 161
Summary 162
Chapter 5: Sniffing and Spoofing 163
Sniffing and spoofing network traffic 164
Sniffing network traffic 165
Basic sniffing with tcpdump 165
More basic sniffing with WinDump (Windows tcpdump) 173
Packet hunting with Wireshark 180
Dissecting the packet 180
Swimming with Wireshark 185
Spoofing network traffic 191
Ettercap 191
Using Ettercap on the command line 203
Summary 205
Chapter 6: Password Attacks 207
Password attack planning 209
Cracking the NTLM code (Revisited) 209
Password lists 210
Cleaning a password list 211
My friend Johnny 216
John the Ripper (command line) 223
xHydra 226
Adding a tool to the main menu in Kali 2.x 238
Summary 241
Chapter 7: Windows Privilege Escalation 243
Gaining access with Metasploit 243
Replacing the executable 246
Local privilege escalation with a standalone tool 256
Escalating privileges with physical access 261
Robbing the Hives with samdump2 262
Owning the registry with chntpw 265
Weaseling in with Weevely 270
Preparing to use Weevely 271
Creating an agent 272
Testing Weevely locally 272
Testing Weevely on a Windows server 273
Getting help in Weevely 274
Getting the system info 276
Using filesystem commands in Weevely 277
Writing into files 278
Summary 281
Chapter 8: Maintaining Remote Access 283
Maintaining access 283
Covering our tracks 287
Maintaining access with Ncat 288
Phoning Home with Metasploit 292
The Dropbox 303
Cracking the NAC (Network Access Controller) 304
Creating a Spear-Phishing Attack with the Social Engineering Toolkit 307
Using Backdoor-Factory to Evade Antivirus 318
Summary 321
Chapter 9: Reverse Engineering and Stress Testing 323
Setting up a test environment 325
Creating your victim machine(s) 325
Testing your testing environment 325
Reverse engineering theory 326
One general theory of reverse engineering 327
Working with Boolean logic 328
Reviewing a while loop structure 330
Reviewing the for loop structure 332
Understanding the decision points 334
Practicing reverse engineering 335
Demystifying debuggers 336
Using the Valgrind Debugger to discover memory leaks 336
Translating your app to assembler with the EDB-Debugger 337
EDB-Debugger symbol mapper 339
Running OllyDbg 340
Introduction to disassemblers 341
Running JAD 342
Create your own disassembling code with Capstone 344
Some miscellaneous reverse engineering tools 345
Running Radare2 345
Additional members of the Radare2 tool suite 347
Running rasm2 348
Running rahash2 348
Running radiff2 350
Running rafind2 350
Running rax2 351
Stresstesting Windows 352
Dealing with Denial 353
Putting the network under Siege 354
Configuring your Siege engine 355
Summary 357
Chapter 10: Forensics 359
Getting into Digital Forensics 360
Exploring Guymager 360
Starting Kali for Forensics 362
Acquiring a drive to be legal evidence 363
Cloning With Guymager 367
Diving into Autopsy 369
Mounting image files 393
Summary 394
Index 395

e-books shop

Attacks on networks are increasing, and these days, it is not so much whether your network will be breached, but when. The stakes are high, and the training most Windows engineers get is weak in in-depth defense. You have to think like an attacker to know what really needs protection in your network. We are dedicated to your success in protecting your network and the data that your organization runs on. The stakeholders include your customers, whose personal data can be exploited. There is no peace of mind in hoping and praying your network is secure, and hope is not a strategy. Welcome to the fascinating world of network penetration testing with the Kali security platform.
As a working hacker, you need the most compact and complete toolset for the largest proportion of conditions. This book helps you prepare for and conduct network testing, surveillance, infiltration, penetration tests, advanced persistent threat detection, and forensics on the most commonly hacked operating system family on the planet, Microsoft Windows, using the most compact and flexible toolset on the planet—Kali Linux.

What this book covers
Chapter 1, Sharpening the Saw, teaches you the several ways of setting up Kali to perform different tasks. This chapter introduces you to the setup that works best, the documentation tools that we use to make sure that the results of the tests are prepared and presented right, and the details of Linux services you need to use these tools. Most books about Kali set the chapters in the order of the submenus in the Kali Security desktop. We have put all the setup at the beginning to reduce confusion for the first-time Kali users and because some things, such as the documentation tools, must be understood before you start using the other tools. The reason why the title of this chapter is "Sharpening the Saw" is that the skilled craftsman spends a bit more time preparing the tools so the job goes faster.
Chapter 2, Information Gathering and ulnerability Assessment, explains how
understanding the network can make a hacker's life a lot easier. You need to be able
to find your way around your target network and determine known vulnerabilities
to be able to exploit a Windows system remotely. As time goes by, you will discover
that you have memorized many of the most effective Windows exploits, but
vulnerability assessment is a moving target. You will need to keep bringing on new
exploits as time goes by.
Chapter 3, Exploitation Tools (Pwnage), demonstrates how once you have done your
due diligence investigating the network and uncovering several vulnerabilities,
it's time to prove that the vulnerabilities you have found are real and exploitable.
You will learn to use tools to exploit several common Windows vulnerabilities
and guidelines to create and implement new exploits for upcoming Windows
Chapter 4, Web Application Exploitation, tells you that at least 25% of the web servers
on the Internet are Windows based, and a much larger group of intranet servers
are Windows machines. Web access exploits may be some of the easiest to perform,
and here you will find the tools you need to compromise web services (a subset of
exploitation tools).
Chapter 5, Sniffing and Spoofing, explains how network sniffing helps you understand
which users are using services you can exploit and IP spoofing can be used to
poison a system's DNS cache so that all their traffic is sent to a man in the middle
(your designated host, for instance) as well as being an integral part of most e-mail
phishing schemes. Sniffing and spoofing are often used against the Windows
endpoints in the network, and you need to understand the techniques that the bad
guys are going to be using.
Chapter 6, Password Attacks, warns you that your Windows security is only as strong
as the weakest link in the chain. Passwords are often that weak link. Password
attacks can be used in concert with other approaches to break into and own a
Windows network.
Chapter 7, Windows Privilege Escalation, asks the question of what happens if you
have some access at a lower level but want to have administrative privileges on
your compromised Windows server. There are a few cool ways to get administrative
privileges on a Windows server or workstation when you have some lower-level
access. This is a great advantage when you want to install backdoors and malware
services on a target Windows machine.
Chapter 8, Maintaining Access, explores the possibility of how once you have cracked
a machine or a network, you may want to maintain access to it. This chapter covers
some devious ways of maintaining access and control of a Windows machine after
you have gained access through the techniques you learned in the previous chapters.
Chapter 9, Reverse Engineering and Stress Testing, is about voiding your warranty for
fun and profit. There are many respectable reasons to reverse engineer a Windows
component, service, or program, and Kali has tools to help you do that. This chapter
also covers stress testing your Windows server or application. This is a great idea if
you want to discover how much DDoS will turn your server belly-up. This chapter is
the beginning of how to develop an anti-fragile, self-healing Windows network.
Chapter 10, Forensics, explains how forensic research is required to help you
understand how one of your Windows devices was compromised. This chapter
introduces you to Kali Linux forensic tools. Forensic research could be employed
to deal with a damaged hardware component or to find or recover corrupted
applications or data files.

What you need for this book
1. An Internet-connected computer/laptop for your Kali attack platform.
2. A workstation with a minimum of 8 GB of RAM. An Ubuntu or Debian base
OS is recommended.
3. The Kali Linux ISO that matches your workstation architecture (32 or 64 bit).
Download it from http://kali.org.
4. Oracle VirtualBox for your workstation to create VMs for Windows and Kali
Linux machines.
5. (Suggested) Several test machines to set up in your test network.
6. Licenses for Windows 7, Windows 8 (8.1), Windows 10, Windows Server
2008, and Windows Server 2012. You can get evaluation copies of all of these
except Windows 7 from Microsoft's website (https://www.microsoft.com/en-us/evalcenter/).

Who this book is for
This book is a set of reminders for the working ethical hacker and a guidebook to
the Kali Linux toolkit for network analysts who are improving their value to the
enterprise by adding offense to their security analyst defense. You ideally are a
network engineer with a good grasp of networking concepts and operating systems.
If the network security engineer title is no longer large enough to fit your skill set,
this book can increase your skills even more.
To get the most out of this book, you need to have:
• Curiosity about how systems fail and how they can be protected
• Advanced experience with Linux operating systems and the bash terminal emulator
• Advanced experience with the Windows desktop and command line
If you are an absolute beginner, you may find this book too challenging for you.
You need to consider getting the Kali Linux Cookbook by Pritchett and de Smet. If you
are a script kiddie looking for cheap exploits so you can brag to your friends on the
Interwebs, this book could help you get your first, best, real job, or your first felony
conviction—choose wisely.
DMCA.com Protection Status