Showing posts with label Kali Linux. Show all posts

Computational Techniques for Resolving Security Issues

Sanjib Sinha


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 426 p
 File Size
 8,196 KB
 File Type
 PDF format
 ISBN-13 (electronic) 
 ISBN-13 (pbk)
 978-1-4842-3891-2
 978-1-4842-3890-5
 Copyright   
 2018 by Sanjib Sinha  

About the Author
Sanjib Sinha is a certified .NET Windows and
web developer, specializing in Python, security
programming, and PHP; he won Microsoft’s
Community Contributor Award in 2011.
Sanjib Sinha has also written Beginning Ethical
Hacking with Python and Beginning Laravel for Apress.

About the Technical Reviewer
Vaibhav Chavan holds a certification in ethical hacking and has worked
as a security analyst in the IT world as well as in the banking, insurance,
and e-commerce industries. He now works as a security analyst in Mumbai
and has more than five years of experience in the IT industry. He has
hands-on experience in Kali Linux and other tools such as the Metasploit
Framework, Burp Suite, Nessus, and more.

Introduction
You can get started in white-hat ethical hacking using Kali Linux, and this
book starts you on that road by giving you an overview of security trends,
where you will learn about the OSI security architecture. This will form the
foundation for the rest of Beginning Ethical Hacking with Kali Linux.
With the theory out of the way, you’ll move on to an introduction to
VirtualBox, networking terminologies, and common Linux commands,
followed by the step-by-step procedures to build your own web server and
acquire the skill to be anonymous. When you have finished the examples
in the first part of your book, you will have all you need to carry out safe
and ethical hacking experiments.

After an introduction to Kali Linux, you will carry out your first
penetration tests with Python and code raw binary packets for use in those
tests. You will learn how to find secret directories of a target system, how to
use a TCP client in Python and services, and how to do port scanning using
Nmap. Along the way, you will learn how to collect important information;
how to track e-mail; and how to use important tools such as DMitry,
Maltego, and others. You’ll also take a look at the five phases of penetration testing.

After that, this book will cover SQL mapping and vulnerability analysis
where you will learn about sniffing and spoofing, why ARP poisoning is a
threat, how SniffJoke prevents poisoning, how to analyze protocols with
Wireshark, and how to use sniffing packets with Scapy. Then, you will learn
how to detect SQL injection vulnerabilities, how to use Sqlmap, and how to
do brute-force or password attacks. In addition, you will learn how to use
important hacking tools such as OpenVas, Nikto, Vega, and Burp Suite.
The book will also explain the information assurance model and
the hacking framework Metasploit, taking you through important
commands, exploits, and payload basics. Moving on to hashes and
passwords, you will learn password testing and hacking techniques with
John the Ripper and Rainbow. You will then dive into classic and modern
encryption techniques where you will learn to work with the conventional
cryptosystem.

In the final chapter, you will use all the skills of hacking to exploit a
remote Windows and Linux system, and you will learn how to “own” a
remote target entirely.

Table of Contents
About the Author ...............................................................................xiii
About the Technical Reviewer ............................................................xv
Acknowledgments ............................................................................xvii
Introduction .......................................................................................xix
Chapter 1: Security Trends
Nature and Perspective .........................................................................................3
Before and After the Digital Transformation ..........................................................6
The OSI Security Architecture ...............................................................................6
Security Attacks, Services, and Mechanisms .....................................................10
Timeline of Hacking .......................................................................................14
How to Use Google Hacking Techniques .............................................................15
Further Reading ..................................................................................................17
Chapter 2: Setting Up a Penetration Testing and Network
Security Lab
Why Virtualization? .............................................................................................20
Installing VirtualBox ............................................................................................21
Installing Appliances on VirtualBox ...............................................................23
Installing VirtualBox Guest Addition ...............................................................29
Installing Metasploitable ...............................................................................31
Installing Windows ........................................................................................33
Installing Kali in VMware .....................................................................................36
Chapter 3: Elementary Linux Commands
Finding the Kali Terminal ....................................................................................42
Navigating the File System .................................................................................44
Working with Text Files .......................................................................................48
Searching Files ...................................................................................................49
Writing to the Terminal ........................................................................................51
Working with Directories .....................................................................................52
Setting File Permissions .....................................................................................53
Chapter 4: Know Your Network
Networking Layers ..............................................................................................61
Internetworking Models ......................................................................................65
OSI .................................................................................................................65
TCP/IP ............................................................................................................68
Further Reading ..................................................................................................69
Chapter 5: How to Build a Kali Web Server
Why Do You Need a Web Server? ........................................................................72
Introducing Sockets ............................................................................................73
Beginning the Web Server ..................................................................................73
Diving into Sockets .............................................................................................76
Installing PyCharm and the Wing IDE Editor .......................................................84
How to Stay Anonymous .....................................................................................86
Changing Your Proxy Chain ............................................................................88
Working with DNS Settings ...........................................................................92
Using a VPN ...................................................................................................94
Changing Your MAC Address .......................................................................100
Chapter 6: Kali Linux from the Inside Out 
More About Kali Linux Tools ..............................................................................106
Information Gathering ..................................................................................107
Vulnerability Analysis ...................................................................................108
Wireless Attacks ..........................................................................................109
Web Applications .........................................................................................109
WPS Tools ....................................................................................................110
Exploitation Tools .........................................................................................111
Forensic Tools ..............................................................................................111
Sniffing and Spoofing ..................................................................................112
Password Attacks ........................................................................................112
Maintaining Access .....................................................................................113
Reverse Engineering ...................................................................................113
Hardware Hacking .......................................................................................114
Exploring Kali Linux from the Inside .................................................................114
Machine Language ......................................................................................114
Registers .....................................................................................................115
Why Is Understanding Memory So Important? ............................................116
Editors .........................................................................................................117
Hacking Tools ..............................................................................................121
Staying Updated with SSH ................................................................................124
Getting Started ............................................................................................125
Working with Blacklists and Whitelists .......................................................128
Securing SSH ...............................................................................................130
Connecting to Kali Linux Over SSH ..............................................................134
Chapter 7: Kali Linux and Python
What Is Penetration Testing? ...........................................................................137
First Penetration Using Python ..........................................................................139
Whois Searches for More Information .........................................................142
Finding Secret Directories ...........................................................................152
Top-Level Domain Scanning ........................................................................158
Obtaining a Web Site’s IP Address ...............................................................161
TCP Client in Python and Services ....................................................................164
Capturing Raw Binary Packets ..........................................................................170
Port Scanning Using Nmap ...............................................................................174
Importing the Nmap Module ........................................................................175
What Does Nmap Do? ..................................................................................180
Nmap Network Scanner ..............................................................................183
Chapter 8: Information Gathering 
Python Virtual Environment ...............................................................................190
Reconnaissance Tools .......................................................................................197
Know the Domain and Hostname ................................................................198
E-mail Tracking Made Easy .........................................................................200
Searching the Internet Archive ....................................................................202
Passive Information .....................................................................................204
Web Spiders Are Crawling ...........................................................................205
More About Scanning ..................................................................................206
You Can Find Location Too! ..........................................................................213
DMitry, Maltego, and Other Tools .......................................................................214
Summarizing the Five Phases of Penetration ...................................................220
Chapter 9: SQL Mapping
Sniffing and Spoofing ........................................................................................221
Packing and Unpacking with Python ...........................................................223
Why Wireless Media Is Vulnerable ...............................................................227
ARP Poisoning Is a Threat ............................................................................228
SQL Injection .....................................................................................................241
Detecting SQL Injection Vulnerabilities ........................................................242
How to Use sqlmap ......................................................................................243
Brute-Force or Password Attacks .....................................................................253
Chapter 10: Vulnerability Analysis
Overview of Vulnerability Analysis Tools ...........................................................259
How to Use OpenVas .........................................................................................260
How to Use Nikto ..............................................................................................268
How to Use Vega ...............................................................................................270
How to Use Burp Suite ......................................................................................276
Chapter 11: Information Assurance Model 
What the AI Model Is All About ..........................................................................284
How to Tie the Elements Together? ...................................................................285
How the AI Model Works ...................................................................................287
Why Is the AI Model Important? ........................................................................289
Further Reading ................................................................................................290
Chapter 12: Introducing Metasploit in Kali Linux
Understanding the Metasploit Architecture ......................................................292
Summarizing Modules ......................................................................................295
Mixins and Plugins in Ruby ...............................................................................302
Metasploit Console or Interface ........................................................................304
Exploits and Payloads in Metasploit .................................................................308
How to Use Exploit and Payloads ................................................................309
How to Start Exploits ...................................................................................315
Chapter 13: Hashes and Passwords 
Hashes and Encryption .....................................................................................324
Password Testing Tools .....................................................................................327
John the Ripper and Johnny .............................................................................338
How to Use RainbowCrack ................................................................................342
Chapter 14: Classic and Modern Encryption
Nature and Perspective .....................................................................................348
Models of the Cryptography System .................................................................352
Types of Attacks on Encrypted Messages .........................................................354
Chapter 15: Exploiting Targets
Exploiting Linux with Metasploit .......................................................................358
Exploiting Samba .........................................................................................359
Exploiting IRC ..............................................................................................371
Exploiting Windows with Armitage ....................................................................380
Index .................................................................................................405

Bookscreen
e-books shop

Who This Book Is For
This book is primarily for information security professionals. However,
security enthusiasts and absolute beginners will also find this book
helpful. For absolute beginners, knowledge of high school algebra,
the number system, and the Python programming language is a plus.
However, this book provides an explanation of the foundational rules so
you can understand the relationship between them and ethical hacking,
information security, and the hacking-related tools of Kali Linux.
For more advanced professionals, the book also includes in-depth analysis.

Whether you are new to ethical hacking or a seasoned veteran, this
book will help you understand and master many of the powerful and
useful hacking-related tools of Kali Linux and the techniques that are
widely used in the industry today.
To start with, you need a virtual box or virtual machine, so proceed to Chapter 1.

Mastering the Penetration Testing Distribution

by Raphaël Hertzog, Jim O’Gorman, and Mati Aharoni


e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 2.00 USD
 Pages
 341 p
 File Size
 10,095 KB
 File Type
 PDF format
 ISBN
 978-0-9976156-0-9 (paperback)
 Copyright   
 2017 Raphaël Hertzog,
 Jim O’Gorman, and Mati Aharoni   

Acknowledgments of Raphaël Hertzog
I would like to thank Mati Aharoni: in 2012, he got in touch with me because I was one out of
dozens of Debian consultants and he wanted to build a successor to BackTrack that would be based
on Debian. That is how I started to work on Kali Linux, and ever since I have enjoyed my journey
in the Kali world.
Over the years, Kali Linux got closer to Debian GNU/Linux, notably with the switch to Kali Rolling,
based on Debian Testing. Now most of my work, be it on Kali or on Debian, provides benefits to the
entire Debian ecosystem. And this is exactly what keeps me so motivated to continue, day after
day, month after month, year after year.
Working on this book is also a great opportunity that Mati offered me. It is not the same kind
of work but it is equally rewarding to be able to help people and share with them my expertise
of the Debian/Kali operating system. Building on my experience with the Debian Administrator’s
Handbook, I hope that my explanations will help you to get started in the fast-moving world of
computer security.
I would also like to thank all the Offensive Security persons who were involved in the book: Jim
O’Gorman (co-author of some chapters), Devon Kearns (reviewer), Ron Henry (technical editor),
Joe Steinbach and Tony Cruse (project managers). And thank you to Johnny Long who joined to
write the preface but ended up reviewing the whole book.

Acknowledgments of Jim O’Gorman
I would like to thank everyone involved in this project for their contributions, of which mine were
only a small part. This book, much like Kali Linux itself was a collaborative project of many hands
making light work. Special thanks to Raphaël, Devon, Mati, Johnny, and Ron for taking on the
lion’s share of the effort. Without them, this book would not have come together.

Acknowledgments of Mati Aharoni
It has been a few years since Kali Linux was first released, and since day one, I have always dreamt
of publishing an official book which covers the Kali operating system as a whole. It is therefore
a great privilege for me to finally see such a book making it out to the public. I would like to
sincerely thank everyone involved in the creation of this project—including Jim, Devon, Johnny,
and Ron. A very special thanks goes to Raphaël for doing most of the heavy lifting in this book,
and bringing in his extensive expertise to our group.

Foreword
The sixteen high-end laptops ordered for your pentesting team just arrived, and you have been
tasked to set them up—for tomorrow’s offsite engagement. You install Kali and boot up one of the
laptops only to find that it is barely usable. Despite Kali’s cutting-edge kernel, the network cards
and mouse aren’t working, and the hefty NVIDIA graphics card and GPU are staring at you blankly,
because they lack properly installed drivers. You sigh.
In Kali Live mode, you quickly type lspci into a console, then squint. You scroll through the
hardware listing: “PCI bridge, USB controller, SATA controller. Aha! Ethernet and Network controllers.”
A quick Google search for their respective model numbers, cross referenced with the
Kali kernel version, reveals that these cutting-edge drivers haven’t reached the mainline kernel yet.
But all is not lost. A plan is slowly formulating in your head, and you thank the heavens for the
Kali Linux Revealed book that you picked up a couple of weeks ago. You could use the Kali Live-
Build system to create a custom Kali ISO, which would have the needed drivers baked into the
installation media. In addition, you could include the NVIDIA graphics drivers as well as the CUDA
libraries needed to get that beast of a GPU to talk nicely to hashcat, and have it purr while cracking
password hashes at blistering speeds. Heck, you could even throw in a custom wallpaper with a
Microsoft Logo on it, to taunt your team at work.
Since the hardware profiles for your installations are identical, you add a preseeded boot option to
the ISO, so that your team can boot off a USB stick and have Kali installed with no user interaction—
the installation takes care of itself, full disk encryption and all.
Perfect! You can now generate an updated version of Kali on demand, specifically designed and
optimized for your hardware. You saved the day. Mission complete!
With the deluge of hardware hitting the market, this scenario is becoming more common for
those of us who venture away from mainstream operating systems, in search of something leaner,
meaner, or more suitable to our work and style.
This is especially applicable to those attracted to the security field, whether it be an alluring hobby,
fascination, or line of work. As newcomers, they often find themselves stumped by the environment
or the operating system. For many newcomers Kali is their first introduction to Linux.
We recognized this shift in our user base a couple of years back, and figured that we could help
our community by creating a structured, introductory book that would guide users into the world
of security, while giving them all the Linux sophistication they would need to get started. And so,
the Kali book was born—now available free over the Internet for the benefit of anyone interested
in entering the field of security through Kali Linux.
As the book started taking shape, however, we quickly realized that there was untapped potential.
This would be a great opportunity to go further than an introductory Kali Linux book and explore
some of the more interesting and little-known features. Hence, the name of the book: 
Kali Linux Revealed.
By the end, we were chuffed with the result. The book answered all our requirements and I’m
proud to say it exceeded our expectations. We came to the realization that we had inadvertently
enlarged the book’s potential user base. It was no longer intended only for newcomers to the
security field, but also included great information for experienced penetration testers who needed
to improve and polish their control of Kali Linux—allowing them to unlock the full potential of
our distribution. Whether they were fielding a single machine or thousands across an enterprise,
making minor configuration changes or completely customizing down to the kernel level, building
their own repositories, touching the surface or delving deep into the amazing Debian package
management system, Kali Linux Revealed provides the roadmap.
With your map in hand, on behalf of myself and the entire Kali Linux team, I wish you an exciting,
fun, fruitful, and “revealing” journey!
Muts, February 2017


Table of Contents
1. About Kali Linux 1
1.1 A Bit of History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Relationship with Debian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.1 The Flow of Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.2 Managing the Difference with Debian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Purpose and Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Main Kali Linux Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.4.1 A Live System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.4.2 Forensics Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.4.3 A Custom Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.4.4 Completely Customizable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.5 A Trustable Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.6 Usable on a Wide Range of ARM Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.5 Kali Linux Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.5.1 Single Root User by Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.2 Network Services Disabled by Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.3 A Curated Collection of Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2. Getting Started with Kali Linux 13
2.1 Downloading a Kali ISO Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.1.1 Where to Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.1.2 What to Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.1.3 Verifying Integrity and Authenticity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Relying on the TLS-Protected Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Relying on PGP’s Web of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.1.4 Copying the Image on a DVD-ROM or USB Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Creating a Bootable Kali USB Drive on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Creating a Bootable Kali USB Drive on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Creating a Bootable Kali USB Drive on OS X/macOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.2 Booting a Kali ISO Image in Live Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.2.1 On a Real Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.2.2 In a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Preliminary Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
VirtualBox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3. Linux Fundamentals 47
3.1 What Is Linux and What Is It Doing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.1.1 Driving Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.1.2 Unifying File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.1.3 Managing Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.4 Rights Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.2 The Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.2.1 How To Get a Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.2.2 Command Line Basics: Browsing the Directory Tree and Managing Files . . . . . . . . . . . . . . . . . . 52
3.3 The File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.3.1 The Filesystem Hierarchy Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.3.2 The User’s Home Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.4 Useful Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4.1 Displaying and Modifying Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4.2 Searching for Files and within Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4.3 Managing Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.4.4 Managing Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.4.5 Getting System Information and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.4.6 Discovering the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
4. Installing Kali Linux 65
4.1 Minimal Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.2 Step by Step Installation on a Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.2.1 Plain Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Booting and Starting the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Selecting the Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Selecting the Country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Selecting the Keyboard Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Detecting Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Loading Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Detecting Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Root Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Configuring the Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Detecting Disks and Other Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Copying the Live Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring the Package Manager (apt) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Installing the GRUB Boot Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Finishing the Installation and Rebooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
4.2.2 Installation on a Fully Encrypted File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Introduction to LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Introduction to LUKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Setting Up Encrypted Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
End of the Guided Partitioning with Encrypted LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
4.3 Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
4.3.1 Preseeding Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
With Boot Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
With a Preseed File in the Initrd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
With a Preseed File in the Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
With a Preseed File Loaded from the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4.3.2 Creating a Preseed File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4.4 ARM Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.5 Troubleshooting Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5. Configuring Kali Linux 103
5.1 Configuring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5.1.1 On the Desktop with NetworkManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5.1.2 On the Command Line with Ifupdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
5.1.3 On the Command Line with systemd-networkd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
5.2 Managing Unix Users and Unix Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5.2.1 Creating User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5.2.2 Modifying an Existing Account or Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
5.2.3 Disabling an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.2.4 Managing Unix Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.3 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.3.1 Configuring a Specific Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.3.2 Configuring SSH for Remote Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.3.3 Configuring PostgreSQL Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Connection Type and Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Creating Users and Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Managing PostgreSQL Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.4 Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Common Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5.4 Managing Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
6. Helping Yourself and Getting Help 123
6.1 Documentation Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
6.1.1 Manual Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
6.1.2 Info Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
6.1.3 Package-Specific Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
6.1.4 Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
6.1.5 Kali Documentation at docs.kali.org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
6.2 Kali Linux Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
6.2.1 Web Forums on forums.kali.org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
6.2.2 #kali-linux IRC Channel on Freenode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
6.3 Filing a Good Bug Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
6.3.1 Generic Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
How to Communicate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
What to Put in the Bug Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Miscellaneous Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
6.3.2 Where to File a Bug Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
6.3.3 How to File a Bug Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Filing a Bug Report in Kali . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Filing a Bug Report in Debian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Filing a Bug Report in another Free Software Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
6.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
7. Securing and Monitoring Kali Linux 149
7.1 Defining a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
7.2 Possible Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7.2.1 On a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7.2.2 On a Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7.3 Securing Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4 Firewall or Packet Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4.1 Netfilter Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
7.4.2 Syntax of iptables and ip6tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.3 Creating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.4.4 Installing the Rules at Each Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
7.5 Monitoring and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.5.1 Monitoring Logs with logcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.5.2 Monitoring Activity in Real Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
7.5.3 Detecting Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Auditing Packages with dpkg --verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Monitoring Files: AIDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
7.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
8. Debian Package Management 169
8.1 Introduction to APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
8.1.1 Relationship between APT and dpkg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
8.1.2 Understanding the sources.list File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
8.1.3 Kali Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
The Kali-Rolling Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
The Kali-Dev Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
The Kali-Bleeding-Edge Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
The Kali Linux Mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
8.2 Basic Package Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
8.2.1 Initializing APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
8.2.2 Installing Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Installing Packages with dpkg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Installing Packages with APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
8.2.3 Upgrading Kali Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
8.2.4 Removing and Purging Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
8.2.5 Inspecting Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Querying dpkg’s Database and Inspecting .deb Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Querying the Database of Available Packages with apt-cache and apt . . . . . . . . . . . . . . . . . . . . 185
8.2.6 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Handling Problems after an Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
The dpkg Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Reinstalling Packages with apt --reinstall and aptitude reinstall . . . . . . . . . . . . . . . . . . . 189
Leveraging --force-* to Repair Broken Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
8.2.7 Frontends: aptitude and synaptic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Aptitude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Synaptic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
8.3 Advanced APT Configuration and Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
8.3.1 Configuring APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
8.3.2 Managing Package Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
8.3.3 Working with Several Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
8.3.4 Tracking Automatically Installed Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
8.3.5 Leveraging Multi-Arch Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Enabling Multi-Arch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Multi-Arch Related Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
8.3.6 Validating Package Authenticity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
8.4 Package Reference: Digging Deeper into the Debian Package System . . . . . . . . . . . . . . . . 204
8.4.1 The control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Dependencies: the Depends Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Pre-Depends, a More Demanding Depends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Recommends, Suggests, and Enhances Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Conflicts: the Conflicts Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Incompatibilities: the Breaks Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Provided Items: the Provides Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Replacing Files: The Replaces Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
8.4.2 Configuration Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Installation and Upgrade Script Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Package Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
8.4.3 Checksums, Conffiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
8.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
9. Advanced Usage 221
9.1 Modifying Kali Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
9.1.1 Getting the Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
9.1.2 Installing Build Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
9.1.3 Making Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Applying a Patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Tweaking Build Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Packaging a New Upstream Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
9.1.4 Starting the Build . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
9.2 Recompiling the Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
9.2.1 Introduction and Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
9.2.2 Getting the Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
9.2.3 Configuring the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
9.2.4 Compiling and Building the Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
9.3 Building Custom Kali Live ISO Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
9.3.1 Installing Pre-Requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
9.3.2 Building Live Images with Different Desktop Environments . . . . . . . . . . . . . . . . . . . . . . . . . 238
9.3.3 Changing the Set of Installed Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
9.3.4 Using Hooks to Tweak the Contents of the Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
9.3.5 Adding Files in the ISO Image or in the Live Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
9.4 Adding Persistence to the Live ISO with a USB Key . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
9.4.1 The Persistence Feature: Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
9.4.2 Setting Up Unencrypted Persistence on a USB Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
9.4.3 Setting Up Encrypted Persistence on a USB Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
9.4.4 Using Multiple Persistence Stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
9.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
9.5.1 Summary Tips for Modifying Kali Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
9.5.2 Summary Tips for Recompiling the Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
9.5.3 Summary Tips for Building Custom Kali Live ISO Images . . . . . . . . . . . . . . . . . . . . . . . . . . 248
10. Kali Linux in the Enterprise 251
10.1 Installing Kali Linux Over the Network (PXE Boot) . . . . . . . . . . . . . . . . . . . . . . . . . . 252
10.2 Leveraging Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
10.2.1 Setting Up SaltStack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
10.2.2 Executing Commands on Minions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
10.2.3 Salt States and Other Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
10.3 Extending and Customizing Kali Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
10.3.1 Forking Kali Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
10.3.2 Creating Configuration Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
10.3.3 Creating a Package Repository for APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
10.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
11. Introduction to Security Assessments 279
11.1 Kali Linux in an Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
11.2 Types of Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
11.2.1 Vulnerability Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Likelihood of Occurrence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Overall Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
In Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
11.2.2 Compliance Penetration Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
11.2.3 Traditional Penetration Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
11.2.4 Application Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
11.3 Formalization of the Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
11.4 Types of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
11.4.1 Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
11.4.2 Memory Corruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
11.4.3 Web Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
11.4.4 Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
11.4.5 Client-Side Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
11.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
12. Conclusion: The Road Ahead 301
12.1 Keeping Up with Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
12.2 Showing Off Your Newly Gained Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
12.3 Going Further . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
12.3.1 Towards System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
12.3.2 Towards Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Index 304


Bookscreen
e-books shop

Introduction
.Kali Linux is the world’s most powerful and popular penetration testing platform, used by security
professionals in a wide range of specializations, including penetration testing, forensics, reverse
engineering, and vulnerability assessment. It is the culmination of years of refinement and the
result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now
to a complete penetration testing framework leveraging many features of Debian GNU/Linux and
the vibrant open source community worldwide.
Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework
that professional penetration testers, security enthusiasts, students, and amateurs can customize
to fit their specific needs.

Why This Book?
Kali Linux is not merely a collection of various information security tools that are installed on a
standard Debian base and preconfigured to get you up and running right away. To get the most
out of Kali, it is important to have a thorough understanding of its powerful Debian GNU/Linux
underpinnings (which support all those great tools) and learning how you can put them to use in
your environment.
Although Kali is decidedly multi-purpose, it is primarily designed to aid in penetration testing.
The objective of this book is not only to help you feel at home when you use Kali Linux, but also to
help improve your understanding and streamline your experience so that when you are engaged
in a penetration test and time is of the essence, you won’t need to worry about losing precious
minutes to install new software or enable a new network service. In this book, we will introduce
you first to Linux, then we will dive deeper as we introduce you to the nuances specific to Kali
Linux so you know exactly what is going on under the hood.
This is invaluable knowledge to have, particularly when you are trying to work under tight time
constraints. It is not uncommon to require this depth of knowledge when you are getting set up,
troubleshooting a problem, struggling to bend a tool to your will, parsing output from a tool, or
leveraging Kali in a larger-scale environment.

Is This Book for You?
If you are eager to dive into the intellectually rich and incredibly fascinating field of information
security, and have rightfully selected Kali Linux as a primary platform, then this book will help
you in that journey. This book is written to help first-time Linux users, as well as current Kali
users seeking to deepen their knowledge about the underpinnings of Kali, as well as those who
have used Kali for years but who are looking to formalize their learning, expand their use of Kali,
and fill in gaps in their knowledge.
In addition, this book can serve as a roadmap, technical reference, and study guide for those pursuing
the Kali Linux Certified Professional certification.

Loading...
DMCA.com Protection Status