Showing posts with label Pentesting. Show all posts

Second Edition

Conduct network testing, surveillance, and pen testing on MS Windows using Kali Linux 2018

Wolf Halton, Bo Weaver

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 3.00 USD
 396 p
 File Size
 86,607 KB
 File Type
 PDF format
 2018 Packt Publishing  

About the Author
Wolf Halton is an Authority on Computer and Internet Security, a best selling author on
Computer Security, and the CEO of Atlanta Cloud Technology. He specializes in—business
continuity, security engineering, open source consulting, marketing automation,
virtualization and data center restructuring, network architecture, and Linux
administration. Wolf has been a security engineer since 1999 and has been training security engineers since 2005.
Bo Weaver is an old school ponytailed geek. His first involvement with networks was in
1972 while in the US Navy working on a R&D project called ARPA NET. Here he also
learned the power of UNIX and how to out smart the operating system. Bo has been
working with and using Linux daily since the 1990's and a promoter of Open Source. (Yes,
Bo runs on Linux.) Bo has also worked in physical security fields as a private investigator
and in executive protection. Bo now works as the senior penetration tester and security
researcher for CompliancePoint a Atlanta based security consulting company.
Bo is Cherokee and works with native youths to help keep native traditions alive and strong.
We would like to thank Dyana Pearson (Hacker Girl) and Joe Sikes for their input and
suggestions. Without their assistance, and humor, this book would not be what it is.
This second edition is dedicated to Helen Young Halton, who was the force of nature that
kept Wolf on track for their 14 years of marriage. Helen passed away on Star Wars Day
(May the Fourth) in 2017, and so never saw the end of the story. Helen left Wolf and two
grown children, Savannah Rogers and Candler Rogers. She would be gratified and proud
of the lives into which they are living. - Wolf Halton, Memorial Day 2018

About the reviewer
Paolo Stagno (aka VoidSec) has worked as a consultant for a wide range of clients across
top tier international banks, major tech companies, and various Fortune 1000 industries. At
ZeroDayLab, he was responsible for discovering and exploiting new unknown
vulnerabilities in web applications, network infrastructure components, new protocols and
technologies. He is now a freelance security researcher and a penetration tester focused on
offensive security. In his own research, he discovered various vulnerabilities in software of
multiple vendors and tech giant such as eBay, Facebook, Google, Oracle, PayPal and many
others. He is an active speaker in various security conferences around the globe such as
Hacktivity, SEC-T, HackInBo, TOHack, and Droidcon.

Table of Contents
Preface 1
Chapter 1: Choosing Your Distro 6
Desktop environments 6
Desktop environment versus Window Manager 7
Enlightenment (E17) 8
E17 Window Manager issues 11
Gnome desktop 14
Gnome 3 desktop issues 19
KDE desktop 19
KDE issues 21
LXDE desktop 22
LXDE issues 24
MATE desktop 24
MATE issues 28
Xfce desktop 28
Xfce issues 31
Choosing your look and feel 32
Configuring Kali to be your Daily Driver 32
User account setup 34
Summary 37
Chapter 2: Sharpening the Saw 38
Technical requirements 40
Installing Kali Linux to an encrypted USB drive 40
Prerequisites for installation 42
Booting up 44
Configuring the installation 45
Setting up the drive 47
Booting your new installation of Kali 50
Running Kali from the Live DVD 53
Installing and configuring applications 55
Gedit – the Gnome Text Editor 56
Geany – the platform-agnostic code IDE 56
Terminator – the Terminal emulator for multi-tasking 57
Etherape – the graphical protocol-analysis tool 58
Setting up and configuring OpenVAS 59
Reporting tests 65
KeepNote – stand-alone document organizer 65
Dradis – web-based document organizer 67
Running services on Kali Linux 67
Summary 69
Chapter 3: Information Gathering and Vulnerability Assessments 70
Technical requirements 70
Footprinting the network 71
Nmap 72
Zenmap 75
The difference verbosity makes 77
Scanning a network range 80
An annotated list of Nmap command options 86
Using OpenVAS 92
Using Maltego 98
Using KeepNote 113
Summary 115
Further reading 116
Chapter 4: Sniffing and Spoofing 117
Technical requirements 118
Sniffing and spoofing network traffic 118
Sniffing network traffic 119
tcpdump 119
WinDump (Windows tcpdump) 126
Wireshark 134
The packet 135
Working with Wireshark 140
Spoofing network traffic 145
Ettercap 145
Ettercap on the command line 155
Summary 157
Further reading 158
Chapter 5: Password Attacks 159
Password attack planning 160
Cracking the NTLM code (revisited) 161
Password lists 162
Cleaning a password list 163
My friend, Johnny 167
John the Ripper (command line) 173
xHydra 176
Summary 187
Further reading 188
Chapter 6: NetBIOS Name Service and LLMNR - Obsolete but Still
Deadly 189
Technical requirements 189
NetBIOS name service and NTLM 190
Sniffing and capturing traffic 193
Using Ettercap data 194
NetBIOS scanning using NBTscan 194
Responder - so many hashes, so little time 196
Using Responder with Metasploit 202
NetBIOS response BadTunnel brute force spoofing 210
EvilGrade 212
Ettercap setup 220
The attack 224
Summary 229
Further reading 229
Chapter 7: Gaining Access 230
Pwnage 230
Technical requirements 231
Exploiting Windows systems with Metasploit 232
Using advanced Footprinting 241
Interpreting the scan and building on the result 246
Exploiting a 32-bit system 255
Accessing Systems With Xfreerdp 258
Summary 262
Further reading 262
Chapter 8: Windows Privilege Escalation and Maintaining Access 264
Technical requirements 264
Windows privilege escalation 265
Escalating your privileges 265
MSFvenom 266
MS16-032 Secondary Logon Handle Privilege Escalation 276
Windows Escalate Service Permissions Local Privilege Escalation278
Windows Escalate UAC Protection Bypass (ScriptHost
Vulnerability) 279
Maintaining access 290
Remote Access Tools 291
Metasploit's persistence_exe module 291
Windows registry-only persistence 297
Summary 302
Chapter 9: Maintaining Access on Server or Desktop 303
Maintaining access or ET Phone Home 303
Covering our tracks 307
Maintaining access with Ncat 308
Setting up a NetCat Client 310
Phoning home with Metasploit 312
Running a port scanner inside Metasploit 320
The Drop Box 324
Cracking the Network Access Controller (NAC) 326
Creating a spear-phishing attack with the Social Engineering
Toolkit 328
Using the Spear-Phishing Attack Vectors menu 332
Choose a subject, or write a new email message 337
Using Backdoor Factory to evade antivirus 338
Summary 340
Further reading 340
Chapter 10: Reverse Engineering and Stress Testing 341
Technical requirements 342
Setting up a test environment 343
Creating your victim machine(s) 343
Testing your testing environment 343
Reverse Engineering theory 344
One general theory of Reverse Engineering 345
Working with Boolean logic 346
Reviewing a while loop structure 349
Reviewing the for loop structure 351
Understanding the decision points 352
Practicing Reverse Engineering 353
Using debuggers 354
Using the Valgrind debugger 355
Using the EDB-Debugger 356
EDB-Debugger symbol mapper 358
Running OllyDbg 359
Introduction to disassemblers 361
Running JAD 361
Creating your own disassembling code with Capstone 363
Some miscellaneous Reverse Engineering tools 364
Running Radare2 365
The additional members of the Radare2 tool suite 367
Running rasm2 367
Running rahash2 368
Running radiff2 369
Running rafind2 369
Running rax2 370
Stress testing Windows 371
Dealing with Denial 372
Putting the network under Siege 373
Configuring your Siege engine 375
Summary 377
Further reading 377
Other Books You May Enjoy 378
Index 381

e-books shop

Microsoft Windows is one of the two most common OS and managing its security has
spawned the discipline of IT security. Kali Linux is the premier platform for testing and
maintaining Windows security. Kali is built on the Debian distribution of Linux and shares
the legendary stability of that OS. This lets you focus on using the network penetration,
password cracking, forensics tools and not the OS.
This book has the most advanced tools and techniques to reproduce the methods used by
sophisticated hackers to make you an expert in Kali Linux penetration testing. You will
start by learning about the various desktop environments that now come with Kali. The
book covers network sniffers and analysis tools to uncover the Windows protocols in use
on the network. You will see several tools to improve your average in password acquisition
from hash-cracking, online attacks, offline attacks, and rainbow tables to social engineering.
It also demonstrates several use cases for Kali Linux tools like Social Engineering toolkit,
Metasploit and so on to exploit Windows vulnerabilities.
Finally, you will learn how to gain full system level access to your compromised system
and then maintain that access. By the end of this book, you will be able to quickly pen test
your system and network using easy to follow instructions and support images.

Who this book is for
If you are a working ethical hacker who is looking to expand the offensive skillset with a
thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about
Linux operating systems, Bash terminal, and Windows command line would be highly beneficial.

What this book covers
Chapter 1, Choosing Your Distro, discusses about the pros and cons of the different desktop
environments and will help you decide which desktop is right for you.
Chapter 2, Sharpening the Saw, introduces you to the set-up that works best, the
documentation tools that we use to make sure that the results of the tests are prepared and
presented right, and the details of Linux services you need to use these tools.
Chapter 3, Information Gathering and Vulnerability Assessments, shows you how to footprint
your Windows network and discover the vulnerabilities before the bad guys do.
Chapter 4, Sniffing and Spoofing, covers network sniffers and analysis tools to uncover the
Windows protocols in use on the network. Learn how to exploit the vulnerable Windows
networking components.
Chapter 5, Password Attacks, shows you several approaches to password cracking or
stealing. You will see several tools to improve your average in password acquisition from
hash-cracking, online attacks, offline attacks, and rainbow tables to social engineering.
Chapter 6, NetBIOS Name Service and LLMNR - Obsolete but Still Deadly, helps you
understand how Kali Linux is an excellent toolkit to attack obsolete protocols and
applications and obliterate expired operating systems.
Chapter 7, Gaining Access, demonstrates several use cases for Kali Linux tools like Social
Engineering Toolkit, Metasploit, and so on to exploit Windows vulnerabilities. You will
also learn to use the exploit databases provided with Kali-Linux, and others. Finally, learn
to use tools to exploit several common Windows vulnerabilities, and guidelines to create
and implement new exploits for upcoming Windows vulnerabilities.
Chapter 8, Windows Privilege Escalation and Maintaining Access, teaches you several
methods to use Kali tool-set to get admin rights on your vulnerable Windows host.
Chapter 9, Maintaining Access on Server or Desktop, covers some devious ways to maintain
access and control of a Windows machine, after you have gained access through the
techniques you learned in the previous chapters.
Chapter 10, Reverse Engineering and Stress Testing, is the beginning of how to develop an
anti-fragile, self-healing, and Windows network. Go ahead make your servers cry!
Loading... Protection Status