Learning Kali Linux
by Ric Messier
Copyright 2018 OReilly Media. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisition Editor: Courtney Allen
- Editor: Virginia Wilson
- Production Editor: Colleen Cole
- Copyeditor: Sharon Wilkey
- Proofreader: Christina Edwards
- Indexer: Judy McConville
- Interior Designer: David Futato
- Cover Designer: Randy Comer
- Illustrator: Melanie Yarbrough
- Technical Reviewers: Megan Daudelin, Brandon Noble, and Kathleen Hyde
- August 2018: First Edition
Revision History for the First Edition
- 2018-07-13: First Release
See http://oreilly.com/catalog/errata.csp?isbn=9781492028697 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Learning Kali Linux, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-492-02869-7
[LSI]
Preface
A novice was trying to fix a broken Lisp machine by turning the power off and on.
Knight, seeing what the student was doing, spoke sternly: You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.
Knight turned the machine off and on.
The machine worked.
AI Koan
One of the places over the last half century that had a deep hacker culture, in the sense of learning and creating, was the Massachusetts Institute of Technology (MIT) and, specifically, its Artificial Intelligence Lab. The hackers at MIT generated a language and culture that created words and a unique sense of humor. The preceding quote is an AI koan, modeled on the koans of Zen, which were intended to inspire enlightenment. Similarly, this koan is one of my favorites because of what it says: its important to know how things work. Knight, by the way, refers to Tom Knight, a highly respected programmer at the AI Lab at MIT.
The intention for this book is to teach readers about the capabilities of Kali Linux through the lens of security testing. The idea is to help you better understand how and why things work. Kali Linux is a security-oriented Linux distribution, so it ends up being popular with people who do security testing or penetration testing for either sport or vocation. While it does have its uses as a general-purpose Linux distribution and for use with forensics and other related tasks, it really was designed with security testing in mind. As such, most of the books content focuses on using tools that Kali provides. Many of these tools are not necessarily easily available with other Linux distributions. While the tools can be installed, sometimes built from source, installation is easier if the package is in the distributions repository.
What This Book Covers
Given that the intention is to introduce Kali through the perspective of doing security testing, the following subjects are covered:
Foundations of Kali Linux
Linux has a rich history, going back to the 1960s with Unix. This chapter covers a bit of the background of Unix so you can better understand why the tools in Linux work the way they do and how best to make efficient use of them. Well also look at the command line since well be spending a lot of time there through the rest of the book, as well as the desktops that are available so you can have a comfortable working environment. If you are new to Linux, this chapter will prepare you to be successful with the remainder of the book so you arent overwhelmed when we start digging deep into the tools available.
Network Security Testing Basics
The services you are most familiar with listen on the network. Also, systems that are connected to the network may be vulnerable. To be in a better position to perform testing over the network, well cover some basics of the way network protocols work. When you really get deep into security testing, you will find an understanding of the protocols you are working with to be an invaluable asset. We will also take a look at tools that can be used for stress testing of network stacks and applications.
Reconnaissance
When you are doing security testing or penetration testing, a common practice is to perform reconnaissance against your target. A lot of open sources are available that you can use to gather information about your target. This will not only help you with later stages of your testing, but also provide a lot of details you can share with the organization you are performing testing for. This can help them correctly determine the footprint of systems available to the outside world. Information about an organization and the people in it can provide stepping stones for attackers, after all.
Looking for Vulnerabilities
Attacks against organizations arise from vulnerabilities. Well look at vulnerability scanners that can provide insight into the technical (as opposed to human) vulnerabilities that exist at your target organization. This will lead to hints on where to go from here, since the objective of security testing is to provide insights to the organization you are testing for about potential vulnerabilities and exposures. Identifying vulnerabilities will help you there.
Automated Exploits
While Metasploit may be the foundation of performing security testing or penetration testing, other tools are available as well. Well cover the basics of using Metasploit but also cover some of the other tools available for exploiting the vulnerabilities found by the tools discussed in other parts of the book.
Owning Metasploit
Metasploit is a dense piece of software. Getting used to using it effectively can take a long time. Nearly 2,000 exploits are available in Metasploit, as well as over 500 payloads. When you mix and match those, you get thousands of possibilities for interacting with remote systems. Beyond that, you can create your own modules. Well cover Metasploit beyond just the basics of using it for rudimentary exploits.
Wireless Security Testing
Everyone has wireless networks these days. Thats how mobile devices like phones and tablets, not to mention a lot of laptops, connect to enterprise networks. However, not all wireless networks have been configured in the best manner possible. Kali Linux has tools available for performing wireless testing. This includes scanning for wireless networks, injecting frames, and cracking passwords.
Web Application Testing