Tiwari Ajay Kumar. - Masterking Kali linux

Mastering Kali Linux Ajay Kumar Tiwari Mastering Kali Linux Copyright 2015 Ajay Kumar Tiwari All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. First published: Oct 2015 ISBN 978-1518786983 About the Author Hi, My Name is Ajay Kumar tiwari . I am an IT Security Guy with keen interest in VAPT, Wireless, Mobile Security and Exploit Development.

Presently, I am working as a Chief Cyber Security Architect for a Confidential Organization in Germany and Russia. I am the author of "Mastering Kali Linux","Python for Hackers","Linux Hacker"and"Easiest way to Become to Hacker" Book I hold C|EH, CISE, and OSWP Certification . Additionally, during my studies, I was the ambassador for EC-COUNCIL programs in my university. I have a collective experience of over 6+ years in IT Security and i run my Web Application Penetration Testing Course for Vidhyavilla, Delhi through distance learning Packages. I have delivered 90+ workshops on ethical hacking and penetration testing among various reputed colleges in India and have delivered corporate trainings on Exploit development and Penetration testing in India . I spoke at various IT security conferences, some of my articles and research papers are available on the internet, and you can find some in popular security magazines like Hakin9 and EForensics (Wireless Forensics, iOS forensics, Mobile forensics).

I have been acknowledged to find vulnerabilities in Offensive Security, Rapid7, AT&T, Facebook, Apple, BlackBerry, Redhat, Nokia, Microsoft, Adobe, Baracudda Labs, Kaneva, Zynga.com and CERT India. www.ajaykumartiwari.in Table of Contents Chapter 1: Up and Running with Kali Linux 5 Introduction 5 Installing to a hard disk drive 6 Installing to a USB drive with persistent memory 14 Installing in VirtualBox 17 Installing VMware Tools 24 Fixing the splash screen 25 Starting network services 26 Setting up the wireless network 27 Chapter 2: Customizing Kali Linux 31 Introduction 31 Preparing kernel headers 31 Installing Broadcom drivers 33 Installing and configuring ATI video card drivers 35 Installing and configuring nVidia video card drivers 38 Applying updates and configuring extra security tools 40 Setting up ProxyChains 41 Directory encryption 43 Chapter 3: Advanced Testing Lab 47 Introduction 47 Getting comfortable with VirtualBox 48 Downloading Windows Targets 56 Downloading Linux Targets 58 Attacking WordPress and other applications 59 Table of Contents Chapter 4: Information Gathering 67 Introduction 67 Service enumeration 68 Determining network range 71 Identifying active machines 73 Finding open ports 74 Operating system fingerprinting 77 Service fingerprinting 79 Threat assessment with Maltego 80 Mapping the network 86 Chapter 5: Vulnerability Assessment 93 Introduction 93 Installing, configuring, and starting Nessus 94 Nessus - finding local vulnerabilities 98 Nessus - finding network vulnerabilities 101 Nessus - finding Linux-specific vulnerabilities 105 Nessus - finding Windows-specific vulnerabilities 110 Installing, configuring, and starting OpenVAS 113 OpenVAS - finding local vulnerabilities 120 OpenVAS - finding network vulnerabilities 125 OpenVAS - finding Linux-specific vulnerabilities 130 OpenVAS - finding Windows-specific vulnerabilities 134 Chapter 6: Exploiting Vulnerabilities 141 Introduction 141 Installing and configuring Metasploitable 142 Mastering Armitage, the graphical management tool for Metasploit 146 Mastering the Metasploit Console (MSFCONSOLE) 149 Mastering the Metasploit CLI (MSFCLI) 151 Mastering Meterpreter 156 Metasploitable MySQL 158 Metasploitable PostgreSQL 160 Metasploitable Tomcat 163 Metasploitable PDF 165 Implementing browser_autopwn 167 Chapter 7: Escalating Privileges 171 Introduction 171 Using impersonation tokens 171 Local privilege escalation attack 173 Mastering the Social Engineering Toolkit (SET) 175 Collecting the victim's data 180 Table of Contents Cleaning up the tracks 181 Creating a persistent backdoor 183 Man In The Middle (MITM) attack 185 Chapter 8: Password Attacks 191 Introduction 191 Online password attacks 192 Cracking HTTP passwords 196 Gaining router access 201 Password profiling 204 Cracking a Windows password using John the Ripper 210 Using dictionary attacks 211 Using rainbow tables 213 Using nVidia Compute Unified Device Architecture (CUDA) 214 Using ATI Stream 216 Physical access attacks 217 Chapter 9: Wireless Attacks 219 Introduction 219 Wireless network WEP cracking 220 Wireless network WPA/WPA2 cracking 222 Automating wireless network cracking 224 Accessing clients using a fake AP 227 URL traffic manipulation 230 Port redirection 231 Sniffing network traffic 232 Dedicated to my mom Up and Running with Kali Linux In this chapter, we will cover: Installing to a hard disk drive Installing to a USB drive with persistent memor y Installing in VirtualBox Installing VMware Tools Fixing the splash screen Starting network services Setting up the wireless network Introduction Kali Linux, or simply Kali, is the newest Linux distribution from Offensive Security. It is the
successor to the BackTrack Linux distribution. Unlike most Linux distributions, Kali Linux is
used for the purposes of penetration testing. Penetration testing is a way of evaluating the
security of a computer system or network by simulating an attack. Throughout this book,
we will further explore some of the many tools that Kali Linux has made available.

This chapter covers the installation and setup of Kali Linux in different scenarios, from inserting the Kali Linux DVD to configuring the network. For all the recipes in this and the following chapters, we will use Kali Linux using GNOME 64-bit as th e Window Manage r( W M ) flavor and architecture ( http://www.Kali.org/ downloads / ). The use of KDE as the WM is not covered in this book; however, you should be able to follow the recipes without much trouble.