ETHICAL HACKING
WITH
KALI LINUX
LEARN FAST HOW TO HACK LIKE A PRO
BY
HUGO HOFFMAN
All rights reserved.
All rights reserved.
No part of this book may be reproduced in any form or by any electronic, print or mechanical means, including information storage and retrieval systems, without permission in writing from the publisher.
Copyright 2020
Disclaimer
Professionals should be consulted as needed before undertaking any of the action endorsed herein. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly. This declaration is deemed fair and valid by both the American Bar Association and the Committee of Publishers Association and is legally binding throughout the United States. There are no scenarios in which the publisher or the original author of this work can be in any fashion deemed liable for any hardship or damages that may befall the reader or anyone else after undertaking information described herein. The information in the following pages is intended only for informational purposes and should thus be thought of as universal. As befitting its nature, it is presented without assurance regarding its continued validity or interim quality. Trademarks that are mentioned are done without written consent and can in no way be considered an endorsement from the trademark holder.
Intended Audience
This book is designed to anyone who wishes to become an Ethical Hacker or Penetration Tester in the field of Information Security. This book is written in everyday English, and no technical background is necessary. The contents in this book will provide a practical guide on how you can use Kali Linux to implement various attacks on both wired and wireless networks. If you are preparing to become an IT Professional, such as an Ethical Hacker, IT Security Analyst, IT Security Engineer, Network Analyst, Network Engineer, or a Penetration Tester, yet still in doubt and want to know about network security, you will find this book extremely useful. You will learn key concepts and methodologies revolving around network Security, as well as key Technologies you should be mindful. If you are truly interested in becoming an Ethical Hacker or Penetration Tester, this book is for you. Assuming you are preparing to become an Information Security Professional, this book will certainly provide great details that will benefit you as you enter this industry.
Introduction
First, we're going to start with the Introduction to Linux, you that you have a general idea what it this Operating System is about. Next, we are going to look at same Software & Hardware Recommendations for Ethical Hackers, and jump right into the installation of Vitrual Box & Kali Linux. This book is mainly about Kali Linux tools and how to deploy them, yet first we have to look at understanding penetration testing, and how it works with reconnaissance and footprinting. We will look at each and every step you should take as a penetration tester which include Stage 1, Stage 2 and Stage 3. This is important so you understand how to take on a job as an ethical hacker. For example what kind of questions you should ask when getting hired by a client. So in this section, we are going to include the what, the when, the how but all legal requirements as well so you can cover your back. We are also going to look at Penetration Testing Standards so you can decide which one suits you best. Next, we are going to begin more practical by understanding Footprinting and Host discovery with Port Scanning. After that, we are going to get dirty by understanding how you can discover devices with Hping3, how to setup a proxy for Burp Suite and how to target devices with Burp Scanner. Next we are going to look at some Application testing such as Randomizing Sessions Tokens, Spidering & SQL Injection with SQLmap. Then we move on and start looking at both wired and wireless attacks using Kali Linux. We are going to look at Dictionary Attack with Airodump-ng, ARP Poisoning with EtterCAP, and implementing Passive Reconnaissance. Next, we are going to look at capturing both wired and wireless traffic using Port Mirroring, deploying SYN Scan Attack and using Xplico. Next, we are going to deploy MITM Attack in various ways such as using Ettercap or SSLscript. Moving on, you will learn how to manipulate Packet using the tool called Scapy, and how to capture IPv6 Traffic with Parasite6. Next we are going to implement DoS attacks in various ways, by either using a Deauthentication Attack, or creating a Rogue Access Point or and Evil Twin with a tool called MKD3. Next, we are going to look at implementing a Brute Force Attack with TCP Hydra, but then we will look at implementing various attacks at the same time on demand, with some very powerful and dangerous tools such as Armitages Hail Mary, The Metasploit Framework or SET (Social-Engineering Toolkit). These tools are available for both white hat and black hat hacking. Once applied the outcome will be the same in both cases. What you must understand, is that it can lead to a dreadful situation for the person using such hacking tools in any unauthorized manner, which might cause system damage or any system outage. If you attempt to use any of this tools on a wired or wireless network without being authorized and you disturb or damage any systems, that would be considered illegal black hat hacking. Therefore, I would like to encourage all readers to implement any tool described in this book for WHITE HAT USE ONLY. Anything legally authorized to help individuals or companies to find vulnerabilities and identify potential risks is fine. All tools I will describe, you should use for improving security posture only. If you are eager to learn about hacking and penetration testing, it's recommended to build a home lab and practice using these tools in an isolated network that you have full control over, and it's not connected to any production environment or the internet. If you use these tools for black hat purposes and you get caught, it will be entirely on you, and you will have no one to blame. So, again I would highly recommend you stay behind the lines, and anything you do should be completely legit and fully authorized. If you are not sure about anything that you are doing and don't have a clue on the outcome, ask your manager or DO NOT DO IT. This book is for education purposes. It is for those who are interested in learning and knowing what is behind the curtains and would like to become an Ethical hacker or Penetration Tester. Besides to legal issues, before using any of the tools, it is recommended that you have the fundamental knowledge of networking concepts.
Table of Contents
Chapter 1 Introduction to Linux
To understand Linux, the leading operating system of the cloud, Internet of Things, DevOps, and Enterprise server worlds it is substantial to an IT career.
To comprehend the world of open software licensing is not easy, but let me give you some highlights. If you're planning to work with free software like Linux, you should understand the basics of the rules that govern it.
Lets first look at licensing. There are three main methods to licensing; the Free Software Foundation founded in 1985 by Richard Stallman, the younger Open Source Initiative, and Creative Commons.
First of all, the Free Software Foundation wants software to be free, not as free of charge, but to allow users the freedom to do whatever they like with it. Think about it like this.
