Feineigle.com - Mastering Kali Linux for Advanced Penetration Testing

Home · Book Reports · 2017 · Mastering Kali Linux for Advanced Penetration Testing

Published: January 6, 2017 (7 years 3 months ago.)
Tags:  Hacking · Linux · Software

The book in...
One sentence:
High-level overview of the tools available in Kali Linux and how to use them to plan a kill chain and mechanism for delivery/exfiltration.

Five sentences:
The first part deals with identifying a target and then performing active and passive reconnaissance to lookup DNS records, conduct port scans, and utilize various open source intelligence techniques, among many other options. Next, vulnerability databases and tools, like Metasploit and Veil Evasion, that give easy access to potential access points to a system are covered alongside a lighter look at things like shellcode. Less technical attack vectors are explored when looking at social engineering attacks, like spoofing a website, that can be quickly created with tools like SET, the Social Engineers Toolkit. The ubiquitousness of wireless access demands its inclusion but is only touched upon as a general introduction to a potentially detailed topic. Lastly, web application vulnerabilities are tested with frameworks like Beef with some minor asides into some of the specific vulnerabilities - like SQL injection.

designates my notes. / designates important.


A good general introduction to what you can do with Kali, for the most part out of the box, but I’d have to say “Mastering” and “Advanced” is a bit of a stretch. Given the breadth of topics covered, each of which can be explored in books of their own, the information is, although sometimes dated, top-notch.

For example, something like nmap is covered only in the most basic how to use sense. Although intrusion detection systems are mentioned, and the noisiness of scans also mentioned, there is nothing that would be considered advanced. There is a small library of books written on nmap alone while it is only one of dozens of programs highlighted in this one.

Table of Contents

· Chapter 1: Starting with Kali Linux

page 36:

· Chapter 2: Identifying the Target – Passive Reconnaissance

page 45:
page 46:
page 47:
page 51:
page 54:
page 55:
page 56:

· Chapter 3: Active Reconnaissance and Vulnerability Scanning

page 67:
page 68:
page 69:
page 74:
page 82:
page 85:
page 88:

· Chapter 4: Exploit

page 94:
page 95:
page 106:
page 111:

· Chapter 5: Post Exploit – Action on the Objective

page 123:
page 126:
page 127:
page 129:
page 130:
page 131:
page 138:
page 139:
page 140:

· Chapter 6: Post Exploit – Persistence

· Chapter 7: Physical Attacks and Social Engineering

page 187:
page 188:
page 194:

· Chapter 8: wireless

page 205:
root@kali:~# iwconfig wlan0 txpower 30
root@kali:~# airmon-ng start wlan0
root@kali:~# airmon-ng check kill
page 206:
root@kali:~# airodump-ng mon0
root@kali:~# aireplay-ng -9 mon0 //-9 indicates an injection test
root@kali:~# kismet
page 208:
page 209:
page 210:
page 211:
page 212:
root@kali:~# ifconfig wlan0 down
root@kali:~# ifconfig wlan0 | grep HW
root@kali:~# ifconfig wlan0 hw ether 38:33:15:xx:xx:xx
root@kali:~# ifconfig wlan0 up
root@kali:~# macchanger wlan0 -e
root@kali:~# macchanger wlan0 -r
page 213:
page 214:
page 218:
page 220:
page 222:
page 223:
page 224:
page 226:

· Chapter 9: Reconnaissance and Exploitation of Web-based Applications

page 232:
page 233:
page 234:
page 238:
page 240:
page 241:
page 242:
page 243:
page 244:
page 250:
page 252:
page 254:

· Chapter 10: Exploiting Remote Access Communications

page 258:
page 259:
page 260:
page 261:
page 262:

root@kali:~# hydra -s 22 -v -V -L <file path/name> -P <file path/name> -t 8 <Target IP><protocol>

page 267:
page 271:
page 274:
page 275:
page 278:
page 283:

· Chapter 11: Client-side Exploitation

page 286:
page 289:
page 292:
page 299:

· Appendix

page 316:
page 325: