Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
Mastering Kali Linux for Advanced Penetration Testing, Second Edition

Mastering Kali Linux for Advanced Penetration Testing, Second Edition: Secure your network with Kali Linux – the ultimate white hat hackers' toolkit , Second Edition

Arrow left icon
Profile Icon Vijay Kumar Velu
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (11 Ratings)
Paperback Jun 2017 510 pages 2nd Edition
eBook
Can$38.99 Can$55.99
Paperback
Can$69.99
Subscription
Free Trial
Arrow left icon
Profile Icon Vijay Kumar Velu
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (11 Ratings)
Paperback Jun 2017 510 pages 2nd Edition
eBook
Can$38.99 Can$55.99
Paperback
Can$69.99
Subscription
Free Trial
eBook
Can$38.99 Can$55.99
Paperback
Can$69.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Mastering Kali Linux for Advanced Penetration Testing, Second Edition

Open Source Intelligence and Passive Reconnaissance

"If something is not meant to be on the internet, probably it shouldn't be there in the first place."

Information gathering is the way to gather all the relevant information from publicly available sources, and is often referred as Open Source Intelligence (OSINT). Passive reconnaissance through OSINT occurs during the first step of the kill chain when conducting a penetration test or an attack against a network or server target. An attacker will typically dedicate up to 75% of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation.

There are two types of reconnaissance: passive reconnaissance (direct and indirect) and active reconnaissance.

Generally, passive...

Basic principles of reconnaissance

Reconnaissance, or recon, is the first step of the kill chain when conducting a penetration test or attack against a data target. This is conducted before the actual test or attack of a target network. The findings will point to where additional reconnaissance may be required, or the vulnerabilities to attack during the exploitation phase.

Reconnaissance activities are segmented on a gradient of interactivity with the target network or device.

Passive reconnaissance does not involve any malicious direct interaction with the target network. The attacker's source IP address and activities are not logged (for example, a Google search for the target's email addresses). It is difficult, if not impossible, for the target to differentiate passive reconnaissance from normal business activities. Here's some more information:

  • Passive reconnaissance...

Google Hacking Database

Lately, Google is the way people keep themselves updated. Google it are the common words utilized to search anything that is unknown or to gather information about the topic in question. In this section, we will narrow down on how penetration testers can utilize Google through dorks.

Using dork script to query Google

The first step for testers to understand Google Hacking Database is to understand all the advanced Google operators, just as the machine-level programming engineers must understand computer OP codes. These Google operators are part of the Google query; the syntax of searching is as follows:

Operator:itemthatyouwanttosearch

There is no space between the operation, the colon, and itemsthatyouwanttosearch...

Creating custom word lists for cracking passwords

There are multiple tools that are readily available in Kali Linux to create custom word lists for cracking passwords offline. We will now take a look at a couple of them in this chapter.

Using CeWL to map a website

CeWL is a Ruby app that spiders a given URL to a specified depth, optionally following external links, and returns a list of words, which can then be used for password crackers, such as John the Ripper.

The following screenshot provides the custom list of words generated from the https://www.google.com index page:

Extracting words from Twitter using Twofi

...

Summary

The first real step in the attack process or kill chain is to conduct reconnaissance to identify the target with the use of OSINT. Passive reconnaissance provides a complete attacker's view of a company. This is a stealthy assessment – the IP address and the activities of the attacker are almost indistinguishable from normal access. Nevertheless, this information can be critical when conducting social engineering attacks or facilitating other attack types. We have now built our own custom script to save time and perform passive reconnaissance using OSINT.

In the next chapter, we will assess the types of reconnaissance that are active and also make use of OSINT results. Although active reconnaissance techniques produce more information, there is an increased risk of detection. Therefore, the emphasis will be on advanced stealth techniques.

...
Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Employ advanced pentesting techniques with Kali Linux to build highly-secured systems
  • Get to grips with various stealth techniques to remain undetected and defeat the latest defenses and follow proven approaches
  • Select and configure the most effective tools from Kali Linux to test network security and prepare your business against malicious threats and save costs

Description

This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers. We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media. You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing

Who is this book for?

Penetration Testers, IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you.Some prior exposure to basics of penetration testing/ethical hacking would be helpful in making the most out of this title.

What you will learn

  • Select and configure the most effective tools from Kali Linux to test network security
  • Employ stealth to avoid detection in the network being tested
  • Recognize when stealth attacks are being used against your network
  • Exploit networks and data systems using wired and wireless networks as well as web services
  • Identify and download valuable data from target systems
  • Maintain access to compromised systems
  • Use social engineering to compromise the weakest part of the network—the end users

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 30, 2017
Length: 510 pages
Edition : 2nd
Language : English
ISBN-13 : 9781787120235
Vendor :
Offensive Security
Category :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 30, 2017
Length: 510 pages
Edition : 2nd
Language : English
ISBN-13 : 9781787120235
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total Can$ 209.97
Kali Linux Network Scanning Cookbook
Can$69.99
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
Can$69.99
Mastering Kali Linux for Web Penetration Testing
Can$69.99
Total Can$ 209.97 Stars icon
Banner background image

Table of Contents

14 Chapters
Goal-Based Penetration Testing Chevron down icon Chevron up icon
Open Source Intelligence and Passive Reconnaissance Chevron down icon Chevron up icon
Active Reconnaissance of External and Internal Networks Chevron down icon Chevron up icon
Vulnerability Assessment Chevron down icon Chevron up icon
Physical Security and Social Engineering Chevron down icon Chevron up icon
Wireless Attacks Chevron down icon Chevron up icon
Reconnaissance and Exploitation of Web-Based Applications Chevron down icon Chevron up icon
Attacking Remote Access Chevron down icon Chevron up icon
Client-Side Exploitation Chevron down icon Chevron up icon
Bypassing Security Controls Chevron down icon Chevron up icon
Exploitation Chevron down icon Chevron up icon
Action on the Objective Chevron down icon Chevron up icon
Privilege Escalation Chevron down icon Chevron up icon
Command and Control Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(11 Ratings)
5 star 81.8%
4 star 0%
3 star 0%
2 star 9.1%
1 star 9.1%
Filter icon Filter
Top Reviews

Filter reviews by




David - Dec 11, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Good book with clear explanation and example
Amazon Verified review Amazon
Sandesh More Jan 14, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great content... Excellent book
Amazon Verified review Amazon
Rob J Vargas Dec 28, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The manual has been easy to read and easy to follow. Seems extensive so far. This distro is updating almost constantly, but for the basics, a great manual.
Amazon Verified review Amazon
Dr Thangpa Serto Jan 08, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
fantabulous!!
Amazon Verified review Amazon
Amazon Customer Dec 19, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Quality book, easy to read and informative, got it as a reference/field manual for OSCP; great addition to any pentesters book shelf!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.