Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Kali Linux 2:  Windows Penetration Testing
Kali Linux 2:  Windows Penetration Testing

Kali Linux 2: Windows Penetration Testing: Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers

eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Kali Linux 2: Windows Penetration Testing

Chapter 2. Information Gathering and Vulnerability Assessment

There is a myth that all Windows systems are easy to exploit. This is not entirely true. Almost any Windows system can be hardened to the point that it takes too long to exploit its vulnerabilities. In this chapter, you will learn the following:

  • How to footprint your Windows network and discover the vulnerabilities before the bad guys do
  • Ways to investigate and map your Windows network to find the Windows systems that are susceptible to exploits

In some cases, this will be adding to your knowledge of the top 10 security tools, and in others, we will show you entirely new tools to handle this category of investigation.

Footprinting the network

You can't find your way without a good map. In this chapter, we are going to learn how to gather network information and assess the vulnerabilities on the network. In the Hacker world this is called Footprinting. This is the first step to any righteous hack. This is where you will save yourself time and massive headaches. Without Footprinting your targets, you are just shooting in the dark. The biggest tool in any good pen tester's toolbox is Mindset. You have to have the mind of a sniper. You learn your targets habits and its actions. You learn the traffic flows on the network where your target lives. You find the weaknesses in your target and then attack those weaknesses. Search and destroy!

In order to do good Footprinting, you have to use several tools that come with Kali. Each tool has it strong points and looks at the target from a different angle. The more views you have of your target, the better plan of attack you have. Footprinting will differ...

Where can you find instructions on this thing?

On a Linux box there are three places you can find more information about a command-line application:

  • The Help page: Almost all Unix and Linux applications have a help file that you can access by typing the application name and -h on the command line, for example, root@kali-01: ~# nmap -h.
  • The Man page: Here is a full manual for most modern command-line applications that you can access by typing man and the application name on the command line. For example, root@kali-01: ~# man rsync gets you a pretty good explanation of how to use Rsync, the secure and logged file transfer protocol. Man pages are of varying quality and many of them are actually written by rocket scientists, so a newbie may have to research how to read the manual page before it can be useful. The Nmap man page is clearly written with understandable examples to try out.
  • Info pages: For BASH shell built-ins, there is a group of info pages instead of man pages. To get at the info...

A return to OpenVAS

In Chapter 1, Sharpening the Saw we set up OpenVAS for vulnerability scanning. Nmap does a great job of reporting ports and services but lacks the ability to scan for vulnerabilities. OpenVAS will find the vulnerabilities and produce a report of the systems. OpenVAS updates their vulnerability list weekly so it is best to update OpenVAS before running a scan. To do this on Kali, run the following commands from the terminal window:

root@kalibook : ~ #  OpenVAS-nvt-sync

This will run the vulnerability updates for OpenVAS. The first time you run it you will see the information in the following screenshot asking to migrate to using Rsync to update the vulnerabilities. Enter y and hit the Enter key. The update will start. The first time this is run, it will take quite a while, because it has to give you the entire list of plugins and tests available. In subsequent runs of the update command, it only adds the new or changed data, and is far faster:

A return to OpenVAS

Update command

You will also...

Using Maltego

Maltego is an information gathering tool that has many uses besides gathering network information. You can also gather information on people and companies from various sources. For now, we will use it to gather network information about a public network.

The first time you start Maltego, you will need to do some setting up and also register at their website in order to log in to the Transform servers. It's easy, free, and spam-free, so giving them your e-mail address won't be a problem. Once you have registered, you will be asked to pick the level of search you want. In this example, we have picked a Level 1 search. Maltego then asks for the domain, as shown in the following screenshot. Add the domain name, and click on the Finish button. The Transform will run and retrieve the information:

Using Maltego

Retrieving the information

Choose the Maltego Public Servers checkbox instead of Local Transform Application Server (TAS):

Using Maltego

Choose your target domain. Here we have chosen the www...

Using Unicorn-Scan

Unicorn-Scan is another port scanning tool. It creates a chrooted environment (userland) to protect you from the possibly hostile network you are scanning. It can be used from the command line, or from a PostgreSQL-powered frontend. We will show you the command-line version here. The following chart is a concordance from Nmap users from the documentation on the Unicorn-Scan project website:

Using Unicorn-Scan

A basic connect scan to find all open ports in a range using Unicorn-Scan is unicornscan -i eth0 -Ir 160 -E 10.0.0.012/32:20-600. If we break this up into sections, the command is as follows:

  • i eth0: It defines the interface eth0 on the Kali machine
  • -Ir 160: Its has two options in a group
    • -I: It is telling Unicorn-Scan to print to screen immediately as open ports are found
    • -r 160: It is setting the scan rate to 160 ports per second (PPS)
  • -E 10.0.0.012/32:20-600: It is the target range
  • The Classless Inter-Domain Routing (CIDR) code shows a network mask of /32 bits, which means a single IP...

Footprinting the network


You can't find your way without a good map. In this chapter, we are going to learn how to gather network information and assess the vulnerabilities on the network. In the Hacker world this is called Footprinting. This is the first step to any righteous hack. This is where you will save yourself time and massive headaches. Without Footprinting your targets, you are just shooting in the dark. The biggest tool in any good pen tester's toolbox is Mindset. You have to have the mind of a sniper. You learn your targets habits and its actions. You learn the traffic flows on the network where your target lives. You find the weaknesses in your target and then attack those weaknesses. Search and destroy!

In order to do good Footprinting, you have to use several tools that come with Kali. Each tool has it strong points and looks at the target from a different angle. The more views you have of your target, the better plan of attack you have. Footprinting will differ depending...

Where can you find instructions on this thing?


On a Linux box there are three places you can find more information about a command-line application:

  • The Help page: Almost all Unix and Linux applications have a help file that you can access by typing the application name and -h on the command line, for example, root@kali-01: ~# nmap -h.

  • The Man page: Here is a full manual for most modern command-line applications that you can access by typing man and the application name on the command line. For example, root@kali-01: ~# man rsync gets you a pretty good explanation of how to use Rsync, the secure and logged file transfer protocol. Man pages are of varying quality and many of them are actually written by rocket scientists, so a newbie may have to research how to read the manual page before it can be useful. The Nmap man page is clearly written with understandable examples to try out.

  • Info pages: For BASH shell built-ins, there is a group of info pages instead of man pages. To get at the info...

A return to OpenVAS


In Chapter 1, Sharpening the Saw we set up OpenVAS for vulnerability scanning. Nmap does a great job of reporting ports and services but lacks the ability to scan for vulnerabilities. OpenVAS will find the vulnerabilities and produce a report of the systems. OpenVAS updates their vulnerability list weekly so it is best to update OpenVAS before running a scan. To do this on Kali, run the following commands from the terminal window:

root@kalibook : ~ #  OpenVAS-nvt-sync

This will run the vulnerability updates for OpenVAS. The first time you run it you will see the information in the following screenshot asking to migrate to using Rsync to update the vulnerabilities. Enter y and hit the Enter key. The update will start. The first time this is run, it will take quite a while, because it has to give you the entire list of plugins and tests available. In subsequent runs of the update command, it only adds the new or changed data, and is far faster:

Update command

You will also...

Left arrow icon Right arrow icon

Key benefits

  • Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux
  • Footprint, monitor, and audit your network and investigate any ongoing infestations
  • Customize Kali Linux with this professional guide so it becomes your pen testing toolkit

Description

Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS. This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important. Thus, you not only learn penetrating in the machine you also learn Windows privilege’s escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network.

Who is this book for?

If you are a working ethical hacker who is looking to expand the offensive skillset with a thorough understanding of Kali Linux, then this is the book for you. Prior knowledge about Linux operating systems and the BASH terminal emulator along with Windows desktop and command line would be highly beneficial.

What you will learn

  • Set up Kali Linux for pen testing
  • Map and enumerate your Windows network
  • Exploit several common Windows network vulnerabilities
  • Attack and defeat password schemes on Windows
  • Debug and reverse-engineer Windows programs
  • Recover lost files, investigate successful hacks and discover hidden data in innocent-looking files
  • Catch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is done

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 28, 2016
Length: 422 pages
Edition : 1st
Language : English
ISBN-13 : 9781782168508
Vendor :
Offensive Security
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jun 28, 2016
Length: 422 pages
Edition : 1st
Language : English
ISBN-13 : 9781782168508
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 124.97
Kali Linux 2:  Windows Penetration Testing
€41.99
Effective Python Penetration Testing
€32.99
Advanced Penetration Testing for Highly-Secured Environments, Second Edition
€49.99
Total 124.97 Stars icon
Banner background image

Table of Contents

11 Chapters
1. Sharpening the Saw Chevron down icon Chevron up icon
2. Information Gathering and Vulnerability Assessment Chevron down icon Chevron up icon
3. Exploitation Tools (Pwnage) Chevron down icon Chevron up icon
4. Web Application Exploitation Chevron down icon Chevron up icon
5. Sniffing and Spoofing Chevron down icon Chevron up icon
6. Password Attacks Chevron down icon Chevron up icon
7. Windows Privilege Escalation Chevron down icon Chevron up icon
8. Maintaining Remote Access Chevron down icon Chevron up icon
9. Reverse Engineering and Stress Testing Chevron down icon Chevron up icon
10. Forensics Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(5 Ratings)
5 star 80%
4 star 0%
3 star 0%
2 star 20%
1 star 0%
Lester Enzo Oct 16, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Hands down, whether you’re an experienced Penetration Tester or looking to find a foothold to jumpstart your career, this book is for you. I have twenty years of professional experience in Information Technology and Security with about a five year break from the technical side. I wanted a resource to rekindle lab work at home. Happy to say that this book has served as the sole resurrection of my passion and honing of my red team skills.Regardless of your skill set or experience, this publication provides a detailed step-by-step of how to install and use the various tools within the Kali Linux suite. Not familiar with Linux? Authors Wolf and Bo provide an overview of how to prepare bootable media and install the software. If you’re already there, skip ahead to the fun stuff. I highly recommend that you follow the recommendations within the book. These are tried and proven methods that teach how to successfully exploit vulnerabilities within the Windows environment, for research and blue team style purposes. Never attempt these techniques unless you’re authorized to perform these activities as part of your responsibilities or you have a controlled environment.In the end, this book not only teaches the practice of defeating security controls, it also teaches the principles of computer science. While there are many command line switches to have fun with, the authors also describe what they mean and why they’re relevant. This is important as it teaches the fundamentals of good, core security and not simply memorizing switches for known security tools. I highly recommend this book for any level of security professional. For me, I jumped around a bit, but in the end, it made me a much stronger security professional.
Amazon Verified review Amazon
Preben Heitmann Sep 02, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Awesome book
Amazon Verified review Amazon
J-Cat Oct 31, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book makes an excellent supplemental training guide and resource, especially, if you are studying for your CEH, LPT, GCIH or GPEN. There’s a lot of substance to it, to put it mildly. The authors do an excellent job of walking you through the technical (and sometimes the mental) processes behind each tool and the tasks you will use them for. The experience and knowledge shared is priceless and it has saved me a lot of time and aggravation. Definitely, a solid study towards perfecting the craft of pen-testing.
Amazon Verified review Amazon
Aaron A. Allen Aug 28, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have only read a small amount so far; however, I know that I like the writing style. The fact that they point out where to put in comments about things that may be incorrect as well as a place where previous reports were filed is a definite plus. It is a very readable book where I picked it up to read a few pages due to time constraints and ended up reading over 40.
Amazon Verified review Amazon
L. Lemos Dec 05, 2016
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
it's very generic. the title is deceiving, it does not focus on windows at all.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.