Environment Kali Linux Pdf Books


Sunday, January 13, 2019

But what you really want is to learn the penetration testing tools bundled in Kali Linux. 1. Get to grips with ethical hacking with. This book is a complete unofficial documentation of all the tools in Kali Linux. The author(s) are not held liable for any mistakes done by the. Daniel has assisted with numerous security training classes and technical training books mainly based on Backtrack and Kali Linux. Daniel W. Dieterle.

Language:English, Spanish, Japanese
Genre:Business & Career
Published (Last):07.03.2016
ePub File Size:26.40 MB
PDF File Size:8.68 MB
Distribution:Free* [*Regsitration Required]
Uploaded by: KINA

Download the new Kali Linux Revealed book for FREE and prepare for your KLCP certification! Learn to use Kali Linux like a pro, and prove it as well!. Some sections of this book borrow content from the “Debian Administrator's Handbook, For the purpose of the CC-BY-SA license, Kali Linux Revealed is an. PDF Drive is your search engine for PDF files. As of today we have 78,, eBooks for you to download for free. No annoying ads, no download limits, enjoy .

Preview the PDF. It is never too late to start learning and it would be a shame to miss an opportunity to learn a tutorial or course that can be so useful as Kali Linux especially when it is free! You do not have to register for expensive classes and travel from one part of town to another to take classes. All you need to do is download the course and open the PDF file. This specific program is classified in the Unix-Linux OS category where you can find some other similar courses.

Now obviously this will stick out like a sore thumb to anyone analyzing the logs. But if there are events you want removed, you can clear the log. This is the process ID number that our shell is using. If we go further down the list, looking for our pid number of we see this: It also shows that we are running under a powershell.

We can move our shell off of this PID to a process that has higher level access. Migrating also allows us to merge and hide our shell into another more common process, in essence hiding our connection.

Download the free Kali Linux Book

I thought this was completely ridiculous as you have been able to do this with Metasploit for years. This will remotely display the webcam from the target system. The only hint you get on the target machine that something is wrong is that your webcam recording light if yours has one comes on. Other than that, you cannot tell that someone is remotely viewing your webcam. The webcam screenshot above is an actual image I got one day of my cat.

If we open the file we see this: You can then open the saved file on your Kali system to listen to it: Running Scripts The last topic we will cover in this section is running scripts. Meterpreter has over scripts that you can run to further expand your exploitation toolset.

We actually have already touched on these. We will take a moment and cover a couple more of them. Here are a couple of the more interesting ones: Sometimes when you get a remote shell you are not sure if you are in a Virtual Machine or a standalone computer. You can check with this command. As you can see it correctly determined that our target was a VMware VM. The user is added to both the remote desktop user group and the administrators group.

This makes it handy if you want to connect back to the machine at a later date. Then just run the program again and give it a username and password to use: This is a bit more secure as you are not sending clear text passwords over the wire. Once we login we will get a graphical Windows desktop on our Kali machine: Take some time and check them out.

This is extremely easy once we have a Meterpreter session. We can now run any DOS command that we want. This could be very handy, as deleted files could contain information of interest for both the forensics and pentesting realm.

I then deleted the files: Using the Module The module requires that you have an open session to the target that you want to check. As you can see in the screenshot above, there are a couple settings that need to be set. Then just run the exploit: The exploit ran and found four files that it could recover, the two that we deleted and two other ones. Now, say we only wanted to recover the txt files. If we surf to that directory we can find and open the text files that were saved: And view the file: And there we go, looks like there are 3 user accounts, including passwords, which we were able to recover from the remote machine!

But what if we wanted to recover pdf files? As last time the recovered files were stored in the loot directory. We can open the PDF to verify that it worked: You can also set the module to recover multiple file types at once by simply listing what you want in the FILES variable and separate them with a comma. Lastly, the files can also be recovered by the ID number not shown. Recovery File Module Wrap-Up The module seems to work really well on data drives, but not so well on drives where there are a lot of files to recover, like on the main drive of a single drive system.

I ran this on a Windows 7 boot drive on a VM that I have used a lot and it literally took hours to run. Here is a network packet capture of the module running against a drive with a lot of deleted files: But then again, how many people actually record and analyze their data traffic? It was lightning fast and worked very well. Though we covered some of the basics of getting around and using the shell, we only touched on a fraction of its capabilities.

Hopefully you can see why getting a Meterpreter shell gives you a whole lot more functionality than just getting a straight remote access shell.

Grabbing video and sound may seem to be a bit theatrical, but social engineers could use information they glean. Sound is interesting too. A social engineer could learn a lot about the target facility by being able to have a live microphone inside the building.

But we can also use Meterpreter to bypass Windows UAC protection and automate pulling user password hashes and even plain text password. We will talk about all of these features in upcoming chapters. When a hacker attacks a target one of the normal stages they perform is information gathering.

They want to learn as much about your network, their target, as they can, to make their lives easier. Maltego is a very popular tool one that is covered quite a bit in security books and training seminars. As it already has a lot of coverage, I figured we would look at some of the other tools included in Kali. In this chapter we will look at one of the newer tools, Recon-NG and a couple other tools that come with Kali. Recon-NG The Recon-NG Framework is a powerful tool that allows you to perform automated information gathering and network reconnaissance.

Think of it as Metasploit for information collection. Recon-NG automates a lot of the steps that are taken in the initial process of a penetration test.

It has numerous features that allow you to collect user information for social engineering attacks, and network information for network mapping and much more. You can automatically hit numerous websites to gather passive information on your target and even actively probe the target itself for data. Anyone who is familiar with Metasploit will feel right at home as the interface was made to have the same look and feel.

The command use and functions are very similar. Basically you can use Recon- NG to gather info on your target, and then attack it with Metasploit. Some of the modules are passive; they never touch the target network. While some directly probe and can even attack the system you are interested in. One tactic used to passively probe network structure is to use the Google search engine to enumerate site sub-domains.

Then remove sub-domains -inurl that you find , so other subdomains will appear. This can take a while to do by hand and can require a lot of typing if the target has a large number of sub-domains. Recon-NG will do this for you automatically and record what it finds in a database.

This one only requires the target domain. You will then see a screen like the simulated one below: Within seconds, several of the sub-domains are listed. All the data collected by Recon-NG is placed in a database. You can create a report to view the data collected. Simply use one of the report modules to automatically create a nice report of the data that you have obtained. Recon-NG Wrap up Sub-domain enumeration is only one module you can run, there are many others to choose from.

Using these you can get specific information from the corresponding sites about your targets. For example you can search Twitter for tweets from your target or even check Shodan for open systems. I have just briefly touched on some of the capabilities of Recon-NG. It is really an impressive tool that is well worth checking into. Dmitry Dmitry is a nice little tool for quickly finding out information about a site.

Top 10 Best eBooks To Learn Kali Linux From Beginning (PDF )

Just run Dmitry from the menu or command line. Netdiscover Netdiscover is another neat tool included in Kali. It too can be run from the command prompt or from the menu system.

Netdiscover scans a network looking for devices and then displays them: Zenmap Zenmap is basically a graphical version of the ever popular nmap command. If you are not familiar with nmap, then Zenmap is a great place to start.

Like the previous commands, Zenmap can be started from the menu or command line.

Kali Linux Books

Once started, you will see the following screen: Just fill in the target IP address and choose what type of scan you want to perform from the Profile drop down box. Zenmap will show you what the resulting nmap command switches are in the command box. As you can see above the nmap command status shows up in the Nmap Output window. Conclusion In this chapter we looked at the multi-faceted tool Recon-NG. We saw how it was created to mimic Metasploit so users who are familiar with it could pick up Recon-NG fairly quickly.

We also covered a couple other tools used in Host identification, reconnaissance and information gathering. Shodan allows you to find computers on the web by searching for them by keyword. For example, you can search for all the Microsoft IIS 7.

The trick to using Shodan effectively is to know the right keywords. But once you know these magic keys, in seconds you can search the world for these devices. Or by using filter commands you can refine your search to certain devices and areas. It can also allow them to find possible rogue or unauthorized devices that have been added to the company network. In this section we will briefly discuss why scanning your network space with Shodan is a good idea.

We will then look at how we can do these searches from the web interface, Shodanhq. Why scan your network with Shodan? There are a large number of seemingly important systems that should never be publicly viewable on the Internet. All can be found easily with just a couple keyword searches.

But that is not all. Sadly, in this new high tech world, computer systems are not the only things that can be found online.

Sure you can find large industrial HVAC environmental and building temperature controls completely open and unsecured. But you can also find other non-common devices like aquariums with an online control interface and unbelievably, even remote controlled doors: Often the online device has security, but it comes with it turned off from the manufacturer, and all the user needs to do is turn it on or assign a password.

And many times when a password is used, it is left to the factory default password easily found or a simple password easily cracked. The company owner may not have even been the one directly to put one of these devices online.

There have been a couple reports of internet enabled building controls from major companies found online over the years. The building contractor, obviously not understanding internet security, left them completely open or with default credentials. Searching for open systems using Shodan has become very popular.

And once interesting systems are found on Shodan, the keyword searches are usually shared amongst friends or publicly posted on the internet. Granted many are just surfing Shodan to grab screenshots of ridiculous things that people put on the web, but it is also a tool that those with nefarious purposes could also use.

Shodan Website To use Shodan, simply point your web browser to Shodanhq. Then all you need to do is enter your keyword to use and click, search just as you would on any search engine.

Shodan returns links to about two million Cisco routers worldwide. You can click on any IP address to surf directly to the device found. On the left side of the screen, Shodan also shows you how many of the total devices are from a certain country or location. You can click on any of them to zero in your search, or you could use keyword filters directly in the search to fine tune the results.

Filter Guide Using Filter commands you can quickly narrow down your searches to very specific things. You could enter something like the line below: This quickly and easily sorts through the millions of servers out there and returns the ones that match the query. Here is a sample search return: Server title information. You can search for other servers that contain the identical title text by putting the information into the title command.

Designates the server country location, again search-able by using the country command. The hostname search term can be used to search for servers by domain names. Body text area. Any text entered into Shodan without a filter will be assumed to be a body text search and will look for servers that have the requested information in the body text area. To use these commands or to get more than one page of results, you need to sign up for a free Shodan Account.

US city: Memphis Better yet, combine the two if the city you are looking for is located in more than one country. You can scan the entire Internet or your entire domain looking for title keywords.

For instance if you wanted to find all the servers running Apache server version 2. Just use a minus sign and the HTML error code: Boston Or you could do a quick security scan of your domain for old systems that need to be updated. FR Title searches work great too.

If cameras were not allowed on your network you could quickly check for that. Say you were creating a network map and wanted to search for Linux servers located near Damascus, Syria: Other search terms you can use include: Search by port number. Search by Operating System. Search for servers using dates. Shodan Searches with Metasploit Shodan search capabilities have been added to the Metasploit Framework.

You just need to sign up from a free Shodan user account and get an API key from their website. Using an API key allows you to automate Shodan searches. To find systems with Metasploit, you simply use it like any other exploit: Create a free account on Shodanhq.

Obtain an API key - http: Now set the Query field with the keyword you want to search for: After a few seconds, you will receive some statistics on your search keyword: And then you will see actual returns: If you want to use filter keywords, or get more than one page of responses, you will have to purchase an unlocked API key. Conclusion In this section we learned about the computer search engine Shodan. We learned that there are thousands if not millions of unsecured or under secured systems that can be found quickly and easily on Shodan.

We then learned how to search Shodan using keywords and filters, and finally we learned how to search Shodan from within Kali using Metasploit. It is critical that companies know what systems that they have publicly available on the web. Shodan is a quick and easy way to find these devices.

I highly recommend security teams and even small business and home owners scan their systems to see what systems they have publicly available on the web. Metasploitable 2 is a purposefully vulnerable Linux distribution. What this means is that it has known bugs and vulnerabilities built in on purpose.

It is a training platform made to be used with Metasploit to practice and hone your computer security skills in a legal environment. The resources above cover a lot of information on installing and using Metasploitable 2 so I will not spend a lot of time on this topic. But we will go through a couple of the exploits using Kali just to see how things work.

Just download the file, unzip it and open it with VMWare Player. A link to the video can found in the Resources section above. Once Metasploitable boots up you will come to the main login screen: To login, enter the name and password shown on the menu: And they put it right on the login screen!

Logging in is pretty anti-climactic. You basically just end up at a text based terminal prompt: But we are not here to use the system from the keyboard; the goal is to try to get into the system remotely from our Kali system. If we can determine open ports and service program versions, then we may be able to exploit a vulnerability in the service and compromise the machine. The first thing to do is to run an nmap scan and see what services are installed.

This will show us the open ports and try to enumerate what services are running: In a few minutes you will see a screen that looks like this: For each port, we see the port number, service type and even an attempt at the service software version. We see several of the normal ports are open in the image above. Usually in tutorials they cover going after the main port services first. But I recommend looking at services sitting at higher ports. What is more likely to be patched and up to date, common core services or a secondary service that was installed and one time and possibly forgotten about?

Our next step is to do a search for vulnerabilities for that software release. But why use Google when we can search with Metasploit? Running this search returns: An Unreal 3. This is great news, as the exploits are ranked according to the probability of success and stability. If you remember from our introduction to Metasploit, there are several steps to exploiting a vulnerability: Doing so we find the following: This backdoor was present in the Unreal3.

All that is needed is the remote host address: Unfortunately they are all command shells. A Meterpreter shell would be better than a command shell, and give us more options, but for now we will just use the generic reverse shell. This will drop us right into a terminal shell with the target when the exploit is finished.

Now, just type: Notice it says that a session is opened, but then it just gives you a blinking cursor. You are actually sitting in a terminal shell with the target machine! The Root user is the highest level user that you can be on a Linux machine. It worked! All the standard Linux commands work with our shell that we have. For instance we can display the password file: We would have to crack the password file to get the actual passwords; we will take a look at this in the Password Attacks Chapter.

Conclusion In this chapter we learned how to use nmap to find open ports on a test target system. We also learned how to find out what services are running on those ports. We then found out how to find and use an exploit against a vulnerable service. Next we will take a quick look at some of the scanners built into Metasploit that helps us find and exploit specific services.

Chapter 8 — Metasploitable - Part Two: Scanners Introduction In the last chapter we looked at scanning the system with Nmap to look for open ports and services. This time we will take a look at some of the built in auxiliary scanners that come with Metasploit. Running our nmap scan produced a huge amount of open ports for us to pick and choose from.

These scanners let us search and recover service information from a single computer or an entire network! For this tutorial we again will be using our Kali system as the testing platform and the purposefully vulnerable Metasploitable 2 virtual machine as our target system.

For this tutorial we will narrow our attention on the common ports that we found open. As a refresher here are the results from the nmap scan performed in the last chapter: Go ahead and search Metasploit for ssh scanners: Notice that several are available. We see that our target is indeed running an SSH server and we see the software version: Notice the command we set for the remote host is plural, RHOSTS, we can put in a whole range of systems here enabling us to scan an entire network quickly and easily to find ssh servers.

I will leave this exercise up to you. Using Additional Scanners Some scanners return different information than others. The scan reveals that MySQL 5.

But others can reveal some more interesting information. If we use a username and password, it will try to log in to the service. Notice that this is unlike the others we have covered so far; on the Metasploitable machine it does not return a version number, it performs a banner grab.

But sometimes you can find some very interesting information by using it. Now, when we type exploit we see this: Just looks like a bunch of text with no hint as to what level of software is running. But if we look closer, we can see something else: Are you kidding me? And we are in! If we run the ID command, we can see that this user which is the main user is a member of multiple groups: We might be able to use this information to exploit further services.

Sounds kind of unbelievable that a company would include legit login credentials on a service login page, but believe it or not, it happens in real life more than you would believe. Scanning a Range of Addresses What is interesting too is that with these scanner programs we have different options that we can set. But what if we wanted to scan the entire network for systems that are running Samba? Instead of just scanning a single host, you can scan all clients on the Notice now it scanned all hosts on the network and found the Samba running on our Metasploitable 2 machine at This makes things much easier if you are just scanning for certain services running on a network.

I set the threads command too. If you are scanning a local LAN, you can bump this up to to make it go faster, or up to 50 if testing a remote network. This will give us a little more practice in running exploits and get us used to finding and exploiting vulnerable services. So, all we need to do is just use the exploit, set the RHOST value to our target Metasploitable system and run the exploit: Conclusion In this section we learned how to use some of the built in scanners to quickly scan for specific services.

Some professional pentesters no longer rely on nmap as the main tool in finding services. Many go for a quick kill by looking for specific vulnerabilities commonly available before turning to nmap. Scanning for specific services that have a tendency to be vulnerable can be a quick way into a network. We looked at several of the core service scanners and learned how they function. Shockingly, we were able to obtain clear text passwords from the telnet service. Once we get a set of credentials, we could use the auxiliary scanners in Metasploit to further exploit the network.

Just plug those credentials into one of the scanners and sweep the entire network to see what other systems that they would work on. It would be a good idea for you to take some time and look through them to see what they can do.

Many people think that if they are running an Anti-Virus and a firewall, that they are generally safe from hacker attacks. But the truth is far from that. One part of penetration testing is getting past that pesky anti-virus.

Veil is one way that we can accomplish this. Many Anti-Virus programs work by pattern or signature matching. If a program looks like malware that it has been programed to look for , it catches it.

If the malicious file has a signature that AV has not seen before, many will dutifully say that the file is clean and not a threat. If you can change or mask the signature of malware, or a remote shell in this case, then most likely AV will allow it to run and the attacker gets a remote connection to the system. Veil, a new payload generator created by security expert and Blackhat USA class instructor Chris Truncer, does just that.

It takes a standard Metasploit payload and through a Metasploit like program allows you to create multiple payloads that most likely will bypass anti-virus. And this will bring you to the main menu: This will select the payload and present us with the following screen: We will just choose the default, msfvenom.

This means that their computer will connect back to us. Next Veil will ask for the IP address of the host machine that you are using. Enter the IP address of your Kali machine and press enter. Then enter the Local port that you will be using. I chose to use port And that is it! Veil will then generate our shellcode with the options that we chose. Now we need to give our created file a name.

If you know they like cute puppies, then our chosen file name is perfect. Whatever you think would be the best. Veil now has all that it needs and creates our booby-trapped file. Just take the created.

When it is run, it will try to connect out to our machine. We will now need to start a handler listener to accept the connection. Getting a Remote Shell To create the remote handler, we will be using Metasploit. Start the Metasploit Framework from the menu or terminal mfsconsole. Be sure to put in the IP address for your machine and the port that you entered into Veil. They must match exactly. Metasploit will then start the handler and wait for a connection: Now we just need the victim to run the file that we sent them.

On the Windows 7 machine, if the file is executed, we will see this on our Kali system: A reverse shell session! Conclusion This should help prove that you cannot trust in your Firewall and Anti-Virus alone to protect you from online threats.

Unfortunately many times your network security depends on your users and what they allow to run. Instruct your users to never run any programs or open any files that they get in an unsolicited e-mail. Blocking certain file types from entering or leaving your network is also a good idea.

And finally, using a Network Security Monitoring system will help track down what happened and what was compromised if the worst does happen. User Access Control UAC seemed to be a nuisance in the previous Windows version, and many companies just turned it off. Well UAC works very well in Windows 7, and using it on even the lowest security setting prevents many attacks that worked in Windows XP.

But there is a UAC bypass module in Meterpreter that will allow us to bypass this restriction and get system level, if the user account we compromise is an administrator. In this section we will learn how to escalate our privileges from an administrator level user to system level by bypassing UAC and creating a new session.

UAC Bypass In this tutorial we will start with an active Meterpreter session with a Windows 7 system and a user that has administrator level rights. First we want to background the session. Now we need to use the bypassuac exploit: Go ahead and set it to our active session, session one in this case, by using the set command: Excellent, you can see that the user was in fact a member of the administrators group, the UAC Bypass worked, and a new session is created.

The first part of the hashdump display above shows the three regular system users: Alice, Bob and George and displays their logon password hint that they set when they created their password. And the final part shows the actual hashes from the system: Using the hashes to access a system or other systems on the network is covered in the Password Attack Chapter.

Conclusion In this short section we saw how to escalate a user that has Administrator privileges to the super user System level account. We were able to do this by running a Meterpreter module that allowed us to bypass the windows User Access Control security feature. Once we have system level access we can do anything that we want to do. We demonstrated this by dumping the password hashes from the security database. The UAC bypass was possible because the user account we had access to was an administrator level account.

It is imperative that users always be given a non-administrator level account. The security repercussions to exceptions to this rule should be seriously considered. Chapter 11 - Packet Captures and Man-in-the- Middle Attacks Introduction Another technique that may be advantageous to us is to monitor or capture network traffic on a remote machine.

Think of it like a wiretap. As a wiretap records everything a person says on their telephone, a packet capture records everything your computer says on the network wire. This could include account names, passwords, etc. In this section we will look at viewing network packets using two very different processes. For the first one we will use a Man-in-the-Middle attack on a system on a local network involving the commands arpspoof, urlsniff and Driftnet.

Using these commands we can view what website a target is on and display every graphic that the target is viewing. Secondly, we will cover running a packet capture on a remote machine through a Metasploit session.

We will then view the captured information for artifacts in Wireshark and Xplico. In both cases we will use a Windows 7 computer as the target system. A MitM attack in essence places our Kali system in between the target and the router.

Kali Linux is a set of tools which are dedicated to carrying out numerous information security tasks which include penetration testing, computer testing, security research, and reverse engineering. It is an advanced penetration testing and security auditing software. It provides with more than penetration testing tools which you can use. Also, it is totally free of cost and an open source Git tree. Kali Linux is very popular among hackers due to the amazing tools which it provides.

But, to use these tools, you first need to know these tools and what they can do for you. And hence, to master the skill of hacking and penetration, you need to learn everything about Kali Linux. As a beginner, it is quite difficult to remember everything at once.

Thus, we are going to tell you about the best books which will provide you with the basic as well as advanced programming knowledge. Also Read: Using kali does not make you a hacker. Too many people think so and are completely out of their depth, being unable to do basic tasks in some cases. Kali Linux is designed for digital forensics and penetration testing. Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer.

The language used in this book can easily be understood and followed. As the name suggests, this book is for those who aspire to master kali Linux. This book covers everything right from the basics to the advanced version. You will find commonly used security testing methods at the start followed by exploitation and post-exploitation methods in the middle and you will also learn to bypass physical security, social engineering, web services and attacking network direct end user.

This is one of the best books which you can have for learning testing the security. This specific program is classified in the Unix-Linux OS category where you can find some other similar courses.

Thanks to people like you? Who share their knowledge, you can discover the extent of our being selected to easily learn without spending a fortune! Kali Linux. But also many other tutorials are accessible just as easily! Computer PDF guide you and allow you to save on your studies.

You should come see our Unix-Linux OS documents. You will find your happiness without trouble! The latest news and especially the best tutorials on your favorite topics, that is why Computer PDF is number 1 for courses and tutorials for download in pdf files - Kali Linux. Download other tutorials for advice on Kali Linux.

MICHEAL from Wisconsin
Also read my other articles. I am highly influenced by fox hunting. I am fond of studying docunments heavily .