Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Kali Linux Intrusion and Exploitation Cookbook
Kali Linux Intrusion and Exploitation Cookbook

Kali Linux Intrusion and Exploitation Cookbook: Powerful recipes to detect vulnerabilities and perform security assessments

Arrow left icon
Profile Icon Ishan Girdhar Profile Icon Dhruv Shah
Arrow right icon
Can$61.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (6 Ratings)
Paperback Apr 2017 512 pages 1st Edition
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial
Arrow left icon
Profile Icon Ishan Girdhar Profile Icon Dhruv Shah
Arrow right icon
Can$61.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (6 Ratings)
Paperback Apr 2017 512 pages 1st Edition
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Intrusion and Exploitation Cookbook

Chapter 2. Network Information Gathering

In this chapter, we will cover the following recipes:

  • Discovering live servers over the network
  • Bypassing IDS/IPS/firewall
  • Discovering ports over the network
  • Using unicornscan for faster port scanning
  • Service fingerprinting
  • Determining the OS using nmap and xprobe2
  • Service enumeration
  • Open-source information gathering

Introduction


In this chapter, we will look at how to detect live servers and network devices over the network, and perform service fingerprinting and enumeration for information gathering. Gathering information is of the utmost importance for a successful vulnerability assessment and penetration test. Moving forward, we will run scanners to find vulnerabilities in the detected services. Along with that, we will write bash scripts so that we can speed up the process of discovery-enumerate-scan.

Discovering live servers over the network


In this recipe, we learn how to perform the  of live network devices/machines over the network, using two methods: Passive information gathering and active information gathering.

We will examine the network traffic of our as a part of our passive information gathering, followed by information gathering, in which we will send packets over the network to detect active machines and services running on them.

Getting ready

In order to begin with this recipe, will be using a simple ARP sniffing/scanning tool called netdiscover. It is a net-discovery tool which can be used for active/passive ARP reconnaissance.

How to do it...

Let's start with passive reconnaissance:

  1. To start netdiscover, ensure that you are connected via Wi-Fi with a valid IP address. Open the terminal and enter the following command for passive reconnaissance:
netdiscover - p

The output will be as shown in the following screenshot:

  1. To perform an active scan over the network to discover...

Bypassing IDS/IPS/firewall


In this recipe, we will at a few the switches by nmap that can be used to bypass IDS/IPS/firewalls. Many a time, when we are performing a scan, we come across a firewall. In case the firewall is not configured correctly, we will be able to execute the following firewall-evasion commands of nmap.

Getting ready

We will nmap for this activity. Let's with the we have detected to run a few evasion switches.

How to do it...

For this recipe, we will perform the following steps:

  1. We will use the fragment packet switch to perform the discovery:

Fragment packet switch splits up the TCP header over several packets to make it harder for packet filters, intrusion detection systems, and other annoyances to detect an ongoing active scan. There could be occurrences where this could fail as some programs might not be able to handle tiny packets. For a more detailed understanding visit https://nmap.org/book/man-bypass-firewalls-ids.html.

We will enter the following command:

nmap...

Discovering ports over the network


In this recipe, we will use the list of active IPs we and saved in the file to perform information gathering, the purpose will be to scan them for open ports on those IPs. We will be using nmap and its features to discover open ports.

Getting ready

We will use the nmap tool to detect open ports on the IP. Let's start with the process of detecting the open ports over a specific IP.

How to do it...

For this recipe, you will to perform the steps:

  1. We will run nmap by typing the following command in terminal:
nmap <ip address>

The output will be as shown in the following screenshot:

  1. We can even check what the tool is doing by using the verbose switch, by entering the following command in Terminal:
nmap -v <IP address>

The will be as shown in the screenshot:

  1. By default, it scans only 1,000 well-known sets of ports. If we are interested in setting the scan preference to the top 100 ports, we can run the following command in terminal:
nmap --top...

Using unicornscan for faster port scanning


Unicornscan is another that works very fast, the core reason being the methodology the tool implements. It works with the technique of asynchronous stateless TCP scanning, wherein it makes all possible variations with the TCP flags and the UDP as well. In this recipe, we are going to look at how to make use of unicornscan and its advanced capabilities.

Getting ready

In order to get with unicornscan, we will take an IP from our range of IPs and dig deeper into the tool's capabilities.

How to do it...

Let's work through the following steps:

  1. Open terminal and type the following command for a simple unicornscan:
unicornscan <IP address>

The output will be as shown in the following screenshot:

  1. If you would like to see the details of what it is doing while we execute the command, we can make use of the verbose script by using the following command:
unicornscan -v <IP address>

The will be as shown in the following screenshot:

We can see that...

Service fingerprinting


In this recipe, we will look at how to analyze the open port to determine what kind of service(s) are running on the open port(s). This will help us understand if the target IP is running any vulnerable software. That is why fingerprinting is a necessary and a very important step.

Getting ready

We will use nmap to fingerprint the services of the target IP. Nmap is a multi-functional tool that performs jobs ranging from host discovery to vulnerability assessment; service fingerprinting is also a part of it.

How to do it...

The steps are as follows:

  1. Using nmap, run the following command in terminal to achieve the service enumeration result:
nmap -sV <IP address>

The will be as shown in the following screenshot:

  1. We can even enumerate the UDP services running on the target IP, by using the UDP scan switch along with the service-detection switch:
Nmap -sU -sV <IP address>

The output will be as shown in the following screenshot:

  1. We can speed up the scan using...

Determining the OS using nmap and xprobe2


In this recipe, we will be using tools to what kind of system the target IP is running on. Mapping a target IP with a operating system is necessary to help shortlist and verify vulnerabilities.

Getting ready

In this recipe, we will use the tool to determine the operating system. All we require is an IP address against which we will run the OS enumeration scan. Others tools that can be used are hping and xprobe2.

How to do it...

Let begin by the system:

  1. Open and type the following:
nmap -O <IP address>

The output will be as shown in the following screenshot:

We can use advanced operators to help us find out the operating system in a more aggressive manner. Type the following command in terminal:

nmap O --osscan-guess <IP address>

The will as in the screenshot:

This shows that using additional parameters of the operating system detection in nmap, we can get a probable idea of the best fit.

  1. Xprobe2 uses a different to nmap...

Service enumeration


Once the services have been fingerprinted, we can enumeration. There can be many different sources used to achieve the goal of this recipe. In this recipe, we will look at how to service-discovery scans using various tools, for the following:

  • SMB scan
  • SNMP scan
  • Using the NSE (nmap scripting engine) engine

Nbtscan is a in Kali that enumerates for the NetBIOS name of the target IP. It can be used as the early part of SMB enumeration. It basically requests a status query of the NetBIOS name in a human-readable format.

Getting ready

In this recipe, we will be using tools to enumerate all the mentioned above.

How to do it...

For this recipe, the steps are as follows:

  1. To enumerate the NetBIOS name, we will run the following command in terminal:
nbtscan <IP address>

The output will be as shown in the following screenshot:

  1. You can run the NetBIOS enumeration over a class range as well, using the following command in terminal:
nbtscan -r <IP address>/<class range...

Open-source information gathering


In this recipe, we will look at how to make of tools meant for online information gathering. We will cover tools that serve the purpose of gathering information with respect to Whois, domain tools, and MX mail servers. Shodan is a powerful search engine that locates drives for us over the Internet. With the help of various filters, we can find information about our targets. Among hackers, it is also called the world's most dangerous search engine.

Getting ready

We will make use of tools such as DNsenum for the purpose of Whois enumeration, find out all the IP addresses involved in a domain, and also how Shodan provides us with open-port information of the target searched.

How to do it...

The steps are as follows:

  1. For DNS scan, we will a tool called DNsenum. Let us start by typing the following in terminal:
dnsenum <domainname>

The output will be as shown in the following screenshot:

  1. We can also use the available to search for more subdomains via...
Left arrow icon Right arrow icon

Key benefits

  • Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
  • Improve your testing efficiency with the use of automated vulnerability scanners
  • Work through step-by-step recipes to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and identify security anomalies

Description

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Who is this book for?

This book is intended for those who want to know more about information security. In particular, it's ideal for system administrators and system architects who want to ensure that the infrastructure and systems they are creating and managing are secure. This book helps both beginners and intermediates by allowing them to use it as a reference book and to gain in-depth knowledge.

What you will learn

  • Understand the importance of security assessments over merely setting up and managing systems/processes
  • Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities
  • Discover multiple solutions to escalate privileges on a compromised machine
  • Identify security anomalies in order to make your infrastructure secure and further strengthen it
  • Acquire the skills to prevent infrastructure and application vulnerabilities
  • Exploit vulnerabilities that require a complex setup with the help of Metasploit
Estimated delivery fee Deliver to Canada

Economy delivery 10 - 13 business days

Can$24.95

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 21, 2017
Length: 512 pages
Edition : 1st
Language : English
ISBN-13 : 9781783982165
Vendor :
Offensive Security
Category :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Estimated delivery fee Deliver to Canada

Economy delivery 10 - 13 business days

Can$24.95

Product Details

Publication date : Apr 21, 2017
Length: 512 pages
Edition : 1st
Language : English
ISBN-13 : 9781783982165
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total Can$ 201.97
Kali Linux Intrusion and Exploitation Cookbook
Can$61.99
Kali Linux Network Scanning Cookbook
Can$69.99
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
Can$69.99
Total Can$ 201.97 Stars icon

Table of Contents

10 Chapters
Getting Started - Setting Up an Environment Chevron down icon Chevron up icon
Network Information Gathering Chevron down icon Chevron up icon
Network Vulnerability Assessment Chevron down icon Chevron up icon
Network Exploitation Chevron down icon Chevron up icon
Web Application Information Gathering Chevron down icon Chevron up icon
Web Application Vulnerability Assessment Chevron down icon Chevron up icon
Web Application Exploitation Chevron down icon Chevron up icon
System and Password Exploitation Chevron down icon Chevron up icon
Privilege Escalation and Exploitation Chevron down icon Chevron up icon
Wireless Exploitation Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(6 Ratings)
5 star 66.7%
4 star 16.7%
3 star 0%
2 star 16.7%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Amazon Customer May 04, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Well written Excellent!
Amazon Verified review Amazon
Charles W. Hayes Jun 01, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A very useful tour of Kali's tools with lab based learning.The author took the time to upload everything you'll need to set up an internal lab, using tools such as Docker, etc to create an attack and vulnerable labs. Learning via reading is only 1/3 of the battle. Everything else, is real world experience, using those tools. You can read about climbing Everest, without stepping foot on any mountain. You can read about using Kali, without ever using it. Neither will give you real world experience until you start doing it.
Amazon Verified review Amazon
Andy Jan 22, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Brilliant
Amazon Verified review Amazon
Anthony Jan 02, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Extremely informative
Amazon Verified review Amazon
Alex M. Aug 23, 2017
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
I enjoyed the book. It is accurate and provides for interesting reading. It is detailed and self explanatory. The title explains itself "cookbook" - you will learn from the content and expand your knowledge. Money well spend.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela