Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book: Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting , Third Edition

Arrow left icon
Profile Icon Glen D. Singh
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8 (27 Ratings)
Paperback Apr 2024 828 pages 3rd Edition
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Glen D. Singh
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8 (27 Ratings)
Paperback Apr 2024 828 pages 3rd Edition
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$9.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

The Ultimate Kali Linux Book

Building a Penetration Testing Lab

As an aspiring ethical hacker and penetration tester, it’s important to ensure that you do not disrupt or cause any sort of harm or damage to another person’s systems or network infrastructure, such as that of your organization, when testing exploits and payloads or practicing your hacking skills. While there are many online tutorials, videos, and training materials you can read and view to gain knowledge, working in the field of penetration testing means continuously enhancing your offensive security skills. Many people can speak about hacking and explain the methodology quite clearly but don’t know how to perform an attack. When learning about penetration testing, it’s very important to understand the theory and how to use your skills to apply them to a simulated real-world cyberattack.

In this chapter, you will learn how to design and build a virtualized penetration testing lab environment on your personal computer...

Technical requirements

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

We’ll be covering the process of setting up Kali Linux, Vagrant, the OWASP Juice Shop, and Metasploitable 2 and 3 in detail in the chapter.

Note

During the installation of Oracle VirtualBox, it’s important...

An overview of the lab setup and technologies used

Building a penetration testing lab enables you to create an environment that’s safe for you to practice and enhance your offensive security skills, scale the environment to add new vulnerable systems and remove older legacy systems that you may no longer need, and even create additional virtual networks to pivot your attacks from one network to another.

The concept of creating your very own virtualized penetration testing lab allows you to maximize the computing resources on your existing computer, without the need to purchase online lab time from various service providers or even buy additional computers and devices. Overall, you’ll be saving a lot of money as opposed to buying physical computers and networking equipment such as routers and switches.

As a cybersecurity lecturer and professional, I have noticed that many people who are starting their journeys in the field of information technology (IT) usually...

Setting up a hypervisor and virtual networks

There are many hypervisors from various vendors in the information technology industry. However, Oracle VM VirtualBox is a free and simple-to-use hypervisor that has all the essential features of commercial (paid) products. In this section, you will learn how to set up Oracle VM VirtualBox and create virtual networks on your computer.

Before getting started, the following are important factors and requirements:

  • Ensure the computer’s processor supports virtualization features, such as VT-x/AMD-V.
  • Ensure the virtualization feature is enabled on your processor via the Basic Input/Output System (BIOS) / Unified Extensible Firmware Interface (UEFI) firmware.

If you’re unsure how to access the BIOS/UEFI on your computer, please check the manual of the device or the vendor’s website for specific instructions.

Let’s get started!

Part 1 – setting up the hypervisor...

Setting up and working with Kali Linux

Kali Linux is one of the most popular Linux distributions within the cybersecurity industry as it contains over 300 pre-installed software packages that are designed for mostly offensive security assessments. Kali Linux is built on the Debian flavor of Linux and, being a free operating system, it has gained a lot of attention over the years by cybersecurity professionals in the industry. It has a lot of features and tools that make a penetration tester’s or security engineer’s job a bit easier when they’re working.

Ethical hackers and penetration testers commonly use Kali Linux to perform passive reconnaissance (covered in Chapters 4 and 5), scanning and enumeration (covered in Chapter 6), exploitation (covered in Chapter 8), and even post-exploitation techniques (covered in Chapters 10 and 11) on targeted systems and networks. While many folks usually think Kali Linux is designed only for offensive security professionals...

Setting up a vulnerable web application

Learning how to simulate real-world cyberattacks using Kali Linux would not be complete without understanding how to discover and exploit vulnerabilities within web applications. The OWASP is an organization that focuses on improving security through software, including web applications. The OWASP is known for its OWASP Top 10 list of most critical security risks within web applications. In Chapters 16 and 17, you will learn how to identify and exploit common vulnerabilities within web applications.

Note

At the time of writing this book, the latest version of the OWASP Top 10 was last updated in 2021. More information can be found at https://owasp.org/www-project-top-ten/. Further information on each of the Top 10 security risks is covered in Chapters 16 and 17.

As an aspiring ethical hacker and penetration tester, it’s important to understand how to identify and perform security testing on each category within...

Deploying Metasploitable 2 as a vulnerable machine

When building a penetration testing lab, it’s important to include vulnerable systems that will act as our targets. These systems contain intentionally vulnerable services and applications, enabling us to practice and build our skills to better understand how to discover and exploit vulnerabilities. A very popular vulnerable machine is known as Metasploitable 2. This vulnerable machine contains a lot of security vulnerabilities that can be exploited and is good for learning about ethical hacking and penetration testing.

To get started setting up Metasploitable 2 within our lab environment, please use the following instructions:

Part 1 – deploying Metasploitable 2

The following steps will guide you to acquiring the Metasploitable 2 virtual machine and deploying it within Oracle VM VirtualBox Manager:

  1. Firstly, on your host computer, go to https://sourceforge.net/projects/metasploitable/files/Metasploitable2...

Building and deploying Metasploitable 3

In this section, you will learn how to build and deploy Metasploitable 3, both the Windows server and Linux server versions. The Windows server version will be using a dual-homed network connection to both the PentestNet network (172.30.1.0/24) and HiddenNet network (10.11.12.0/24). This setup will enable us to perform pivoting and lateral movement between different networks. Finally, the Linux server version will be connected to the HiddenNet network (10.11.12.0/24) only.

The following diagram shows the logical connections between systems and networks:

Figure 2.46: Low-level lab diagram

As shown in the preceding diagram, this topology goes more in depth on how the virtual machines are interconnected within our virtual lab environment. For instance, to access the Metasploitable 3 – Linux version, we will need to first compromise the Metasploitable 3 – Windows version via the PentestNet network, then pivot our attacks...

Summary

Having completed this chapter, you learned about the importance of building your very own penetration testing lab on your computer. You learned how to use hypervisors to virtualize the hardware resources on a system, which can then be shared with multiple operating systems that are running at the same time on the same system. In addition, you have gained the skills of setting up and deploying Kali Linux, multiple vulnerable systems, and web applications within a virtualized environment.

You established a foundational understanding of virtualization technology, gained practical experience in configuring a secure, isolated lab environment, and practiced hands-on skills in utilizing penetration testing tools within that environment.

I trust that the knowledge presented in this chapter has provided you with valuable insights, supporting your path toward becoming an ethical hacker and penetration tester in the dynamic field of cybersecurity. May this newfound understanding...

Further reading

Join our community on Discord

Join our community’s Discord space for discussions with the author and other readers:

https://packt.link/SecNet

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Learn to think like an adversary to strengthen your cyber defences
  • Execute sophisticated real-life penetration tests, uncovering vulnerabilities in enterprise networks that go beyond the surface level
  • Securely manipulate environments using Kali Linux, ensuring you're fully equipped to safeguard your systems against real-world threats

Description

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

Who is this book for?

This pentesting book is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. If you do not have any prior knowledge and are looking to become an expert in penetration testing using the Kali Linux, then this book is for you.

What you will learn

  • Establish a firm foundation in ethical hacking
  • Install and configure Kali Linux 2024.1
  • Build a penetration testing lab environment and perform vulnerability assessments
  • Understand the various approaches a penetration tester can undertake for an assessment
  • Gathering information from Open Source Intelligence (OSINT) data sources
  • Use Nmap to discover security weakness on a target system on a network
  • Implement advanced wireless pentesting techniques
  • Become well-versed with exploiting vulnerable web applications

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 30, 2024
Length: 828 pages
Edition : 3rd
Language : English
ISBN-13 : 9781835085806
Category :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Apr 30, 2024
Length: 828 pages
Edition : 3rd
Language : English
ISBN-13 : 9781835085806
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 159.97
The Ultimate Kali Linux Book
$54.99
Cybersecurity Architect's Handbook
$59.99
Mastering PowerShell Scripting
$44.99
Total $ 159.97 Stars icon
Banner background image

Table of Contents

19 Chapters
Introduction to Ethical Hacking Chevron down icon Chevron up icon
Building a Penetration Testing Lab Chevron down icon Chevron up icon
Setting Up for Advanced Penetration Testing Techniques Chevron down icon Chevron up icon
Passive Reconnaissance Chevron down icon Chevron up icon
Exploring Open-Source Intelligence Chevron down icon Chevron up icon
Active Reconnaissance Chevron down icon Chevron up icon
Performing Vulnerability Assessments Chevron down icon Chevron up icon
Understanding Network Penetration Testing Chevron down icon Chevron up icon
Performing Network Penetration Testing Chevron down icon Chevron up icon
Post-Exploitation Techniques Chevron down icon Chevron up icon
Delving into Command and Control Tactics Chevron down icon Chevron up icon
Working with Active Directory Attacks Chevron down icon Chevron up icon
Advanced Active Directory Attacks Chevron down icon Chevron up icon
Advanced Wireless Penetration Testing Chevron down icon Chevron up icon
Social Engineering Attacks Chevron down icon Chevron up icon
Understanding Website Application Security Chevron down icon Chevron up icon
Advanced Website Penetration Testing Chevron down icon Chevron up icon
Best Practices for the Real World Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(27 Ratings)
5 star 92.6%
4 star 3.7%
3 star 0%
2 star 0%
1 star 3.7%
Filter icon Filter
Top Reviews

Filter reviews by




Dwayne Natwick May 03, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a comprehensive guide to setting up ethical hacking environments leveraging the Kali Linux build. The Kali Linux build provides a variety of tools that can be used by the “Red Teamers” to identify vulnerabilities within an infrastructure, whether on-premises, cloud, or hybrid. This book guides the reader through setting up lab environments that can be used to test and identify potential threats before they are leveraged by attackers. Whether you are a beginner or an experienced cybersecurity professional, you will benefit from having a copy of this book.
Amazon Verified review Amazon
David Meece "Cybertech Dave" Jul 25, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is written well and very beginner friendly. The way the author explains the technical concepts is perfect for newcomers with less experience. I would highly recommend this book to students or more seasoned cybersecurity professionals in the field.
Amazon Verified review Amazon
blkhedrulz Sep 22, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Just be aware that all examples in the book are based on using a Windows virtual machine to run Kali and set up a virtual testing network. So if you are like me and avoid Windows like the plague be prepared to buy a cheap mini PC running Windows to be able to work through the examples verbatim, or to spend some time figuring out how to adapt what he is doing to another system. Overall and awesome book.
Amazon Verified review Amazon
Raymond Jul 20, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The Ultimate Kali Linux Book - Third Edition: Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting 3rd ed. Edition by Glen D Singh is a comprehensive guide to ethical hacking and penetration testing with Kali Linux. I originally purchased the Audible edition to study for thne Comptia Pentest + exam as adjunct material to Comptia study guides. The audio helped to reinforce topics for study. This prompted me to order a kindle copy and I read through for further reinforcement of command and concepts. The book is excellent for those new to advanced in Kali Linux. The author uses real-world scenarios to explain and explore penetration testing concepts. This is done by a step by step of setting up a pentest lab using virtual machines.Exercises focus on reconnaissance, Open-source intelligence gathering, asset and network discovery techniques and how to use/commands for tools in Kali Linux which can target systems, perform vulnerability assessments, perform social engineering attacks, identify security flaws on devices, exploit security weaknesses to gain access, persistence, command and control and data extraction. Compromise of Active Directory and enterprise network exploitation and red teaming is covered on wired and wireless networks as well as explanation of how to exploit vulnerable web applications.Tools covered include Nmap, Metasploit, Aircrack-ng, the Harvester, SET Toolkit and many other Kali Tools and Applications. I highly recommend this for learning, reinforcing for Pentest exams and as a shelf reference guide.The authors' concise, well elaborated and easy to follow explanations make this a comfortable read. After reading this and using it as study , I would happily purchase the authors' future books as he is clearly accomplished as an instructor and author.
Amazon Verified review Amazon
zs Oct 26, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Super!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.