Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Kali Linux - An Ethical Hacker's Cookbook
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook: Practical recipes that combine strategies, attacks, and tools for advanced penetration testing , Second Edition

eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux - An Ethical Hacker's Cookbook

Kali - An Introduction

Kali was first introduced in 2012 with a completely new architecture. This Debian-based distribution was released with over 300 specialized tools for penetration testing and digital forensics. It is maintained and funded by Offensive Security Ltd, and the core developers are Mati Aharoni, Devon Kearns, and Raphaël Hertzog.

Kali 3.0 came into the picture in 2018 with tons of new updates, bug fixes such as AMD Secure Memory Encryption Support, and increased memory limits.

In the previous edition of this book, we saw some of the great tools in Kali that help penetration testers around the globe to perform their job efficiently. In this chapter, we will primarily cover the installation of Kali and setting up different desktop environments, as well as some custom tools that will help us.

In this chapter, we will cover the following recipes:

  • Configuring Kali Linux
  • Configuring the Xfce environment
  • Configuring the MATE environment
  • Configuring the LXDE environment
  • Configuring the E17 environment
  • Configuring the KDE environment
  • Prepping Kali with custom tools
  • Zone Walking using DNSRecon
  • Setting up I2P for anonymity
  • Pentesting VPN's ike-scan
  • Setting up proxychains
  • Going on a hunt with Routerhunter

Configuring Kali Linux

We will use the official Kali Linux official ISO provided by Offensive Security to install and configure different desktop environments.

Getting ready

To start with this recipe, we will use the 64-bit Kali Linux ISO listed on the Offensive Security website: https://www.kali.org/downloads/.

For users looking to configure Kali for a virtual machine such as VMware and VirtualBox, a prebuilt image of the Linux can be downloaded from the following URL: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/.

We will use the virtual image in this chapter and customize it with some additional tools. We can download it from the website, as shown in the following screenshot:

How to do it...

  1. Double-click the VirtualBox image; it should open with VirtualBox.
  2. Click Import.
  3. Start the machine and enter the password toor.
  4. Now, Kali is by default configured with Gnome Desktop Environment.

How it works...

With the prebuilt image, you don't need to worry about the installation process. You can consider it as a ready-to-go solution. Simply click on Run and the virtual machine will boot up the Linux just like a normal machine.

Configuring the Xfce environment

Xfce is a free, fast, and lightweight desktop environment for Unix and Unix-like platforms. It was started by Olivier Fourdan in 1996. The name Xfce originally stood for XForms Common Environment, but since that time Xfce has been rewritten twice and no longer uses the XForms toolkit.

How to do it...

  1. We start by using the following command to install Xfce, along with all its plugins and goodies. If for some reason it fails, we should run apt update first:
apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-goodies

The following screenshot shows the preceding command:

  1. Type Y when it asks for confirmation on additional space requirements.
  2. Select OK on the dialog box that appears.
  3. Select Lightdm as our default desktop manager and press Enter.
  4. When the installation is complete, open a Terminal window and type the following command:
update-alternatives --config x-session-manager

The following screenshot shows the output of the preceding command:

  1. Choose the xfce-session option (in our case, 3) and press Enter.
  1. Log out and log in again, and we will see the Xfce environment:

Now let's have a look at the configuration of MATE environment.

Configuring the MATE environment

The MATE desktop environment is the continuation of GNOME 2. It provides an intuitive and attractive desktop environment using traditional metaphors for Linux and other Unix-like operating systems. The latest version of MATE (1.20) was released on 07-02-2018, which added a lot of fixes and upgraded the theme.

The complete list of features can be viewed here: https://mate-desktop.org/blog/2018-02-07-mate-1-20-released/.

In this recipe, we will learn how to install MATE on Kali Linux.

How to do it...

  1. We start by using the following command to install the MATE environment:
apt-get install desktop-base mate-desktop-environment
  1. Type Y when it asks for confirmation on additional space requirements.
  2. When installation is complete, we will use the following command to set MATE as our default environment:
update-alternatives --config x-session-manager
  1. Choose the mate-session option (in our case, 2) and press Enter:
  1. Log out and log in again, and we will see the MATE environment:

Now let's have a look at the configuration of LXDE environment.

Configuring the LXDE environment

LXDE is a free open source environment written in C using the GTK+ toolkit for Unix and other POSIX platforms. LXDE stands for Lightweight X11 Desktop Environment.

LXDE is the default environment for many operating systems, such as Knoppix, Raspbian, and Lubuntu.

How to do it...

  1. We start by using the following command to install LXDE:
apt-get install lxde-core lxde
  1. Type Y when it asks for confirmation on additional space requirements.
  2. When the installation is complete, open a Terminal window and type the following command:
update-alternatives --config x-session-manager

The following screenshot shows the output of the preceding command:

  1. Choose the startlxde option session (in our case, 4) and press Enter.
  2. Log out and log in again, and we will see the LXDE environment:

Now let's have a look at the configuration of E17 environment.

Configuring the E17 environment

Enlightenment, otherwise known as E, is a window manager for the X Windows system. It was first released in 1997. It has lots of features, such as engage, virtual desktop, and tiling.

How to do it...

  1. Due to compatibility issues and hassle regarding dependencies, it is better to download Kali with the E17 environment directly from the following URL: https://www.kali.org/downloads/.
  2. The steps to set it up are simple: we just have to double-click and start the VM in VirtualBox or VMware.

Configuring the KDE environment

K Desktop Environment (KDE) is an open source graphical desktop environment for UNIX workstations. It was initially called Kool Desktop Environment. Matthias Ettrich first launched the KDE project in 1996 with the goal of making the UNIX platform more attractive and easy to use. In this recipe, we will learn how to set up KDE on Kali.

How to do it...

  1. We use the following command to install KDE:
apt-get install kali-defaults kali-root-login desktop-base kde-plasma-desktop
  1. Type Y when it asks for confirmation on additional space requirements.
  2. Click OK on both the windows that pop up.
  3. When the installation is complete, we open a Terminal window and type the following command:
update-alternatives --config x-session-manager

The following screenshot shows the output of the preceding command:

  1. Choose the startkde option (in our case, 2) and press Enter.
  2. Log out and log in again, and we will see the KDE environment:
Kali has already provided prebuilt images of different desktop environments. These can be downloaded from https://www.kali.org/downloads/.

Prepping with custom tools

In this recipe, we will set up a few tools beforehand; not to worry, we will be covering their usage in detail in later chapters.

Getting ready

Here is a list of some tools that we will need before we dive deeper into penetration testing. Don't worry, we will learn about their usage with some real-life examples in the next few chapters. But those of us who are excited about them right now can run the following simple commands to view the -help section where toolname is the name of the tool we would like to view the help of:

toolname -help
toolname -h

How to do it...

We will be looking at two tools in this section.

Aquatone

Aquatone is a tool for visually inspecting websites across a large amount of hosts and is convenient for quickly gaining an overview of an HTTP-based attack surface. Aquatone has four major modules: discover, scanner, gather, and takeover. Each of these can be used to perform in-depth enumeration of a target:

  1. We will use a simple command to install aquatone:
gem install aquatone

The following screenshot shows the output of the preceding command:

  1. Next, we create a directory in /root/folder using the following command:
mkdir /root/aquatone/
  1. As aquatone uses different modules to hunt for subdomains, we will have to configure aquatone's discovery module before running it.
  2. For example, to configure the shodan, we can use the following command:
aquatone-discover --set-key shodan XXXXXXXXXXX

The following screenshot shows the output of the preceding command:

  1. Similarly, we can set keys for other services too, such as Censys and PassiveTotal.
  2. Once it is all set, we can start our subdomain hunting. We can do this using the following command:
aquatone-discover -d domain.com

The following screenshot shows the output of the preceding command:

  1. Aquatone also allows us to set a custom wordlist by using the -w flag, and we can also set the threads by using the -t flag.
  2. By default, aquatone stores the output in TXT as well as JSON format in the /root/aquatone/ directory.
  3. After we find the subdomains, we can use the aquatone scanner to scan for open ports on the discovered hosts. Let's look at an example:
aquatone-scan --ports 80 -d packtpub.com

The following screenshot shows the output of the preceding command:

  1. This will look for the domain's hosts.json file in the aquatone directory.
    Aquatone by default has four inbuilt port scanning flags (small, medium, large, and huge). These flags will decide the number of ports being scanned on the hosts, or we can define custom ports by using the -ports flag.
    • aquatone-gather: This tool makes a connection to the web services found using the discover and scanner modules of aquatone and takes screenshots of discovered web pages for later analysis.
    • aquatone-takeover: This module is used to find subdomains that are vulnerable to the subdomain takeover vulnerability.

Let's refer to the following screenshot:

Subfinder

Subfinder is considered as a successor to sublist3r. It is amazingly fast and finds valid subdomains using passive online sources such as Ask, Archive.is, Baidu, Bing, Censys, CertDB, CertSpotter, Commoncrawl, CrtSH, DnsDB and so on.

  1. Install subfinder. It needs Go to be installed, which we can install by using the following command:
apt install golang

The following screenshot shows the output of the preceding command:

  1. Next, we clone subfinder by using the following command:
git clone https://github.com/subfinder/subfinder.git

The following screenshot shows the output of the preceding command:

Or you can download and save it from https://github.com/subfinder/subfinder.

  1. To install subfinder, we go to the cloned directory and run the go build command.
  2. Once the installation is complete, we will need a wordlist for it to run, so we can download dnspop's list. This list can be used in the previous recipe too: https://github.com/bitquark/dnspop/tree/master/results.
  3. Now that both are set up, we browse into subfinder's directory and run it using the ./subfinder -h command.

The following screenshot shows the output of the preceding command:

  1. To run it against a domain with our wordlist, we use the following command:
./subfinder -w /path/to/wordlist -d hostname.com

If we do not specify a wordlist the tool will run with a default wordlist as shown in the following screenshot:

Once the enumeration is complete, the output will be shown onscreen as follows:

  1. Subfinder is also designed to work with services such as shodan, censys, and virustotal, but they need to be configured in the config.json file shown here:

There's more...

A subdomain takeover vulnerability exists when a service that previously pointed to a subdomain is removed but the CNAME record still exists. More information can be read about it at the following GitHub link: https://github.com/EdOverflow/can-i-take-over-xyz/.

Aquatone-takeover is based on the same methodology described by EdOverflow at the preceding URL.

Zone Walking using DNSRecon

Zone Walking is a technique that is used by attackers to enumerate the full content of DNSSEC-signed DNS zones. We will cover more about it in later chapters; in this recipe, we will use DNSRecon.

Getting ready

DNSRecon is already included in Kali Linux, and we can use it for Zone Walking. Zone Walking is a technique used to find subdomains using domains whose NSEC records are set. However, before we jump into Zone Walking, let's take a quick look at the other features of this tool.

How to do it...

  1. To view the help, we type the following:
dnsrecon -h

The following screenshot shows the output of the preceding command:

  1. To do a simple recon of name servers, A records, SOA records, MX records, and so on, we can run the following command:
dnsrecon -d packtpub.com -n 8.8.8.8

The following screenshot shows the output of the preceding command:

  1. Now let's take an example of a domain that has NSEC records. To do a zone walk, we can simply run the following command:
dnsrecon -z -d icann.org -n 8.8.8.8

The following screenshot shows the output of the preceding command:

  1. We can do this manually by using the dig command along with dig +short NSEC domainname.com.
  2. The previous dig command will throw us one subdomain, and then we can rerun the same command with the subdomain we got in previous step to find the next subdomain: dig +short NSEC a.domain.com.

There's more...

When signing a zone, DNSSEC automatically chains all labels in alphabetical order using NSEC Resource Records. This is used to prove the absence of names.

For example, if someone requests the non-existent name name3, the name server responds with the NSEC entry name2 NSEC name5, indicating that no other entry exists between name2 and name5. We take advantage of that by starting with the first entry and then getting all domains by calling successive queries and getting other subdomains.

Setting up I2P for anonymity

Invisible Internet Project (I2P) is an unknown network layer. It offers P2P communication. To set up an anonymous connection, the user's traffic is encrypted (end to end) and is sent through a network of roughly 55,000 computers, which is distributed around the world and owned by volunteers.

How to do it...

  1. To install I2P, we need to first check whether apt-transport-https and curl are installed:
sudo apt-get install apt-transport-https curl
  1. Now we can install the tool using the following command:
apt install i2p

The following screenshot shows the output of the preceding command:

  1. When the installation is complete, we can run the service by using the following command:
i2prouter start
  1. We should not run it as root so we log in as another account and run the command as shown in the following screenshot:
  1. We will see that I2P service is up and running; now we add a proxy to our Firefox on port 4444:
  1. We can also access the I2P console at localhost 7657:

And now a whole new world of I2P is open for us to explore.

There's more...

I2P is designed and optimized for hidden services, which are much faster than in Tor. I2P allows us to use email, web browsing, hosting, IRC, file sharing, and decentralized storage anonymously. Here is a screenshot of this:

We will have a look at IKE in the next recipe.

Pentesting VPN's ike-scan

During a pentest, we may encounter VPN endpoints. However, finding vulnerabilities in those endpoints and exploiting them is not a well-known method. VPN endpoints use the Internet Key Exchange (IKE) protocol to set up a security association between multiple clients to establish a VPN tunnel.

IKE has two phases. Phase 1 is responsible for setting up and establishing a secure authenticated communication channel. Phase 2 encrypts and transports data.

Our focus of interest here is Phase 1. It uses two methods of exchanging keys:

  • Main mode
  • Aggressive mode

We hunt for Aggressive-mode-enabled VPN endpoints using PSK authentication.

Getting ready

For this recipe, we will use the ike-scan and ikeprobe tools. First, we install ike-scan by cloning the Git repository:

git clone https://github.com/royhills/ike-scan.git

Or, you can use the following URL: https://github.com/royhills/ike-scan.

How to do it...

  1. Browse to the directory where ike-scan is installed.
  2. Install autoconf by running the following command:
apt-get install autoconf
  1. Run autoreconf --install to generate a .configure file.
  2. Run ./configure.
  3. Run make to build the project.
  4. Run make check to verify the building stage.
  5. Run make install to install ike-scan.
  6. To scan a host for an Aggressive mode handshake, use the following command:
   ike-scan x.x.x.x –M -A

The following screenshot shows the output of the preceding command:

  1. Sometimes, we will see the response after providing a valid group name such as vpn:
ike-scan x.x.x.x –M –A id=vpn
  1. To view the list of all available options, we can run the following command:
ike-scan -h 

The following screenshot shows the output of the preceding command:

We can even brute force the group names using the following link: https://github.com/SpiderLabs/groupenum.
Here is the command:
./dt_group_enum.sh x.x.x.x groupnames.dic

Cracking the PSK

  1. Adding a –P flag in the ike-scan command will show a response with the captured hash.
  2. To save the hash, we provide a filename along with the –P flag.
  3. Next, we can use psk-crack with the following command:
psk-crack –b 5 /path/to/pskkey

-b is brute force mode and length is 5.

  1. To use a dictionary-based attack, we use the following command with -d flag to input the dictionary file:
psk-crack –d /path/to/dictionary /path/to/pskkey

The following screenshot shows the output of the preceding command:

There's more...

In Aggressive mode, the authentication hash is transmitted as a response to the packet of the VPN client that tries to establish a connection tunnel (IPSec). This hash is not encrypted and hence it allows us to capture the hash and perform a brute force attack against it to recover our PSK.

This is not possible in Main mode, as it uses an encrypted hash along with a 6-way handshake, whereas Aggressive mode uses only a 3-way handshake.

Setting up proxychains

Sometimes, we need to remain untraceable while performing a pentest activity. Proxychains helps us by allowing us to use an intermediary system whose IP can be left in the logs of the system without the worry of it tracing back to us.

Proxychains is a tool that allows any application to follow the connection via proxy, such as SOCKS5 and Tor.

How to do it...

Proxychains is already installed in Kali. However, we need a list of proxies in its configuration file that we want to use:

  1. To do that, we open the config file of proxychains in a text editor with this command:
leafpad /etc/proxychains.conf

The following screenshot shows the output of the preceding command:

We can add all the proxies we want in the place highlighted in the previous screenshot and then save. Proxychains also allows us to use dynamic chain or random chain while connection to proxyservers.

  1. In the config file, uncomment dynamic_chain or random_chain. The following screenshot shows the output of the preceding command:

Using proxychains with Tor

  1. To use proxychains with Tor, we first need to install Tor using the following command:
apt-get install tor
  1. Once it is installed, we run Tor by typing tor in the Terminal.
  2. We then open another Terminal and type the following command to use an application via proxychains:
proxychains toolname –arguments

The following screenshot shows the output of the preceding command:

Now let's have a look at the Routerhunter tool in the next recipe.

Going on a hunt with Routerhunter

Routerhunter is a tool that's used to find vulnerable routers on a network and perform various attacks on it to exploit the DNSChanger vulnerability. This vulnerability allows an attacker to change the DNS server of the router, directing all the traffic to desired websites.

Getting ready

For this recipe, you will again need to clone a Git repository.

We will use the following command:

git clone https://github.com/Exploit-install/Routerhunter-2.0.git

How to do it...

  1. Once the file is cloned, enter the directory.
  2. Run the following command:
python routerhunter.py -h

The following screenshot shows the output of the preceding command:

We can provide Routerhunter an IP range, DNS server IPs, and so on.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Practical recipes to conduct effective penetration testing using the latest version of Kali Linux
  • Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease
  • Confidently perform networking and application attacks using task-oriented recipes

Description

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities. The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report. By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.

Who is this book for?

If you are an IT security professional, pentester, or security analyst who wants to conduct advanced penetration testing techniques, then this book is for you. Basic knowledge of Kali Linux is assumed.

What you will learn

  • Learn how to install, set up and customize Kali for pentesting on multiple platforms
  • Pentest routers and embedded devices
  • Get insights into fiddling around with software-defined radio
  • Pwn and escalate through a corporate network
  • Write good quality security reports
  • Explore digital forensics and memory analysis with Kali Linux
Estimated delivery fee Deliver to Hungary

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 29, 2019
Length: 472 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789952308
Vendor :
Linux Foundation
Category :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Estimated delivery fee Deliver to Hungary

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Publication date : Mar 29, 2019
Length: 472 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789952308
Vendor :
Linux Foundation
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 110.97
Kali Linux 2018: Assuring Security by Penetration Testing
€36.99
Hands-On AWS Penetration Testing with Kali Linux
€36.99
Kali Linux - An Ethical Hacker's Cookbook
€36.99
Total 110.97 Stars icon

Table of Contents

14 Chapters
Kali - An Introduction Chevron down icon Chevron up icon
Gathering Intel and Planning Attack Strategies Chevron down icon Chevron up icon
Vulnerability Assessment - Poking for Holes Chevron down icon Chevron up icon
Web App Exploitation - Beyond OWASP Top 10 Chevron down icon Chevron up icon
Network Exploitation Chevron down icon Chevron up icon
Wireless Attacks - Getting Past Aircrack-ng Chevron down icon Chevron up icon
Password Attacks - The Fault in Their Stars Chevron down icon Chevron up icon
Have Shell, Now What? Chevron down icon Chevron up icon
Buffer Overflows Chevron down icon Chevron up icon
Elementary, My Dear Watson - Digital Forensics Chevron down icon Chevron up icon
Playing with Software-Defined Radios Chevron down icon Chevron up icon
Kali in Your Pocket - NetHunters and Raspberries Chevron down icon Chevron up icon
Writing Reports Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(6 Ratings)
5 star 66.7%
4 star 16.7%
3 star 0%
2 star 0%
1 star 16.7%
Filter icon Filter
Top Reviews

Filter reviews by




Yehia Serrieh May 27, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
if you need very detailed book so you can master kali with all tools included plus nethunter then this is your book, do you want to master pentest and writing very organized report then this is your book it worth every cent you will pay for it
Amazon Verified review Amazon
Antonio Garcia Dec 07, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Sehr gut!
Amazon Verified review Amazon
Yoonus Ibrahim Aug 28, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
awesome
Amazon Verified review Amazon
IndianWeeboo Nov 09, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book but the screenshots are not so clear.
Amazon Verified review Amazon
Jonathan B. Aug 15, 2020
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Excellent introduction to Kali. Based on the description I would have thought there was more detail and content than there was though.The font was large which makes it easy to read but also a lot less content than I expected there to be. I’m a slow reader and was reading 120 pages a day.Otherwise it was great, learnt quite a bit even though I’ve been using Kali for a while. I will however be looking for more detailed books.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela