Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Learn Kali Linux 2019 Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark

Product type Paperback

Published in Nov 2019

Publisher

ISBN-13 9781789611809

Length 550 pages

Edition 1st Edition

Languages

C++

Tools

Kali Linux

Concepts

Penetration Testing

Authors (2):

Glen D. Singh

Joshua Crumbaugh

View More author details

Table of Contents (22) Chapters

Preface

1. Section 1: Kali Linux Basics FREE CHAPTER

2. Introduction to Hacking

3. Setting Up Kali - Part 1

4. Setting Up Kali - Part 2

5. Getting Comfortable with Kali Linux 2019

6. Section 2: Reconnaissance

7. Passive Information Gathering

8. Active Information Gathering

9. Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019

10. Working with Vulnerability Scanners

11. Understanding Network Penetration Testing

12. Network Penetration Testing - Pre-Connection Attacks

13. Network Penetration Testing - Gaining Access

14. Network Penetration Testing - Post-Connection Attacks

15. Network Penetration Testing - Detection and Security

16. Client-Side Attacks - Social Engineering

17. Performing Website Penetration Testing

18. Website Penetration Testing - Gaining Access

19. Best Practices

20. Assessments

21. Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting code execution vulnerabilities

When a device is vulnerable to code execution, an attacker or penetration tester is allowed to execute code remotely on the target server. Additionally, the penetration tester will be able to retrieve the source code that's stored on the target.

To complete this exercise, we will be using the following topology:

To get started with code execution exploitation, follow these steps:

We will attempt to discover whether the target is vulnerable to CVE-2012-1823. To discover whether a target is vulnerable, use the following commands with nmap:

nmap -p80 --script http-vuln-cve2012-1823 <target IP address>

Nmap may not always return results that indicate that a vulnerability exists on a target. However, this should not stop you from determining whether a target is vulnerable to an exploit.

Next, within Metasploit, use the search...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at ₹800/month. Cancel anytime

Authors (2)

Joshua Crumbaugh

Joshua Crumbaugh is the founder of PeopleSec and experienced penetration tester with an impressive background performing high end security assessments against high profile targets. He is also an expert social engineer who has talked his way into bank vaults, fortune 500 data centers, corporate offices, restricted areas of casinos and more. His experiences highlighted a significant need for a better ""human solution"" -- This led him to a passion in social engineering and better understanding ways to stop social engineering attacks

See other products by Joshua Crumbaugh

Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.

See other products by Glen D. Singh