Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Kali Linux Intrusion and Exploitation Cookbook
Kali Linux Intrusion and Exploitation Cookbook

Kali Linux Intrusion and Exploitation Cookbook: Powerful recipes to detect vulnerabilities and perform security assessments

Arrow left icon
Profile Icon Ishan Girdhar Profile Icon Dhruv Shah
Arrow right icon
₱1399.99 ₱2000.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (6 Ratings)
eBook Apr 2017 512 pages 1st Edition
eBook
₱1399.99 ₱2000.99
Paperback
₱2500.99
Subscription
Free Trial
Arrow left icon
Profile Icon Ishan Girdhar Profile Icon Dhruv Shah
Arrow right icon
₱1399.99 ₱2000.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (6 Ratings)
eBook Apr 2017 512 pages 1st Edition
eBook
₱1399.99 ₱2000.99
Paperback
₱2500.99
Subscription
Free Trial
eBook
₱1399.99 ₱2000.99
Paperback
₱2500.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Intrusion and Exploitation Cookbook

Chapter 2. Network Information Gathering

In this chapter, we will cover the following recipes:

  • Discovering live servers over the network
  • Bypassing IDS/IPS/firewall
  • Discovering ports over the network
  • Using unicornscan for faster port scanning
  • Service fingerprinting
  • Determining the OS using nmap and xprobe2
  • Service enumeration
  • Open-source information gathering

Introduction


In this chapter, we will look at how to detect live servers and network devices over the network, and perform service fingerprinting and enumeration for information gathering. Gathering information is of the utmost importance for a successful vulnerability assessment and penetration test. Moving forward, we will run scanners to find vulnerabilities in the detected services. Along with that, we will write bash scripts so that we can speed up the process of discovery-enumerate-scan.

Discovering live servers over the network


In this recipe, we learn how to perform the  of live network devices/machines over the network, using two methods: Passive information gathering and active information gathering.

We will examine the network traffic of our as a part of our passive information gathering, followed by information gathering, in which we will send packets over the network to detect active machines and services running on them.

Getting ready

In order to begin with this recipe, will be using a simple ARP sniffing/scanning tool called netdiscover. It is a net-discovery tool which can be used for active/passive ARP reconnaissance.

How to do it...

Let's start with passive reconnaissance:

  1. To start netdiscover, ensure that you are connected via Wi-Fi with a valid IP address. Open the terminal and enter the following command for passive reconnaissance:
netdiscover - p

The output will be as shown in the following screenshot:

  1. To perform an active scan over the network to discover...

Bypassing IDS/IPS/firewall


In this recipe, we will at a few the switches by nmap that can be used to bypass IDS/IPS/firewalls. Many a time, when we are performing a scan, we come across a firewall. In case the firewall is not configured correctly, we will be able to execute the following firewall-evasion commands of nmap.

Getting ready

We will nmap for this activity. Let's with the we have detected to run a few evasion switches.

How to do it...

For this recipe, we will perform the following steps:

  1. We will use the fragment packet switch to perform the discovery:

Fragment packet switch splits up the TCP header over several packets to make it harder for packet filters, intrusion detection systems, and other annoyances to detect an ongoing active scan. There could be occurrences where this could fail as some programs might not be able to handle tiny packets. For a more detailed understanding visit https://nmap.org/book/man-bypass-firewalls-ids.html.

We will enter the following command:

nmap...

Discovering ports over the network


In this recipe, we will use the list of active IPs we and saved in the file to perform information gathering, the purpose will be to scan them for open ports on those IPs. We will be using nmap and its features to discover open ports.

Getting ready

We will use the nmap tool to detect open ports on the IP. Let's start with the process of detecting the open ports over a specific IP.

How to do it...

For this recipe, you will to perform the steps:

  1. We will run nmap by typing the following command in terminal:
nmap <ip address>

The output will be as shown in the following screenshot:

  1. We can even check what the tool is doing by using the verbose switch, by entering the following command in Terminal:
nmap -v <IP address>

The will be as shown in the screenshot:

  1. By default, it scans only 1,000 well-known sets of ports. If we are interested in setting the scan preference to the top 100 ports, we can run the following command in terminal:
nmap --top...

Using unicornscan for faster port scanning


Unicornscan is another that works very fast, the core reason being the methodology the tool implements. It works with the technique of asynchronous stateless TCP scanning, wherein it makes all possible variations with the TCP flags and the UDP as well. In this recipe, we are going to look at how to make use of unicornscan and its advanced capabilities.

Getting ready

In order to get with unicornscan, we will take an IP from our range of IPs and dig deeper into the tool's capabilities.

How to do it...

Let's work through the following steps:

  1. Open terminal and type the following command for a simple unicornscan:
unicornscan <IP address>

The output will be as shown in the following screenshot:

  1. If you would like to see the details of what it is doing while we execute the command, we can make use of the verbose script by using the following command:
unicornscan -v <IP address>

The will be as shown in the following screenshot:

We can see that...

Service fingerprinting


In this recipe, we will look at how to analyze the open port to determine what kind of service(s) are running on the open port(s). This will help us understand if the target IP is running any vulnerable software. That is why fingerprinting is a necessary and a very important step.

Getting ready

We will use nmap to fingerprint the services of the target IP. Nmap is a multi-functional tool that performs jobs ranging from host discovery to vulnerability assessment; service fingerprinting is also a part of it.

How to do it...

The steps are as follows:

  1. Using nmap, run the following command in terminal to achieve the service enumeration result:
nmap -sV <IP address>

The will be as shown in the following screenshot:

  1. We can even enumerate the UDP services running on the target IP, by using the UDP scan switch along with the service-detection switch:
Nmap -sU -sV <IP address>

The output will be as shown in the following screenshot:

  1. We can speed up the scan using...

Determining the OS using nmap and xprobe2


In this recipe, we will be using tools to what kind of system the target IP is running on. Mapping a target IP with a operating system is necessary to help shortlist and verify vulnerabilities.

Getting ready

In this recipe, we will use the tool to determine the operating system. All we require is an IP address against which we will run the OS enumeration scan. Others tools that can be used are hping and xprobe2.

How to do it...

Let begin by the system:

  1. Open and type the following:
nmap -O <IP address>

The output will be as shown in the following screenshot:

We can use advanced operators to help us find out the operating system in a more aggressive manner. Type the following command in terminal:

nmap O --osscan-guess <IP address>

The will as in the screenshot:

This shows that using additional parameters of the operating system detection in nmap, we can get a probable idea of the best fit.

  1. Xprobe2 uses a different to nmap...

Service enumeration


Once the services have been fingerprinted, we can enumeration. There can be many different sources used to achieve the goal of this recipe. In this recipe, we will look at how to service-discovery scans using various tools, for the following:

  • SMB scan
  • SNMP scan
  • Using the NSE (nmap scripting engine) engine

Nbtscan is a in Kali that enumerates for the NetBIOS name of the target IP. It can be used as the early part of SMB enumeration. It basically requests a status query of the NetBIOS name in a human-readable format.

Getting ready

In this recipe, we will be using tools to enumerate all the mentioned above.

How to do it...

For this recipe, the steps are as follows:

  1. To enumerate the NetBIOS name, we will run the following command in terminal:
nbtscan <IP address>

The output will be as shown in the following screenshot:

  1. You can run the NetBIOS enumeration over a class range as well, using the following command in terminal:
nbtscan -r <IP address>/<class range...

Open-source information gathering


In this recipe, we will look at how to make of tools meant for online information gathering. We will cover tools that serve the purpose of gathering information with respect to Whois, domain tools, and MX mail servers. Shodan is a powerful search engine that locates drives for us over the Internet. With the help of various filters, we can find information about our targets. Among hackers, it is also called the world's most dangerous search engine.

Getting ready

We will make use of tools such as DNsenum for the purpose of Whois enumeration, find out all the IP addresses involved in a domain, and also how Shodan provides us with open-port information of the target searched.

How to do it...

The steps are as follows:

  1. For DNS scan, we will a tool called DNsenum. Let us start by typing the following in terminal:
dnsenum <domainname>

The output will be as shown in the following screenshot:

  1. We can also use the available to search for more subdomains via...
Left arrow icon Right arrow icon

Key benefits

  • Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
  • Improve your testing efficiency with the use of automated vulnerability scanners
  • Work through step-by-step recipes to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and identify security anomalies

Description

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Who is this book for?

This book is intended for those who want to know more about information security. In particular, it's ideal for system administrators and system architects who want to ensure that the infrastructure and systems they are creating and managing are secure. This book helps both beginners and intermediates by allowing them to use it as a reference book and to gain in-depth knowledge.

What you will learn

  • Understand the importance of security assessments over merely setting up and managing systems/processes
  • Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities
  • Discover multiple solutions to escalate privileges on a compromised machine
  • Identify security anomalies in order to make your infrastructure secure and further strengthen it
  • Acquire the skills to prevent infrastructure and application vulnerabilities
  • Exploit vulnerabilities that require a complex setup with the help of Metasploit

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 21, 2017
Length: 512 pages
Edition : 1st
Language : English
ISBN-13 : 9781783982172
Vendor :
Offensive Security
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Apr 21, 2017
Length: 512 pages
Edition : 1st
Language : English
ISBN-13 : 9781783982172
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 8,114.97
Kali Linux Intrusion and Exploitation Cookbook
₱2500.99
Kali Linux Network Scanning Cookbook
₱2806.99
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
₱2806.99
Total 8,114.97 Stars icon

Table of Contents

10 Chapters
Getting Started - Setting Up an Environment Chevron down icon Chevron up icon
Network Information Gathering Chevron down icon Chevron up icon
Network Vulnerability Assessment Chevron down icon Chevron up icon
Network Exploitation Chevron down icon Chevron up icon
Web Application Information Gathering Chevron down icon Chevron up icon
Web Application Vulnerability Assessment Chevron down icon Chevron up icon
Web Application Exploitation Chevron down icon Chevron up icon
System and Password Exploitation Chevron down icon Chevron up icon
Privilege Escalation and Exploitation Chevron down icon Chevron up icon
Wireless Exploitation Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(6 Ratings)
5 star 66.7%
4 star 16.7%
3 star 0%
2 star 16.7%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Amazon Customer May 04, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Well written Excellent!
Amazon Verified review Amazon
Charles W. Hayes Jun 01, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A very useful tour of Kali's tools with lab based learning.The author took the time to upload everything you'll need to set up an internal lab, using tools such as Docker, etc to create an attack and vulnerable labs. Learning via reading is only 1/3 of the battle. Everything else, is real world experience, using those tools. You can read about climbing Everest, without stepping foot on any mountain. You can read about using Kali, without ever using it. Neither will give you real world experience until you start doing it.
Amazon Verified review Amazon
Andy Jan 22, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Brilliant
Amazon Verified review Amazon
Anthony Jan 02, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Extremely informative
Amazon Verified review Amazon
Alex M. Aug 23, 2017
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
I enjoyed the book. It is accurate and provides for interesting reading. It is detailed and self explanatory. The title explains itself "cookbook" - you will learn from the content and expand your knowledge. Money well spend.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.