Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Kali Linux - An Ethical Hacker's Cookbook
Kali Linux - An Ethical Hacker's Cookbook

Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions

Arrow left icon
Profile Icon Himanshu Sharma
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (20 Ratings)
Paperback Oct 2017 376 pages 1st Edition
eBook
€29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Himanshu Sharma
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8 (20 Ratings)
Paperback Oct 2017 376 pages 1st Edition
eBook
€29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux - An Ethical Hacker's Cookbook

Kali – An Introduction

In this chapter, we will cover the following recipes:

  • Configuring Kali Linux
  • Configuring the Xfce environment
  • Configuring the Mate environment
  • Configuring the LXDE environment
  • Configuring the e17 environment
  • Configuring the KDE environment
  • Prepping up with custom tools
  • Pentesting VPN's ike-scan
  • Setting up proxychains
  • Going on a hunt with Routerhunter

Introduction

Kali was first introduced in 2012 with a completely new architecture. This Debian-based distro was released with over 300 tools specialized for penetration testing and digital forensics. It is maintained and funded by Offensive Security Ltd with core developers being Mati Aharoni, Devon Kearns, and Raphael Hertzog.

Kali 2.0 came into the picture in 2016 with tons of new updates and new desktop environments such as KDE, Mate, LXDE, e17, and Xfce builds.

While Kali is already pre-equipped with hundreds of amazing tools and utilities to help penetration testers around the globe to perform their job efficiently, in this chapter, we will primarily cover some custom tweaks that can be used to have an even better pentesting experience for the users.

Configuring Kali Linux

We will use the official Kali Linux ISO provided by Offensive Security to install and configure different desktop environments such as Mate, e17, Xfce, LXDE, and KDE desktops.

Getting ready

How to do it...

You can configure Kali with the help of the given steps:

  1. Double-click on the VirtualBox image, it should open with VirtualBox:
  1. Click Import:
  1. Start the machine and enter the password as toor:
  1. Now, Kali is started and by default is configured with the GNOME desktop environment:

How it works...

With the pre-built image you don't need to worry about the installation process. You can consider it as a ready-to-go solution. Simply click on run and the virtual machine will boot up Linux just like a normal machine.

Configuring the Xfce environment

Xfce is a free, fast, and lightweight desktop environment for Unix and Unix-like platforms. It was started by Olivier Fourdan in 1996. The name Xfce originally stood for XForms Common Environment, but since that time Xfce has been rewritten twice and no longer uses the XForms toolkit.

How to do it...

To configure the Xfce environment follow the given steps:

  1. We start by using the following command to install Xfce along with all plugins and goodies:
        apt-get install kali-defaults kali-root desktop-base xfce4
xfce4-places-plugin xfce4-goodies

The following screenshot shows the preceding command:

  1. Type Y when it asks for confirmation on additional space requirements.
  2. Select Ok on the dialogue box that appears.
  1. We select lightdm as our default desktop manager and press the Enter key.
  2. When the installation is complete we open a Terminal window and type the following command:
        update-alternatives --config x-session-manager

The following screenshot shows the output of the preceding command:

  1. Choose the option xfce4-session (in our case 3) and press the  Enter key.
  1. Log out and log in again or you can restart the machine and we will see the Xfce environment:

Configuring the Mate environment

The Mate desktop environment was built in continuation of GNOME 2. It was first released in 2011.

How to do it...

To configure the Mate environment follow the given steps:

  1. We start by using the following command to install the Mate environment:
        apt-get install desktop-base mate-desktop-environment

The following screenshot shows the preceding command:

  1. Type Y when it asks for confirmation on additional space requirements.
  2. When installation is complete we will use the following command to set Mate as our default environment:
        update-alternatives --config x-session-manager
  1. Choose the option mate-session (in our case 2) and press the Enter key:
  1. Log out and log in again or restart and we will see the Mate environment:

Configuring the LXDE environment

LXDE is a free open source environment written in C using GTK+ toolkit for Unix and other POSIX platforms. Lightweight X11 Desktop Environment (LXDE) is the default environment for many operating systems such as Knoppix, Raspbian, Lubuntu, and so on.

How to do it...

To configure the LXDE environment follow the given steps:

  1. We start by using the following command to install LXDE:
        apt-get install lxde-core lxde
  1. Type Y when it asks for confirmation on additional space requirements.
  2. When the installation is complete we open a Terminal window and type the following command:
        update-alternatives --config x-session-manager

The following screenshot shows the output for the preceding command:

  1. Choose the option lxsession (in our case 4) and press Enter.
  1. Log out and log in again and we will see the LXDE environment:

Configuring the e17 environment

Enlightenment, or otherwise known as E, is a window manager for the X Windows system. It was first released in 1997. It has lots of features such as engage, virtual desktop, tiling, and so on.

How to do it...

Due to compatibility issues and dependencies hassle it is better to set up the Kali environment as a different machine. This ISO image (Kali 64-bit e17) is already available on the official website of Kali Linux and can be downloaded from the following URL:

https://www.kali.org/downloads/.

Configuring the KDE environment

KDE is an international community for free software. The plasma desktop is one of the most popular projects of KDE; it comes as a default desktop environment for a lot of Linux distributions. It was founded in 1996 by Matthias Ettrich.

How to do it...

To configure the KDE environment follow the given steps:

  1. We use the following command to install KDE:
        apt-get install kali-defaults kali-root-login desktop-base
kde-plasma-desktop

The following screenshot shows the output for the preceding command:

  1. Type Y when it asks for confirmation on additional space requirements.
  2. Click OK on both the windows that pop up.
  3. When the installation is complete we open a Terminal window and type the following command:
        update-alternatives --config x-session-manager

The following screenshot shows the output for the preceding command:

  1. Choose the option KDE session (in our case 2) and press Enter.
  2. Log out and log in again and we will see the KDE environment:
Kali already has provided prebuilt images of different desktop environments. These can be downloaded from here: https://www.kali.org/downloads/.

Prepping up with custom tools

These tools you will install are open source available on GitHub. They are much faster and contain collections of different tweaks that people have included over a period of time during their own pentesting experience.

Getting ready

Here is a list of some tools that you will need before we dive deeper into penetration testing. Not to worry, you will be learning their usage with some real-life examples in the next few chapters. However, if you still wish to learn basics in an early stage it can simply be done with simple commands:

  • toolname -help
  • toolname -h

How to do it...

Some of the tools are listed in the following sections.

Dnscan

Dnscan is a Python tool that uses a wordlist to resolve valid subdomains. To learn about Dnscan follow the given steps:

  1. We will use a simple command to clone the git repository:
        git clone https://github.com/rbsec/dnscan.git

The following screenshot shows the preceding command:

  1. You can also download and save it from https://github.com/rbsec/dnscan.
  2. Next we browse into the directory where we downloaded Dnscan.
  1. Run Dnscan by using the following command:
        ./dnscan.py -h

The following screenshot shows the output for the preceding command:

Subbrute

Next we will install subbrute. It is amazingly fast and provides an extra layer of anonymity as it uses public resolvers to brute force the subdomains:

  1. The command here is again simple:
        git clone https://github.com/TheRook/subbrute.git

The following screenshot shows the preceding command:

  1. Or you can download and save it from https://github.com/TheRook/subbrute.
  2. Once the installation is complete we will need a wordlist for it to run for which we can download dnspop's list. This list can be used in the previous recipe too: https://github.com/bitquark/dnspop/tree/master/results.
  3. Once both are set up we browse into the subbrute's directory and run it using the following command:
        ./subbrute.py
  1. To run it against a domain with our wordlist we use the following command:
        ./subbrute.py -s /path/to/wordlist hostname.com

Dirsearch

Our next tool in the line is dirsearch. As the name suggests it is a simple command-line tool that can be used to brute force the directories. It is much faster than the traditional DIRB:

  1. The command to install is:
        git clone https://github.com/maurosoria/dirsearch.git
  1. Or you can download and save it from https://github.com/maurosoria/dirsearch. The following screenshot shows the preceding command:
  1. Once the cloning is complete browse to the directory and run the tool by using the following:
        ./dirsearch.py -u hostname.com -e aspx,php

The following screenshot shows the output for the preceding command:

Pentesting VPN's ike-scan

Often during a pentest we may encounter VPN endpoints. However, finding vulnerabilities in those endpoints and exploiting them is not a well known method. VPN endpoints use Internet Key Exchange (IKE) protocol to set up a security association between multiple clients to establish a VPN tunnel.

IKE has two phases, phase 1 is responsible for setting up and establishing secure authenticated communication channel, and phase 2 encrypts and transports data.

Our focus of interest here would be phase 1; it uses two methods of exchanging keys:

  • Main mode
  • Aggressive mode

We will hunt for aggressive mode enabled VPN endpoints using PSK authentication.

Getting ready

For this recipe we will use the tools ike-scan and ikeprobe. First we install ike-scan by cloning the git repository:

git clone https://github.com/royhills/ike-scan.git

Or you can use the following URL to download it from https://github.com/royhills/ike-scan.

How to do it...

To configure ike-scan follow the given steps:

  1. Browse to the directory where ike-scan is installed.
  2. Install autoconf by running the following command:
        apt-get install autoconf
  1. Run autoreconf --install to generate a .configure file.
  2. Run ./configure.
  3. Run make to build the project.
  4. Run make check to verify the building stage.
  5. Run make install to install ike-scan.
  6. To scan a host for an aggressive mode handshake, use the following commands:
        ike-scan x.x.x.x -M -A

The following screenshot shows the output for the preceding command:

  1. Sometimes we will see the response after providing a valid group name like (vpn):
        ike-scan x.x.x.x -M -A id=vpn

The following screenshot shows the example of the preceding command:

We can even brute force the groupnames using the following script:
https://github.com/SpiderLabs/groupenum.

The command:
./dt_group_enum.sh x.x.x.x groupnames.dic

Cracking the PSK

To learn how to crack the PSK follow the given steps:

  1. Adding a -P flag in the ike-scan command it will show a response with the captured hash.
  2. To save the hash we provide a filename along with the -P flag.
  3. Next we can use the psk-crack with the following command:
        psk-crack -b 5 /path/to/pskkey
  1. Where -b is brute force mode and length is 5.
  2. To use a dictionary based attack we use the following command:
        psk-crack -d /path/to/dictionary /path/to/pskkey

The following screenshot shows the output for the preceding command:

How it works...

In aggressive mode the authentication hash is transmitted as a response to the packet of the VPN client that tries to establish a connection Tunnel (IPSEC). This hash is not encrypted and hence it allows us to capture the hash and perform a brute force attack against it to recover our PSK.

This is not possible in main mode as it uses an encrypted hash along with a six way handshake, whereas aggressive mode uses only three way.

Setting up proxychains

Sometimes we need to remain untraceable while performing a pentest activity. Proxychains helps us by allowing us to use an intermediary system whose IP can be left in the logs of the system without the worry of it tracing back to us.

Proxychains is a tool that allows any application to follow connection via proxy such as SOCKS5, Tor, and so on.

How to do it...

Proxychains is already installed in Kali. However, we need a list of proxies into its configuration file that we want to use:

  1. To do that we open the config file of proxychains in a text editor with this command:
        leafpad /etc/proxychains.conf

The following screenshot shows the output for the preceding command:

We can add all the proxies we want in the preceding highlighted area and then save.

Proxychains also allows us to use dynamic chain or random chain while connecting to proxy servers.

  1. In the config file uncomment the dynamic_chain or random_chain:

Using proxychains with tor

To learn about tor follow the given steps:

  1. To use proxychains with tor we first need to install tor using the following command:
        apt-get install tor
  1. Once it is installed we run tor by typing tor in the Terminal.
  2. We then open another Terminal and type the following command to use an application via proxychains:
        proxychains toolname -arguments

The following screenshot shows the example of the preceding commands:

Going on a hunt with Routerhunter

Routerhunter is a tool used to find vulnerable routers on a network and perform various attacks on it to exploit the DNSChanger vulnerability. This vulnerability allows an attacker to change the DNS server of the router hence directing all the traffic to desired websites.

Getting ready

For this recipe, you will again need to clone a git repository.

We will use the following command:

git clone https://github.com/jh00nbr/RouterHunterBR.git

How to do it...

To execute RouterHunterBR.php follow the given steps:

  1. Once the file is cloned, enter the directory.
  2. Run the following command:
        php RouterHunterBR.php -h

The following screenshot shows the output of the preceding command:

  1. We can provide Routerhunter an IP range, DNS server IP's, and so on.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • •Practical recipes to conduct effective penetration testing using the powerful Kali Linux
  • •Leverage tools like Metasploit, Wireshark, Nmap, and many more to detect vulnerabilities with ease
  • •Confidently perform networking and application attacks using task-oriented recipes

Description

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.

Who is this book for?

This book is aimed at IT security professionals, pentesters, and security analysts who have basic knowledge of Kali Linux and want to conduct advanced penetration testing techniques.

What you will learn

  • • Installing, setting up and customizing Kali for pentesting on multiple platforms
  • • Pentesting routers and embedded devices
  • • Bug hunting 2017
  • • Pwning and escalating through corporate network
  • • Buffer over?ows 101
  • • Auditing wireless networks
  • • Fiddling around with software-defned radio
  • • Hacking on the run with NetHunter
  • • Writing good quality reports

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Oct 17, 2017
Length: 376 pages
Edition : 1st
Language : English
ISBN-13 : 9781787121829
Vendor :
Linux Foundation
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Oct 17, 2017
Length: 376 pages
Edition : 1st
Language : English
ISBN-13 : 9781787121829
Vendor :
Linux Foundation
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 115.97
Kali Linux Cookbook
€36.99
Kali Linux - An Ethical Hacker's Cookbook
€36.99
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
€41.99
Total 115.97 Stars icon

Table of Contents

12 Chapters
Kali – An Introduction Chevron down icon Chevron up icon
Gathering Intel and Planning Attack Strategies Chevron down icon Chevron up icon
Vulnerability Assessment Chevron down icon Chevron up icon
Web App Exploitation – Beyond OWASP Top 10 Chevron down icon Chevron up icon
Network Exploitation on Current Exploitation Chevron down icon Chevron up icon
Wireless Attacks – Getting Past Aircrack-ng Chevron down icon Chevron up icon
Password Attacks – The Fault in Their Stars Chevron down icon Chevron up icon
Have Shell Now What? Chevron down icon Chevron up icon
Buffer Overflows Chevron down icon Chevron up icon
Playing with Software-Defined Radios Chevron down icon Chevron up icon
Kali in Your Pocket – NetHunters and Raspberries Chevron down icon Chevron up icon
Writing Reports Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.8
(20 Ratings)
5 star 65%
4 star 0%
3 star 10%
2 star 0%
1 star 25%
Filter icon Filter
Top Reviews

Filter reviews by




abhilasha gupta Jan 11, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
After so long i found a book that genuinely teaches me something!
Amazon Verified review Amazon
Anthony Feb 04, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Amazing book
Amazon Verified review Amazon
Ayan Saha May 25, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
its the best book available in india to learn kali Linux penetration testing in a practical manner , don't waste your time and money by funding money on courses which costs 1000$ , rather but this type of books you can great a plenty amount of knowledge from them
Amazon Verified review Amazon
Trip Nine May 25, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Kali Linux - An Ethical Hacker's Cookbook (Second Edition) is jam packed with techniques and exploits that are relevant for 2019 and it's packaged in an easy to read bundle.Sure you can find a lot of things on the internet for free that are covered in the book - but not all in one place. And time is money.Don't burn hours trying to compile exploits and tactics that make up a great Kali cookbook when there is one right here.Get it and then use it to as a library reference delivering value to your customers in information security.
Amazon Verified review Amazon
Yehia Serrieh May 27, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
comprehensive and very practical book it contains a skills, and experience you will never find on internet this book can teach you tips, tricks, and hints so you can master kali with all tools included
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.