Explore the fundamentals of ethical hacking Learn how to install and configure Kali Linux Get up to speed with performing wireless network pentesting Gain insights into passive and active information gathering Understand web application pentesting Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity. Get up and running with Kali Linux 2019.2 Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks Learn to use Linux commands in the way ethical hackers do to gain control of your environment Table of contents 1 Introduction to Hacking Who is a hacker? Exploring important terminology Penetration testing phases Penetration testing methodologies Penetration testing approaches Types of penetration testing Hacking phases Summary Questions Further reading 2 Setting Up Kali - Part 1 Technical requirements Lab overview Building our lab Summary Questions Further reading 3 Setting Up Kali - Part 2 Technical requirements Installing Windows as a VM Installing Ubuntu 8.10 Troubleshooting Kali Linux Summary Further reading 4 Getting Comfortable with Kali Linux 2019 Technical requirements Understanding Kali Linux What's new in Kali Linux 2019? Basics of Kali Linux Summary Questions Further reading 5 Passive Information Gathering Technical requirements Reconnaissance and footprinting Understanding passive information gathering Understanding OSINT Using the top OSINT tools Identifying target technology and security controls Finding data leaks in cloud resources Understanding Google hacking and search operators Leveraging whois and copying websites with HTTrack Finding subdomains using Sublist3r Summary Questions Further reading 6 Active Information Gathering Technical requirements Understanding active information gathering DNS interrogation Scanning Nmap NSE scripts Zenmap Hping3 SMB, LDAP enumeration, and null sessions User enumeration through noisy authentication controls Web footprints and enumeration with EyeWitness Metasploit auxiliary modules Summary Questions Further reading 7 Working with Vulnerability Scanners Technical requirements Nessus and its policies Scanning with Nessus Exporting Nessus results Analyzing Nessus results Using web application scanners Summary Questions Further reading 8 Understanding Network Penetration Testing Technical requirements Introduction to network penetration testing Understanding the MAC address Connecting a wireless adapter to Kali Linux Managing and monitoring wireless modes Summary Questions Further reading 9 Network Penetration Testing - Pre-Connection Attacks Technical requirements Getting started with packet sniffing using airodump-ng Targeted packet sniffing using airodump-ng Deauthenticating clients on a wireless network Creating a rogue AP/evil twin Performing a password spraying attack Setting up watering hole attacks Exploiting weak encryption to steal credentials Summary Questions Further reading 10 Network Penetration Testing - Gaining Access Technical requirements Gaining access WEP cracking WPA cracking Securing your network from the aforementioned attacks Configuring wireless security settings to secure your network Exploiting vulnerable perimeter systems with Metasploit Penetration testing Citrix and RDP-based remote access systems Plugging PWN boxes and other tools directly into a network Bypassing NAC Summary Questions Further reading 11 Network Penetration Testing - Post-Connection Attacks Technical requirements Gathering information MITM attacks Session hijacking DHCP attacks Exploiting LLMNR and NetBIOS-NS WPAD protocol attacks Wireshark Escalating privileges Lateral movement tactics PowerShell tradecraft Launching a VLAN hopping attack Summary Questions Further reading 12 Network Penetration Testing - Detection and Security Technical requirements Using Wireshark to understand ARP Detecting ARP poisoning attacks Detecting suspicious activity MITM remediation techniques Summary Questions Further reading 13 Client-Side Attacks - Social Engineering Technical requirements Basics of social engineering Types of social engineering Defending against social engineering Recon for social engineering (doxing) Planning for each type of social engineering attack Social engineering tools Summary Questions Further reading 14 Performing Website Penetration Testing Technical requirements Information gathering Cryptography File upload and file inclusion vulnerabilities Exploiting file upload vulnerabilities Exploiting code execution vulnerabilities Exploiting LFI vulnerabilities Preventing vulnerabilities Summary Questions Further reading 15 Website Penetration Testing - Gaining Access Technical requirements Exploring the dangers of SQL injection SQL injection vulnerabilities and exploitation Cross-Site Scripting vulnerabilities Discovering vulnerabilities automatically Summary Questions Further reading 16 Best Practices Technical requirements Guidelines for penetration testers Web application security blueprints and checklists Summary Questions Further reading