Learning Path: Kali Linux

Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing 40 lectures 02:43:29 Developing a Network Environment Must have multiple virtual machines for a test lab / acquire images from multiple locations

• Download Linux distro operating systems from DistroWatch
• Acquire trial Windows operating systems from Microsoft Technet
• Students can acquire a fully licensed Microsoft software from DreamSpark

How to Install Oracle VirtualBox Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software

• Download VirtualBox from virtualbox.org and install
• Create a virtual machine
• Configure virtual machine settings

How to Install VMware Player Must manage the network operating systems in a singe virtual environment / install the VMware virtualization software

• Download VMware Player from vmware.com and install it
• Create a virtual machine
• Configure virtual machine settings

How to Install Kali Linux Need a Kali Linux virtual machine for performing penetration tests / install Backtrack 5

• Download Kali Linux image file
• Launch live boot of Kali Linux from a virtual machine
• Follow guided install to complete installation

v01603-video1_4.mp4 Increasing Network Attack Surface Must have vulnerable systems to perform penetration testing techniques / modify security policies on network systems to increase vulnerabilities

• Turn off the firewall, automatic updates, and remove installed updates on host systems
• Install unnecessary roles and features on server systems
• Install Metasploitable, an intentionally vulnerable Linux distribution

Passive Reconnaissance Information gathering / use public resources and websites

• Look at the target website and its historical archives
• Profile company and employees using LinkedIn
• Gather technical information with serversniff.net

Google Hacking Information gathering / use uniquely crafted Google queries

• Use of Google search operators
• Use of Google special characters
• Use the Google Hacking database for unique queries

Subdomain Enumeration with Google Hacking Use a series of Google queries to enumerate target subdomains

• Search exclusively in the target domain with a site operator
• Use an appropriate syntax to search for subdomains and add results to the list
• Remove the previous results and repeat the process

Reconnaissance Tools (Dmitry & Goofile) Information gathering / automated command-line tools (Dmitry & Goofile)

• Use Dmitry to gather IP translations, netcraft info, subdomains, and email addresses
• Use Goofile to enumerate files within a domain
• Record information collected

Network Enumeration with Maltego Information gathering / an all-in-one translation tool (Maltego)

• Introduce a point of departure
• Perform Transforms to gather information on networked systems
• Organize and manage the information collected

Layer 2 Discovery Network discovery / discover hosts on the local network at layer 2

• Use the arping utility to discover hosts
• Use nmap ARP scans to discover hosts
• Use NetworkDiscover to perform an active and passive layer 2 discovery

Layer 3 Discovery Network discovery / discover remote hosts at layer 3

• Use fping for layer-3 discovery
• Use hping3 for layer-3 discovery
• Use a Bash script to create a layer 3 discovery script

Host Discovery with nmap Network discovery / use nmap utilities

• Use nmap pingsweep for basic host discovery
• UDP scan for host discovery
• TCP ACK scan for host discovery

Network Discovery with Scapy Custom discovery scans / Scapy for scan scripting

• Basic packet formatting with Scapy
• Sending and receiving packets with Scapy
• Integrating Scapy into Python scripting for custom scans

Fingerprinting Operating Systems Operating system identification / automated tools (p0f, xprobe2, and nmap)

• Perform passive OS identification with p0f
• Active OS identification with xprobe2
• Active OS identification with nmap

Scanning with nmap Port enumeration / the nmap command-line tool

• Basic nmap port scanning
• Scan multiple systems and network ranges
• Use unique nmap TCP flag scans

Scanning with Zenmap Port enumeration / Zenmap graphical interface

• Nmap scanning with Zenmap
• Visual analysis of scan results
• Create scan profiles

Nmap Scripting Automate nmap related tasks / use Nmap Scripting Engine and scriptable outputs

• Explore NSE (Nmap Scripting Engine) scripts
• Use NSE scripts with nmap
• Use a Bash script for greppable output analysis

Zombie Scanning Stealth scanning without risk of detection / zombie scanning with an idle host

• Configure IPID sequence scanner in Metasploit
• Discover a host with an incremental IPID sequence to perform a scan
• Use zombie host to perform an idle scan against a target

Service Identification Verify services running on open ports / Netcat, Dmitry, and Amap

• Use Netcat for network service banner grabbing
• Use Dmitry for automated banner grabbing
• Use Amap to verify port-associated services

Metasploit Auxilliary Scans Identify unique vulnerabilities / use Metasploit auxiliary modules

• Search scanners to test target-specific services
• Configure options for the selected scanner
• Run a scan against a target(s)

Installing Nessus Identify vulnerabilities / install Nessus vulnerability scanner

• Download and install the Nessus package
• Start Nessus service and connect to the web interface
• Complete the guided installation and registration

Nessus Scanning Identify vulnerabilities / perform scans with Nessus

• Scan a single target
• How to scan a range or group of targets
• Create a scan template for later use

Nessus Policies Focus on vulnerability discovery / modify and create scan policies

• Review preconfigured policies
• Modify existing scan polices
• Create a new scan policy

Nessus Result Analysis Gather vulnerability information / review Nessus scan results

• Review scan results ordered by the host
• Review scan results ordered by vulnerability
• Review specific vulnerability information for later use in exploitation

Metasploit Framework Automated tool to launch exploits against remote systems / use the Metasploit framework

• Perform a denial of service (DOS) attack against Windows 2008 Server
• Launch an SMB exploit against Windows XP host
• Perform a Java RMI exploit against Linux Server

Meterpreter Basics Launch exploit with Meterpreter payload / navigate payload to further compromise the system

• Navigate the remote system using Meterpreter commands
• Perform upload, download, and execute commands
• Open a command prompt shell on a remote system

Meterpreter - Advanced Exploitation Launch exploit with Meterpreter payload / perform advanced exploitation techniques

• Sniff network traffic using a sniffer
• Use Espia to capture screenshots of a remote system
• Use keyscan to perform a keylogger attack against a remote system

Installing Metasploit Pro Automated exploitation platform / install Metasploit Pro in Kali Linux

• Use msfconsole to launch the installation
• Browse to the web interface and complete configuration
• Get a trial license and activate MSF Pro

Exploitation with Metasploit Pro Automated exploitation platform / use Metasploit Pro to perform discovery, vulnerability mapping, and exploitation

• Create a new project and perform network discovery
• Use Nexpose to perform a vulnerability scan or import Nessus results
• Use vulnerabilities to exploit systems on the network and interact with the acquired shells

Exploit Database Exploit target systems / use proof-of-concept scripts in the exploit database

• Locate applicable exploit in files.csv
• Modify the exploit code if necessary and launch
• Verify the delivered payload by connecting to the remote shell

Social Engineering Toolkit - Credential Harvester Social engineering attack / use credential harvester to gather the victim's credentials

• Configure credential harvester with a spoofed login website
• Use DNS poisoning attack to redirect the victim to the spoofed website
• Wait for the victim to browse to the site and then collect the login credentials

Burp Suite Intruder Exploit web services / Burp Suite Intruder function

• Intercept a login request with Burp Suite Proxy
• Run a Sniper attack against password payload position
• Identify an "access granted" response

Web Application Exploitation Learn web application attacks / use DVWA for testing

• Perform a SQL injection attack
• Perform a Cross-Site-Scripting (XSS) attack
• Perform an unrestricted upload and command execution attacks

Maintaining Access Maintain access to the exploited system / use Netcat and Meterpreter backdoors

• Install Netcat backdoor and create a registry key to start Netcat on startup
• Use Netcat listener or Metasploit handler to connect to Netcat backdoor
• Use Metsvc script to install Meterpreter backdoor on a target system

Ettercap Man-in-the-middle attack / use the ettercap graphic interface

• Scan for hosts and select victim targets
• Start ARP poisoning and sniffing
• Collect traffic between systems using Wireshark

Hash Identifier / Find-My-Hash Unknown hash value / use Hash-ID to identify and then Find-My-Hash to crack a password hash

• Acquire a password hash
• Use Hash-Identifier to determine a hash type
• Use Find-My-Hash to crack the hash value

Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing - Hydra Acquire network service credentials / use Hydra to attack a service

• Use Hydra help information to view capabilities
• Use Hydra to perform a dictionary attack against a network service
• Use Hydra to perform a brute force attack against a network service

John the Ripper Acquire Linux and/or Windows password hashes / use John the Ripper to crack

• Acquire Windows hashes with Meterpreter
• Acquire Linux hashes with Meterpreter
• Crack each with John the Ripper

Johnny / xHydra Graphical interface for password attacks / use Johnny or xHydra

• Start graphical interfaces from the command line
• Use Johnny graphical interface to crack password hash files
• Use xHydra to perform online password attacks against network services

Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing. 40 lectures 02:43:29 Developing a Network Environment Must have multiple virtual machines for a test lab / acquire images from multiple locations

• Download Linux distro operating systems from DistroWatch
• Acquire trial Windows operating systems from Microsoft Technet
• Students can acquire a fully licensed Microsoft software from DreamSpark

How to Install Oracle VirtualBox Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software

• Download VirtualBox from virtualbox.org and install
• Create a virtual machine
• Configure virtual machine settings

How to Install VMware Player Must manage the network operating systems in a singe virtual environment / install the VMware virtualization software

• Download VMware Player from vmware.com and install it
• Create a virtual machine
• Configure virtual machine settings

How to Install Kali Linux Need a Kali Linux virtual machine for performing penetration tests / install Backtrack 5

• Download Kali Linux image file
• Launch live boot of Kali Linux from a virtual machine
• Follow guided install to complete installation

v01603-video1_4.mp4 Increasing Network Attack Surface Must have vulnerable systems to perform penetration testing techniques / modify security policies on network systems to increase vulnerabilities

• Turn off the firewall, automatic updates, and remove installed updates on host systems
• Install unnecessary roles and features on server systems
• Install Metasploitable, an intentionally vulnerable Linux distribution

Passive Reconnaissance Information gathering / use public resources and websites

• Look at the target website and its historical archives
• Profile company and employees using LinkedIn
• Gather technical information with serversniff /p How to Install Oracle VirtualBox Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software
  • Download VirtualBox from virtualbox.org and install
  • Create a virtual machine
  • Configure virtual machine settings
  How to Install Oracle VirtualBox Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software
  • Download VirtualBox from virtualbox.org and install
  • Create a virtual machine
  • Configure virtual machine settings
  How to Install Oracle VirtualBox Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software
  • Download VirtualBox from virtualbox.org and install
  • Create a virtual machine
  • Configure virtual machine settings
  Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software
  • Download...