Kali Linux 2018：Windows Penetration Testing

Other Books You May Enjoy

Further reading

Summary

Configuring your Siege engine

Putting the network under Siege

Dealing with Denial

Stress testing Windows

Running rax2

Running rafind2

Running radiff2

Running rahash2

Running rasm2

The additional members of the Radare2 tool suite

Running Radare2

Some miscellaneous Reverse Engineering tools

Creating your own disassembling code with Capstone

Running JAD

Introduction to disassemblers

Running OllyDbg

EDB-Debugger symbol mapper

Using the EDB-Debugger

Using the Valgrind debugger

Using debuggers

Practicing Reverse Engineering

Understanding the decision points

Reviewing the for loop structure

Reviewing a while loop structure

Working with Boolean logic

One general theory of Reverse Engineering

Reverse Engineering theory

Testing your testing environment

Creating your victim machine(s)

Setting up a test environment

Technical requirements

Reverse Engineering and Stress Testing

Further reading

Summary

Using Backdoor Factory to evade antivirus

Choose a subject or write a new email message

Using the Spear-Phishing Attack Vectors menu

Creating a spear-phishing attack with the Social Engineering Toolkit

Cracking the Network Access Controller (NAC)

The Drop Box

Running a port scanner inside Metasploit

Phoning home with Metasploit

Setting up a NetCat Client

Maintaining access with Ncat

Covering our tracks

Maintaining access or ET Phone Home

Maintaining Access on Server or Desktop

Summary

Windows registry-only persistence

Metasploit's persistence_exe module

Remote Access Tools

Maintaining access

Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability)

Windows Escalate Service Permissions Local Privilege Escalation

MS16-032 Secondary Logon Handle Privilege Escalation

MSFvenom

Escalating your privileges

Windows privilege escalation

Technical requirements

Windows Privilege Escalation and Maintaining Access

Further reading

Summary

Accessing Systems With Xfreerdp

Exploiting a 32-bit system

Interpreting the scan and building on the result

Using advanced Footprinting

Exploiting Windows systems with Metasploit

Technical requirements

Pwnage

Gaining Access

Further reading

Summary

The attack

Ettercap setup

EvilGrade

NetBIOS response BadTunnel brute force spoofing

Using Responder with Metasploit

Responder - so many hashes so little time

NetBIOS scanning using NBTscan

Using Ettercap data

Sniffing and capturing traffic

NetBIOS name service and NTLM

Technical requirements

NetBIOS Name Service and LLMNR - Obsolete but Still Deadly

Further reading

Summary

xHydra

John the Ripper (command line)

My friend Johnny

Cleaning a password list

Password lists

Cracking the NTLM code (revisited)

Password attack planning

Password Attacks

Further reading

Summary

Ettercap on the command line

Ettercap

Spoofing network traffic

Working with Wireshark

The packet

Wireshark

WinDump (Windows tcpdump)

tcpdump

Sniffing network traffic

Sniffing and spoofing network traffic

Technical requirements

Sniffing and Spoofing

Further reading

Summary

Using KeepNote

Using Maltego

Using OpenVAS

An annotated list of Nmap command options

Scanning a network range

The difference verbosity makes

Zenmap

Nmap

Footprinting the network

Technical requirements

Information Gathering and Vulnerability Assessments

Summary

Running services on Kali Linux

Dradis – web-based document organizer

KeepNote – stand-alone document organizer

Reporting tests

Setting up and configuring OpenVAS

Etherape – the graphical protocol-analysis tool

Terminator – the Terminal emulator for multi-tasking

Geany – the platform-agnostic code IDE

Gedit – the Gnome Text Editor

Installing and configuring applications

Running Kali from the Live DVD

Booting your new installation of Kali

Setting up the drive

Configuring the installation

Booting up

Prerequisites for installation

Installing Kali Linux to an encrypted USB drive

Technical requirements

Sharpening the Saw

Summary

User account setup

Configuring Kali to be your Daily Driver

Choosing your look and feel

Xfce issues

Xfce desktop

MATE issues

MATE desktop

LXDE issues

LXDE desktop

KDE issues

KDE desktop

Gnome 3 desktop issues

Gnome desktop

E17 Window Manager issues

Enlightenment (E17)

Desktop environment versus Window Manager

Desktop environments

Choosing Your Distro

Disclaimer

Reviews

Get in touch

Conventions used

Download the color images

To get the most out of this book

What this book covers

Who this book is for

Preface

Packt is searching for authors like you

About the reviewer

About the authors

Contributors

Packt.com

Why subscribe?

Packt Upsell

Title Page

coverpage

coverpage

Title Page

Packt Upsell

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Choosing Your Distro

Desktop environments

Desktop environment versus Window Manager

Enlightenment (E17)

E17 Window Manager issues

Gnome desktop

Gnome 3 desktop issues

KDE desktop

KDE issues

LXDE desktop

LXDE issues

MATE desktop

MATE issues

Xfce desktop

Xfce issues

Choosing your look and feel

Configuring Kali to be your Daily Driver

User account setup

Summary

Sharpening the Saw

Technical requirements

Installing Kali Linux to an encrypted USB drive

Prerequisites for installation

Booting up

Configuring the installation

Setting up the drive

Booting your new installation of Kali

Running Kali from the Live DVD

Installing and configuring applications

Gedit – the Gnome Text Editor

Geany – the platform-agnostic code IDE

Terminator – the Terminal emulator for multi-tasking

Etherape – the graphical protocol-analysis tool

Setting up and configuring OpenVAS

Reporting tests

KeepNote – stand-alone document organizer

Dradis – web-based document organizer

Running services on Kali Linux

Summary

Information Gathering and Vulnerability Assessments

Technical requirements

Footprinting the network

Nmap

Zenmap

The difference verbosity makes

Scanning a network range

An annotated list of Nmap command options

Using OpenVAS

Using Maltego

Using KeepNote

Summary

Further reading

Sniffing and Spoofing

Technical requirements

Sniffing and spoofing network traffic

Sniffing network traffic

tcpdump

WinDump (Windows tcpdump)

Wireshark

The packet

Working with Wireshark

Spoofing network traffic

Ettercap

Ettercap on the command line

Summary

Further reading

Password Attacks

Password attack planning

Cracking the NTLM code (revisited)

Password lists

Cleaning a password list

My friend Johnny

John the Ripper (command line)

xHydra

Summary

Further reading

NetBIOS Name Service and LLMNR - Obsolete but Still Deadly

Technical requirements

NetBIOS name service and NTLM

Sniffing and capturing traffic

Using Ettercap data

NetBIOS scanning using NBTscan

Responder - so many hashes so little time

Using Responder with Metasploit

NetBIOS response BadTunnel brute force spoofing

EvilGrade

Ettercap setup

The attack

Summary

Further reading

Gaining Access

Pwnage

Technical requirements

Exploiting Windows systems with Metasploit

Using advanced Footprinting

Interpreting the scan and building on the result

Exploiting a 32-bit system

Accessing Systems With Xfreerdp

Summary

Further reading

Windows Privilege Escalation and Maintaining Access

Technical requirements

Windows privilege escalation

Escalating your privileges

MSFvenom

MS16-032 Secondary Logon Handle Privilege Escalation

Windows Escalate Service Permissions Local Privilege Escalation

Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability)

Maintaining access

Remote Access Tools

Metasploit's persistence_exe module

Windows registry-only persistence

Summary

Maintaining Access on Server or Desktop

Maintaining access or ET Phone Home

Covering our tracks

Maintaining access with Ncat

Setting up a NetCat Client

Phoning home with Metasploit

Running a port scanner inside Metasploit

The Drop Box

Cracking the Network Access Controller (NAC)

Creating a spear-phishing attack with the Social Engineering Toolkit

Using the Spear-Phishing Attack Vectors menu

Choose a subject or write a new email message

Using Backdoor Factory to evade antivirus

Summary

Further reading

Reverse Engineering and Stress Testing

Technical requirements

Setting up a test environment

Creating your victim machine(s)

Testing your testing environment

Reverse Engineering theory

One general theory of Reverse Engineering

Working with Boolean logic

Reviewing a while loop structure

Reviewing the for loop structure

Understanding the decision points

Practicing Reverse Engineering

Using debuggers

Using the Valgrind debugger

Using the EDB-Debugger

EDB-Debugger symbol mapper

Running OllyDbg

Introduction to disassemblers

Running JAD

Creating your own disassembling code with Capstone

Some miscellaneous Reverse Engineering tools

Running Radare2

The additional members of the Radare2 tool suite

Running rasm2

Running rahash2

Running radiff2

Running rafind2

Running rax2

Stress testing Windows

Dealing with Denial

Putting the network under Siege

Configuring your Siege engine

Summary

Further reading

Other Books You May Enjoy