Download
Introduction
The face of hacking and cyber crime has dramatically transformed over the past couple of decades. At the end of the 20th century, many people had no idea what cyber crime was. Those people thought that hackers were malevolent mathematical geniuses that hid in the dimly lit basements and spoke in binary. But as of late, we have seen the rise of a whole new brand of hackers. Because of the public availability of hacking software and tools, the hacker of the new era could easily be your next-door neighbor, your local gas station attendant, or even your 12-year old child. Script kiddie tools such as the Low Orbit Ion Cannon (LOIC) have been used to launch massive Distributed Denial of Service (DDoS) attacks against large corporations and organizations. This free Windows download merely requires that you enter a target URL, and it also has a graphic interface that bears a striking resemblance to a space age video game.
In a world where hacking has become so easy that a child can do it, it is absolutely essential that organizations verify their own level of protection by having their networks tested using the same tools that cyber criminals use against them. But, the basic usage of these tools is not sufficient knowledge to be an effective information security professional. It is absolutely critical that information security professionals understand the techniques that are being employed by these tools, and why these techniques are able to exploit various vulnerabilities in a network or system. A knowledge of the basic underlying principles that explains how these common attack tools work enables one to effectively use them, but more importantly, it also contributes to one's ability to effectively identify such attacks and defend against them.
The intention of this book is to enumerate and explain the use of common attack tools that are available in the Kali Linux platform, but more importantly, this book also aims to address the underlying principles that define why these tools work. In addition to addressing the highly functional tools integrated into Kali Linux, we will also create a large number of Python and bash scripts that can be used to perform similar functions and/or to streamline existing tools. Ultimately, the intention of this book is to help forge stronger security professionals through a better understanding of their adversary
What this book covers
Chapter 1, Getting Started, introduces the underlying principles and concepts that will be used throughout the remainder of the book.
Chapter 2, Discovery Scanning, covers techniques and scanning tools that can be used to identify live systems on a target network, by performing layer 2, layer 3, and layer 4 discovery.
Chapter 3, Port Scanning, includes techniques and scanning tools that can be used to enumerate running UDP and TCP services on a target system.
Chapter 4, Fingerprinting, explains techniques and scanning tools that can be used to identify the operating system and services running on a target system.
Chapter 5, Vulnerability Scanning, covers techniques and scanning tools that can be used to identify and enumerate potential vulnerabilities on a target system.
Chapter 6, Denial of Service, introduces techniques and attack tools that can be used to exploit denial of service vulnerabilities identified on a target system.
Chapter 7, Web Application Scanning, provides techniques and tools that can be used to identify and exploit web application vulnerabilities on a target system.
Chapter 8, Automating Kali Tools, introduces scripting techniques that can be used to streamline and automate the use of existing tools in Kali Linux.
What you need for this book
To follow the exercises addressed in this book or to further explore on your own, you will need the following components:
+ A single personal computer (Mac, Windows, or Linux) with sufficient resources that can be shared across multiple virtual machines. At minimum, you should have 2 GB of RAM. It is recommended that for optimal performance, you use a system with 8 to 16 GB of RAM. Multiple processors and/or processor cores is also recommended.
- If you are running a system with limited resources, try to minimize the number of virtual machines that are running simultaneously when completing the exercises
+ A virtualization software to run your security lab environment. Some of the available options include the following:
- VMware Fusion (Mac OS X)
- VMware Player (Windows)
- Oracle VirtualBox (Windows, Mac OS X, or Linux)
+ Multiple operating systems to run in the security lab environment. Acquisition and installation of each of these will be discussed in detail in Chapter 1, Getting Started. The operating systems needed include the following:
- Kali Linux
- Metasploitable2
- An Ubuntu server
- Windows OS (Windows XP SP2 is recommended)
Who this book is for
This book is intended for the following users:
+ Information technology professionals
+ Information security professionals
+ Casual security or technology enthusiasts
The book assumes that the reader has little to no familiarity with penetration testing, Linux, scripting, and TCP/IP networking. Each section in this book initially addresses the underlying principles, prior to discussing the techniques that employ them.
