Kali Linux Intrusion and Exploitation Cookbook

Book Description

Over 70 recipes for system administrators or DevOps to master Kali Linux 2 and perform effective security assessments

About This Book

• Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
• Improve your testing efficiency with the use of automated vulnerability scanners
• Work through step-by-step recipes to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and identify security anomalies

Who This Book Is For

This book is intended for those who want to know more about information security. In particular, it’s ideal for system administrators and system architects who want to ensure that the infrastructure and systems they are creating and managing are secure. This book helps both beginners and intermediates by allowing them to use it as a reference book and to gain in-depth knowledge.

What You Will Learn

• Understand the importance of security assessments over merely setting up and managing systems/processes
• Familiarize yourself with tools such as OPENVAS to locate system and network vulnerabilities
• Discover multiple solutions to escalate privileges on a compromised machine
• Identify security anomalies in order to make your infrastructure secure and further strengthen it
• Acquire the skills to prevent infrastructure and application vulnerabilities
• Exploit vulnerabilities that require a complex setup with the help of Metasploit

In Detail

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities.

This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It’s an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation.

In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Style and approach

This practical book is full of easy-to-follow recipes with based on real-world problems faced by the authors. Each recipe is divided into three sections, clearly defining what the recipe does, what you need, and how to do it. The carefully structured recipes allow you to go directly to your topic of interest.

Table of Contents

Chapter 1. Getting Started – Setting Up an Environment
Chapter 2. Network Information Gathering
Chapter 3. Network Vulnerability Assessment
Chapter 4. Network Exploitation
Chapter 5. Web Application Information Gathering
Chapter 6. Web Application Vulnerability Assessment
Chapter 7. Web Application Exploitation
Chapter 8. System and Password Exploitation
Chapter 9. Privilege Escalation and Exploitation
Chapter 10. Wireless Exploitation

中文：

书名：Kali Linux Intrusion and Exploitation Cookbook

系统管理员或DevOps掌握Kali Linux2并执行有效的安全评估的70多个食谱

关于本书

• 建立渗透测试实验室，对攻击面进行初步评估并运行攻击
• 使用自动化漏洞扫描仪提高测试效率
• 通过循序渐进的方法来检测各种漏洞，利用它们来分析其后果，并识别安全异常

这本书是为谁写的

这本书是为那些想要了解更多信息安全的人准备的。特别是，它是系统管理员和系统架构师的理想之选，他们希望确保他们正在创建和管理的基础设施和系统是安全的。这本书帮助初学者和中介者使用它作为一本参考书，并获得深入的知识。

你将学到什么

• 了解安全评估的重要性，而不仅仅是设置和管理系统/流程
• 熟悉OPENVAS等工具以定位系统和网络漏洞
• 发现多个解决方案以提升受威胁计算机上的权限
• 识别安全异常，以确保您的基础设施安全并进一步加强
• 掌握防止基础架构和应用程序漏洞的技能
• 借助Metasploit利用需要复杂设置的漏洞

In Detail

随着关键基础设施面临越来越大的入侵和攻击威胁，系统管理员和架构师可以使用Kali Linux 2.0，通过找出已知漏洞并保护其基础设施免受未知漏洞的攻击，从而确保其基础设施的安全。

这本实用的食谱风格的指南包含三个阶段的精心组织的章节-信息收集、漏洞评估和Web以及有线和无线网络的渗透测试。如果您正在寻找特定问题的解决方案或学习如何使用工具，它是一本理想的参考指南。我们提供了针对攻击而设计的强大工具/脚本的动手示例。

在最后一节中，我们将介绍您在测试过程中可以使用的各种工具，并帮助您创建深入的报告以给管理层留下深刻印象。我们为系统工程师提供复制和修复问题的步骤。

风格和方法

这本实用的书充满了基于作者所面临的现实世界问题的易于遵循的食谱。每个食谱分为三个部分，清楚地定义了食谱做什么，你需要什么，以及如何做。精心组织的食谱让你可以直接进入你感兴趣的主题。

目录表

第1章：环境设置入门
第2章：网络信息收集
Chapter 3. Network Vulnerability Assessment
第四章：网络利用
第5章.Web应用程序信息收集
第6章：Web应用程序漏洞评估
第7章.Web应用程序开发
第8章：系统和密码利用
第9章特权提升和剥削
第10章：无线利用