Learning Kali Linux, 2nd Edition (Ric Messier) (Z Library)

Learning Kali Linux SECOND EDITION Security Testing, Penetration Testing & Ethical Hacking Ric Messier

Learning Kali Linux by Ric Messier Copyright © 2024 Ric Messier. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: Simina Calin Development Editor: Rita Fernando Production Editor: Ashley Stussy Copyeditor: Piper Editorial Consulting, LLC Proofreader: Sharon Wilkey Indexer: Judith McConville

Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Kate Dullea July 2018: First Edition August 2024: Second Edition Revision History for the Second Edition 2024-08-13: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781098154134 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning Kali Linux, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all

responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. 978-1-098-15413-4 [LSI]

Dedication This book is dedicated, in memorium, to my very first (and best) bull terrier, Zoey.

Preface A novice was trying to fix a broken Lisp machine by turning the power off and on. Knight, seeing what the student was doing, spoke sternly: “You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.” Knight turned the machine off and on. The machine worked. —AI Koan Over the last half century, one of the places that had a deep hacker culture, in the sense of learning and creating, was the Massachusetts Institute of Technology (MIT) and, specifically, its Artificial Intelligence Lab. The hackers at MIT generated a language and culture that created words and a unique sense of humor. The preceding quote is an AI koan, modeled on the koans of Zen, which were intended to inspire enlightenment. Similarly, this koan is one of my favorites because of what it says: it’s important to know how things work. Knight, by the

way, refers to Tom Knight, a highly respected programmer at the AI Lab at MIT. The intention for this book is to teach readers about the capabilities of Kali Linux through the lens of security testing. The idea is to help you better understand how and why the tools work. Kali Linux is a security-oriented Linux distribution, so it ends up being popular with people who do security testing or penetration testing for either sport or vocation. While it does have its uses as a general-purpose Linux distribution and for forensics and other related tasks, it was originally designed with security testing in mind. As such, most of the book’s content focuses on using tools that Kali provides. Many of these tools are not necessarily easily available with other Linux distributions. While the tools can be installed, sometimes built from source, installation is easier if the package is in the distribution’s repository.

What This Book Covers Given that the intention is to introduce Kali through the perspective of doing security testing, the following subjects are covered: Foundations of Kali Linux Linux has a rich history, going back to the 1960s with Unix. This chapter covers a bit of the background of Unix so you can better understand why the tools in Linux work the way they do and how best to make efficient use of them. We’ll also look at the command line since we’ll be spending a lot of time there through the rest of the book, as well as the desktops that are available so you can have a comfortable working environment. If you are new to Linux, this chapter will prepare you to be successful with the remainder of the book so you aren’t overwhelmed when we start digging deep into the tools available. Network Security Testing Basics The services you are most familiar with listen on the network. Also, systems that are connected to the network may be vulnerable. To put you in a better position to perform testing over the network, we’ll cover some basics

of the way network protocols work. When you really get deep into security testing, you will find an understanding of the protocols you are working with to be an invaluable asset. We will also take a look at tools that can be used for stress testing of network stacks and applications. Reconnaissance When you are doing security testing or penetration testing, a common practice is to perform reconnaissance against your target. Several open sources are available to help you gather information about your target. Gathering information will not only help you with later stages of your testing but also provide a lot of details you can share with the organization you are performing testing for. These details can help them correctly determine the footprint of systems available to the outside world. Information about an organization and the people in it can provide stepping stones for attackers, after all. Looking for Vulnerabilities Attacks against organizations arise from vulnerabilities. We’ll look at vulnerability scanners that can provide insight into the technical (as opposed to human) vulnerabilities that exist at your target organization. This will lead to hints on where to go from here, since the

objective of security testing is to provide insights to the organization you are testing for about potential vulnerabilities and exposures. Identifying vulnerabilities will help you there. Automated Exploits While Metasploit may be the foundation of performing security testing or penetration testing, other tools are available as well. We’ll cover the basics of using Metasploit but also cover some of the other tools available for exploiting the vulnerabilities found by the tools discussed in other parts of the book. Owning Metasploit Metasploit is a dense piece of software. Getting used to using it effectively can take a long time. Nearly 2,000 exploits are available in Metasploit, as well as over 500 payloads. When you mix and match those, you get thousands of possibilities for interacting with remote systems. Beyond that, you can create your own modules. We’ll cover Metasploit beyond just the basics of using it for rudimentary exploits. Wireless Security Testing

Everyone has wireless networks these days. That’s how mobile devices like phones and tablets, not to mention a lot of laptops, connect to enterprise networks. However, not all wireless networks have been configured in the best manner possible. Kali Linux has tools available for performing wireless testing. This includes scanning for wireless networks, injecting frames, and cracking passwords. Web Application Testing A lot of commerce happens through web interfaces. Additionally, a lot of sensitive information is available through web interfaces. Businesses need to pay attention to how vulnerable their important web applications are. Kali is loaded with tools that will help you perform assessments on web applications. We’ll take a look at proxy-based testing as well as other tools you can use for more automated testing. The goal is to help you provide a better understanding of the security posture of these applications to the organization you are doing testing for. Cracking Passwords Cracking passwords isn’t always a requirement, but you may be asked to test both remote systems and local

password databases for password complexity and difficulty in getting in remotely. Kali has programs that will help with password cracking—both cracking password hashes, as in a password file, and brute-forcing logins on remote services like SSH, VNC, and other remote access protocols. Advanced Techniques and Concepts You can use all the tools in Kali’s arsenal to do extensive testing. At some point, though, you need to move beyond the canned techniques and develop your own. This may include creating your own exploits or writing your own tools. Getting a better understanding of how exploits work and how you can develop some of your own tools will provide insight on directions you can go take. We’ll cover extending some of the tools Kali has as well as the basics of popular scripting languages along the way. Reverse Engineering and Program Analysis Understanding how programs work can be an important part of vulnerability testing, since you will not often have the source code. Additionally, malware requires analysis. Tools to disassemble, debug, and decompile are available for this sort of work.

Digital Forensics While this topic is not specifically targeted at security testing, some of the tools that are used for forensics are useful to know. Additionally, it’s a category of tools that are installed by Kali Linux. After all, Kali is really a security-oriented distribution and isn’t limited to penetration testing or other security testing. Reporting While it’s not testing directly, reporting is critical because it’s what you will need to do to get paid. Kali has a lot of tools that can help you generate this report. We’ll cover techniques for taking notes through the course of your testing as well as some strategies for generating the report. New in This Edition This edition includes a new chapter on digital forensics, as there is a significant collection of tools that can be used for this purpose. In addition to network tools like Wireshark and others discussed in other chapters, there are tools that can be used for dead disk forensics, as well as for malware identification and some memory captures.

The section on reverse engineering and program analysis from the previous edition has been expanded into a completely new chapter. This includes coverage of the NSA-developed tool Ghidra, as well as other useful tools for reverse engineering and program analysis. Of course, new tools that are available in updated versions of Kali are covered here, though the coverage of tools from Kali is not comprehensive, since tools come and go and there are hundreds of packages of tools for various security-related purposes.

Who This Book Is For While I hope there is something in this book for readers with a wide variety of experiences, the primary audience is people who may have a little Linux or Unix experience but want to see what Kali is all about. This book is also for people who want to get a better handle on security testing by using the tools that Kali Linux has to offer. If you are already experienced with Linux, you may skip Chapter 1, for instance. You may also be someone who has done web application testing by using some common tools but want to expand your range to a broader set of skills. The Value and Importance of Ethics A word about ethics—you will see this come up a lot because it’s so important that it’s worth repeating. A lot. Security testing requires that you have permission. What you are likely to be doing is illegal in most places. Probing remote systems without permission can get you into a lot of trouble. Mentioning the legality at the top tends to get people’s attention. Beyond the legality is the ethics. Security professionals who acquire certifications have to take oaths related to their ethical

practices. One of the most important precepts here is not misusing information resources. The CISSP certification includes a code of ethics requiring you to agree to not do anything illegal or unethical. Testing on any system you don’t have permission to test on is not only potentially illegal but also certainly unethical by the standards of our industry. It isn’t sufficient to know someone at the organization you want to target and obtain their permission. You must have permission from a business owner or someone at an appropriate level of responsibility to give you that permission. It’s also best to have the permission in writing. This ensures that both parties are on the same page. It is also important to recognize the scope up front. The organization you are testing for may have restrictions on what you can do, what systems and networks you can touch, and during what hours you can perform the testing. Get all that in writing. Up front. This is your Get Out of Jail Free card. Write down the scope of testing and then live by it. Also, communicate, communicate, communicate. Do yourself a favor. Don’t just get the permission in writing and then disappear without letting your client know what you are doing. Communication and collaboration will yield good results for

you and the organization you are testing for. It’s also generally just the right thing to do. Within ethical boundaries, have fun! Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Used within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width Used for program listings and code examples. Constant width Shows commands or other text that should be typed literally by the user.

TIP This element signifies a tip or suggestion. NOTE This element signifies a general note. WARNING This element indicates a warning or caution. O’Reilly Online Learning NOTE For more than 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast

collection of text and video from O’Reilly and 200+ other publishers. For more information, visit https://oreilly.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-889-8969 (in the United States or Canada) 707-827-7019 (international or local) 707-829-0104 (fax) support@oreilly.com https://www.oreilly.com/about/contact.html We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at https://oreil.ly/learning-kali-linux-2e.