Download Kali Linux - An Ethical Hacker's Cookbook - End-To-End Penetration Testing Solutions by Himanshu Sharma PDF

TitleKali Linux - An Ethical Hacker's Cookbook - End-To-End Penetration Testing Solutions by Himanshu Sharma
TagsDesktop Environment System Software Digital & Social Media Digital Technology Software
File Size33.4 MB
Total Pages523
Table of Contents
                            Preface
	What this book covers
	What you need for this book
	Who this book is for
	Sections
		Getting ready
		How to do it…
		How it works…
		There's more…
		See also
	Conventions
	Reader feedback
	Customer support
		Downloading the example code
		Downloading the color images of this book
		Errata
		Piracy
		Questions
Kali – An Introduction
	Introduction
	Configuring Kali Linux
		Getting ready
		How to do it...
		How it works...
	Configuring the Xfce environment
		How to do it...
	Configuring the Mate environment
		How to do it...
	Configuring the LXDE environment
		How to do it...
	Configuring the e17 environment
		How to do it...
	Configuring the KDE environment
		How to do it...
	Prepping up with custom tools
		Getting ready
		How to do it...
			Dnscan
			Subbrute
			Dirsearch
	Pentesting VPN's ike-scan
		Getting ready
		How to do it...
			Cracking the PSK
		How it works...
	Setting up proxychains
		How to do it...
			Using proxychains with tor
	Going on a hunt with Routerhunter
		Getting ready
		How to do it...
Gathering Intel and Planning Attack Strategies
	Introduction
	Getting a list of subdomains
		Fierce
			How to do it...
		DNSdumpster
			How to do it...
	Using Shodan for fun and profit
		Getting ready
		How to do it...
	Shodan Honeyscore
		How to do it...
	Shodan plugins
		How to do it...
		See also
	Using Nmap to find open ports
		How to do it...
			Using scripts
		See also
	Bypassing firewalls with Nmap
		TCP ACK scan
			How to do it...
			How it works...
		TCP Window scan
			How to do it...
		Idle scan
			How to do it...
			How it works...
	Searching for open directories
		The dirb tool
			How to do it...
			There's more...
			See also
	Performing deep magic with DMitry
		How to do it...
	Hunting for SSL flaws
		How to do it...
		See also
	Exploring connections with intrace
		How to do it...
	Digging deep with theharvester
		How to do it...
		How it works...
	Finding the technology behind web apps
		How to do it...
	Scanning IPs with masscan
		How to do it...
	Sniffing around with Kismet
		How to do it...
	Testing routers with firewalk
		How to do it...
		How it works...
Vulnerability Assessment
	Introduction
	Using the infamous Burp
		How to do it...
	Exploiting WSDLs with Wsdler
		How to do it...
	Using Intruder
		How to do it...
	Web app pentest with Vega
		Getting ready
		How to do it...
	Exploring SearchSploit
		How to do it...
	Exploiting routers with RouterSploit
		Getting ready
		How to do it...
			Using the scanners command
			Using creds
	Using Metasploit
		How to do it...
	Automating Metasploit
		How to do it...
	Writing a custom resource script
		How to do it...
	Databases in Metasploit
		How to do it...
Web App Exploitation – Beyond OWASP Top 10
	Introduction
	Exploiting XSS with XSS Validator
		Getting ready
		How to do it...
	Injection attacks with sqlmap
		How to do it...
		See also
	Owning all .svn and .git repositories
		How to do it...
	Winning race conditions
		How to do it...
		See also
	Exploiting JBoss with JexBoss
		How to do it...
	Exploiting PHP Object Injection
		How to do it...
		See also
	Backdoors using web shells
		How to do it...
	Backdoors using meterpreters
		How to do it...
Network Exploitation on Current Exploitation
	Introduction
	Man in the middle with hamster and ferret
		Getting ready
		How to do it...
	Exploring the msfconsole
		How to do it...
	Railgun in Metasploit
		How to do it...
		There's more...
	Using the paranoid meterpreter
		How to do it...
		There's more...
	A tale of a bleeding heart
		How to do it...
	Redis exploitation
		How to do it...
	Say no to SQL – owning MongoDBs
		Getting ready
		How to do it...
	Embedded device hacking
		How to do it...
	Elasticsearch exploit
		How to do it...
		See also
	Good old Wireshark
		Getting ready
		How to do it...
		There's more...
	This is Sparta!
		Getting ready
		How to do it...
Wireless Attacks – Getting Past Aircrack-ng
	Introduction
		The good old Aircrack
			Getting ready
			How to do it...
			How it works...
		Hands on with Gerix
			Getting ready
			How to do it...
		Dealing with WPAs
			How to do it...
		Owning employee accounts with Ghost Phisher
			How to do it...
		Pixie dust attack
			Getting ready
			How to do it...
			There's more...
Password Attacks – The Fault in Their Stars
	Introduction
	Identifying different types of hash in the wild!
		How to do it...
			MD5
			MySQL less than v4.1
			MD5 (WordPress)
			MySQL 5
			Base64 encoding
		There's more...
	Using hash-identifier
		How to do it...
	Cracking with patator
		How to do it...
	Cracking hashes online
		How to do it...
			Hashkiller
			Crackstation
			OnlineHashCrack
	Playing with John the ripper
		How to do it...
		There's more...
	Johnny Bravo!
		How to do it...
	Using cewl
		How to do it...
	Generating word list with crunch
		How to do it...
Have Shell Now What?
	Introduction
	Spawning a TTY Shell
		How to do it...
		There's more...
	Looking for weakness
		How to do it...
	Horizontal escalation
		How to do it...
	Vertical escalation
		How to do it...
	Node hopping – pivoting
		How to do it...
		There's more…
	Privilege escalation on Windows
		How to do it...
	Using PowerSploit
		How to do it…
		There's more…
	Pulling plaintext passwords with mimikatz
		How to do it…
	Dumping other saved passwords from the machine
		How to do it...
	Pivoting into the network
		How to do it...
	Backdooring for persistence
		How to do it...
Buffer Overflows
	Introduction
	Exploiting stack-based buffer overflows
		How to do it...
	Exploiting buffer overflow on real software
		Getting ready
		How to do it...
	SEH bypass
		How to do it...
		See also
	Exploiting egg hunters
		Getting ready
		How to do it...
		See also
	An overview of ASLR and NX bypass
		How to do it...
		See also
Playing with Software-Defined Radios
	Introduction
	Radio frequency scanners
		Getting ready
		How to do it...
	Hands-on with RTLSDR scanner
		How to do it...
	Playing around with gqrx
		How to do it...
		There's more...
	Kalibrating device for GSM tapping
		How to do it...
		There's more...
	Decoding ADS-B messages with Dump1090
		How to do it...
		There's more...
Kali in Your Pocket – NetHunters and Raspberries
	Introduction
	Installing Kali on Raspberry Pi
		Getting ready
		How to do it...
	Installing NetHunter
		Getting ready
		How to do it...
	Superman typing – HID attacks
		How to do it...
	Can I charge my phone?
		How to do it...
	Setting up an evil access point
		How to do it...
Writing Reports
	Introduction
	Generating reports using Dradis
		How to do it...
	Using MagicTree
		How to do it...
		There's more...
                        
Document Text Contents
Page 2

Kali Linux - An Ethical Hacker's Cookbook

Page 261

Redis exploitation

Page 262

How to do it...
To learn exploitation of Redis follow the given steps:

1. We first telnet to the server and check whether a successful connection is
possible or not:

telnet x.x.x.x 6379

The following screenshot shows the output for the preceding command:

2. We then terminate the telnet session. Next, we generate our SSH key using
the following command:

ssh-keygen -t rsa -C [email protected]

3. Then, we enter the file where we want to save it:

4. Our key is generated; now we need to write it on the server:

5. We need to install redis-cli for that; we can use the following command:

Page 522

13. In the next window, we can browse the list of templates we would like to
use to save the report:

14. Then, we click on the Generate Report button, and we will see a report
being generated:

Page 523

There's more...

Serpico
Vulnreport

https://github.com/SerpicoProject/Serpico
http://vulnreport.io/

Similer Documents