WIXLIB

Beginning EthicalHacking with KaliLinuxComputational Techniques forResolving Security IssuesSanjib Sinha

Beginning Ethical Hacking with Kali LinuxSanjib SinhaHowrah, West Bengal, IndiaISBN-13 (pbk): 2-3891-2ISBN-13 (electronic): 978-1-4842-3891-2Library of Congress Control Number: 2018963849Copyright 2018 by Sanjib SinhaThis work is subject to copyright. All rights are reserved by the Publisher, whether the whole orpart of the material is concerned, specifically the rights of translation, reprinting, reuse ofillustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way,and transmission or information storage and retrieval, electronic adaptation, computer software,or by similar or dissimilar methodology now known or hereafter developed.Trademarked names, logos, and images may appear in this book. Rather than use a trademarksymbol with every occurrence of a trademarked name, logo, or image we use the names, logos,and images only in an editorial fashion and to the benefit of the trademark owner, with nointention of infringement of the trademark.The use in this publication of trade names, trademarks, service marks, and similar terms, even ifthey are not identified as such, is not to be taken as an expression of opinion as to whether or notthey are subject to proprietary rights.While the advice and information in this book are believed to be true and accurate at the date ofpublication, neither the authors nor the editors nor the publisher can accept any legalresponsibility for any errors or omissions that may be made. The publisher makes no warranty,express or implied, with respect to the material contained herein.Managing Director, Apress Media LLC: Welmoed SpahrAcquisitions Editor: Nikhil KarkalDevelopment Editor: Matthew MoodieCoordinating Editor: Divya ModiCover designed by eStudioCalamarCover image designed by Freepik (www.freepik.com)Distributed to the book trade worldwide by Springer Science Business Media New York,233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505,e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is aCalifornia LLC and the sole member (owner) is Springer Science Business Media Finance Inc(SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.For information on translations, please e-mail rights@apress.com, or visit www.apress.com/rights-permissions.Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBookversions and licenses are also available for most titles. For more information, reference our Printand eBook Bulk Sales web page at www.apress.com/bulk-sales.Any source code or other supplementary material referenced by the author in this book is availableto readers on GitHub via the book’s product page, located at www.apress.com/978-1-4842-3890-5.For more detailed information, please visit www.apress.com/source-code.Printed on acid-free paper

DisclaimerThis book is intended to be used only in an ethical manner. Performingany illegal actions using the information available in this book may invitelegal trouble, and if you have any bad intentions, you will likely be arrestedand prosecuted to the full extent of the law.The publisher Apress and the author take no responsibility if you misuseany information available in this book.Tip Always use VirtualBox or a virtual machine to experiment withyour hacking skills.You must use this information in a testing environment as shown inthis book and, in some special cases, get proper permission from theappropriate authorities.

This book is dedicated to my parents: my late mother,Krishna Deb, and my late father, Sushil Kumar Sinha.You taught me to appreciate the value of readingand lifelong learning. I hope death has not defeatedyour longing for happiness.May you rest in peace.

Table of ContentsAbout the Author xiiiAbout the Technical Reviewer xvAcknowledgments xviiIntroduction xixChapter 1: S ecurity Trends 1Nature and Perspective 3Before and After the Digital Transformation 6The OSI Security Architecture 6Security Attacks, Services, and Mechanisms 10Timeline of Hacking 14How to Use Google Hacking Techniques 15Further Reading 17Chapter 2: Setting Up a Penetration Testing and NetworkSecurity Lab 19Why Virtualization? 20Installing VirtualBox 21Installing Appliances on VirtualBox 23Installing VirtualBox Guest Addition 29Installing Metasploitable 31Installing Windows 33Installing Kali in VMware 36vii

Table of ContentsChapter 3: E lementary Linux Commands 41Finding the Kali Terminal 42Navigating the File System 44Working with Text Files 48Searching Files 49Writing to the Terminal 51Working with Directories 52Setting File Permissions 53Chapter 4: K now Your Network 61Networking Layers 61Internetworking Models 65OSI 65TCP/IP 68Further Reading 69Chapter 5: H ow to Build a Kali Web Server 71Why Do You Need a Web Server? 72Introducing Sockets 73Beginning the Web Server 73Diving into Sockets 76Installing PyCharm and the Wing IDE Editor 84How to Stay Anonymous 86Changing Your Proxy Chain 88Working with DNS Settings 92Using a VPN 94Changing Your MAC Address 100viii

Table of ContentsChapter 6: K ali Linux from the Inside Out 105More About Kali Linux Tools 106Information Gathering 107Vulnerability Analysis 108Wireless Attacks 109Web Applications 109WPS Tools 110Exploitation Tools 111Forensic Tools 111Sniffing and Spoofing 112Password Attacks 112Maintaining Access 113Reverse Engineering 113Hardware Hacking 114Exploring Kali Linux from the Inside 114Machine Language 114Registers 115Why Is Understanding Memory So Important? 116Editors 117Hacking Tools 121Staying Updated with SSH 124Getting Started 125Working with Blacklists and Whitelists 128Securing SSH 130Connecting to Kali Linux Over SSH 134ix

Table of ContentsChapter 7: K ali Linux and Python 137What Is Penetration Testing? 137First Penetration Using Python 139Whois Searches for More Information 142Finding Secret Directories 152Top-Level Domain Scanning 158Obtaining a Web Site’s IP Address 161TCP Client in Python and Services 164Capturing Raw Binary Packets 170Port Scanning Using Nmap 174Importing the Nmap Module 175What Does Nmap Do? 180Nmap Network Scanner 183Chapter 8: I nformation Gathering 189Python Virtual Environment 190Reconnaissance Tools 197Know the Domain and Hostname 198E-mail Tracking Made Easy 200Searching the Internet Archive 202Passive Information 204Web Spiders Are Crawling 205More About Scanning 206You Can Find Location Too! 213DMitry, Maltego, and Other Tools 214Summarizing the Five Phases of Penetration 220x

Table of ContentsChapter 9: S QL Mapping 221Sniffing and Spoofing 221Packing and Unpacking with Python 223Why Wireless Media Is Vulnerable 227ARP Poisoning Is a Threat 228SQL Injection 241Detecting SQL Injection Vulnerabilities 242How to Use sqlmap 243Brute-Force or Password Attacks 253Chapter 10: V ulnerability Analysis 259Overview of Vulnerability Analysis Tools 259How to Use OpenVas 260How to Use Nikto 268How to Use Vega 270How to Use Burp Suite 276Chapter 11: I nformation Assurance Model 283What the AI Model Is All About 284How to Tie the Elements Together? 285How the AI Model Works 287Why Is the AI Model Important? 289Further Reading 290Chapter 12: I ntroducing Metasploit in Kali Linux 291Understanding the Metasploit Architecture 292Summarizing Modules 295Mixins and Plugins in Ruby 302Metasploit Console or Interface 304xi

Table of ContentsExploits and Payloads in Metasploit 308How to Use Exploit and Payloads 309How to Start Exploits 315Chapter 13: H ashes and Passwords 323Hashes and Encryption 324Password Testing Tools 327John the Ripper and Johnny 338How to Use RainbowCrack 342Chapter 14: C lassic and Modern Encryption 347Nature and Perspective 348Models of the Cryptography System 352Types of Attacks on Encrypted Messages 354Chapter 15: E xploiting Targets 357Exploiting Linux with Metasploit 358Exploiting Samba 359Exploiting IRC 371Exploiting Windows with Armitage 380 Index 405xii

About the AuthorSanjib Sinha is a certified .NET Windows andweb developer, specializing in Python, securityprogramming, and PHP; he won Microsoft’sCommunity Contributor Award in 2011.Sanjib Sinha has also written Beginning EthicalHacking with Python and Beginning Laravelfor Apress.xiii

About the Technical ReviewerVaibhav Chavan holds a certification in ethical hacking and has workedas a security analyst in the IT world as well as in the banking, insurance,and e-commerce industries. He now works as a security analyst in Mumbaiand has more than five years of experience in the IT industry. He hashands-on experience in Kali Linux and other tools such as the MetasploitFramework, Burp Suite, Nessus, and more.xv

AcknowledgmentsI wish to record my gratitude to my wife, Kaberi, for her unwaveringsupport and encouragement in the preparation of this book.I am extremely grateful to Mr. Matthew Moodie, lead developmenteditor, for his numerous valuable suggestions, complementary opinions,and thorough thumbing; as well as editor Nikhil Karkal, coordinatingeditor Divya Modi, and the whole Apress team for their persistent supportand help. I also wish to thank Vaibhav Chavan, the technical reviewer, fortheir valued suggestions.In the preparation of this book, I consulted open sourcedocumentation and numerous textbooks on a variety of subjects related toethical hacking and want to thank the countless authors who wrote them.I hereby acknowledge my special indebtedness to Nmap original authorGordon Lyon (Fyodor) and the developer of the Metasploit Framework,H.D. Moore. I am also thankful for the ever-helpful open sourcecommunity.xvii

IntroductionYou can get started in white-hat ethical hacking using Kali Linux, and thisbook starts you on that road by giving you an overview of security trends,where you will learn about the OSI security architecture. This will form thefoundation for the rest of Beginning Ethical Hacking with Kali Linux.With the theory out of the way, you’ll move on to an introduction toVirtualBox, networking terminologies, and common Linux commands,followed by the step-by-step procedures to build your own web server andacquire the skill to be anonymous. When you have finished the examplesin the first part of your book, you will have all you need to carry out safeand ethical hacking experiments.After an introduction to Kali Linux, you will carry out your firstpenetration tests with Python and code raw binary packets for use in thosetests. You will learn how to find secret directories of a target system, how touse a TCP client in Python and services, and how to do port scanning usingNmap. Along the way, you will learn how to collect important information;how to track e-mail; and how to use important tools such as DMitry,Maltego, and others. You’ll also take a look at the five phases of penetrationtesting.After that, this book will cover SQL mapping and vulnerability analysiswhere you will learn about sniffing and spoofing, why ARP poisoning is athreat, how SniffJoke prevents poisoning, how to analyze protocols withWireshark, and how to use sniffing packets with Scapy. Then, you will learnhow to detect SQL injection vulnerabilities, how to use Sqlmap, and how todo brute-force or password attacks. In addition, you will learn how to useimportant hacking tools such as OpenVas, Nikto, Vega, and Burp Suite.xix