KALI LINUX PDF BOOKS
Download the new Kali Linux Revealed book for FREE and prepare for your KLCP certification! Learn to use Kali Linux like a pro, and prove it as well!. Some sections of this book borrow content from the “Debian Administrator's Handbook, For the purpose of the CC-BY-SA license, Kali Linux Revealed is an. PDF Drive is your search engine for PDF files. As of today we have 78,, eBooks for you to download for free. No annoying ads, no download limits, enjoy .
|Language:||English, Spanish, Japanese|
|ePub File Size:||30.82 MB|
|PDF File Size:||15.82 MB|
|Distribution:||Free* [*Regsitration Required]|
But what you really want is to learn the penetration testing tools bundled in Kali Linux. 1. Get to grips with ethical hacking with. This book is a complete unofficial documentation of all the tools in Kali Linux. The author(s) are not held liable for any mistakes done by the. Daniel has assisted with numerous security training classes and technical training books mainly based on Backtrack and Kali Linux. Daniel W. Dieterle.
And you dear surfers what you need? The best course and tutorial, and how to learn and use Kali Linux. Kali Linux free PDF.
Kali Linux Hacking eBooks Download in PDF 2019
The major sections of the book are: This book is a complete unofficial documentation of all the tools in Kali Linux. The author s are not held liable for any mistakes done by the readers. Beginners Created: December 5, Size: Hack with Github Licence: Creative commons Downloads: Login with the credentials on the screen. Login name: Ethernet inet addr: Because we are using DHCP the IP addresses of the virtual machines may change when we bring the systems down and then back up.
So it is a good idea to check and verify them if you start having communication problems. We now have our Metasploitable and Kali systems up. You used to be able to download a day Windows 7 Enterprise Evaluation version directly from Microsoft, but it looks like most of the links now point to their Windows 8.
Then just install Windows 7 as usual. When done, you will have a Windows 7 Virtual Machine: Check the network settings on it to make sure that it too is using NAT for networking: Microsoft Windows [Version 6. IPv4 Address. We then installed Kali Linux, Metasploitable 2 and Windows 7 as separate virtual machines on the host. We set them all up to use the same networking NAT so that they can communicate to each other and out to the internet if needed.
We will use this setup throughout the rest of the book. I used this partially because you will always be using different target IP addresses when in the real world. And finally, never run Metasploitable directly on the internet as it is purposefully vulnerable.
One of the biggest things you will notice when installing is that Kali is based off of Debian Linux, instead of Ubuntu, which earlier versions were based on. If you were used to Backtrack, the desktop still uses Gnome, but it does seem to have a different look and feel to it.
Top Menu Bar We will start our tour with the top menu bar. The top menu has the Applications menu which is the main gateway to access all the included programs in Kali, the Places menu which allows you to navigate around the file system.
The Iceweasel web browser is next, and a shortcut to the Terminal prompt follows. In the middle is the date and time, followed by a volume control icon on the right side, a Network icon, where you can view and edit your network connections and finally your user menu where you can access system settings, switch users or log out. Applications Menu The Applications menu is the main menu in Kali. Under this menu you find the following main menus: Accessories menu includes the normal tools you would expect to find in an operating system.
Electronics tab contains a programming utility for the Arduino board. Kali Linux is the main menu to access the security programs. System Tools contain system administrator tools and preferences. The rest are pretty self-explanatory.
Kali Linux Menu Of most importance to us, the Kali Linux menu option is where you will find most of the security tools. A quick peek at the menu shows that a Top Ten Security Tools menu has been added to Kali so you can get into your favorite tools faster.
Aircrack-ng, Burpsuite, Metasploit, Nmap, Wireshark and several other top programs are now right at your fingertips.
To navigate the menu, just find the topic you want, for example, Information Gathering and follow the menu across until you find the utility you want: Following down the main menu branch you will see that the tools are sorted by type.
Web Application testing programs can be found in the Web Applications menu option, all Password related security programs are under the Password Attacks menu and so on. Conclusion If you want, it would be a good idea to take a few minutes and surf the menu system until you are familiar with its layout. Many, if not most of the programs can be run directly from the command prompt, and there are additional programs included in Kali that are not in the menu system.
We will cover several of the utilities that come with Kali. We will also cover a few that have not been added in yet, but are very good tools for any security tester. Metasploit gives you a complete framework, or playground for security testing. The Metasploit Framework is a comprehensive platform for performing vulnerability testing, and exploitation. It is loaded with over a thousand exploits, hundreds of payloads and multiple encoders.
We will cover the basics of using Metasploit in this chapter, and then in a later chapter see how to use Metasploit against a test target. If you are already familiar with using Metasploit then feel free to skip this chapter or use it as a refresher. Metasploit can be a little confusing if you have never used it before, but once you get used to how it works, you can do some amazing things with it.
Basically, using Metasploit to attack a target system usually involves: Picking an Exploit 2.
Free Kali Linux Training & Tools
Setting Exploit Options 3. Picking a Payload 4. Setting Payload Options 5. Running the Exploit 6. Connecting to the Remote System 7. Depending on the type of exploit, once our exploit is complete we will normally end up with either a remote shell to the computer or a Meterpreter shell. A remote shell is basically a remote terminal connection or a text version of a remote desktop for Windows users.
It allows us to enter commands as if we are sitting at the keyboard. But a Meterpreter shell offers a ton of interesting programs and utilities that we can run to gather information about the target machine, control devices like the webcam and microphone, or even use this foothold to get further access into the network.
And of course, if needed, you can drop to a regular shell at any time. In most cases, depending on what you are trying to do, a Meterpreter Shell is much more advantageous than just a regular shell. Sometimes being very specific will help you find the exploit you want quicker. To start the Database at a terminal prompt, type the following: To search by name, just type search and the text you want.
Or to see exploit information for a particular program just use its name: As you can see in the picture above, we can set a couple options for this exploit, which leads us into our next section. Again copying and pasting the exploit path and name works very well here too: Okay, we are now using our exploit, so how do we set the options? Rhost is the remote host that we are attacking and Rport is the remote port. This is all you really need is set in this exploit.
Multiple Target Types The Unreal backdoor was a fairly easy exploit to use. Some exploits have multiple variables that you need to set and they might even have some optional variables that can also be configured. As you use Metasploit, you will find that some have multiple target types that can be attacked, and that the exact target needs to be set for the exploit to work properly. But on others, there are numerous targets and we need to pick the right one.
To start, simply use the exploit: I have had mixed results with using automatic targeting, and sometimes things work better if you set the exact target. Lastly, though not often used in regular exploits, we can also set advanced options if we want. Now we have seen how to select an exploit and how to set the options. On many exploits we also need to set a payload. Payloads allow you to do something functional with the exploited system.
Metasploit comes with a multitude of different payloads that you can use.
This will prompt Metasploit to ask you if you want to see all the available payloads: The most popular types of payloads are shells, either a regular remote shell or a Meterpreter shell. If we just want a remote terminal shell to remotely run commands, use the standard shell. If you want the capability to manipulate the session and run extended commands then you will want the Meterpreter shell which we will discuss in further detail in the next chapter. There are different types of ways that the payloads communicate back to the attacking system.
Now that our payload is set, we just need to set the options for it. Setting Payload Options Payloads have options that are set in the exact same way that the exploit is set.
Usually payload settings include the IP address and port for the exploit to connect out to. This is the IP address for our Kali system: Once our payload options are set, we can go ahead and run the exploit. This can happen when you are running through a lot of exploits, or attacking different systems, so it is a good idea to double check your settings. Our payload is selected, and all the options that we need to set are set. We can now run the exploit. The exploit then runs and when successful the payload executes and if the exploit works, we get a remote connection.
Connecting to a Remote Session Once we have a successful exploit we will be able to view any remote sessions that were created. Any sessions that were created will show up along with the IP address, computer name and user name of the target system.
When we connect to the session, the prompt will change into a meterpreter prompt: We will cover the Meterpreter shell in more depth in the next chapter. We also talked briefly about using payloads and setting necessary functions. Metasploit is able to do a ton of things; we just briefly brushed some of the more elementary core functions. We will cover the entire Meterpreter exploit process later in greater detail. Next we will talk about the Meterpreter shell, an amazing and fun interface that we can use to manipulate systems that we successfully exploited.
Meterpreter is great for manipulating a system once you get a remote connection, so depending on what your goals are; a Meterpreter shell is usually preferred to a straight remote terminal shell. Meterpreter gives us a set of commands and utilities that can be run to greatly aid in security testing.
In this section we will quickly cover the Meterpreter shell and some of its features. Once executed the backdoor program connected out to our Kali system and a session was created. We were then automatically dropped into the active session as seen below: Once connected to the session we are given a Meterpreter prompt: When we do so, we see that the commands are broken out into sections.
The commands are: It is a good idea to read through them all to get a basic understanding of what they can do. Core Commands As a beginner level user, you will probably only use background, help, load, migrate, run and exit from this list. File System Commands When you have a Meterpreter shell, you basically are dealing with two file systems, the local and remote.
File system commands allow you to interact with both. Basically you can use standard Linux commands to get around and use the file system. But how do you differentiate between the local system and the remote system that you are attached to? All the commands are assumed to be used on the remote system. When you need to move around your local Kali file system there are a couple commands you can use.
Download allows you to download files from the target system, and conversely, upload allows you to send files to the remote system. So if we wanted to upload a file, just connect to the local and remote directories that you desire and execute the upload command with the file name you want to send, as shown below: We connected to the Desktop on the Kali machine where we had our tools file.
Download works the same way, just use download and the file name to pull the file off the remote system and store it on your local Kali machine: Network Commands These commands allow you to display and manipulate some basic networking features.
Though we will not be covering it in this book, using these two commands allow you to use the machine you have exploited to pivot or use it to attack other machines in the target network or networks. System Commands Below is a list of system commands. We may want to erase our tracks and clear the system logs on the target machine. If we look at the logs on the Windows 7 system side, we can see that it is full of events: Some of those events may include things that we did.
The Application, System and Security logs are wiped. Now obviously this will stick out like a sore thumb to anyone analyzing the logs. But if there are events you want removed, you can clear the log. This is the process ID number that our shell is using. If we go further down the list, looking for our pid number of we see this: It also shows that we are running under a powershell. We can move our shell off of this PID to a process that has higher level access.
Migrating also allows us to merge and hide our shell into another more common process, in essence hiding our connection. I thought this was completely ridiculous as you have been able to do this with Metasploit for years.
This will remotely display the webcam from the target system. The only hint you get on the target machine that something is wrong is that your webcam recording light if yours has one comes on. Other than that, you cannot tell that someone is remotely viewing your webcam. The webcam screenshot above is an actual image I got one day of my cat. If we open the file we see this: You can then open the saved file on your Kali system to listen to it: Running Scripts The last topic we will cover in this section is running scripts.
Meterpreter has over scripts that you can run to further expand your exploitation toolset. We actually have already touched on these.
We will take a moment and cover a couple more of them. Here are a couple of the more interesting ones: Sometimes when you get a remote shell you are not sure if you are in a Virtual Machine or a standalone computer.
You can check with this command. As you can see it correctly determined that our target was a VMware VM. The user is added to both the remote desktop user group and the administrators group.
This makes it handy if you want to connect back to the machine at a later date. Then just run the program again and give it a username and password to use: This is a bit more secure as you are not sending clear text passwords over the wire.
Once we login we will get a graphical Windows desktop on our Kali machine: Take some time and check them out. This is extremely easy once we have a Meterpreter session. We can now run any DOS command that we want.
This could be very handy, as deleted files could contain information of interest for both the forensics and pentesting realm. I then deleted the files: Using the Module The module requires that you have an open session to the target that you want to check. As you can see in the screenshot above, there are a couple settings that need to be set. Then just run the exploit: The exploit ran and found four files that it could recover, the two that we deleted and two other ones.
Now, say we only wanted to recover the txt files. If we surf to that directory we can find and open the text files that were saved: And view the file: And there we go, looks like there are 3 user accounts, including passwords, which we were able to recover from the remote machine!
But what if we wanted to recover pdf files?
As last time the recovered files were stored in the loot directory. We can open the PDF to verify that it worked: You can also set the module to recover multiple file types at once by simply listing what you want in the FILES variable and separate them with a comma. Lastly, the files can also be recovered by the ID number not shown. Recovery File Module Wrap-Up The module seems to work really well on data drives, but not so well on drives where there are a lot of files to recover, like on the main drive of a single drive system.
Computational Techniques for Resolving Security Issues
I ran this on a Windows 7 boot drive on a VM that I have used a lot and it literally took hours to run. Here is a network packet capture of the module running against a drive with a lot of deleted files: But then again, how many people actually record and analyze their data traffic? It was lightning fast and worked very well. Though we covered some of the basics of getting around and using the shell, we only touched on a fraction of its capabilities. Hopefully you can see why getting a Meterpreter shell gives you a whole lot more functionality than just getting a straight remote access shell.
Grabbing video and sound may seem to be a bit theatrical, but social engineers could use information they glean. Sound is interesting too.
A social engineer could learn a lot about the target facility by being able to have a live microphone inside the building. But we can also use Meterpreter to bypass Windows UAC protection and automate pulling user password hashes and even plain text password.
We will talk about all of these features in upcoming chapters. When a hacker attacks a target one of the normal stages they perform is information gathering. They want to learn as much about your network, their target, as they can, to make their lives easier. Maltego is a very popular tool one that is covered quite a bit in security books and training seminars. As it already has a lot of coverage, I figured we would look at some of the other tools included in Kali.
In this chapter we will look at one of the newer tools, Recon-NG and a couple other tools that come with Kali. Recon-NG The Recon-NG Framework is a powerful tool that allows you to perform automated information gathering and network reconnaissance. Think of it as Metasploit for information collection. Recon-NG automates a lot of the steps that are taken in the initial process of a penetration test.
It has numerous features that allow you to collect user information for social engineering attacks, and network information for network mapping and much more. You can automatically hit numerous websites to gather passive information on your target and even actively probe the target itself for data.
Anyone who is familiar with Metasploit will feel right at home as the interface was made to have the same look and feel.
The command use and functions are very similar. Basically you can use Recon- NG to gather info on your target, and then attack it with Metasploit. Some of the modules are passive; they never touch the target network. While some directly probe and can even attack the system you are interested in. One tactic used to passively probe network structure is to use the Google search engine to enumerate site sub-domains.
Then remove sub-domains -inurl that you find , so other subdomains will appear. This can take a while to do by hand and can require a lot of typing if the target has a large number of sub-domains. Recon-NG will do this for you automatically and record what it finds in a database. This one only requires the target domain. You will then see a screen like the simulated one below: Within seconds, several of the sub-domains are listed. All the data collected by Recon-NG is placed in a database.
You can create a report to view the data collected. Simply use one of the report modules to automatically create a nice report of the data that you have obtained. Recon-NG Wrap up Sub-domain enumeration is only one module you can run, there are many others to choose from.
Using these you can get specific information from the corresponding sites about your targets. For example you can search Twitter for tweets from your target or even check Shodan for open systems. I have just briefly touched on some of the capabilities of Recon-NG.
It is really an impressive tool that is well worth checking into. Dmitry Dmitry is a nice little tool for quickly finding out information about a site. Just run Dmitry from the menu or command line. Netdiscover Netdiscover is another neat tool included in Kali. It too can be run from the command prompt or from the menu system.
Netdiscover scans a network looking for devices and then displays them: Zenmap Zenmap is basically a graphical version of the ever popular nmap command. If you are not familiar with nmap, then Zenmap is a great place to start. Like the previous commands, Zenmap can be started from the menu or command line.
Once started, you will see the following screen: Just fill in the target IP address and choose what type of scan you want to perform from the Profile drop down box.
Zenmap will show you what the resulting nmap command switches are in the command box. As you can see above the nmap command status shows up in the Nmap Output window. Conclusion In this chapter we looked at the multi-faceted tool Recon-NG.
We saw how it was created to mimic Metasploit so users who are familiar with it could pick up Recon-NG fairly quickly. We also covered a couple other tools used in Host identification, reconnaissance and information gathering. Shodan allows you to find computers on the web by searching for them by keyword.
For example, you can search for all the Microsoft IIS 7. The trick to using Shodan effectively is to know the right keywords. But once you know these magic keys, in seconds you can search the world for these devices.
Kali Linux Hacking eBooks Download in PDF 2019
Or by using filter commands you can refine your search to certain devices and areas. It can also allow them to find possible rogue or unauthorized devices that have been added to the company network. In this section we will briefly discuss why scanning your network space with Shodan is a good idea. We will then look at how we can do these searches from the web interface, Shodanhq. Why scan your network with Shodan? There are a large number of seemingly important systems that should never be publicly viewable on the Internet.
All can be found easily with just a couple keyword searches. But that is not all. Sadly, in this new high tech world, computer systems are not the only things that can be found online. Sure you can find large industrial HVAC environmental and building temperature controls completely open and unsecured.
But you can also find other non-common devices like aquariums with an online control interface and unbelievably, even remote controlled doors: Often the online device has security, but it comes with it turned off from the manufacturer, and all the user needs to do is turn it on or assign a password. And many times when a password is used, it is left to the factory default password easily found or a simple password easily cracked.
The company owner may not have even been the one directly to put one of these devices online. There have been a couple reports of internet enabled building controls from major companies found online over the years. The building contractor, obviously not understanding internet security, left them completely open or with default credentials.
Searching for open systems using Shodan has become very popular. And once interesting systems are found on Shodan, the keyword searches are usually shared amongst friends or publicly posted on the internet. Granted many are just surfing Shodan to grab screenshots of ridiculous things that people put on the web, but it is also a tool that those with nefarious purposes could also use. Shodan Website To use Shodan, simply point your web browser to Shodanhq.
Then all you need to do is enter your keyword to use and click, search just as you would on any search engine. Shodan returns links to about two million Cisco routers worldwide. You can click on any IP address to surf directly to the device found. On the left side of the screen, Shodan also shows you how many of the total devices are from a certain country or location. You can click on any of them to zero in your search, or you could use keyword filters directly in the search to fine tune the results.
Filter Guide Using Filter commands you can quickly narrow down your searches to very specific things. You could enter something like the line below: This quickly and easily sorts through the millions of servers out there and returns the ones that match the query.
Here is a sample search return: Server title information. You can search for other servers that contain the identical title text by putting the information into the title command. Designates the server country location, again search-able by using the country command. The hostname search term can be used to search for servers by domain names. Body text area. Any text entered into Shodan without a filter will be assumed to be a body text search and will look for servers that have the requested information in the body text area.
To use these commands or to get more than one page of results, you need to sign up for a free Shodan Account. US city: Memphis Better yet, combine the two if the city you are looking for is located in more than one country. You can scan the entire Internet or your entire domain looking for title keywords.
For instance if you wanted to find all the servers running Apache server version 2. Just use a minus sign and the HTML error code: Boston Or you could do a quick security scan of your domain for old systems that need to be updated.
FR Title searches work great too. If cameras were not allowed on your network you could quickly check for that. Say you were creating a network map and wanted to search for Linux servers located near Damascus, Syria: Other search terms you can use include: Search by port number.
Search by Operating System. Search for servers using dates. Shodan Searches with Metasploit Shodan search capabilities have been added to the Metasploit Framework. You just need to sign up from a free Shodan user account and get an API key from their website.
Using an API key allows you to automate Shodan searches. To find systems with Metasploit, you simply use it like any other exploit: Create a free account on Shodanhq. Obtain an API key - http: Now set the Query field with the keyword you want to search for: After a few seconds, you will receive some statistics on your search keyword: And then you will see actual returns: If you want to use filter keywords, or get more than one page of responses, you will have to purchase an unlocked API key.
Conclusion In this section we learned about the computer search engine Shodan. We learned that there are thousands if not millions of unsecured or under secured systems that can be found quickly and easily on Shodan. We then learned how to search Shodan using keywords and filters, and finally we learned how to search Shodan from within Kali using Metasploit. It is critical that companies know what systems that they have publicly available on the web.
Shodan is a quick and easy way to find these devices. I highly recommend security teams and even small business and home owners scan their systems to see what systems they have publicly available on the web. Metasploitable 2 is a purposefully vulnerable Linux distribution. What this means is that it has known bugs and vulnerabilities built in on purpose. It is a training platform made to be used with Metasploit to practice and hone your computer security skills in a legal environment.
The resources above cover a lot of information on installing and using Metasploitable 2 so I will not spend a lot of time on this topic. But we will go through a couple of the exploits using Kali just to see how things work. Just download the file, unzip it and open it with VMWare Player. A link to the video can found in the Resources section above.
Once Metasploitable boots up you will come to the main login screen: To login, enter the name and password shown on the menu: And they put it right on the login screen!
Logging in is pretty anti-climactic. You basically just end up at a text based terminal prompt: But we are not here to use the system from the keyboard; the goal is to try to get into the system remotely from our Kali system.
If we can determine open ports and service program versions, then we may be able to exploit a vulnerability in the service and compromise the machine. The first thing to do is to run an nmap scan and see what services are installed.
This will show us the open ports and try to enumerate what services are running: In a few minutes you will see a screen that looks like this: For each port, we see the port number, service type and even an attempt at the service software version.
We see several of the normal ports are open in the image above. Usually in tutorials they cover going after the main port services first. But I recommend looking at services sitting at higher ports. What is more likely to be patched and up to date, common core services or a secondary service that was installed and one time and possibly forgotten about?
Our next step is to do a search for vulnerabilities for that software release. But why use Google when we can search with Metasploit? Running this search returns: An Unreal 3. This is great news, as the exploits are ranked according to the probability of success and stability. If you remember from our introduction to Metasploit, there are several steps to exploiting a vulnerability: Doing so we find the following: This backdoor was present in the Unreal3. All that is needed is the remote host address: Unfortunately they are all command shells.
A Meterpreter shell would be better than a command shell, and give us more options, but for now we will just use the generic reverse shell. This will drop us right into a terminal shell with the target when the exploit is finished.
Apart from all this, you also get to learn to secure The Web and its components, like patching flaws and preventing malicious exploitation. This is amazing books for those who wants to start learning Kali Linux from scratch. In this book, you will find very basic things about Linux, All about Linux commands.
Before you start to learn Ethical hacking, you must get comfortable using the command line and that is just what this book focuses on. Finding Vulnerability Assessment and Exploitation Techniques are very important things to start with ethical hacking or bug hunting. The only goal of this book is to provide very basic to advance techniques of gathering information of the target.
You can get this book if you want to be a master in kali Linux. Wrap Up: These were some of the most amazing books you will ever find to learn Kali Linux.
Netflix Downloader. How to Whitelist Googleupdate. DMG Working Link. Basic to Advance. A-Z Introduction 1.The best course and tutorial, and how to learn and use Kali Linux. We will cover the basics of using Metasploit in this chapter, and then in a later chapter see how to use Metasploit against a test target. Blocking certain file types from entering or leaving your network is also a good idea. Next, one would wonder about just using Kerberos authentication.
After a few seconds, you will receive some statistics on your search keyword: Following down the main menu branch you will see that the tools are sorted by type.
So, on the target system they would see these images: