Description

Book Synopsis


Table of Contents

Introduction xx

Chapter 1 Mastering the Terminal Window 1

Kali Linux File System 2

Terminal Window Basic Commands 3

Tmux Terminal Window 6

Starting Tmux 6

Tmux Key Bindings 7

Tmux Session Management 7

Navigating Inside Tmux 9

Tmux Commands Reference 9

Managing Users and Groups in Kali 10

Users Commands 10

Groups Commands 14

Managing Passwords in Kali 14

Files and Folders Management in Kali Linux 15

Displaying Files and Folders 15

Permissions 16

Manipulating Files in Kali 19

Searching for Files 20

Files Compression 21

Manipulating Directories in Kali 23

Mounting a Directory 23

Managing Text Files in Kali Linux 24

Vim vs. Nano 26

Searching and Filtering Text 27

Remote Connections in Kali 29

Remote Desktop Protocol 29

Secure Shell 30

SSH with Credentials 30

Passwordless SSH 32

Kali Linux System Management 34

Linux Host Information 36

Linux OS Information 36

Linux Hardware Information 36

Managing Running Services 38

Package Management 39

Process Management 41

Networking in Kali Linux 42

Network Interface 42

IPv4 Private Address Ranges 42

Static IP Addressing 43

DNS 45

Established Connections 46

File Transfers 47

Summary 48

Chapter 2 Bash Scripting 49

Basic Bash Scripting 50

Printing to the Screen in Bash 50

Variables 52

Commands Variable 54

Script Parameters 54

User Input 56

Functions 56

Conditions and Loops 57

Conditions 58

Loops 60

File Iteration 61

Summary 63

Chapter 3 Network Hosts Scanning 65

Basics of Networking 65

Networking Protocols 66

TCP 66

UDP 67

Other Networking Protocols 67

IP Addressing 69

IPv4 69

Subnets and CIDR 69

IPv6 70

Port Numbers 71

Network Scanning 72

Identifying Live Hosts 72

Ping 73

ARP 73

Nmap 73

Port Scanning and Services Enumeration 74

TCP Port SYN Scan 75

UDP 75

Basics of Using Nmap Scans 76

Services Enumeration 77

Operating System Fingerprinting 79

Nmap Scripting Engine 80

NSE Category Scan 82

NSE Arguments 84

DNS Enumeration 84

DNS Brute-Force 85

DNS Zone Transfer 86

DNS Subdomains Tools 87

Fierce 87

Summary 88

Chapter 4 Internet Information Gathering 89

Passive Footprinting and Reconnaissance 90

Internet Search Engines 90

Shodan 91

Google Queries 92

Information Gathering Using Kali Linux 94

Whois Database 95

TheHarvester 97

DMitry 99

Maltego 99

Summary 103

Chapter 5 Social Engineering Attacks 105

Spear Phishing Attacks 105

Sending an E-mail 106

The Social Engineer Toolkit 106

Sending an E-mail Using Python 108

Stealing Credentials 109

Payloads and Listeners 110

Bind Shell vs. Reverse Shell 111

Bind Shell 111

Reverse Shell 112

Reverse Shell Using SET 113

Social Engineering with the USB Rubber Ducky 115

A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117

Generating a PowerShell Script 118

Starting a Listener 118

Hosting the PowerShell Script 119

Running PowerShell 120

Download and Execute the PS Script 120

Reverse Shell 121

Replicating the Attack Using the USB Rubber Ducky 122

Summary 122

Chapter 6 Advanced Enumeration Phase 125

Transfer Protocols 126

FTP (Port 21) 126

Exploitation Scenarios for an FTP Server 126

Enumeration Workflow 127

Service Scan 127

Advanced Scripting Scan with Nmap 128

More Brute-Forcing Techniques 129

SSH (Port 22) 130

Exploitation Scenarios for an SSH Server 130

Advanced Scripting Scan with Nmap 131

Brute-Forcing SSH with Hydra 132

Advanced Brute-Forcing Techniques 133

Telnet (Port 23) 134

Exploitation Scenarios for Telnet Server 135

Enumeration Workflow 135

Service Scan 135

Advanced Scripting Scan 136

Brute-Forcing with Hydra 136

E-mail Protocols 136

SMTP (Port 25) 137

Nmap Basic Enumeration 137

Nmap Advanced Enumeration 137

Enumerating Users 138

POP3 (Port 110) and IMAP4 (Port 143) 141

Brute-Forcing POP3 E-mail Accounts 141

Database Protocols 142

Microsoft SQL Server (Port 1433) 142

Oracle Database Server (Port 1521) 143

MySQL (Port 3306) 143

CI/CD Protocols 143

Docker (Port 2375) 144

Jenkins (Port 8080/50000) 145

Brute-Forcing a Web Portal Using Hydra 147

Step 1: Enable a Proxy 148

Step 2: Intercept the Form Request 149

Step 3: Extracting Form Data and Brute-Forcing with Hydra 150

Web Protocols 80/443 151

Graphical Remoting Protocols 152

RDP (Port 3389) 152

RDP Brute-Force 152

VNC (Port 5900) 153

File Sharing Protocols 154

SMB (Port 445) 154

Brute-Forcing SMB 156

SNMP (Port UDP 161) 157

SNMP Enumeration 157

Summary 159

Chapter 7 Exploitation Phase 161

Vulnerabilities Assessment 162

Vulnerability Assessment Workflow 162

Vulnerability Scanning with OpenVAS 164

Installing OpenVAS 164

Scanning with OpenVAS 165

Exploits Research 169

SearchSploit 171

Services Exploitation 173

Exploiting FTP Service 173

FTP Login 173

Remote Code Execution 174

Spawning a Shell 177

Exploiting SSH Service 178

SSH Login 178

Telnet Service Exploitation 179

Telnet Login 179

Sniffing for Cleartext Information 180

E-mail Server Exploitation 183

Docker Exploitation 185

Testing the Docker Connection 185

Creating a New Remote Kali Container 186

Getting a Shell into the Kali Container 187

Docker Host Exploitation 188

Exploiting Jenkins 190

Reverse Shells 193

Using Shells with Metasploit 194

Exploiting the SMB Protocol 196

Connecting to SMB Shares 196

SMB Eternal Blue Exploit 197

Summary 198

Chapter 8 Web Application Vulnerabilities 199

Web Application Vulnerabilities 200

Mutillidae Installation 200

Apache Web Server Installation 200

Firewall Setup 201

Installing PHP 201

Database Installation and Setup 201

Mutillidae Installation 202

Cross-Site Scripting 203

Reflected XSS 203

Stored XSS 204

Exploiting XSS Using the Header 205

Bypassing JavaScript Validation 207

SQL Injection 208

Querying the Database 208

Bypassing the Login Page 211

Execute Database Commands Using SQLi 211

SQL Injection Automation with SQLMap 215

Testing for SQL Injection 216

Command Injection 217

File Inclusion 217

Local File Inclusion 218

Remote File Inclusion 219

Cross-Site Request Forgery 220

The Attacker Scenario 221

The Victim Scenario 222

File Upload 223

Simple File Upload 223

Bypassing Validation 225

Encoding 227

OWASP Top 10 228

Summary 229

Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231

Web Enumeration and Exploitation 231

Burp Suite Pro 232

Web Pentest Using Burp Suite 232

More Enumeration 245

Nmap 246

Crawling 246

Vulnerability Assessment 247

Manual Web Penetration Testing Checklist 247

Common Checklist 248

Special Pages Checklist 248

Secure Software Development Lifecycle 250

Analysis/Architecture Phase 251

Application Threat Modeling 251

Assets 251

Entry Points 252

Third Parties 252

Trust Levels 252

Data Flow Diagram 252

Development Phase 252

Testing Phase 255

Production Environment (Final Deployment) 255

Summary 255

Chapter 10 Linux Privilege Escalation 257

Introduction to Kernel Exploits and Missing Configurations 258

Kernel Exploits 258

Kernel Exploit: Dirty Cow 258

SUID Exploitation 261

Overriding the Passwd Users File 263

CRON Jobs Privilege Escalation 264

CRON Basics 265

Crontab 265

Anacrontab 266

Enumerating and Exploiting CRON 266

sudoers 268

sudo Privilege Escalation 268

Exploiting the Find Command 268

Editing the sudoers File 269

Exploiting Running Services 270

Automated Scripts 270

Summary 271

Chapter 11 Windows Privilege Escalation 273

Windows System Enumeration 273

System Information 274

Windows Architecture 275

Listing the Disk Drives 276

Installed Patches 276

Who Am I? 276

List Users and Groups 277

Networking Information 279

Showing Weak Permissions 282

Listing Installed Programs 283

Listing Tasks and Processes 283

File Transfers 284

Windows Host Destination 284

Linux Host Destination 285

Windows System Exploitation 286

Windows Kernel Exploits 287

Getting the OS Version 287

Find a Matching Exploit 288

Executing the Payload and Getting a Root Shell 289

The Metasploit PrivEsc Magic 289

Exploiting Windows Applications 293

Running As in Windows 295

PSExec Tool 296

Exploiting Services in Windows 297

Interacting with Windows Services 297

Misconfigured Service Permissions 297

Overriding the Service Executable 299

Unquoted Service Path 299

Weak Registry Permissions 301

Exploiting the Scheduled Tasks 302

Windows PrivEsc Automated Tools 302

PowerUp 302

WinPEAS 303

Summary 304

Chapter 12 Pivoting and Lateral Movement 305

Dumping Windows Hashes 306

Windows NTLM Hashes 306

SAM File and Hash Dump 307

Using the Hash 308

Mimikatz 308

Dumping Active Directory Hashes 310

Reusing Passwords and Hashes 310

Pass the Hash 311

Pivoting with Port Redirection 312

Port Forwarding Concepts 312

SSH Tunneling and Local Port Forwarding 314

Remote Port Forwarding Using SSH 315

Dynamic Port Forwarding 316

Dynamic Port Forwarding Using SSH 316

Summary 317

Chapter 13 Cryptography and Hash Cracking 319

Basics of Cryptography 319

Hashing Basics 320

One-Way Hash Function 320

Hashing Scenarios 321

Hashing Algorithms 321

Message Digest 5 321

Secure Hash Algorithm 323

Hashing Passwords 323

Securing Passwords with Hash 324

Hash-Based Message Authenticated Code 325

Encryption Basics 326

Symmetric Encryption 326

Advanced Encryption Standard 326

Asymmetric Encryption 328

Rivest Shamir Adleman 329

Cracking Secrets with Hashcat 331

Benchmark Testing 332

Cracking Hashes in Action 334

Attack Modes 336

Straight Mode 336

Combinator 337

Mask and Brute-Force Attacks 339

Brute-Force Attack 342

Hybrid Attacks 342

Cracking Workflow 343

Summary 344

Chapter 14 Reporting 345

Overview of Reports in Penetration Testing 345

Scoring Severities 346

Common Vulnerability Scoring System Version 3.1 346

Report Presentation 349

Cover Page 350

History Logs 350

Report Summary 350

Vulnerabilities Section 350

Summary 351

Chapter 15 Assembly Language and Reverse Engineering 353

CPU Registers 353

General CPU Registers 354

Index Registers 355

Pointer Registers 355

Segment Registers 355

Flag Registers 357

Assembly Instructions 358

Little Endian 360

Data Types 360

Memory Segments 361

Addressing Modes 361

Reverse Engineering Example 361

Visual Studio Code for C/C++ 362

Immunity Debugger for Reverse Engineering 363

Summary 368

Chapter 16 Buffer/Stack Overflow 369

Basics of Stack Overflow 369

Stack Overview 370

PUSH Instruction 370

POP Instruction 371

C Program Example 371

Buffer Analysis with Immunity Debugger 372

Stack Overflow 376

Stack Overflow Mechanism 377

Stack Overflow Exploitation 378

Lab Overview 379

Vulnerable Application 379

Phase 1: Testing 379

Testing the Happy Path 379

Testing the Crash 381

Phase 2: Buffer Size 382

Pattern Creation 382

Offset Location 382

Phase 3: Controlling EIP 383

Adding the JMP Instruction 384

Phase 4: Injecting the Payload and Getting a Remote Shell 386

Payload Generation 386

Bad Characters 386

Shellcode Python Script 387

Summary 388

Chapter 17 Programming with Python 389

Basics of Python 389

Running Python Scripts 390

Debugging Python Scripts 391

Installing VS Code on Kali 391

Practicing Python 392

Python Basic Syntaxes 393

Python Shebang 393

Comments in Python 393

Line Indentation and Importing Modules 394

Input and Output 394

Printing CLI Arguments 395

Variables 395

Numbers 395

Arithmetic Operators 397

Strings 397

String Formatting 397

String Functions 398

Lists 399

Reading Values in a List 399

Updating List Items 399

Removing a list item 400

Tuples 400

Dictionary 400

More Techniques in Python 400

Functions 400

Returning Values 401

Optional Arguments 401

Global Variables 402

Changing Global Variables 402

Conditions 403

if/else Statement 403

Comparison Operators 403

Loop Iterations 404

while Loop 404

for Loop 405

Managing Files 406

Exception Handling 407

Text Escape Characters 407

Custom Objects in Python 408

Summary 409

Chapter 18 Pentest Automation with Python 411

Penetration Test Robot 411

Application Workflow 412

Python Packages 414

Application Start 414

Input Validation 415

Code Refactoring 417

Scanning for Live Hosts 418

Ports and Services Scanning 420

Attacking Credentials and Saving the Results 423

Summary 426

Appendix A Kali Linux Desktop at a Glance 427

Downloading and Running a VM of Kali Linux 428

Virtual Machine First Boot 428

Kali Xfce Desktop 429

Kali Xfce Menu 430

Search Bar 430

Favorites Menu Item 430

Usual Applications 432

Other Menu Items 433

Kali Xfce Settings Manager 433

Advanced Network Configuration 435

Appearance 436

Desktop 439

Display 441

File Manager 442

Keyboard 445

MIME Type Editor 447

Mouse and Touchpad 448

Panel 449

Workspaces 450

Window Manager 451

Practical Example of Desktop Customization 454

Edit the Top Panel 454

Adding a New Bottom Panel 454

Changing the Desktop Look 457

Installing Kali Linux from Scratch 458

Summary 466

Appendix B Building a Lab Environment Using Docker 467

Docker Technology 468

Docker Basics 468

Docker Installation 468

Images and Registries 469

Containers 470

Dockerfile 472

Volumes 472

Networking 473

Mutillidae Docker Container 474

Summary 475

Index 477

Kali Linux Penetration Testing Bible

    Product form

    £25.60

    Includes FREE delivery

    RRP £32.00 – you save £6.40 (20%)

    Order before 4pm today for delivery by Mon 22 Jun 2026.

    A Paperback / softback by Gus Khawaja

    4 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Kali Linux Penetration Testing Bible by Gus Khawaja

      Publisher: John Wiley & Sons Inc
      Publication Date: 05/07/2021
      ISBN13: 9781119719083, 978-1119719083
      ISBN10: 1119719089
      Also in:
      Computing Computer networking and communications

      Description

      Book Synopsis


      Table of Contents

      Introduction xx

      Chapter 1 Mastering the Terminal Window 1

      Kali Linux File System 2

      Terminal Window Basic Commands 3

      Tmux Terminal Window 6

      Starting Tmux 6

      Tmux Key Bindings 7

      Tmux Session Management 7

      Navigating Inside Tmux 9

      Tmux Commands Reference 9

      Managing Users and Groups in Kali 10

      Users Commands 10

      Groups Commands 14

      Managing Passwords in Kali 14

      Files and Folders Management in Kali Linux 15

      Displaying Files and Folders 15

      Permissions 16

      Manipulating Files in Kali 19

      Searching for Files 20

      Files Compression 21

      Manipulating Directories in Kali 23

      Mounting a Directory 23

      Managing Text Files in Kali Linux 24

      Vim vs. Nano 26

      Searching and Filtering Text 27

      Remote Connections in Kali 29

      Remote Desktop Protocol 29

      Secure Shell 30

      SSH with Credentials 30

      Passwordless SSH 32

      Kali Linux System Management 34

      Linux Host Information 36

      Linux OS Information 36

      Linux Hardware Information 36

      Managing Running Services 38

      Package Management 39

      Process Management 41

      Networking in Kali Linux 42

      Network Interface 42

      IPv4 Private Address Ranges 42

      Static IP Addressing 43

      DNS 45

      Established Connections 46

      File Transfers 47

      Summary 48

      Chapter 2 Bash Scripting 49

      Basic Bash Scripting 50

      Printing to the Screen in Bash 50

      Variables 52

      Commands Variable 54

      Script Parameters 54

      User Input 56

      Functions 56

      Conditions and Loops 57

      Conditions 58

      Loops 60

      File Iteration 61

      Summary 63

      Chapter 3 Network Hosts Scanning 65

      Basics of Networking 65

      Networking Protocols 66

      TCP 66

      UDP 67

      Other Networking Protocols 67

      IP Addressing 69

      IPv4 69

      Subnets and CIDR 69

      IPv6 70

      Port Numbers 71

      Network Scanning 72

      Identifying Live Hosts 72

      Ping 73

      ARP 73

      Nmap 73

      Port Scanning and Services Enumeration 74

      TCP Port SYN Scan 75

      UDP 75

      Basics of Using Nmap Scans 76

      Services Enumeration 77

      Operating System Fingerprinting 79

      Nmap Scripting Engine 80

      NSE Category Scan 82

      NSE Arguments 84

      DNS Enumeration 84

      DNS Brute-Force 85

      DNS Zone Transfer 86

      DNS Subdomains Tools 87

      Fierce 87

      Summary 88

      Chapter 4 Internet Information Gathering 89

      Passive Footprinting and Reconnaissance 90

      Internet Search Engines 90

      Shodan 91

      Google Queries 92

      Information Gathering Using Kali Linux 94

      Whois Database 95

      TheHarvester 97

      DMitry 99

      Maltego 99

      Summary 103

      Chapter 5 Social Engineering Attacks 105

      Spear Phishing Attacks 105

      Sending an E-mail 106

      The Social Engineer Toolkit 106

      Sending an E-mail Using Python 108

      Stealing Credentials 109

      Payloads and Listeners 110

      Bind Shell vs. Reverse Shell 111

      Bind Shell 111

      Reverse Shell 112

      Reverse Shell Using SET 113

      Social Engineering with the USB Rubber Ducky 115

      A Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117

      Generating a PowerShell Script 118

      Starting a Listener 118

      Hosting the PowerShell Script 119

      Running PowerShell 120

      Download and Execute the PS Script 120

      Reverse Shell 121

      Replicating the Attack Using the USB Rubber Ducky 122

      Summary 122

      Chapter 6 Advanced Enumeration Phase 125

      Transfer Protocols 126

      FTP (Port 21) 126

      Exploitation Scenarios for an FTP Server 126

      Enumeration Workflow 127

      Service Scan 127

      Advanced Scripting Scan with Nmap 128

      More Brute-Forcing Techniques 129

      SSH (Port 22) 130

      Exploitation Scenarios for an SSH Server 130

      Advanced Scripting Scan with Nmap 131

      Brute-Forcing SSH with Hydra 132

      Advanced Brute-Forcing Techniques 133

      Telnet (Port 23) 134

      Exploitation Scenarios for Telnet Server 135

      Enumeration Workflow 135

      Service Scan 135

      Advanced Scripting Scan 136

      Brute-Forcing with Hydra 136

      E-mail Protocols 136

      SMTP (Port 25) 137

      Nmap Basic Enumeration 137

      Nmap Advanced Enumeration 137

      Enumerating Users 138

      POP3 (Port 110) and IMAP4 (Port 143) 141

      Brute-Forcing POP3 E-mail Accounts 141

      Database Protocols 142

      Microsoft SQL Server (Port 1433) 142

      Oracle Database Server (Port 1521) 143

      MySQL (Port 3306) 143

      CI/CD Protocols 143

      Docker (Port 2375) 144

      Jenkins (Port 8080/50000) 145

      Brute-Forcing a Web Portal Using Hydra 147

      Step 1: Enable a Proxy 148

      Step 2: Intercept the Form Request 149

      Step 3: Extracting Form Data and Brute-Forcing with Hydra 150

      Web Protocols 80/443 151

      Graphical Remoting Protocols 152

      RDP (Port 3389) 152

      RDP Brute-Force 152

      VNC (Port 5900) 153

      File Sharing Protocols 154

      SMB (Port 445) 154

      Brute-Forcing SMB 156

      SNMP (Port UDP 161) 157

      SNMP Enumeration 157

      Summary 159

      Chapter 7 Exploitation Phase 161

      Vulnerabilities Assessment 162

      Vulnerability Assessment Workflow 162

      Vulnerability Scanning with OpenVAS 164

      Installing OpenVAS 164

      Scanning with OpenVAS 165

      Exploits Research 169

      SearchSploit 171

      Services Exploitation 173

      Exploiting FTP Service 173

      FTP Login 173

      Remote Code Execution 174

      Spawning a Shell 177

      Exploiting SSH Service 178

      SSH Login 178

      Telnet Service Exploitation 179

      Telnet Login 179

      Sniffing for Cleartext Information 180

      E-mail Server Exploitation 183

      Docker Exploitation 185

      Testing the Docker Connection 185

      Creating a New Remote Kali Container 186

      Getting a Shell into the Kali Container 187

      Docker Host Exploitation 188

      Exploiting Jenkins 190

      Reverse Shells 193

      Using Shells with Metasploit 194

      Exploiting the SMB Protocol 196

      Connecting to SMB Shares 196

      SMB Eternal Blue Exploit 197

      Summary 198

      Chapter 8 Web Application Vulnerabilities 199

      Web Application Vulnerabilities 200

      Mutillidae Installation 200

      Apache Web Server Installation 200

      Firewall Setup 201

      Installing PHP 201

      Database Installation and Setup 201

      Mutillidae Installation 202

      Cross-Site Scripting 203

      Reflected XSS 203

      Stored XSS 204

      Exploiting XSS Using the Header 205

      Bypassing JavaScript Validation 207

      SQL Injection 208

      Querying the Database 208

      Bypassing the Login Page 211

      Execute Database Commands Using SQLi 211

      SQL Injection Automation with SQLMap 215

      Testing for SQL Injection 216

      Command Injection 217

      File Inclusion 217

      Local File Inclusion 218

      Remote File Inclusion 219

      Cross-Site Request Forgery 220

      The Attacker Scenario 221

      The Victim Scenario 222

      File Upload 223

      Simple File Upload 223

      Bypassing Validation 225

      Encoding 227

      OWASP Top 10 228

      Summary 229

      Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231

      Web Enumeration and Exploitation 231

      Burp Suite Pro 232

      Web Pentest Using Burp Suite 232

      More Enumeration 245

      Nmap 246

      Crawling 246

      Vulnerability Assessment 247

      Manual Web Penetration Testing Checklist 247

      Common Checklist 248

      Special Pages Checklist 248

      Secure Software Development Lifecycle 250

      Analysis/Architecture Phase 251

      Application Threat Modeling 251

      Assets 251

      Entry Points 252

      Third Parties 252

      Trust Levels 252

      Data Flow Diagram 252

      Development Phase 252

      Testing Phase 255

      Production Environment (Final Deployment) 255

      Summary 255

      Chapter 10 Linux Privilege Escalation 257

      Introduction to Kernel Exploits and Missing Configurations 258

      Kernel Exploits 258

      Kernel Exploit: Dirty Cow 258

      SUID Exploitation 261

      Overriding the Passwd Users File 263

      CRON Jobs Privilege Escalation 264

      CRON Basics 265

      Crontab 265

      Anacrontab 266

      Enumerating and Exploiting CRON 266

      sudoers 268

      sudo Privilege Escalation 268

      Exploiting the Find Command 268

      Editing the sudoers File 269

      Exploiting Running Services 270

      Automated Scripts 270

      Summary 271

      Chapter 11 Windows Privilege Escalation 273

      Windows System Enumeration 273

      System Information 274

      Windows Architecture 275

      Listing the Disk Drives 276

      Installed Patches 276

      Who Am I? 276

      List Users and Groups 277

      Networking Information 279

      Showing Weak Permissions 282

      Listing Installed Programs 283

      Listing Tasks and Processes 283

      File Transfers 284

      Windows Host Destination 284

      Linux Host Destination 285

      Windows System Exploitation 286

      Windows Kernel Exploits 287

      Getting the OS Version 287

      Find a Matching Exploit 288

      Executing the Payload and Getting a Root Shell 289

      The Metasploit PrivEsc Magic 289

      Exploiting Windows Applications 293

      Running As in Windows 295

      PSExec Tool 296

      Exploiting Services in Windows 297

      Interacting with Windows Services 297

      Misconfigured Service Permissions 297

      Overriding the Service Executable 299

      Unquoted Service Path 299

      Weak Registry Permissions 301

      Exploiting the Scheduled Tasks 302

      Windows PrivEsc Automated Tools 302

      PowerUp 302

      WinPEAS 303

      Summary 304

      Chapter 12 Pivoting and Lateral Movement 305

      Dumping Windows Hashes 306

      Windows NTLM Hashes 306

      SAM File and Hash Dump 307

      Using the Hash 308

      Mimikatz 308

      Dumping Active Directory Hashes 310

      Reusing Passwords and Hashes 310

      Pass the Hash 311

      Pivoting with Port Redirection 312

      Port Forwarding Concepts 312

      SSH Tunneling and Local Port Forwarding 314

      Remote Port Forwarding Using SSH 315

      Dynamic Port Forwarding 316

      Dynamic Port Forwarding Using SSH 316

      Summary 317

      Chapter 13 Cryptography and Hash Cracking 319

      Basics of Cryptography 319

      Hashing Basics 320

      One-Way Hash Function 320

      Hashing Scenarios 321

      Hashing Algorithms 321

      Message Digest 5 321

      Secure Hash Algorithm 323

      Hashing Passwords 323

      Securing Passwords with Hash 324

      Hash-Based Message Authenticated Code 325

      Encryption Basics 326

      Symmetric Encryption 326

      Advanced Encryption Standard 326

      Asymmetric Encryption 328

      Rivest Shamir Adleman 329

      Cracking Secrets with Hashcat 331

      Benchmark Testing 332

      Cracking Hashes in Action 334

      Attack Modes 336

      Straight Mode 336

      Combinator 337

      Mask and Brute-Force Attacks 339

      Brute-Force Attack 342

      Hybrid Attacks 342

      Cracking Workflow 343

      Summary 344

      Chapter 14 Reporting 345

      Overview of Reports in Penetration Testing 345

      Scoring Severities 346

      Common Vulnerability Scoring System Version 3.1 346

      Report Presentation 349

      Cover Page 350

      History Logs 350

      Report Summary 350

      Vulnerabilities Section 350

      Summary 351

      Chapter 15 Assembly Language and Reverse Engineering 353

      CPU Registers 353

      General CPU Registers 354

      Index Registers 355

      Pointer Registers 355

      Segment Registers 355

      Flag Registers 357

      Assembly Instructions 358

      Little Endian 360

      Data Types 360

      Memory Segments 361

      Addressing Modes 361

      Reverse Engineering Example 361

      Visual Studio Code for C/C++ 362

      Immunity Debugger for Reverse Engineering 363

      Summary 368

      Chapter 16 Buffer/Stack Overflow 369

      Basics of Stack Overflow 369

      Stack Overview 370

      PUSH Instruction 370

      POP Instruction 371

      C Program Example 371

      Buffer Analysis with Immunity Debugger 372

      Stack Overflow 376

      Stack Overflow Mechanism 377

      Stack Overflow Exploitation 378

      Lab Overview 379

      Vulnerable Application 379

      Phase 1: Testing 379

      Testing the Happy Path 379

      Testing the Crash 381

      Phase 2: Buffer Size 382

      Pattern Creation 382

      Offset Location 382

      Phase 3: Controlling EIP 383

      Adding the JMP Instruction 384

      Phase 4: Injecting the Payload and Getting a Remote Shell 386

      Payload Generation 386

      Bad Characters 386

      Shellcode Python Script 387

      Summary 388

      Chapter 17 Programming with Python 389

      Basics of Python 389

      Running Python Scripts 390

      Debugging Python Scripts 391

      Installing VS Code on Kali 391

      Practicing Python 392

      Python Basic Syntaxes 393

      Python Shebang 393

      Comments in Python 393

      Line Indentation and Importing Modules 394

      Input and Output 394

      Printing CLI Arguments 395

      Variables 395

      Numbers 395

      Arithmetic Operators 397

      Strings 397

      String Formatting 397

      String Functions 398

      Lists 399

      Reading Values in a List 399

      Updating List Items 399

      Removing a list item 400

      Tuples 400

      Dictionary 400

      More Techniques in Python 400

      Functions 400

      Returning Values 401

      Optional Arguments 401

      Global Variables 402

      Changing Global Variables 402

      Conditions 403

      if/else Statement 403

      Comparison Operators 403

      Loop Iterations 404

      while Loop 404

      for Loop 405

      Managing Files 406

      Exception Handling 407

      Text Escape Characters 407

      Custom Objects in Python 408

      Summary 409

      Chapter 18 Pentest Automation with Python 411

      Penetration Test Robot 411

      Application Workflow 412

      Python Packages 414

      Application Start 414

      Input Validation 415

      Code Refactoring 417

      Scanning for Live Hosts 418

      Ports and Services Scanning 420

      Attacking Credentials and Saving the Results 423

      Summary 426

      Appendix A Kali Linux Desktop at a Glance 427

      Downloading and Running a VM of Kali Linux 428

      Virtual Machine First Boot 428

      Kali Xfce Desktop 429

      Kali Xfce Menu 430

      Search Bar 430

      Favorites Menu Item 430

      Usual Applications 432

      Other Menu Items 433

      Kali Xfce Settings Manager 433

      Advanced Network Configuration 435

      Appearance 436

      Desktop 439

      Display 441

      File Manager 442

      Keyboard 445

      MIME Type Editor 447

      Mouse and Touchpad 448

      Panel 449

      Workspaces 450

      Window Manager 451

      Practical Example of Desktop Customization 454

      Edit the Top Panel 454

      Adding a New Bottom Panel 454

      Changing the Desktop Look 457

      Installing Kali Linux from Scratch 458

      Summary 466

      Appendix B Building a Lab Environment Using Docker 467

      Docker Technology 468

      Docker Basics 468

      Docker Installation 468

      Images and Registries 469

      Containers 470

      Dockerfile 472

      Volumes 472

      Networking 473

      Mutillidae Docker Container 474

      Summary 475

      Index 477

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account