{"product_id":"kali-linux-penetration-testing-bible-9781119719083","title":"Kali Linux Penetration Testing Bible","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIntroduction xx\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Mastering the Terminal Window 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKali Linux File System 2\u003c\/p\u003e \u003cp\u003eTerminal Window Basic Commands 3\u003c\/p\u003e \u003cp\u003eTmux Terminal Window 6\u003c\/p\u003e \u003cp\u003eStarting Tmux 6\u003c\/p\u003e \u003cp\u003eTmux Key Bindings 7\u003c\/p\u003e \u003cp\u003eTmux Session Management 7\u003c\/p\u003e \u003cp\u003eNavigating Inside Tmux 9\u003c\/p\u003e \u003cp\u003eTmux Commands Reference 9\u003c\/p\u003e \u003cp\u003eManaging Users and Groups in Kali 10\u003c\/p\u003e \u003cp\u003eUsers Commands 10\u003c\/p\u003e \u003cp\u003eGroups Commands 14\u003c\/p\u003e \u003cp\u003eManaging Passwords in Kali 14\u003c\/p\u003e \u003cp\u003eFiles and Folders Management in Kali Linux 15\u003c\/p\u003e \u003cp\u003eDisplaying Files and Folders 15\u003c\/p\u003e \u003cp\u003ePermissions 16\u003c\/p\u003e \u003cp\u003eManipulating Files in Kali 19\u003c\/p\u003e \u003cp\u003eSearching for Files 20\u003c\/p\u003e \u003cp\u003eFiles Compression 21\u003c\/p\u003e \u003cp\u003eManipulating Directories in Kali 23\u003c\/p\u003e \u003cp\u003eMounting a Directory 23\u003c\/p\u003e \u003cp\u003eManaging Text Files in Kali Linux 24\u003c\/p\u003e \u003cp\u003eVim vs. Nano 26\u003c\/p\u003e \u003cp\u003eSearching and Filtering Text 27\u003c\/p\u003e \u003cp\u003eRemote Connections in Kali 29\u003c\/p\u003e \u003cp\u003eRemote Desktop Protocol 29\u003c\/p\u003e \u003cp\u003eSecure Shell 30\u003c\/p\u003e \u003cp\u003eSSH with Credentials 30\u003c\/p\u003e \u003cp\u003ePasswordless SSH 32\u003c\/p\u003e \u003cp\u003eKali Linux System Management 34\u003c\/p\u003e \u003cp\u003eLinux Host Information 36\u003c\/p\u003e \u003cp\u003eLinux OS Information 36\u003c\/p\u003e \u003cp\u003eLinux Hardware Information 36\u003c\/p\u003e \u003cp\u003eManaging Running Services 38\u003c\/p\u003e \u003cp\u003ePackage Management 39\u003c\/p\u003e \u003cp\u003eProcess Management 41\u003c\/p\u003e \u003cp\u003eNetworking in Kali Linux 42\u003c\/p\u003e \u003cp\u003eNetwork Interface 42\u003c\/p\u003e \u003cp\u003eIPv4 Private Address Ranges 42\u003c\/p\u003e \u003cp\u003eStatic IP Addressing 43\u003c\/p\u003e \u003cp\u003eDNS 45\u003c\/p\u003e \u003cp\u003eEstablished Connections 46\u003c\/p\u003e \u003cp\u003eFile Transfers 47\u003c\/p\u003e \u003cp\u003eSummary 48\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Bash Scripting 49\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasic Bash Scripting 50\u003c\/p\u003e \u003cp\u003ePrinting to the Screen in Bash 50\u003c\/p\u003e \u003cp\u003eVariables 52\u003c\/p\u003e \u003cp\u003eCommands Variable 54\u003c\/p\u003e \u003cp\u003eScript Parameters 54\u003c\/p\u003e \u003cp\u003eUser Input 56\u003c\/p\u003e \u003cp\u003eFunctions 56\u003c\/p\u003e \u003cp\u003eConditions and Loops 57\u003c\/p\u003e \u003cp\u003eConditions 58\u003c\/p\u003e \u003cp\u003eLoops 60\u003c\/p\u003e \u003cp\u003eFile Iteration 61\u003c\/p\u003e \u003cp\u003eSummary 63\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Network Hosts Scanning 65\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Networking 65\u003c\/p\u003e \u003cp\u003eNetworking Protocols 66\u003c\/p\u003e \u003cp\u003eTCP 66\u003c\/p\u003e \u003cp\u003eUDP 67\u003c\/p\u003e \u003cp\u003eOther Networking Protocols 67\u003c\/p\u003e \u003cp\u003eIP Addressing 69\u003c\/p\u003e \u003cp\u003eIPv4 69\u003c\/p\u003e \u003cp\u003eSubnets and CIDR 69\u003c\/p\u003e \u003cp\u003eIPv6 70\u003c\/p\u003e \u003cp\u003ePort Numbers 71\u003c\/p\u003e \u003cp\u003eNetwork Scanning 72\u003c\/p\u003e \u003cp\u003eIdentifying Live Hosts 72\u003c\/p\u003e \u003cp\u003ePing 73\u003c\/p\u003e \u003cp\u003eARP 73\u003c\/p\u003e \u003cp\u003eNmap 73\u003c\/p\u003e \u003cp\u003ePort Scanning and Services Enumeration 74\u003c\/p\u003e \u003cp\u003eTCP Port SYN Scan 75\u003c\/p\u003e \u003cp\u003eUDP 75\u003c\/p\u003e \u003cp\u003eBasics of Using Nmap Scans 76\u003c\/p\u003e \u003cp\u003eServices Enumeration 77\u003c\/p\u003e \u003cp\u003eOperating System Fingerprinting 79\u003c\/p\u003e \u003cp\u003eNmap Scripting Engine 80\u003c\/p\u003e \u003cp\u003eNSE Category Scan 82\u003c\/p\u003e \u003cp\u003eNSE Arguments 84\u003c\/p\u003e \u003cp\u003eDNS Enumeration 84\u003c\/p\u003e \u003cp\u003eDNS Brute-Force 85\u003c\/p\u003e \u003cp\u003eDNS Zone Transfer 86\u003c\/p\u003e \u003cp\u003eDNS Subdomains Tools 87\u003c\/p\u003e \u003cp\u003eFierce 87\u003c\/p\u003e \u003cp\u003eSummary 88\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Internet Information Gathering 89\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePassive Footprinting and Reconnaissance 90\u003c\/p\u003e \u003cp\u003eInternet Search Engines 90\u003c\/p\u003e \u003cp\u003eShodan 91\u003c\/p\u003e \u003cp\u003eGoogle Queries 92\u003c\/p\u003e \u003cp\u003eInformation Gathering Using Kali Linux 94\u003c\/p\u003e \u003cp\u003eWhois Database 95\u003c\/p\u003e \u003cp\u003eTheHarvester 97\u003c\/p\u003e \u003cp\u003eDMitry 99\u003c\/p\u003e \u003cp\u003eMaltego 99\u003c\/p\u003e \u003cp\u003eSummary 103\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Social Engineering Attacks 105\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSpear Phishing Attacks 105\u003c\/p\u003e \u003cp\u003eSending an E-mail 106\u003c\/p\u003e \u003cp\u003eThe Social Engineer Toolkit 106\u003c\/p\u003e \u003cp\u003eSending an E-mail Using Python 108\u003c\/p\u003e \u003cp\u003eStealing Credentials 109\u003c\/p\u003e \u003cp\u003ePayloads and Listeners 110\u003c\/p\u003e \u003cp\u003eBind Shell vs. Reverse Shell 111\u003c\/p\u003e \u003cp\u003eBind Shell 111\u003c\/p\u003e \u003cp\u003eReverse Shell 112\u003c\/p\u003e \u003cp\u003eReverse Shell Using SET 113\u003c\/p\u003e \u003cp\u003eSocial Engineering with the USB Rubber Ducky 115\u003c\/p\u003e \u003cp\u003eA Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117\u003c\/p\u003e \u003cp\u003eGenerating a PowerShell Script 118\u003c\/p\u003e \u003cp\u003eStarting a Listener 118\u003c\/p\u003e \u003cp\u003eHosting the PowerShell Script 119\u003c\/p\u003e \u003cp\u003eRunning PowerShell 120\u003c\/p\u003e \u003cp\u003eDownload and Execute the PS Script 120\u003c\/p\u003e \u003cp\u003eReverse Shell 121\u003c\/p\u003e \u003cp\u003eReplicating the Attack Using the USB Rubber Ducky 122\u003c\/p\u003e \u003cp\u003eSummary 122\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Advanced Enumeration Phase 125\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTransfer Protocols 126\u003c\/p\u003e \u003cp\u003eFTP (Port 21) 126\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for an FTP Server 126\u003c\/p\u003e \u003cp\u003eEnumeration Workflow 127\u003c\/p\u003e \u003cp\u003eService Scan 127\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan with Nmap 128\u003c\/p\u003e \u003cp\u003eMore Brute-Forcing Techniques 129\u003c\/p\u003e \u003cp\u003eSSH (Port 22) 130\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for an SSH Server 130\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan with Nmap 131\u003c\/p\u003e \u003cp\u003eBrute-Forcing SSH with Hydra 132\u003c\/p\u003e \u003cp\u003eAdvanced Brute-Forcing Techniques 133\u003c\/p\u003e \u003cp\u003eTelnet (Port 23) 134\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for Telnet Server 135\u003c\/p\u003e \u003cp\u003eEnumeration Workflow 135\u003c\/p\u003e \u003cp\u003eService Scan 135\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan 136\u003c\/p\u003e \u003cp\u003eBrute-Forcing with Hydra 136\u003c\/p\u003e \u003cp\u003eE-mail Protocols 136\u003c\/p\u003e \u003cp\u003eSMTP (Port 25) 137\u003c\/p\u003e \u003cp\u003eNmap Basic Enumeration 137\u003c\/p\u003e \u003cp\u003eNmap Advanced Enumeration 137\u003c\/p\u003e \u003cp\u003eEnumerating Users 138\u003c\/p\u003e \u003cp\u003ePOP3 (Port 110) and IMAP4 (Port 143) 141\u003c\/p\u003e \u003cp\u003eBrute-Forcing POP3 E-mail Accounts 141\u003c\/p\u003e \u003cp\u003eDatabase Protocols 142\u003c\/p\u003e \u003cp\u003eMicrosoft SQL Server (Port 1433) 142\u003c\/p\u003e \u003cp\u003eOracle Database Server (Port 1521) 143\u003c\/p\u003e \u003cp\u003eMySQL (Port 3306) 143\u003c\/p\u003e \u003cp\u003eCI\/CD Protocols 143\u003c\/p\u003e \u003cp\u003eDocker (Port 2375) 144\u003c\/p\u003e \u003cp\u003eJenkins (Port 8080\/50000) 145\u003c\/p\u003e \u003cp\u003eBrute-Forcing a Web Portal Using Hydra 147\u003c\/p\u003e \u003cp\u003eStep 1: Enable a Proxy 148\u003c\/p\u003e \u003cp\u003eStep 2: Intercept the Form Request 149\u003c\/p\u003e \u003cp\u003eStep 3: Extracting Form Data and Brute-Forcing with Hydra 150\u003c\/p\u003e \u003cp\u003eWeb Protocols 80\/443 151\u003c\/p\u003e \u003cp\u003eGraphical Remoting Protocols 152\u003c\/p\u003e \u003cp\u003eRDP (Port 3389) 152\u003c\/p\u003e \u003cp\u003eRDP Brute-Force 152\u003c\/p\u003e \u003cp\u003eVNC (Port 5900) 153\u003c\/p\u003e \u003cp\u003eFile Sharing Protocols 154\u003c\/p\u003e \u003cp\u003eSMB (Port 445) 154\u003c\/p\u003e \u003cp\u003eBrute-Forcing SMB 156\u003c\/p\u003e \u003cp\u003eSNMP (Port UDP 161) 157\u003c\/p\u003e \u003cp\u003eSNMP Enumeration 157\u003c\/p\u003e \u003cp\u003eSummary 159\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Exploitation Phase 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVulnerabilities Assessment 162\u003c\/p\u003e \u003cp\u003eVulnerability Assessment Workflow 162\u003c\/p\u003e \u003cp\u003eVulnerability Scanning with OpenVAS 164\u003c\/p\u003e \u003cp\u003eInstalling OpenVAS 164\u003c\/p\u003e \u003cp\u003eScanning with OpenVAS 165\u003c\/p\u003e \u003cp\u003eExploits Research 169\u003c\/p\u003e \u003cp\u003eSearchSploit 171\u003c\/p\u003e \u003cp\u003eServices Exploitation 173\u003c\/p\u003e \u003cp\u003eExploiting FTP Service 173\u003c\/p\u003e \u003cp\u003eFTP Login 173\u003c\/p\u003e \u003cp\u003eRemote Code Execution 174\u003c\/p\u003e \u003cp\u003eSpawning a Shell 177\u003c\/p\u003e \u003cp\u003eExploiting SSH Service 178\u003c\/p\u003e \u003cp\u003eSSH Login 178\u003c\/p\u003e \u003cp\u003eTelnet Service Exploitation 179\u003c\/p\u003e \u003cp\u003eTelnet Login 179\u003c\/p\u003e \u003cp\u003eSniffing for Cleartext Information 180\u003c\/p\u003e \u003cp\u003eE-mail Server Exploitation 183\u003c\/p\u003e \u003cp\u003eDocker Exploitation 185\u003c\/p\u003e \u003cp\u003eTesting the Docker Connection 185\u003c\/p\u003e \u003cp\u003eCreating a New Remote Kali Container 186\u003c\/p\u003e \u003cp\u003eGetting a Shell into the Kali Container 187\u003c\/p\u003e \u003cp\u003eDocker Host Exploitation 188\u003c\/p\u003e \u003cp\u003eExploiting Jenkins 190\u003c\/p\u003e \u003cp\u003eReverse Shells 193\u003c\/p\u003e \u003cp\u003eUsing Shells with Metasploit 194\u003c\/p\u003e \u003cp\u003eExploiting the SMB Protocol 196\u003c\/p\u003e \u003cp\u003eConnecting to SMB Shares 196\u003c\/p\u003e \u003cp\u003eSMB Eternal Blue Exploit 197\u003c\/p\u003e \u003cp\u003eSummary 198\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Web Application Vulnerabilities 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Application Vulnerabilities 200\u003c\/p\u003e \u003cp\u003eMutillidae Installation 200\u003c\/p\u003e \u003cp\u003eApache Web Server Installation 200\u003c\/p\u003e \u003cp\u003eFirewall Setup 201\u003c\/p\u003e \u003cp\u003eInstalling PHP 201\u003c\/p\u003e \u003cp\u003eDatabase Installation and Setup 201\u003c\/p\u003e \u003cp\u003eMutillidae Installation 202\u003c\/p\u003e \u003cp\u003eCross-Site Scripting 203\u003c\/p\u003e \u003cp\u003eReflected XSS 203\u003c\/p\u003e \u003cp\u003eStored XSS 204\u003c\/p\u003e \u003cp\u003eExploiting XSS Using the Header 205\u003c\/p\u003e \u003cp\u003eBypassing JavaScript Validation 207\u003c\/p\u003e \u003cp\u003eSQL Injection 208\u003c\/p\u003e \u003cp\u003eQuerying the Database 208\u003c\/p\u003e \u003cp\u003eBypassing the Login Page 211\u003c\/p\u003e \u003cp\u003eExecute Database Commands Using SQLi 211\u003c\/p\u003e \u003cp\u003eSQL Injection Automation with SQLMap 215\u003c\/p\u003e \u003cp\u003eTesting for SQL Injection 216\u003c\/p\u003e \u003cp\u003eCommand Injection 217\u003c\/p\u003e \u003cp\u003eFile Inclusion 217\u003c\/p\u003e \u003cp\u003eLocal File Inclusion 218\u003c\/p\u003e \u003cp\u003eRemote File Inclusion 219\u003c\/p\u003e \u003cp\u003eCross-Site Request Forgery 220\u003c\/p\u003e \u003cp\u003eThe Attacker Scenario 221\u003c\/p\u003e \u003cp\u003eThe Victim Scenario 222\u003c\/p\u003e \u003cp\u003eFile Upload 223\u003c\/p\u003e \u003cp\u003eSimple File Upload 223\u003c\/p\u003e \u003cp\u003eBypassing Validation 225\u003c\/p\u003e \u003cp\u003eEncoding 227\u003c\/p\u003e \u003cp\u003eOWASP Top 10 228\u003c\/p\u003e \u003cp\u003eSummary 229\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Enumeration and Exploitation 231\u003c\/p\u003e \u003cp\u003eBurp Suite Pro 232\u003c\/p\u003e \u003cp\u003eWeb Pentest Using Burp Suite 232\u003c\/p\u003e \u003cp\u003eMore Enumeration 245\u003c\/p\u003e \u003cp\u003eNmap 246\u003c\/p\u003e \u003cp\u003eCrawling 246\u003c\/p\u003e \u003cp\u003eVulnerability Assessment 247\u003c\/p\u003e \u003cp\u003eManual Web Penetration Testing Checklist 247\u003c\/p\u003e \u003cp\u003eCommon Checklist 248\u003c\/p\u003e \u003cp\u003eSpecial Pages Checklist 248\u003c\/p\u003e \u003cp\u003eSecure Software Development Lifecycle 250\u003c\/p\u003e \u003cp\u003eAnalysis\/Architecture Phase 251\u003c\/p\u003e \u003cp\u003eApplication Threat Modeling 251\u003c\/p\u003e \u003cp\u003eAssets 251\u003c\/p\u003e \u003cp\u003eEntry Points 252\u003c\/p\u003e \u003cp\u003eThird Parties 252\u003c\/p\u003e \u003cp\u003eTrust Levels 252\u003c\/p\u003e \u003cp\u003eData Flow Diagram 252\u003c\/p\u003e \u003cp\u003eDevelopment Phase 252\u003c\/p\u003e \u003cp\u003eTesting Phase 255\u003c\/p\u003e \u003cp\u003eProduction Environment (Final Deployment) 255\u003c\/p\u003e \u003cp\u003eSummary 255\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Linux Privilege Escalation 257\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Kernel Exploits and Missing Configurations 258\u003c\/p\u003e \u003cp\u003eKernel Exploits 258\u003c\/p\u003e \u003cp\u003eKernel Exploit: Dirty Cow 258\u003c\/p\u003e \u003cp\u003eSUID Exploitation 261\u003c\/p\u003e \u003cp\u003eOverriding the Passwd Users File 263\u003c\/p\u003e \u003cp\u003eCRON Jobs Privilege Escalation 264\u003c\/p\u003e \u003cp\u003eCRON Basics 265\u003c\/p\u003e \u003cp\u003eCrontab 265\u003c\/p\u003e \u003cp\u003eAnacrontab 266\u003c\/p\u003e \u003cp\u003eEnumerating and Exploiting CRON 266\u003c\/p\u003e \u003cp\u003esudoers 268\u003c\/p\u003e \u003cp\u003esudo Privilege Escalation 268\u003c\/p\u003e \u003cp\u003eExploiting the Find Command 268\u003c\/p\u003e \u003cp\u003eEditing the sudoers File 269\u003c\/p\u003e \u003cp\u003eExploiting Running Services 270\u003c\/p\u003e \u003cp\u003eAutomated Scripts 270\u003c\/p\u003e \u003cp\u003eSummary 271\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Windows Privilege Escalation 273\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWindows System Enumeration 273\u003c\/p\u003e \u003cp\u003eSystem Information 274\u003c\/p\u003e \u003cp\u003eWindows Architecture 275\u003c\/p\u003e \u003cp\u003eListing the Disk Drives 276\u003c\/p\u003e \u003cp\u003eInstalled Patches 276\u003c\/p\u003e \u003cp\u003eWho Am I? 276\u003c\/p\u003e \u003cp\u003eList Users and Groups 277\u003c\/p\u003e \u003cp\u003eNetworking Information 279\u003c\/p\u003e \u003cp\u003eShowing Weak Permissions 282\u003c\/p\u003e \u003cp\u003eListing Installed Programs 283\u003c\/p\u003e \u003cp\u003eListing Tasks and Processes 283\u003c\/p\u003e \u003cp\u003eFile Transfers 284\u003c\/p\u003e \u003cp\u003eWindows Host Destination 284\u003c\/p\u003e \u003cp\u003eLinux Host Destination 285\u003c\/p\u003e \u003cp\u003eWindows System Exploitation 286\u003c\/p\u003e \u003cp\u003eWindows Kernel Exploits 287\u003c\/p\u003e \u003cp\u003eGetting the OS Version 287\u003c\/p\u003e \u003cp\u003eFind a Matching Exploit 288\u003c\/p\u003e \u003cp\u003eExecuting the Payload and Getting a Root Shell 289\u003c\/p\u003e \u003cp\u003eThe Metasploit PrivEsc Magic 289\u003c\/p\u003e \u003cp\u003eExploiting Windows Applications 293\u003c\/p\u003e \u003cp\u003eRunning As in Windows 295\u003c\/p\u003e \u003cp\u003ePSExec Tool 296\u003c\/p\u003e \u003cp\u003eExploiting Services in Windows 297\u003c\/p\u003e \u003cp\u003eInteracting with Windows Services 297\u003c\/p\u003e \u003cp\u003eMisconfigured Service Permissions 297\u003c\/p\u003e \u003cp\u003eOverriding the Service Executable 299\u003c\/p\u003e \u003cp\u003eUnquoted Service Path 299\u003c\/p\u003e \u003cp\u003eWeak Registry Permissions 301\u003c\/p\u003e \u003cp\u003eExploiting the Scheduled Tasks 302\u003c\/p\u003e \u003cp\u003eWindows PrivEsc Automated Tools 302\u003c\/p\u003e \u003cp\u003ePowerUp 302\u003c\/p\u003e \u003cp\u003eWinPEAS 303\u003c\/p\u003e \u003cp\u003eSummary 304\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Pivoting and Lateral Movement 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDumping Windows Hashes 306\u003c\/p\u003e \u003cp\u003eWindows NTLM Hashes 306\u003c\/p\u003e \u003cp\u003eSAM File and Hash Dump 307\u003c\/p\u003e \u003cp\u003eUsing the Hash 308\u003c\/p\u003e \u003cp\u003eMimikatz 308\u003c\/p\u003e \u003cp\u003eDumping Active Directory Hashes 310\u003c\/p\u003e \u003cp\u003eReusing Passwords and Hashes 310\u003c\/p\u003e \u003cp\u003ePass the Hash 311\u003c\/p\u003e \u003cp\u003ePivoting with Port Redirection 312\u003c\/p\u003e \u003cp\u003ePort Forwarding Concepts 312\u003c\/p\u003e \u003cp\u003eSSH Tunneling and Local Port Forwarding 314\u003c\/p\u003e \u003cp\u003eRemote Port Forwarding Using SSH 315\u003c\/p\u003e \u003cp\u003eDynamic Port Forwarding 316\u003c\/p\u003e \u003cp\u003eDynamic Port Forwarding Using SSH 316\u003c\/p\u003e \u003cp\u003eSummary 317\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Cryptography and Hash Cracking 319\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Cryptography 319\u003c\/p\u003e \u003cp\u003eHashing Basics 320\u003c\/p\u003e \u003cp\u003eOne-Way Hash Function 320\u003c\/p\u003e \u003cp\u003eHashing Scenarios 321\u003c\/p\u003e \u003cp\u003eHashing Algorithms 321\u003c\/p\u003e \u003cp\u003eMessage Digest 5 321\u003c\/p\u003e \u003cp\u003eSecure Hash Algorithm 323\u003c\/p\u003e \u003cp\u003eHashing Passwords 323\u003c\/p\u003e \u003cp\u003eSecuring Passwords with Hash 324\u003c\/p\u003e \u003cp\u003eHash-Based Message Authenticated Code 325\u003c\/p\u003e \u003cp\u003eEncryption Basics 326\u003c\/p\u003e \u003cp\u003eSymmetric Encryption 326\u003c\/p\u003e \u003cp\u003eAdvanced Encryption Standard 326\u003c\/p\u003e \u003cp\u003eAsymmetric Encryption 328\u003c\/p\u003e \u003cp\u003eRivest Shamir Adleman 329\u003c\/p\u003e \u003cp\u003eCracking Secrets with Hashcat 331\u003c\/p\u003e \u003cp\u003eBenchmark Testing 332\u003c\/p\u003e \u003cp\u003eCracking Hashes in Action 334\u003c\/p\u003e \u003cp\u003eAttack Modes 336\u003c\/p\u003e \u003cp\u003eStraight Mode 336\u003c\/p\u003e \u003cp\u003eCombinator 337\u003c\/p\u003e \u003cp\u003eMask and Brute-Force Attacks 339\u003c\/p\u003e \u003cp\u003eBrute-Force Attack 342\u003c\/p\u003e \u003cp\u003eHybrid Attacks 342\u003c\/p\u003e \u003cp\u003eCracking Workflow 343\u003c\/p\u003e \u003cp\u003eSummary 344\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Reporting 345\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Reports in Penetration Testing 345\u003c\/p\u003e \u003cp\u003eScoring Severities 346\u003c\/p\u003e \u003cp\u003eCommon Vulnerability Scoring System Version 3.1 346\u003c\/p\u003e \u003cp\u003eReport Presentation 349\u003c\/p\u003e \u003cp\u003eCover Page 350\u003c\/p\u003e \u003cp\u003eHistory Logs 350\u003c\/p\u003e \u003cp\u003eReport Summary 350\u003c\/p\u003e \u003cp\u003eVulnerabilities Section 350\u003c\/p\u003e \u003cp\u003eSummary 351\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Assembly Language and Reverse Engineering 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCPU Registers 353\u003c\/p\u003e \u003cp\u003eGeneral CPU Registers 354\u003c\/p\u003e \u003cp\u003eIndex Registers 355\u003c\/p\u003e \u003cp\u003ePointer Registers 355\u003c\/p\u003e \u003cp\u003eSegment Registers 355\u003c\/p\u003e \u003cp\u003eFlag Registers 357\u003c\/p\u003e \u003cp\u003eAssembly Instructions 358\u003c\/p\u003e \u003cp\u003eLittle Endian 360\u003c\/p\u003e \u003cp\u003eData Types 360\u003c\/p\u003e \u003cp\u003eMemory Segments 361\u003c\/p\u003e \u003cp\u003eAddressing Modes 361\u003c\/p\u003e \u003cp\u003eReverse Engineering Example 361\u003c\/p\u003e \u003cp\u003eVisual Studio Code for C\/C++ 362\u003c\/p\u003e \u003cp\u003eImmunity Debugger for Reverse Engineering 363\u003c\/p\u003e \u003cp\u003eSummary 368\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Buffer\/Stack Overflow 369\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Stack Overflow 369\u003c\/p\u003e \u003cp\u003eStack Overview 370\u003c\/p\u003e \u003cp\u003ePUSH Instruction 370\u003c\/p\u003e \u003cp\u003ePOP Instruction 371\u003c\/p\u003e \u003cp\u003eC Program Example 371\u003c\/p\u003e \u003cp\u003eBuffer Analysis with Immunity Debugger 372\u003c\/p\u003e \u003cp\u003eStack Overflow 376\u003c\/p\u003e \u003cp\u003eStack Overflow Mechanism 377\u003c\/p\u003e \u003cp\u003eStack Overflow Exploitation 378\u003c\/p\u003e \u003cp\u003eLab Overview 379\u003c\/p\u003e \u003cp\u003eVulnerable Application 379\u003c\/p\u003e \u003cp\u003ePhase 1: Testing 379\u003c\/p\u003e \u003cp\u003eTesting the Happy Path 379\u003c\/p\u003e \u003cp\u003eTesting the Crash 381\u003c\/p\u003e \u003cp\u003ePhase 2: Buffer Size 382\u003c\/p\u003e \u003cp\u003ePattern Creation 382\u003c\/p\u003e \u003cp\u003eOffset Location 382\u003c\/p\u003e \u003cp\u003ePhase 3: Controlling EIP 383\u003c\/p\u003e \u003cp\u003eAdding the JMP Instruction 384\u003c\/p\u003e \u003cp\u003ePhase 4: Injecting the Payload and Getting a Remote Shell 386\u003c\/p\u003e \u003cp\u003ePayload Generation 386\u003c\/p\u003e \u003cp\u003eBad Characters 386\u003c\/p\u003e \u003cp\u003eShellcode Python Script 387\u003c\/p\u003e \u003cp\u003eSummary 388\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Programming with Python 389\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Python 389\u003c\/p\u003e \u003cp\u003eRunning Python Scripts 390\u003c\/p\u003e \u003cp\u003eDebugging Python Scripts 391\u003c\/p\u003e \u003cp\u003eInstalling VS Code on Kali 391\u003c\/p\u003e \u003cp\u003ePracticing Python 392\u003c\/p\u003e \u003cp\u003ePython Basic Syntaxes 393\u003c\/p\u003e \u003cp\u003ePython Shebang 393\u003c\/p\u003e \u003cp\u003eComments in Python 393\u003c\/p\u003e \u003cp\u003eLine Indentation and Importing Modules 394\u003c\/p\u003e \u003cp\u003eInput and Output 394\u003c\/p\u003e \u003cp\u003ePrinting CLI Arguments 395\u003c\/p\u003e \u003cp\u003eVariables 395\u003c\/p\u003e \u003cp\u003eNumbers 395\u003c\/p\u003e \u003cp\u003eArithmetic Operators 397\u003c\/p\u003e \u003cp\u003eStrings 397\u003c\/p\u003e \u003cp\u003eString Formatting 397\u003c\/p\u003e \u003cp\u003eString Functions 398\u003c\/p\u003e \u003cp\u003eLists 399\u003c\/p\u003e \u003cp\u003eReading Values in a List 399\u003c\/p\u003e \u003cp\u003eUpdating List Items 399\u003c\/p\u003e \u003cp\u003eRemoving a list item 400\u003c\/p\u003e \u003cp\u003eTuples 400\u003c\/p\u003e \u003cp\u003eDictionary 400\u003c\/p\u003e \u003cp\u003eMore Techniques in Python 400\u003c\/p\u003e \u003cp\u003eFunctions 400\u003c\/p\u003e \u003cp\u003eReturning Values 401\u003c\/p\u003e \u003cp\u003eOptional Arguments 401\u003c\/p\u003e \u003cp\u003eGlobal Variables 402\u003c\/p\u003e \u003cp\u003eChanging Global Variables 402\u003c\/p\u003e \u003cp\u003eConditions 403\u003c\/p\u003e \u003cp\u003eif\/else Statement 403\u003c\/p\u003e \u003cp\u003eComparison Operators 403\u003c\/p\u003e \u003cp\u003eLoop Iterations 404\u003c\/p\u003e \u003cp\u003ewhile Loop 404\u003c\/p\u003e \u003cp\u003efor Loop 405\u003c\/p\u003e \u003cp\u003eManaging Files 406\u003c\/p\u003e \u003cp\u003eException Handling 407\u003c\/p\u003e \u003cp\u003eText Escape Characters 407\u003c\/p\u003e \u003cp\u003eCustom Objects in Python 408\u003c\/p\u003e \u003cp\u003eSummary 409\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Pentest Automation with Python 411\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePenetration Test Robot 411\u003c\/p\u003e \u003cp\u003eApplication Workflow 412\u003c\/p\u003e \u003cp\u003ePython Packages 414\u003c\/p\u003e \u003cp\u003eApplication Start 414\u003c\/p\u003e \u003cp\u003eInput Validation 415\u003c\/p\u003e \u003cp\u003eCode Refactoring 417\u003c\/p\u003e \u003cp\u003eScanning for Live Hosts 418\u003c\/p\u003e \u003cp\u003ePorts and Services Scanning 420\u003c\/p\u003e \u003cp\u003eAttacking Credentials and Saving the Results 423\u003c\/p\u003e \u003cp\u003eSummary 426\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Kali Linux Desktop at a Glance 427\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDownloading and Running a VM of Kali Linux 428\u003c\/p\u003e \u003cp\u003eVirtual Machine First Boot 428\u003c\/p\u003e \u003cp\u003eKali Xfce Desktop 429\u003c\/p\u003e \u003cp\u003eKali Xfce Menu 430\u003c\/p\u003e \u003cp\u003eSearch Bar 430\u003c\/p\u003e \u003cp\u003eFavorites Menu Item 430\u003c\/p\u003e \u003cp\u003eUsual Applications 432\u003c\/p\u003e \u003cp\u003eOther Menu Items 433\u003c\/p\u003e \u003cp\u003eKali Xfce Settings Manager 433\u003c\/p\u003e \u003cp\u003eAdvanced Network Configuration 435\u003c\/p\u003e \u003cp\u003eAppearance 436\u003c\/p\u003e \u003cp\u003eDesktop 439\u003c\/p\u003e \u003cp\u003eDisplay 441\u003c\/p\u003e \u003cp\u003eFile Manager 442\u003c\/p\u003e \u003cp\u003eKeyboard 445\u003c\/p\u003e \u003cp\u003eMIME Type Editor 447\u003c\/p\u003e \u003cp\u003eMouse and Touchpad 448\u003c\/p\u003e \u003cp\u003ePanel 449\u003c\/p\u003e \u003cp\u003eWorkspaces 450\u003c\/p\u003e \u003cp\u003eWindow Manager 451\u003c\/p\u003e \u003cp\u003ePractical Example of Desktop Customization 454\u003c\/p\u003e \u003cp\u003eEdit the Top Panel 454\u003c\/p\u003e \u003cp\u003eAdding a New Bottom Panel 454\u003c\/p\u003e \u003cp\u003eChanging the Desktop Look 457\u003c\/p\u003e \u003cp\u003eInstalling Kali Linux from Scratch 458\u003c\/p\u003e \u003cp\u003eSummary 466\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Building a Lab Environment Using Docker 467\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDocker Technology 468\u003c\/p\u003e \u003cp\u003eDocker Basics 468\u003c\/p\u003e \u003cp\u003eDocker Installation 468\u003c\/p\u003e \u003cp\u003eImages and Registries 469\u003c\/p\u003e \u003cp\u003eContainers 470\u003c\/p\u003e \u003cp\u003eDockerfile 472\u003c\/p\u003e \u003cp\u003eVolumes 472\u003c\/p\u003e \u003cp\u003eNetworking 473\u003c\/p\u003e \u003cp\u003eMutillidae Docker Container 474\u003c\/p\u003e \u003cp\u003eSummary 475\u003c\/p\u003e \u003cp\u003eIndex 477\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49407131025751,"sku":"9781119719083","price":25.6,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119719083.jpg?v=1730498290","url":"https:\/\/bookcurl.com\/products\/kali-linux-penetration-testing-bible-9781119719083","provider":"Book Curl","version":"1.0","type":"link"}