OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents

12.3.2. Towards Penetration Testing‌‌


You probably noticed by now that this book did not teach you penetration testing. But the things you learned are still important. You are now ready to fully exploit the power of Kali Linux, the best penetration testing framework. And you have the basic Linux skills required to participate in Offensive Security’s training.

If you feel that you are not yet ready for a paid course, you can start by following the Metasploit Unleashed2 free online training. Metasploit is a very popular penetration testing tool and you have to know it if you are serious about your plans to learn penetration testing.

The next logical step would then be to follow the Penetration Testing with Kali Linux3 online course leading the path to the famous “Offensive Security Certified Professional” certification. This online course can be followed at your own pace but the certification is actually a difficult, 24h long, real-word, hands-on penetration test which takes place in an isolated VPN network.

Are you up to the challenge?


image

2https://www.offensive-security.com/metasploit-unleashed/ 3https://www.offensive-security.com/information-security-training/‌


image


Index



image


_

.config, 235

.d, 195

.htaccess, 116

/dev, 48

/etc/apt/apt.conf.d/, 195

/etc/apt/preferences, 196

/etc/apt/sources.list, 172

/etc/apt/trusted.gpg.d/, 203

/etc/group, 107

/etc/gshadow, 107

/etc/network/interfaces, 105

/etc/passwd, 107

/etc/salt/minion, 255

/etc/shadow, 107

/etc/ssh/sshd_config, 110

/proc, 48

/sys, 48

/var/lib/dpkg/, 212

/var/www/html/, 114

32-bit CPU, 16

64-bit CPU, 16


A

a2dismod, 113

a2enmod, 113

a2ensite, 114

ACCEPT, 155

account

creation, 107

disable, 109

modification, 108

activity, monitoring, 162

add a user to a group, 108 addgroup, 109

adduser, 108

administrator password, 72 Advanced Package Tool, 171 aide (Debian package), 163

AllowOverride, Apache directive, 115, 116 analysis

vulnerability, 6

web application, 6

ansible, 255

Apache, 113

directives, 115

Apache directives, 116

application assessments, 291 applications

collection, 10

menu, 5 applying a patch, 227 apropos, 124

APT, 171

configuration, 195

header display, 185

initial configuration, 81

interfaces, 190

package search, 185

pinning, 196

preferences, 196

apt, 176

apt build-dep, 226

apt dist-upgrade, 179

apt full-upgrade, 179

apt install, 177

apt purge, 180

apt remove, 180

apt search, 186

apt show, 186

apt source, 223

apt update, 176

apt upgrade, 179

apt-cache, 185

apt-cache dumpavail, 187

apt-cache pkgnames, 187

apt-cache policy, 187

apt-cache search, 186

apt-cache show, 186

apt-cdrom, 172

apt-get, 176

apt-get dist-upgrade, 179

apt-get install, 177

apt-get purge, 181

apt-get remove, 180

apt-get update, 176

apt-get upgrade, 179

apt-key, 203

apt-mark auto, 200

apt-mark manual, 200

apt-xapian-index, 186

apt.conf.d/, 195

aptitude, 176, 190

aptitude dist-upgrade, 179

aptitude full-upgrade, 179

aptitude install, 177

aptitude markauto, 200

aptitude purge, 181

aptitude remove, 180

aptitude safe-upgrade, 179

aptitude search, 186

aptitude show, 186

aptitude unmarkauto, 200

aptitude update, 176

aptitude why, 200 architecture

multi-arch support, 200

ARM installations, 94 assessment

application, 291

black box, 292

formalization, 293

vulnerability, 284

white box, 292 attacks

client side, 297

database, 6

denial of service, 295 memory corruption, 295

password, 6, 296

types of, 294

web, 296

wireless, 6

auditing, security, 5 authentication

package authentication, 202 AuthName, Apache directive, 116 AuthType, Apache directive, 116 AuthUserFile, Apache directive, 116 automatic installation, 91 automatically installed packages, 199 avalanche effect, 163

axi-cache, 186


B

background process, 57

BackTrack, XXI, 2

bg, 57

BIOS, 24

block device file, 49 boot preseed, 92

boot screen, 67 bootable USB key, 19 bootloader, 83

BOOTP, 252

Breaks, header field, 209 broken dependency, 189

Bruce Schneier, 150

brute-force attacks, 296

buffer

overflow, 295

receive buffer, 156

bug report, 129

bugs.kali.org, 133

build dependencies, installation, 226 build options, 229

Build-Depends, 226 building

a custom live ISO image, 237 a package, 231


C

cache, proxy, 82

cat, 56

cd, 52

cdimage.kali.org, 14, 175

cdrom preseed, 93

certification, 302

chage, 108

chain, 154

changelog file, 266

changelog.Debian.gz, 126 character device file, 49 checksecurity, 164

checksums, 214

chef, 255

chfn, 108

chgrp, 58

chmod, 58 choice

of country, 69

of language, 68

chown, 58

chroot, 239

chsh, 108

client side attacks, 297

cluster, PostgreSQL cluster, 111, 113

command line, 51

communities, 128 comparison of versions, 185 compilation

of a kernel, 233

compliance penetration test, 288 component (of a repository), 173 conffiles, 214

confidentiality files, 85

config, debconf script, 214 configuration

creating configuration packages, 263 files, 214

initial configuration of APT, 81 management, 255

network DHCP, 71

static, 71

of the kernel, 235

program configuration, 110

conflicts, 208

Conflicts, header field, 208 contrib, section, 173

control, 206

control file, 266

control sum, 163

control.tar.gz, 211 copying, ISO image, 19 copyright, 127

copyright file, 265

country selection, 69

cp, 53

createdb, 112

createuser, 112 creation

of a PostgreSQL database, 112 of a PostgreSQL user, 112

of groups, 109

of user accounts, 107 credentials, default, 153

cross-site scripting (XSS), 296 cryptsetup, 243

nuke password, 246 customization of live ISO image, 237

D

database assessment, 6

database server, 111

dch, 226

dd, 22

debconf, 214

debconf-get, 97

debconf-get-selections, 94

debconf-set, 97

DEBEMAIL, 265

DEBFULLNAME, 265

Debian

relationship with Kali Linux, 4 Debian Administrator’s Handbook, 303 Debian Free Software Guidelines, 5 Debian GNU/Linux, 2

Debian Policy, 5

debian-archive-keyring, 203

debian-kernel-handbook, 233

debian/changelog, 226, 266

debian/control, 266

debian/copyright, 265

debian/patches, 225

debian/rules, 229, 267

debuild, 232

default passwords, 153

default.target, 117 deletion of a group, 109 delgroup, 109

denial of service, 295 dependency, 207

Depends, header field, 207 desktop environment, 3

choice during build of live ISO, 238 desktop-base, 263

detecting changes on the filesystem, 162 device file, 49

df, 60

dh-make, 264

dh_install, 267

DHCP, 252

dictionary attacks, 296

directives, Apache, 115, 116 DirectoryIndex, Apache directive, 115 disable an account, 109

disk preseed, 93

Disks (program), 20

diskutil, 23

distribution, Linux, 2

dm-crypt, 86

dmesg, 60

DNAT, 155

dnsmasq, 252

docs.kali.org, 127

documentation, 124, 126 download

ISO image, 14

the sources, 223

dpkg, 170

database, 212

dpkg --verify, 162

internal operation, 213

dpkg-buildpackage, 231

dpkg-deb, 232

dpkg-source --commit, 227 drive, USB drive, 19

DROP, 155

dropdb, 112

dropuser, 112

dual boot, 84


E

echo, 54

editor, 56

encrypted partition, 85

encrypted persistence, 243 engineering

reverse, 6

social engineering, 7 Enhances, header field, 208 environment

environment variable, 54 ExecCGI, Apache directive, 115

execution modules, salt, 256 execution, right, 57

experimental, 197

Explanation, 198

exploitation tools, 7


F

fail2ban, 152

features, 7

fg, 57 file

confidentiality, 85

configuration files, 214

file system, 49 filesystem

hierarchy, 54

filtering rule, 154, 157

find, 56

fingerprint, 163

firewall, 153

FollowSymLinks, Apache directive, 115 forensics, 7

mode, 8

formalization of the assessment, 293 format disk, 49

forums, 128

forums.kali.org, 128

FORWARD, 154

free, 60

Freenode, 128

fwbuilder, 160


G

get the sources, 223 getent, 108

git clone, 225

GitHub issues, 144

GNOME, 3

gnome-disk-utility, 20

gnome-system-monitor, 162 GNU

Info, 126

gpasswd, 109

GPG key, 17

graphical.target, 117

grep, 56 group

add a user, 108 change, 109

creation, 109

deletion, 109

of volumes, 86

owner, 57

groupmod, 109

GRUB, 83

gui-apt-key, 204

guided partitioning, 75


H

hardware discovery, 61

heap corruption, 295 history of Kali Linux, 2 HOME, 55

home directory, 55 host, virtual host, 114 htpasswd, 116

HTTP proxy, 82

HTTP server, 113

http.kali.org, 174

HTTPS, 114

Hyper-V, 25


I

ICMP, 156

id, 60, 109

ifupdown, 105

impersonation, 7

Includes, Apache directive, 115 incompatibilities, 209

Indexes, Apache directive, 115 info, 126

information gathering, 6

initrd preseed, 92

INPUT, 154

installation, 66

automatic, 91

of build dependencies, 226 on ARM devices, 94

package installation, 176, 177

troubleshooting, 95

unattended, 91

installer preseeding, 92

integer overflow, 295

Internet Control Message Protocol, 156 ip6tables, 153, 157

iptables, 153, 157

IRC channel, 128

isc-dhcp-server, 252 ISO image

authentication, 16

booting, 24

copying, 19

custom build, 237

download, 14

mirrors, 14

variants, 16


J

journal, 60

journalctl, 60


K

Kali Linux

communities, 128

documentation, 127

download, 14

features, 7

getting started, 14

history, 2

meta-packages, 239

policies, 9

relationship with Debian, 4 repositories, 173

kali-archive-keyring, 203

kali-bleeding-edge, 174, 197

kali-defaults, 263

kali-dev, 4, 174

kali-linux-* meta-packages, 239

kali-menu, 263

kali-meta, 263

kali-rolling, 4, 173

KDE, 3

kernel, 48

compilation, 233

configuration, 235

logs, 60

sources, 234

key

APT’s authentication keys, 204 USB key, 19

keyboard layout, 70

kill, 57

konqueror, 126

KVM, 25


L

language selection, 68

layout, keyboard, 70

less, 56

libapache-mod-php, 113

Linux, 48

distribution, 2

kernel, 2, 8

kernel sources, 234 live ISO image, 14

custom build, 237

live-boot, 240

live-build, 237

adding files, 240

debconf preseeding, 239

hooks, 239

packages to install, 238 loader

bootloader, 83

LOG, 155

logcheck, 161

logging, 161

Logical Volume Manager, 86

login, remote login, 110 logs

aptitude, 193

dpkg, 188

journal, 60

kernel, 60

monitoring, 161

ls, 52

lsdev, 61

lshw, 61

lspci, 61

lspcmcia, 61

lsusb, 61

LUKS, 86

LVM, 86

LXDE, 3


M

machine, virtual machine, 24 main, section, 173

make deb-pkg, 236

Makefile, 267

man, 124 management

configuration management, 255

of services, 117

manual pages, 124

manually installed packages, 199 mask

rights mask, 59

MASQUERADE, 155

master boot record, 84 master, salt master, 255 MATE, 3

MD5, 163

md5sums, 214

memory corruption, 295

menu, Kali Linux’s applications menu, 5 meta-package, 207, 209

kali-linux-*, 239

Metasploit Unleashed, 303 minion, salt minion, 255

mirrors, 14, 81, 174

mkdir, 53

mkfs, 49

modification of a package, 222 modification, right, 57

monitoring, 161

activity, 162

files, 163

log files, 161

more, 56

mount, 49

mount point, 79

Multi-Arch, 200

multi-user.target, 117

MultiViews, Apache directive, 115 mv, 53


N

netfilter, 153

network configuration, 71, 104

with ifupdown, 105

with NetworkManager, 104

with systemd-network, 106

network installation, 252

network mirrors, 81

network preseed, 93

network services, 10

securing, 153

NetworkManager, 104

newgrp, 58, 109

NEWS.Debian.gz, 126

non-free, section, 173

nuke password, 246


O

octal representation of rights, 59 Offensive Security, 2

openssh-server, 110

Options, Apache directive, 115 OUTPUT, 154

overflow, buffer, 295

overlay filesystem, 241

owner

group, 57

user, 57


P

package

authenticity check, 202

binary package, 170

build, 231

configuration, 263

conflict, 208

content inspection, 184

Debian package, 170

dependency, 207

file list, 181

header list, 184

incompatibility, 209

info, 184

installation, 176, 177

making changes, 226

meta-information, 204, 206

modification, 222

priority, 196

purge, 181

removal, 177, 180

replacement, 210

repository, 269

seal, 202

search, 182, 185

signature, 202

source of, 172

source package, 170

status, 182

unpacking, 177

version comparison, 185

virtual package, 209

package tracker, 4

Packages.xz, 171 packaging

build options, 229

configuration packages, 263 new upstream version, 229

packet

filter, 153

IP, 153

PAE (Physical Address Extension), 35 parted, 242

partition

encrypted, 85

swap partition, 79

partitioning, 74

guided partitioning, 75

manual partitioning, 77

passwd, 108

password, 108

attacks, 296

default passwords, 153

policy, 152

password attacks, 6

patch, 227

patch application, 227

PATH, 53

PCI, 288

penetration test compliance, 288

traditional, 289

penetration testing, 5 penetration testing course, 303 permissions, 57

persistence, 240

encrypted, 243

multiple stores, 244

pg_createcluster, 113

pg_ctlcluster, 113

pg_dropcluster, 113

pg_hba.conf, 111

pg_lsclusters, 113

pg_renamecluster, 113

pg_upgradecluster, 113

PGP key, 17

PHP, 113

PID, process identifier, 50 Pin, 198

Pin-Priority, 198

pinfo, 126

ping, 156

pinning, APT pinning, 196 point, mount point, 79 post exploitation, 7

PostgreSQL, 111

postinst, 211

postrm, 211

POSTROUTING, 154

pre-dependency, 207

Pre-Depends, header field, 207 preferences, 196

preinst, 211

prerm, 211

PREROUTING, 154

preseed file, 93

preseeding debian-installer, 92 priority

package priority, 196 program

configuration, 110 Provides, header field, 209 proxy, 82

proxy cache, 82

ps, 57

puppet, 255

purge of a package, 181 purging a package, 181 pwd, 52

PXE boot, 252


Q

QCOW, 30

QEMU, 25


R

read, right, 57

README.Debian, 126

receive buffer, 156 Recommends, header field, 208 REDIRECT, 155

redirection, 56

reinstallation, 189

REJECT, 155

Release.gpg, 203

remote login, 110 removal of a package, 177 removing a package, 180 replacement, 210

Replaces, header field, 210 report a bug, 129 reportbug, 139

reporting tools, 7 repository of packages, 269 reprepro, 269

Require, Apache directive, 116

requirements, minimal installation require- ments, 66

rescue mode of installer, 84 resize a partition, 77 retrieve the sources, 223 reverse engineering, 6

rights, 57

mask, 59

octal representation, 59

risk model, 150

risk ratings, 286

rkhunter, 164

rm, 53

rmdir, 53

Rolling, Kali Rolling, 3 root, 10

root password, 72, 153

RTFM, 124

rules file, 267


S

salt execution modules, 256 salt formulas, 258

salt state modules, 259 salt states, 258

salt-key, 255

saltstack, 255

samhain, 164

scanning threads, 286

Schneier, Bruce, 150 search of packages, 185 section

contrib, 173

main, 173

non-free, 173

secure boot, 24

securing, 150

a laptop, 152

a server, 152

network services, 153 security

assessments, 280

auditing, 5

policy, 150

service file, systemd service file, 117 services management, 117

setgid directory, 58

setgid, right, 58

setuid, right, 58

Setup, 24

sg, 109

SHA1, 163

SHA256SUMS, 16

shell, 52

shrink a partition, 77 signal, 57

signature

package signature, 202

SNAT, 155

sniffing, 7

social engineering tools, 7 source

of packages, 172

of the Linux kernel, 234 package, 170

retrieval, 223 source package

build, 231

making changes, 226

sources.list, 172

Sources.xz, 171

spoofing, 7

SQL injection, 296

SSH, 110

SSL, 114

state modules, salt, 259 sticky bit, 58

sudo, 10

Suggests, header field, 208 swap, 79

swap partition, 79

SymLinksIfOwnerMatch, Apache directive, 115 synaptic, 190, 194

system administration, 303

system services, 7 system, file system, 49 systemctl, 117

systemd, 117

systemd-network, 106

systemd-resolved, 107


T

target, systemd target, 117 TFTP, 252

tftpd-hpa, 252

threat model, 150

TLS, 114

top, 162 tracker

package tracker, 4 traditional penetration test, 289 training, 302

tripwire, 164

troubleshooting installations, 95 trust, web of trust, 17

trusted key, 204


U

UEFI, 24

ULOG, 155

umask, 59

uname, 60

unattended installation, 91

union mount, 241

unit, systemd unit, 117 unpacking

binary package, 177 upgrade

handling problems after an upgrade, 187 system upgrade, 179

upstream version, packaging a new one, 229 USB key, 19

user

owner, 57

user space, 48


V

variable, environment, 54 variants of live ISO image, 238 VDI, 30

version, comparison, 185

vigr, 107

vipw, 107

virtual host, 114

virtual machine, 24

virtual memory, 79

virtual package, 209

VirtualBox, 25

VMware, 25 volume

group, 86

logical volume, 86

physical volume, 86 vulnerability

analysis, 6

assessments, 284

client side, 297 denial of service, 295

memory corruption, 295

password, 296

scans, 286

types of, 294

web, 296


W

WantedBy, systemd directive, 118 Wants, systemd directive, 118 web access restriction, 116

web application analysis, 6 web attacks, 296

web authentication, 115 web of trust, 17

web server, 113

Win32 Disk Imager, 19 wireless attacks, 6

write, right, 57


X

XDG, 55

Xen, 25

Xfce, 3


Y

Top OS Cloud Computing at OnWorks: