Documentation12.3.2. Towards Penetration Testing
You probably noticed by now that this book did not teach you penetration testing. But the things you learned are still important. You are now ready to fully exploit the power of Kali Linux, the best penetration testing framework. And you have the basic Linux skills required to participate in Offensive Security’s training.
If you feel that you are not yet ready for a paid course, you can start by following the Metasploit Unleashed2 free online training. Metasploit is a very popular penetration testing tool and you have to know it if you are serious about your plans to learn penetration testing.
The next logical step would then be to follow the Penetration Testing with Kali Linux3 online course leading the path to the famous “Offensive Security Certified Professional” certification. This online course can be followed at your own pace but the certification is actually a difficult, 24h long, real-word, hands-on penetration test which takes place in an isolated VPN network.
Are you up to the challenge?
2https://www.offensive-security.com/metasploit-unleashed/ 3https://www.offensive-security.com/information-security-training/
Index
_
.config, 235
.d, 195
.htaccess, 116
/dev, 48
/etc/apt/apt.conf.d/, 195
/etc/apt/preferences, 196
/etc/apt/sources.list, 172
/etc/apt/trusted.gpg.d/, 203
/etc/group, 107
/etc/gshadow, 107
/etc/network/interfaces, 105
/etc/passwd, 107
/etc/salt/minion, 255
/etc/shadow, 107
/etc/ssh/sshd_config, 110
/proc, 48
/sys, 48
/var/lib/dpkg/, 212
/var/www/html/, 114
32-bit CPU, 16
64-bit CPU, 16
A
a2dismod, 113
a2enmod, 113
a2ensite, 114
ACCEPT, 155
account
creation, 107
disable, 109
modification, 108
activity, monitoring, 162
add a user to a group, 108 addgroup, 109
adduser, 108
administrator password, 72 Advanced Package Tool, 171 aide (Debian package), 163
AllowOverride, Apache directive, 115, 116 analysis
vulnerability, 6
web application, 6
ansible, 255
Apache, 113
directives, 115
Apache directives, 116
application assessments, 291 applications
collection, 10
menu, 5 applying a patch, 227 apropos, 124
APT, 171
configuration, 195
header display, 185
initial configuration, 81
interfaces, 190
package search, 185
pinning, 196
preferences, 196
apt, 176
apt build-dep, 226
apt dist-upgrade, 179
apt full-upgrade, 179
apt install, 177
apt purge, 180
apt remove, 180
apt search, 186
apt show, 186
apt source, 223
apt update, 176
apt upgrade, 179
apt-cache, 185
apt-cache dumpavail, 187
apt-cache pkgnames, 187
apt-cache policy, 187
apt-cache search, 186
apt-cache show, 186
apt-cdrom, 172
apt-get, 176
apt-get dist-upgrade, 179
apt-get install, 177
apt-get purge, 181
apt-get remove, 180
apt-get update, 176
apt-get upgrade, 179
apt-key, 203
apt-mark auto, 200
apt-mark manual, 200
apt-xapian-index, 186
apt.conf.d/, 195
aptitude, 176, 190
aptitude dist-upgrade, 179
aptitude full-upgrade, 179
aptitude install, 177
aptitude markauto, 200
aptitude purge, 181
aptitude remove, 180
aptitude safe-upgrade, 179
aptitude search, 186
aptitude show, 186
aptitude unmarkauto, 200
aptitude update, 176
aptitude why, 200 architecture
multi-arch support, 200
ARM installations, 94 assessment
application, 291
black box, 292
formalization, 293
vulnerability, 284
white box, 292 attacks
client side, 297
database, 6
denial of service, 295 memory corruption, 295
password, 6, 296
types of, 294
web, 296
wireless, 6
auditing, security, 5 authentication
package authentication, 202 AuthName, Apache directive, 116 AuthType, Apache directive, 116 AuthUserFile, Apache directive, 116 automatic installation, 91 automatically installed packages, 199 avalanche effect, 163
axi-cache, 186
B
background process, 57
BackTrack, XXI, 2
bg, 57
BIOS, 24
block device file, 49 boot preseed, 92
boot screen, 67 bootable USB key, 19 bootloader, 83
BOOTP, 252
Breaks, header field, 209 broken dependency, 189
Bruce Schneier, 150
buffer
overflow, 295
receive buffer, 156
bug report, 129
bugs.kali.org, 133
build dependencies, installation, 226 build options, 229
Build-Depends, 226 building
a custom live ISO image, 237 a package, 231
C
cat, 56
cd, 52
cdimage.kali.org, 14, 175
certification, 302
chage, 108
chain, 154
changelog file, 266
changelog.Debian.gz, 126 character device file, 49 checksecurity, 164
checksums, 214
chef, 255
chfn, 108
chgrp, 58
chmod, 58 choice
of country, 69
of language, 68
chown, 58
chroot, 239
chsh, 108
cluster, PostgreSQL cluster, 111, 113
communities, 128 comparison of versions, 185 compilation
of a kernel, 233
compliance penetration test, 288 component (of a repository), 173 conffiles, 214
config, debconf script, 214 configuration
creating configuration packages, 263 files, 214
initial configuration of APT, 81 management, 255
static, 71
of the kernel, 235
conflicts, 208
Conflicts, header field, 208 contrib, section, 173
control, 206
control file, 266
control sum, 163
control.tar.gz, 211 copying, ISO image, 19 copyright, 127
copyright file, 265
cp, 53
createdb, 112
createuser, 112 creation
of a PostgreSQL database, 112 of a PostgreSQL user, 112
of groups, 109
of user accounts, 107 credentials, default, 153
cross-site scripting (XSS), 296 cryptsetup, 243
nuke password, 246 customization of live ISO image, 237
D
database server, 111
dch, 226
dd, 22
debconf, 214
debconf-get, 97
debconf-set, 97
DEBEMAIL, 265
DEBFULLNAME, 265
Debian
relationship with Kali Linux, 4 Debian Administrator’s Handbook, 303 Debian Free Software Guidelines, 5 Debian GNU/Linux, 2
debian/changelog, 226, 266
debian/control, 266
debian/patches, 225
debian/rules, 229, 267
default.target, 117 deletion of a group, 109 delgroup, 109
denial of service, 295 dependency, 207
Depends, header field, 207 desktop environment, 3
choice during build of live ISO, 238 desktop-base, 263
detecting changes on the filesystem, 162 device file, 49
dh_install, 267
DHCP, 252
directives, Apache, 115, 116 DirectoryIndex, Apache directive, 115 disable an account, 109
DNAT, 155
dnsmasq, 252
docs.kali.org, 127
documentation, 124, 126 download
the sources, 223
database, 212
dpkg --verify, 162
dpkg-source --commit, 227 drive, USB drive, 19
DROP, 155
dropdb, 112
dropuser, 112
E
editor, 56
encrypted persistence, 243 engineering
reverse, 6
social engineering, 7 Enhances, header field, 208 environment
environment variable, 54 ExecCGI, Apache directive, 115
execution modules, salt, 256 execution, right, 57
F
fg, 57 file
file system, 49 filesystem
filtering rule, 154, 157
find, 56
fingerprint, 163
firewall, 153
FollowSymLinks, Apache directive, 115 forensics, 7
formalization of the assessment, 293 format disk, 49
FORWARD, 154
G
get the sources, 223 getent, 108
git clone, 225
gnome-system-monitor, 162 GNU
gpasswd, 109
grep, 56 group
add a user, 108 change, 109
creation, 109
deletion, 109
owner, 57
groupmod, 109
GRUB, 83
H
heap corruption, 295 history of Kali Linux, 2 HOME, 55
home directory, 55 host, virtual host, 114 htpasswd, 116
HTTP proxy, 82
HTTP server, 113
HTTPS, 114
I
ICMP, 156
ifupdown, 105
Includes, Apache directive, 115 incompatibilities, 209
Indexes, Apache directive, 115 info, 126
INPUT, 154
of build dependencies, 226 on ARM devices, 94
package installation, 176, 177
Internet Control Message Protocol, 156 ip6tables, 153, 157
isc-dhcp-server, 252 ISO image
booting, 24
custom build, 237
variants, 16
J
K
Kali Linux
documentation, 127
history, 2
meta-packages, 239
relationship with Debian, 4 repositories, 173
kali-linux-* meta-packages, 239
kali-rolling, 4, 173
kernel, 48
compilation, 233
configuration, 235
key
APT’s authentication keys, 204 USB key, 19
kill, 57
L
less, 56
Linux, 48
kernel sources, 234 live ISO image, 14
custom build, 237
live-build, 237
hooks, 239
packages to install, 238 loader
bootloader, 83
LOG, 155
login, remote login, 110 logs
ls, 52
M
machine, virtual machine, 24 main, section, 173
Makefile, 267
man, 124 management
manual pages, 124
manually installed packages, 199 mask
MASQUERADE, 155
master boot record, 84 master, salt master, 255 MATE, 3
MD5, 163
md5sums, 214
memory corruption, 295
menu, Kali Linux’s applications menu, 5 meta-package, 207, 209
kali-linux-*, 239
Metasploit Unleashed, 303 minion, salt minion, 255
mkdir, 53
modification of a package, 222 modification, right, 57
activity, 162
files, 163
more, 56
Multi-Arch, 200
MultiViews, Apache directive, 115 mv, 53
N
netfilter, 153
network configuration, 71, 104
with ifupdown, 105
securing, 153
O
octal representation of rights, 59 Offensive Security, 2
openssh-server, 110
Options, Apache directive, 115 OUTPUT, 154
owner
group, 57
user, 57
P
package
build, 231
conflict, 208
file list, 181
installation, 176, 177
making changes, 226
meta-information, 204, 206
priority, 196
purge, 181
source of, 172
unpacking, 177
Packages.xz, 171 packaging
build options, 229
configuration packages, 263 new upstream version, 229
packet
filter, 153
IP, 153
PAE (Physical Address Extension), 35 parted, 242
partition
encrypted, 85
passwd, 108
password, 108
attacks, 296
PATH, 53
penetration test compliance, 288
penetration testing, 5 penetration testing course, 303 permissions, 57
encrypted, 243
pg_ctlcluster, 113
pg_dropcluster, 113
pg_hba.conf, 111
pg_lsclusters, 113
PHP, 113
PID, process identifier, 50 Pin, 198
ping, 156
pinning, APT pinning, 196 point, mount point, 79 post exploitation, 7
PostgreSQL, 111
POSTROUTING, 154
Pre-Depends, header field, 207 preferences, 196
PREROUTING, 154
preseeding debian-installer, 92 priority
package priority, 196 program
configuration, 110 Provides, header field, 209 proxy, 82
proxy cache, 82
ps, 57
puppet, 255
purge of a package, 181 purging a package, 181 pwd, 52
PXE boot, 252
Q
R
read, right, 57
receive buffer, 156 Recommends, header field, 208 REDIRECT, 155
redirection, 56
reinstallation, 189
REJECT, 155
Release.gpg, 203
remote login, 110 removal of a package, 177 removing a package, 180 replacement, 210
Replaces, header field, 210 report a bug, 129 reportbug, 139
reporting tools, 7 repository of packages, 269 reprepro, 269
Require, Apache directive, 116
requirements, minimal installation require- ments, 66
rescue mode of installer, 84 resize a partition, 77 retrieve the sources, 223 reverse engineering, 6
rights, 57
risk model, 150
rkhunter, 164
rm, 53
rmdir, 53
Rolling, Kali Rolling, 3 root, 10
root password, 72, 153
RTFM, 124
rules file, 267
S
salt execution modules, 256 salt formulas, 258
salt state modules, 259 salt states, 258
salt-key, 255
saltstack, 255
samhain, 164
Schneier, Bruce, 150 search of packages, 185 section
contrib, 173
main, 173
non-free, 173
secure boot, 24
securing, 150
network services, 153 security
policy, 150
service file, systemd service file, 117 services management, 117
Setup, 24
sg, 109
SHA1, 163
SHA256SUMS, 16
shell, 52
shrink a partition, 77 signal, 57
signature
SNAT, 155
social engineering tools, 7 source
of packages, 172
of the Linux kernel, 234 package, 170
retrieval, 223 source package
build, 231
making changes, 226
sources.list, 172
Sources.xz, 171
SQL injection, 296
SSH, 110
SSL, 114
state modules, salt, 259 sticky bit, 58
sudo, 10
Suggests, header field, 208 swap, 79
SymLinksIfOwnerMatch, Apache directive, 115 synaptic, 190, 194
system services, 7 system, file system, 49 systemctl, 117
T
target, systemd target, 117 TFTP, 252
tftpd-hpa, 252
threat model, 150
TLS, 114
top, 162 tracker
package tracker, 4 traditional penetration test, 289 training, 302
tripwire, 164
troubleshooting installations, 95 trust, web of trust, 17
U
UEFI, 24
ULOG, 155
unit, systemd unit, 117 unpacking
binary package, 177 upgrade
handling problems after an upgrade, 187 system upgrade, 179
upstream version, packaging a new one, 229 USB key, 19
user
owner, 57
user space, 48
V
variable, environment, 54 variants of live ISO image, 238 VDI, 30
vigr, 107
vipw, 107
virtual host, 114
VMware, 25 volume
physical volume, 86 vulnerability
assessments, 284
client side, 297 denial of service, 295
memory corruption, 295
password, 296
types of, 294
web, 296
W
WantedBy, systemd directive, 118 Wants, systemd directive, 118 web access restriction, 116
web application analysis, 6 web attacks, 296
web authentication, 115 web of trust, 17
web server, 113
Win32 Disk Imager, 19 wireless attacks, 6
X
Y