Kali Linux Penetration Testing Bible Gus Khawaja Copyright © 2021 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-119-71908-3 ISBN: 978-1-119-71964-9 (ebk) ISBN: 978-1-119-71907-6 (ebk) Manufactured in the United States of America No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Per- missions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Nei- ther the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http:// booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2021904285 Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Linux is a reg- istered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. About the Author Gus Khawaja is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada, and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and an online instructor in the field of cybersecurity. iii About the Technical Editor Corey Ball is a cybersecurity expert with more than 10 years of IT and cybersecurity leadership experience. He specializes in penetration testing APIs, web applications, and networks. He currently has more than 10 cybersecurity certifications including the OSCP, CISSP, CISM, and CCISO. Corey is a cyberse- curity career mentor for Cybrary and the author of the upcoming book Hacking APIs. He has a bachelor of arts in English and philosophy from CSU Sacramento. iv Acknowledgments I have been fortunate to share my knowledge and expertise with my audience through Wiley. I hope this knowledge will make you the best expert in your career as a penetration tester. I am especially grateful to my family who supported me to deliver 18 full chapters of this book. A full year of nonstop writing takes a lot of guts, but it’s here for you, so take advantage of it. I am blessed that I have background experience in programming that helped me a lot in my career as a penetration tester and as an application security expert. You will realize that these days, having skills in web application architecture will allow you to master this career. Finally, I would like to thank Wiley’s team members who supported me dur- ing the journey of writing this amazing book. Without this support, this book would never have seen the light of day! v Contents at a Glance Introduction xx Chapter 1 Mastering the Terminal Window 1 Chapter 2 Bash Scripting 49 Chapter 3 Network Hosts Scanning 65 Chapter 4 Internet Information Gathering 89 Chapter 5 Social Engineering Attacks 105 Chapter 6 Advanced Enumeration Phase 125 Chapter 7 Exploitation Phase 161 Chapter 8 Web Application Vulnerabilities 199 Chapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231 Chapter 10 Linux Privilege Escalation 257 Chapter 11 Windows Privilege Escalation 273 Chapter 12 Pivoting and Lateral Movement 305 Chapter 13 Cryptography and Hash Cracking 319 Chapter 14 Reporting 345 Chapter 15 Assembly Language and Reverse Engineering 353 Chapter 16 Buffer/Stack Overflow 369 vi Contents at a Glance vii Chapter 17 Programming with Python 389 Chapter 18 Pentest Automation with Python 411 Appendix A Kali Linux Desktop at a Glance 427 Appendix B Building a Lab Environment Using Docker 467 Index 477 Contents Introduction xx Chapter 1 Mastering the Terminal Window 1 Kali Linux File System 2 Terminal Window Basic Commands 3 Tmux Terminal Window 6 Starting Tmux 6 Tmux Key Bindings 7 Tmux Session Management 7 Navigating Inside Tmux 9 Tmux Commands Reference 9 Managing Users and Groups in Kali 10 Users Commands 10 Groups Commands 14 Managing Passwords in Kali 14 Files and Folders Management in Kali Linux 15 Displaying Files and Folders 15 Permissions 16 Manipulating Files in Kali 19 Searching for Files 20 Files Compression 21 Manipulating Directories in Kali 23 Mounting a Directory 23 Managing Text Files in Kali Linux 24 Vim vs. Nano 26 Searching and Filtering Text 27 viii