Learning Kali Linux

Section 1: What Is Ethical Hacking?

In this section, we will learn about the concept of ethical hacking and penetration testing. There are
certain responsibilities and legal obligations that need to be understood and they differentiate an ethical
hacker from a malicious hacker.

 The Course Overview

 Penetration Testing
 White Box Versus Black Box Versus Gray Box
 Vulnerability Assessment Versus Penetration Testing
 Ethical Hacker Responsibilities and Customer Expectations
 Laws and Legal Obligations

1.1 The Course Overview

This video provides an overview of the entire course.

1.2 Penetration Testing

In this video, we will understand the role of an ethical hacker.

 Understand the concept of ethical hacking and penetration testing

 Understand the goals of an ethical hacker or penetration tester
 Understand the high level process of ethical hacking engagement

1.3 White Box Versus Black Box Versus Gray Box

In this video, we will learn the different techniques involved in ethical hacking.

 Understand white box method

 Understand black box method
 Understand gray box method

1.4 Vulnerability Assessment Versus Penetration Testing

In this video, we will learn the differences between vulnerability assessment and penetration testing (or
ethical hacking).

 Understand vulnerabilities, threats, and risks

 Understand vulnerability assessment and challenges
 Understand the difference between penetration testing and vulnerability assessment

1.5 Ethical Hacker Responsibilities and Customer Expectations

In this video, we will learn the challenges and expectations that come with ethical hacking.

 Understand the responsibilities of an ethical hacker

 Get to know the goals and expectations of the customer
 Understand the challenges and limitations

1.6 Laws and Legal Obligations

In this video, we will learn about the regulations around ethical hacking.

 Understand law and legal implications

 Learn how to stay safe while doing tests
 Learn the various ethical hacking methodologies

Section 2: Ethical Hacking Process

Ethical hacking is a multi-step process from initial identification and investigation to final exploitations
and reporting. There are tools and applications for each step in Kali Linux which we will introduce
later.

 Preparation Steps for Penetration Testing

 First Step of Penetration Testing – Reconnaissance
 Scanning, Enumeration, and Fingerprinting
 Vulnerability Assessment
 Exploitation and Access
 Reporting

2.1 Preparation Steps for Penetration Testing

In this video, we will learn how to get prepared for ethical hacking (penetration testing).

 Understand the contract and agreement requirements

 Prepare the environment
 Look at the steps of penetration testing

2.2 First Step of Penetration Testing – Reconnaissance

In this video, we will learn about the reconnaissance step of ethical hacking.

 Get introduced to the concept and importance of reconnaissance

 Understand passive reconnaissance
 Understand active reconnaissance
2.3 Scanning, Enumeration, and Fingerprinting

In this video, we will learn what scanning and enumeration is and how they help in process of ethical
hacking.

 Understand scanning concept and methods

 Understand Enumeration and fingerprinting
 Get to know some of the tools

2.4 Vulnerability Assessment

In this video, we will learn about vulnerability assessment.

 Understand vulnerabilities and vulnerability assessment

 Understand passive vs. active vulnerability assessment
 Show some examples of common vulnerabilities

2.5 Exploitation and Access

In this video, we will learn what exploitation is in ethical hacking.

 Understand the common techniques of exploitation

 Maintain access after successful exploit
 Understand the concerns and considerations post-exploitation

2.6 Reporting

In this video, we will learn the reporting requirements.

 Report items
 Understand the customer expectation from reporting

Section 3: Creating the Test Lab with Kali Linux

In this section, you will learn how to build a test lab on a virtual environment with Kali Linux. We will use
Oracle VirtualBox, Kali Linux and a vulnerable OS. You will learn how to set up a virtual network
including all required components on a single pc or laptop.

 Test Lab Requirements

 Diagram and Design
 Test Connectivity

3.1 Test Lab Requirements

In this video, we will learn the requirements for building a hacking test lab.

 Understand the standard laptop/computer requirements

 Understand the software installation requirements
 Understand the virtual images requirements

3.2 Diagram and Design

In this video, we will learn how a hacking test lab is designed and setup on a single computer.

 Learn the diagram and design of the lab

 Get the IP address
 Get the VirtualBox settings and configuration

3.3 Test Connectivity

In this video, we will learn how to setup the IP addressing, networking and connectivity.

 Understand the IP address configuration on Kali Linux

 Learn how to hack and set IP address on VulnOS
 Test connectivity

Section 4: Reconnaissance

The first step of ethical hacking process is reconnaissance. This is when we start gathering as much as
information we can about a target. There are different tools available on Kali Linux which can help with
this, as well as other methods which can be used online.

 Passive Reconnaissance – Part 1

 Passive Reconnaissance – Part 2
 Active Reconnaissance
 Dmitry
 Maltego

4.1 Passive Reconnaissance – Part 1

In this video, we will learn what passive reconnaissance is, its methods and tools.

 Learn the definition of passive reconnaissance

 Use nslookup command
 Use dig command

4.2 Passive Reconnaissance – Part 2

In this video, we will continue to learn the methods and tools involved in passive reconnaissance.

 Use traceroute command

 Use whois database
 Look at a few useful websites for your reference

4.3 Active Reconnaissance

In this video, we will learn what active reconnaissance is, its methods and tools.

 Learn the definition of active reconnaissance

 Use telnet, SSH, email NDR, nslookup
 Learn a few more tools and techniques

4.4 Dmitry

In this video, we will learn what Dmitry is, and how it works.

 Learn about the Dmitry command line tool

 Learn Dmitry command line options
 Understand the uses of Dmitry

4.5 Maltego

In this video, we will learn what Maltego is, and how it works.

 Understand what Maltego is

 Initiate Maltego
 Learn how to use Maltego

Section 5: Scanning – Part 1

In this section, you will learn about Nmap which is one of the biggest and most popular network and
host scanning tools. Using Nmap, there are a lot which can be done, including discovering and
identifying hosts and networks.

 TCP, UDP and, ICMP Scanning

 Nmap – ICMP Scan
 Nmap – TCP Scan
 Nmap – Advanced TCP Scans
 Nmap – UDP Scan

5.1 TCP, UDP and, ICMP Scanning

In this video, we will learn about different scanning methods.

 Learn about ICMP scanning

 Understand TCP scanning
 Understand UDP scanning

5.2 Nmap – ICMP Scan

In this video, we will learn how to use Nmap for ICMP scanning.

 Learn about Nmap

 Understand PING scan
 Learn about traceroute scan

5.3 Nmap – TCP Scan

In this video, we will learn how to use Nmap for TCP scanning.

 Understand basic TCP scan

 Learn about TCP scan with no ping
 Understand TCP scan with exclusion

5.4 Nmap – Advanced TCP Scans

In this video, we will learn how to perform special TCP scans using Nmap.

 Understand SYN scan

 Understand FIN and NULL scans
 Learn about Xmas scan

5.5 Nmap – UDP Scan

In this video, we will learn how to use Nmap for UDP scans.

 Understand basic UDP scan

 Learn about UDP scan with no ping
 Understand specific port scans

Section 6: Scanning – Part 2

In this section, we continue with Nmap capabilities and teach you methods to avoid being detected by
firewalls and IPS when using Nmap. Script engine is one of the most powerful parts of Nmap which can
be used to perform special tasks and assessments. We will also learn how to use hping3 which is another
scanning tool available on Kali.

 OS Detection
 Avoid Detection
 Nmap – Scripts and Script Engine
 Nmap Troubleshooting
 hping3

6.1 OS Detection

In this video, we will learn how Nmap can detect operating systems.

 Use Nmap for OS detection

 Limiting the scope of OS detection
 Use OSScan to guess the OS

6.2 Avoid Detection

In this video, we will learn how to avoid detection by IDS/IPS when scanning.

 Adjust aggressiveness for scanning times

 Delay scans for better security
 Perform decoy scan

6.3 Nmap – Scripts and Script Engine

In this video, we will learn what Nmap scripts are and how to use them.

 Get introduced to the Nmap Script engine

 Look into default scripts
 Look at specific scripts

6.4 Nmap Troubleshooting

In this video, we will learn how to troubleshoot and debug using Nmap.

 Perform the steps for troubleshooting

 Learn how to debug
 Learn about networking

6.5 hping3

In this video, we will learn how scanning works using hping3.

  Understand what hping3 is
 Perform scanning with hping3
 Understand DoS attacks with hping3

Section 7: Vulnerability Scanning and Exploitation

Once all the initial tests and scans are done, and we know about hosts, services and possibilities, it is
time to take action and start the penetration process. In this section, we will discuss some useful tools
on Kali to perform vulnerability testing and exploitation. Keep in mind, the steps you will learn on this
chapter are intrusive and can be illegal if it is done without permission.

 Nikto
 Sparta
 Ettercap
 Metasploit
 Armitage

7.1 Nikto

In this video, we will see what Nikto is and how it works.

 Get an introduction to Nikto

 Understand vulnerability scanning with Nikto
 Learn about vulnerability scanners (Nesus, OpenVAS, Qualys, Rapid7)

7.2 Sparta

In this video, we will learn what Sparta is and how it is used.

 Get an introduction to Sparta

 Understand vulnerability assessment with Sparta
 Understand brute force attack with Sparta

7.3 Ettercap

In this video, we will learn what Ettercap is and how it is used.

 Get an introduction to Ettercap

 Understand man-in-the-middle attack with ARP poisoning
 Understand DHCP spoofing

7.4 Metasploit
In this video, we will understand how Metasploit is used for penetration attacks.

 Get an introduction to Metasploit

 Learn how to use Metasploit

7.5 Armitage

In this video, we will learn what Armitage is and how it is used.

 Get an introduction to Armitage

 Learn how to use Armitage
 Understand exploitation with Armitage

Section 8: Exploitation and Backdoors

Exploitation is the most difficult and challenging part of penetration testing. There are a lot of different
techniques that could be used for exploitation. We learnt about Metasploit and using vulnerabilities in
the previous section. In this section we will learn about social engineering attempts and backdoor
techniques.

 Spear Phishing Attacks

 Credential Harvesting with Website Cloning
 Netcat
 John the Ripper

8.1 Spear Phishing Attacks

In this video, we will see how spear phishing attacks are done using social engineering toolkit.

 Understand what SET is

 Understand what spear phishing is
 Perform spear phishing with SET

8.2 Credential Harvesting with Website Cloning

In this video, we will see how credential harvesting is done using social engineering toolkit.

 Understand what credential harvesting is

 Use SET for credential harvesting
 Understand website cloning

8.3 Netcat
In this video, we will see what Netcat is and how it works.

 Get an introduction to Netcat

 Understand why backdoors are needed
 Learn how to create a backdoor using Netcat

8.4 John the Ripper

In this video, we will look at password cracking with John the Ripper.

 Understand how John the Ripper is used

 Use Crunch password file generator
 Use John the ripper and crunch together