Programming Errors 324
Buffer Overflows 325
Heap Overflows 327
Return to libc 329
Writing Nmap Modules 330
Extending Metasploit 333
Disassembling and Reverse Engineering 336
Debugging 337
Disassembling 341
Tracing Programs 343
Other File Types 345
Maintaining Access and Cleanup 346
Metasploit and Cleanup 346
Maintaining Access 347
Summary 349
Useful Resources 349
11.
Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Determining Threat Potential and Severity 352
Writing Reports 354
Audience 354
Executive Summary 355
Methodology 356
Findings 357
Taking Notes 358
Text Editors 358
GUI-Based Editors 360
Notes 361
Capturing Data 362
Organizing Your Data 364
Dradis Framework 365
CaseFile 368
Summary 370
Useful Resources 370
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
viii | Table of Contents
Preface
A novice was trying to fix a broken Lisp machine by turning the power off and on.
Knight, seeing what the student was doing, spoke sternly: “You cannot fix a machine
by just power-cycling it with no understanding of what is going wrong.”
Knight turned the machine off and on.
The machine worked.
—
AI Koan
One of the places over the last half century
that had a deep hacker culture, in the
sense of learning and creating, was the Massachusetts Institute of Technology (MIT)
and,
specifically, its Artificial Intelligence Lab. The hackers at MIT generated a lan‐
guage and culture that created words and a unique sense of humor. The preceding
quote is an AI koan, modeled on the koans of Zen, which
were intended to inspire
enlightenment. Similarly, this koan is one of my favorites because of what it says: it’s
important to know how things work.
Knight
, by the way,
refers to Tom Knight, a
highly respected programmer at the AI Lab at MIT.
The intention for this book is to teach readers about the capabilities of Kali Linux
through the lens of security testing. The idea is to help you better understand how
and why things work. Kali Linux is a security-oriented
Linux distribution, so it ends
up being popular with people who do security testing or penetration testing for either
sport or vocation. While it does have its uses as a general-purpose
Linux distribution
and for use with forensics and other related tasks, it really was designed with security
testing in mind. As such, most of the book’s content focuses
on using tools that Kali
provides. Many of these tools are not necessarily easily available with other Linux dis‐
tributions. While the tools can be installed, sometimes built from source,
installation
is easier if the package is in the distribution’s repository.
