Kali Linux Penetration Testing Bible. Gus Khawaja

Читать онлайн.
Название Kali Linux Penetration Testing Bible
Автор произведения Gus Khawaja
Жанр Зарубежная компьютерная литература
Серия
Издательство Зарубежная компьютерная литература
Год выпуска 0
isbn 9781119719076



Скачать книгу

survive in the penetration testing career. It's one of the pillars of the job if you're going to execute network infrastructure penetration tests.

      PC hosts have internal IP addresses to connect with the network, and they have a public IP address to communicate with the outside world. The latter is the mission of your home router, and you don't manage it locally on your localhost. On the other hand, you must maintain the internal network IP addresses, which are either static (you define it) or automatically assigned by a DHCP server (which is generally your home router).

      IPv4 Private Address Ranges

      Internal IP addresses (aka private IP addresses) for IPv4 have multiple ranges: classes A, B, and C.

       Class A: 10.0.0.0 to 10.255.255.255 or 10.0.0.0/8 (up to 16,777,214 hosts)

       Class B: 172.16.0.0 to 172.31.255.255 or 172.16.0.0/12 (up to 1,048,574 hosts)

       Class C: 192.168.0.0 to 192.168.255.255 or 192.168.0.0/24 (up to 254 hosts)

      Let's take a quick look at our Kali host IP address. To get the information about our network interface, execute the popular ifconfig command (take note that there has been a shift to use the ip addr command lately instead of ifconfig ).

Snapshot of Kali Network Interfaces.

      There are two important facts to understand about our Ethernet adapter eth0 . First, inet 10.0.0.246 represents the Kali host IP address that was assigned automatically by the DHCP server. The second part is the netmask, which means that we're using a /24 subnet; in other words, we only need 254 hosts to be assigned on this IP range.

      The second interface is lo , which represents a local loopback; you will never touch this since the network infrastructure will need it to operate correctly.

      There are two common other interfaces that you will encounter; the first one is the wireless interface if you're connected wirelessly instead of the wire. The second is the VPN interface, if you're connected to a remote VPN server.

      Static IP Addressing

       Static IP address (it's going to be 10.0.0.20 in my case; in your case, it has to match your private IP address range)

       Subnetmask or CIDR (/24 means 255.255.255.0)

       Router/gateway IP address (my router IP address is 10.0.0.1; yours could be different)

Snapshot of Static IP Configs. Snapshot of Testing Internet Connection.

      Take note that we're using 10.0.0.0 network as our main VLAN (virtual network). In fact, we have multiple VLANs in our home network. For example, we have a VLAN for IoT devices, but why? It's because we want IoT devices to be on a separate network (10.0.50.0/24) without interfering with my main production hosts.

      Companies implement the same concept. Ideally, they have a development environment that is different than the production environment network VLAN.

      DNS

      The Domain Name System (DNS) translates domain names into IP addresses. For example, instead of typing https://172.217.13.132 , you simply type https://google.com. The question is, how did I come up with the IP address? Use the host command on your terminal window:

      $host [domain name] root@kali:/# host google.com google.com has address 172.217.13.174 google.com has IPv6 address 2607:f8b0:4020:806::200e google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com.

      The DNS is divided into two categories: public and private (like the IP addresses). The Google DNS address is public so that anyone connected to the internet can reach Google's website.

      On the other hand, we can have private DNS for our local intranet. This can be set up using a DNS server (e.g., Microsoft Windows Server) or your router if it has a built‐in DNS server. In my home network, I defined a domain called ksec.local . Each host on the network will have a domain name that corresponds to its IP address. For example, my file server domain name is ds‐server.ksec.local (because the server hostname is ds‐server ), and the router/DNS server will manage all the DNS A records (an A record is a mapping between IPv4 addresses and domain names):

      root@kali:~# host ds-server.ksec.local ds-server.ksec.local has address 10.0.0.177

      If you specify a nonexisting DNS record, you will get an error message (this is useful to brute‐force the DNS records):

      Take note that you can add your own static DNS records inside your Kali host. The file is located at /etc/hosts , and here you can redirect any domain name to any live IP address. (This is how DNS poisoning works; the hacker will manipulate the A records to point to his server IP address.)

      root@kali:~# cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 kali # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

      You'll learn more about this subject later in this book, and you will learn how DNS brute‐forcing and zone transfers