Kali Linux Penetration Testing Bible. Gus KhawajaЧитать онлайн книгу.
survive in the penetration testing career. It's one of the pillars of the job if you're going to execute network infrastructure penetration tests.
PC hosts have internal IP addresses to connect with the network, and they have a public IP address to communicate with the outside world. The latter is the mission of your home router, and you don't manage it locally on your localhost. On the other hand, you must maintain the internal network IP addresses, which are either static (you define it) or automatically assigned by a DHCP server (which is generally your home router).
IPv4 Private Address Ranges
Internal IP addresses (aka private IP addresses) for IPv4 have multiple ranges: classes A, B, and C.
Class A: 10.0.0.0 to 10.255.255.255 or 10.0.0.0/8 (up to 16,777,214 hosts)
Class B: 172.16.0.0 to 172.31.255.255 or 172.16.0.0/12 (up to 1,048,574 hosts)
Class C: 192.168.0.0 to 192.168.255.255 or 192.168.0.0/24 (up to 254 hosts)
The biggest range is class A for corporations, but you can use it at home. (No one will stop you from doing that, and guess what? I use it myself for my home network.) The second, class B, is for small/midrange/big companies (depending on the number of hosts). The third is class C; this range is limited but is suitable for home users and small office/home office (SOHO) environments.
Let's take a quick look at our Kali host IP address. To get the information about our network interface, execute the popular ifconfig
command (take note that there has been a shift to use the ip addr
command lately instead of ifconfig
).
According to Figure 1.17, we have two network interfaces. The first one on the top, eth0
, is the Ethernet adapter that connects my Kali host with the internal network. If we had a second Ethernet adapter, it would be eth1
. (Take note that if you're using a wireless adapter on your host, then you will see wlan0
, wlan1
, etc.)
Figure 1.17 Kali Network Interfaces
There are two important facts to understand about our Ethernet adapter eth0
. First, inet 10.0.0.246
represents the Kali host IP address that was assigned automatically by the DHCP server. The second part is the netmask, which means that we're using a /24 subnet; in other words, we only need 254 hosts to be assigned on this IP range.
The second interface is lo
, which represents a local loopback; you will never touch this since the network infrastructure will need it to operate correctly.
There are two common other interfaces that you will encounter; the first one is the wireless interface if you're connected wirelessly instead of the wire. The second is the VPN interface, if you're connected to a remote VPN server.
Static IP Addressing
If you want to assign a fixed IP address to your Kali host, you will need to edit the configuration file /etc/network/interfaces
. In the following new configuration, shown in Figure 1.18, add these three main components:
Static IP address (it's going to be 10.0.0.20 in my case; in your case, it has to match your private IP address range)
Subnetmask or CIDR (/24 means 255.255.255.0)
Router/gateway IP address (my router IP address is 10.0.0.1; yours could be different)
Figure 1.18 Static IP Configs
After you save your changes, make sure to reboot your Kali machine to get this new fixed IP address up and running. To test the connectivity to the outside world (after rebooting), try to ping the popular Google's DNS server on 8.8.8.8 (if for any reason you want to reverse your changes, just go back to the config file and remove/comment the new lines), as shown in Figure 1.19.
Figure 1.19 Testing Internet Connection
Take note that we're using 10.0.0.0 network as our main VLAN (virtual network). In fact, we have multiple VLANs in our home network. For example, we have a VLAN for IoT devices, but why? It's because we want IoT devices to be on a separate network (10.0.50.0/24) without interfering with my main production hosts.
Another example is the Guests VLAN. This network is for people who connect to the wireless guest access point, and they will be assigned in the 10.0.20.0 address range.
Companies implement the same concept. Ideally, they have a development environment that is different than the production environment network VLAN.
DNS
The Domain Name System (DNS) translates domain names into IP addresses. For example, instead of typing https://172.217.13.132
, you simply type https://google.com. The question is, how did I come up with the IP address? Use the host
command on your terminal window:
$host [domain name] root@kali:/# host google.com google.com has address 172.217.13.174 google.com has IPv6 address 2607:f8b0:4020:806::200e google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com.
The DNS is divided into two categories: public and private (like the IP addresses). The Google DNS address is public so that anyone connected to the internet can reach Google's website.
On the other hand, we can have private DNS for our local intranet. This can be set up using a DNS server (e.g., Microsoft Windows Server) or your router if it has a built‐in DNS server. In my home network, I defined a domain called ksec.local
. Each host on the network will have a domain name that corresponds to its IP address. For example, my file server domain name is ds‐server.ksec.local
(because the server hostname is ds‐server
), and the router/DNS server will manage all the DNS A records (an A record is a mapping between IPv4 addresses and domain names):
root@kali:~# host ds-server.ksec.local ds-server.ksec.local has address 10.0.0.177
If you specify a nonexisting DNS record, you will get an error message (this is useful to brute‐force the DNS records):
root@kali:~# host hello.ksec.local Host hello.ksec.local not found: 3(NXDOMAIN)
Take note that you can add your own static DNS records inside your Kali host. The file is located at /etc/hosts
, and here you can redirect any domain name to any live IP address. (This is how DNS poisoning works; the hacker will manipulate the A records to point to his server IP address.)
root@kali:~# cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 kali # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
You'll learn more about this subject later in this book, and you will learn how DNS brute‐forcing and zone transfers