As an aspiring ethical hacker and penetration tester, there are various techniques, tips, and tricks that are used within the cybersecurity industry. Some of these techniques include creating a reverse connection from your target back to your attacker machine, creating payloads to evade threat detection security solutions, and even monitoring wireless networks.

In this chapter, you will learn about the objectives of performing network penetration testing, the fundamentals of creating both bind and reverse shells, and various antimalware evasion techniques. You will also learn how to manage wireless adapters on Kali Linux.

In this chapter, we will cover the following topics:

• Introduction to network penetration testing
• Working with bind and reverse shells
• Antimalware evasion techniques
• Working with wireless adapters
• Managing and monitoring wireless modes

Let's dive in!

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

• Kali Linux 2021.2: https://www.kali.org/get-kali/
• Shellter: https://www.shellterproject.com/
• Alfa AWUS036NHA High Gain Wireless B/G/N USB adapter
• Alfa AWUS036ACH Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi adapter

Not all wireless cards support monitor mode and packet injection. However, making a minor revision to a chipset can cause the card to not work in monitor mode, and some cards may need the drivers to be compiled and may not work out of the box.

While many organizations are investing in acquiring the latest security solutions for their organizations, they also need to consider acquiring qualified persons with the right skillset in the field of cybersecurity to defend against the next generation of cyberattacks and threats. While some companies will focus on implementing network security solutions such as firewalls, network access controls, and identity access and management systems, they also need to test their network to determine whether there are known and hidden security vulnerabilities.

While having network security appliances within an organization will help reduce the likelihood of a cyberattack or threat, we need to consider the following points:

• Does the configuration of each device within our organization align with the best practices?
• Does the organization use secure network protocols at all times during data transmission between systems across the network...

In a bind shell scenario, let's imagine your target is on a public network such as the internet and has a public IP address, while your attacker machine is behind a firewall. Traffic originating from the internet that goes to an internal network is blocked by the firewall by default. Firewalls are configured to block traffic that originates from a less trusted network zone to a more trusted network zone. However, if you want to connect to the target, you will need to establish a connection from a more trusted network zone, such as the internal network, to a less trusted network zone.

If the target system is running a listener, it can be configured to be bound to the Windows Command Prompt or Linux Terminal shell with the target's IP address and a unique service port number. This will allow the attacker machine to connect to the target via its public IP address and port number, and obtain a remote bind shell on the target system.

As an aspiring penetration tester, you will be developing payloads that are specific to your targets, whether these targets are running a client-based operating system such as Microsoft Windows 10 or even a flavor of Linux. These targets can also be running server and even mobile operating systems. Most importantly, you need to consider that these target host systems may have antivirus and antimalware software installed, either a native or commercial solution, that has been designed to detect and block threats. This means there's a very high possibility that the antimalware solutions on a target system may detect your payload as malicious and block it while sending an alert.

Understanding the various techniques that are used by antivirus and antimalware solutions is vital to gain a better understanding of how to ensure your payloads evade detection by security solutions. Since antivirus and antimalware vendors work continuously to detect new...

As an aspiring ethical hacker and penetration tester, you may be assigned to perform a wireless penetration test on the organization's wireless network infrastructure to discover any security vulnerabilities and to assess the resilience of the wireless network.

While many penetration testers will have Kali Linux deployed on a laptop to improve their mobility, using the wireless network interface cards that are built into laptops is not the most efficient way to perform wireless penetration testing. Therefore, it's highly recommended to use an external wireless network adapter that supports the following features:

• IEEE 802.11 operating standards such as 802.11a/b/g/n/ac
• Operating frequencies of 2.4 GHz and 5 GHz band
• Monitor mode to detect nearby wireless networks
• Packet injection

The following are two wireless network adapters that are commonly used by penetration testers:

• The Alfa AWUS036NHA High Gain...

When working with a wireless network adapter as an ethical hacker or penetration tester, it's vital to have a clear understanding of the various modes that you can operate a wireless network adapter in. Let's look at each mode of operations that's connected to Kali Linux:

• Managed: This is the default mode for all wireless network adapters. It allows a host system such as Kali Linux to connect to an access point or a wireless router. This mode does not allow an ethical hacker or penetration tester to perform any type of wireless penetration testing technique.
• Monitor: This mode allows ethical hackers and penetration testers to scan for nearly IEEE 802.11 wireless networks, capture wireless frames such as beacons and probes, and perform packet injection attacks on a target wireless network.
• Master: This mode allows Linux-based systems to operate as access points or wireless routers.
• Ad hoc: This mode allows the...

In this chapter, you learned about the importance of performing network penetration testing within an organization – it's only a matter of time before a threat actor discovers a security vulnerability within the network and exploits it, leaving your organization compromised due to a cyberattack. Furthermore, you learned about the fundamentals of creating and utilizing remote shells across a network. Additionally, you gained the skills to create your very own payloads and use antimalware evasion techniques to reduce the risk of detection by security solutions. Lastly, you learned how to connect and manage wireless network adapters on Kali Linux.

I hope this chapter has been informative for you and is helpful in your journey as an aspiring penetration tester, learning how to simulate real-world cyberattacks to discover security vulnerabilities and perform exploitation using Kali Linux. In the next chapter, Performing Network Penetration Testing, we will learn how...

To learn more about Airmon-ng, go to https://www.aircrack-ng.org/doku.php?id=airmon-ng.