kali linux for beginners - senior tech...

Kali LinuxFor Beginners

Glen Maxson

Center for Learning in Retirement

Spring 2019

What is Kali Linux

• Kali Linux, (first released on the 13th March, 2013) which was formally known as BackTrack, developed by the security firm Offensive Security, is a forensic and security-focused distribution based on Debian’s Testing branch. Kali Linux is designed with penetration testing, data recovery and threat detection in mind.

• Kali Linux is free, and has 600+ penetration testing tools included.

But first a caution and some advice

• Kali Linux isn’t recommended for beginners. Period. This is the first thing you should learn. It is a Linux Distribution geared towards Security Professionals.

• During penetration testing, it is crucial to prepare to stay anonymous. Don’t fool yourself by revealing your own identity while hacking, cover it!

Kali Install Modes - Basic Differences (source)1. Live Mode - boots using the USB drive so we run Kali from USB instead of running our main system. This allows us to inspect the system without worrying about locked/running processes. Live mode does not save changes. If you run reports, generate logs or save any data then it will be wiped when you reboot. Changes are not saved.

2. Live Mode (failsafe) - same as above but a bit more robust in case the system fails. Nicer to your devices.

3. Live Mode (forensic) - nothing loads, runs or happens unless it is initiated by you. USB devices do not auto mount and the internal hard drive is not touched. Nothing happens until you make it happen. Very good for professional forensic work.

4. Live USB Persistence - exactly the same as Live Mode but changes will save. Great for generating reports, logs, dumps and saving data.

5. Live USB Encrypted Persistence - same as above but with encryption. Good for professional uses.

6. Install - install Kali Linux as your main system

7. Graphical Install - graphical version of the above

8. Install With Speech Synthesis - speech instructions included

9. Advanced Options - includes MemTest and Hardware Detection Tool

VideoAnd a note about

Adding Persistence to a Kali Linux “Live” USB Drive

https://www.youtube.com/watch?v=qoXzIxu0xmc

https://www.youtube.com/watch?v=qoXzIxu0xmc

https://docs.kali.org/downloading/kali-linux-live-usb-persistence

Things To Do After Installing Kali Linux (source)

https://linuxhint.com/kali-linux-tutorial/

Top Things to do after Installing Kali Linux (source)

Video (23 min.)

https://www.ceos3c.com/hacking/top-things-after-installing-kali-linux/


Video



Video

To login you type:nordvpn login

To connect you type:

nordvpn connect

This connects you to NordVPN.

To show settings and modify them type:

nordvpn settings


Top 25 Best Kali Linux Tools For Beginners (source)

ANONYMITY

25. MacChanger

https://linuxhint.com/top-25-best-kali-linux-tools/


ANONYMITY

24. ProxyChains



INFORMATION GATHERING

23. TraceRoute




22.WhatWeb




21. Whois




20. Maltegoce (Maltego Community Edition)

Maltegoce is an intelligence gathering tool which aims to discover and collect data about the target (company or personal) and visualizes that collected data into graph for analysis. Before we are using maltegoce, first register an maltego community edition here: https://www.paterva.com/web7/community/community.php


https://www.paterva.com/web7/community/community.php



20. Maltegoce (Maltego

Community Edition)




19. NMAP

~$ nmap kali.org --script vuln

~$ nmap --help

Network Mapper (NMap) is a tool used for network discovery and security

auditing. My favorite option in NMAP is “–script vuln” it tells NMAP to audit

the security of each open port on target using NSE. For example:

To view full list of NMAP features, see the help page instead.




18. Dirbuster / Dirb



VULNERABILITY ANALYSIS

17. Nikto



WEB APPLICATION ANALYSIS

16. SQLiv




15. BurpSuite




14. OWASP-ZAP



• 13. HTTRACKHttrack is a website / webpage cloner, from a penetration testing

perspective, it is mainly used to create a fake website, or phising in

attacker server. Run httrack wizard by typing in the terminal :

You will be prompted, some configuration needed with guidance.

Such as, Project name, Base path of the project, set the URL target

and the proxy configuration.


~$ httrack




12. JoomScan & WPScan

~$ joomscan -u victim.com

~$ wpscan -u victim.com

JoomScan is a Web application analysis tool to scan and

analyze Joomla CMS, while WPScan is a WordPress CMS

vulnerability scanner. To check what CMS is installed on a target

website, you can use either ONLINE CMS Scanner, or using

additional tools, “CMSMap”.

(https://github.com/Dionach/CMSmap). Once you know the

target CMS, whether it is Joomla or WordPress, then you can

decide to use JoomsScan or WPScan.

Run JoomScan:

Run WPScan:



DATABASE ASSESSMENT

11. SQLMap



PASSWORD ATTACKS

10. Hash-Identifier and findmyhash

Hash-identifier is a tool to identify the different types of hashes used to encrypt data and especially passwords. Findmyhash is a tool to crack encrypted passwords or data using online services. For example we got encrypted data: 098f6bcd4621d373cade4e832627b4f6. First thing you are going to need to do is identify the hash type. To do that, launch “hash-identifier” in terminal, and input the hash value on it.



PASSWORD ATTACKS

10. Hash-Identifier and findmyhash



PASSWORD ATTACKS

9. Crunch



PASSWORD ATTACKS

8. John The Ripper

(OFFLINE PASSWORD CRACKING SERVICE)

John The Ripper is one of the most popular password testing and cracking programs as it combines a number of password crackers into one package, auto-detects password hash types, and includes a customization cracker. In Linux, “passwd” file located at /etc/passwd contains all user information. hash SHA encrypted password of each of the users found is stored in /etc/shadow file.



PASSWORD ATTACKS

7. THC Hydra (ONLINE PASSWORD CRACKING SERVICE)

• Hydra is the fastest network login cracker which supports numerous attack protocols. THC Hydra supports these protocols: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

• For more depth and detail tutorial about hydra visit my previous article titled Crack Web Based Login Page With Hydra in Kali Linux (https://linuxhint.com/crack-web-based-login-page-with-hydra-in-kali-linux/)


https://linuxhint.com/crack-web-based-login-page-with-hydra-in-kali-linux/


WIRELESS ATTACK

6. Aircrack-NG Suite



WIRELESS ATTACK

5. Fluxion

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been

set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam.



EXPLOITATION TOOLS

4. Social Engineering Toolkit (SET)

The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors such as phishing, spear-phishing, malicious USB, mass mail, etc. This toolkit is a free product by Trustedsec.com. To start using SET, type in terminal “seetolkit”.



EXPLOITATION TOOLS

3. METASPLOIT FRAMEWORK

• Metasploit Framework initially was intended to be a maintainable framework which automates the process of exploiting rather than manually verifying it. Metasploit is a popular framework through history, it has rich modules aimed at a variety of targets such as Unix, BSD, Apple, Windows, Android, WebServers, etc. Below, is an example usage of metasploit, exploiting Windows OS using popular NSA Exploit EternalBlue and DoublePulsar.

• Video Hacking Windows using EternalBlue on MetaSploit


https://www.youtube.com/embed/Zx9Jy7z0zCM


SNIFFING AND SPOOFING

2. WireShark




1. Bettercap

• BetterCAP is a powerful and portable utility to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. BetterCAP is similar in concept as ettercap, but, in my experience comparing both features, Bettercap WON.

• Bettercap is able to defeat SSL/TLS, HSTS, HSTS Preloaded. It uses SSLstrip+ and DNS server (dns2proxy) to implement partial HSTS bypass. The SSL/TLS connections are terminated. However, the downstream connection between client and attacker does not use SSL/TLS encryption and remains decrypted.




1. Bettercap

The partial HSTS bypass redirects the client from the domain name of the visited web host to a fake domain name by sending HTTP redirection request. The client is then redirected to a domain name with extra ‘w’ in www or web. in the domain name e.g. web.site.com. This way the web host is not considered as a member of HSTS preloaded hosts list and the client can access the web host without SSL/TLS. The fake domain names are then resolved to real and correct IP addresses by the special DNS server, which expects these changes in the domain names. The downside of this attack is that the client has to start the connection over HTTP due to the need of HTTP redirection. Bettercap is pre-installed on Kali Linux.




1. Bettercap



POST EXPLOITATION AND…. THE BEST TOOL IN KALI LINUX!

1. METASPLOIT FRAMEWORK


Should you use Kali Linux? (source)

1. If you jumped straight to that conclusion without reading the rest of the article, either you already have a strong opinion and I don’t have any chance to make you change that or Kali is not yet for you. In that case, you should consider at first a more mainstream distribution like a plain Debian system or Ubuntu. It will still be time later to install the tools you may need in a more case by case basis.

https://itsfoss.com/kali-linux-review/


2. If you read the article but skipped the parts containing too much technical jargon, Kali is not for you. Kali Linux could be an amazing teaching tool. But if you go that way, you have to be prepared for a steep learning curve. If you’re a very new Linux user starting from zero or if you just want to use your computer without a headache, there are plenty of general purposes and user-friendly distributions to start with. Why not trying Linux Mint or Zorin-OS? Or maybe another Ubuntu-derivative?



3. If you read the article, tried the commands I used, followed the links and searched the terms you didn’t understand— well, congratulations. You’re not just one other “script kiddy”. On the opposite, you apparently are ready to spend countless hours and efforts to make your system work, to understand the fundamentals of computer science and to discover the networking internals. That makes you one of the few new Linux users that could benefit from using Kali. But instead of using it directly on your computer, I would suggest first to install some other Debian-based distribution and run Kali Linux in a virtual machine. That way you could practice your skills without sacrificing your other activities.


And…

• Always use your Brain when Hacking.

Reset Windows 10 Local Password with Kali Linux Live USB (source)

Make a Kali Bootable

USB Drive

https://www.top-password.com/knowledge/reset-windows-10-password-with-kali-linux.html


Boot with Kali Linux USB

Once you have a Kali Live USB, plug it into the USB port of your Windows 10 computer and boot from the USB. You may have to press a special key (e.g., Esc, F2, F12, Del, etc.) during bootup to get the computer to boot from the USB instead of its internal hard drive.



Reset Windows 10

Local Password



Reset Windows 10

Local Password


https://www.top-password.com/reset-windows-password.html

BASIC PENETRATION TESTING CONCEPT WITH KALI LINUX (source)

Three main things you can do with Kali Linux based on the targeted system including:


WIRELESS NETWORK HACKING WITH KALI LINUX (source)


WEB APPS HACKING WITH KALI LINUX (source)

Actually, if you passionate on this, you can set up your hacking environment by installing DWVA (Damn Vulnerable Web App) into your Kali Linux. It is a PHP/MySQL web application that has bunch of vulnerable hole. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, and help web developers better understand the processes of securing web applications. You can get DWVA for free on Github here: https://github.com/ethicalhack3r/DVWA.


https://github.com/ethicalhack3r/DVWA.


SQLMap found 2 databases, but only one among them which is containing sensitive data, such as an admin credential account. That is on “trengkab_trg”. After we have found the databases, there is still another step we should do. That is to find the tables and columns and the final step is to dump the data. I won’t show you how here in this section, using this target. At least you know the basic idea on the attack cycle, and using some tools.


kali linux for beginners - senior tech...

Documents