Kali Linux Guide: Penetration Testing. Kali Linux: a detailed overview of the distribution What is kali linux
Hacking with Kali Linux
Why Kali Linux?
With Kali Linux, hacking becomes much easier as you have all the tools (over 300 pre-installed utilities) you could ever need. In addition, you can easily download additional programs. This guide will help you get comfortable, and you yourself will not notice how you start hacking.
The problem with newbies
I've been talking to newbies for a long time. They usually need magic. A simple Windows-based tool that can be downloaded by searching Google and clicking on the first link, and which will do everything automatically, and the user only needs to click on the button. Unfortunately, no such tool exists. Hacking is an art and it takes many years of practice to master it. Where to start? It's okay to have no idea about hacking, but you can't be a complete layman who just has a computer. By novice, I mean a user who is not familiar with programming and hacking methodologies, not someone who needs a whole manual just to download a tool. If you want to be a hacker, you must work hard. So how do you get on this path? If you have already installed Kali Linux, .
Beginning of work
I'm not going to bore you with theory (as if it wasn't all theory). My goal is to get you to the point where you can start hacking with Kali Linux as soon as possible. So I'll just tell you what to do. The process is quite simple:
- If you don't know what Kali Linux is, go ahead and get a basic understanding of this system.
- If you haven't already, open
Hidden from guests
And download Kali Linux ISO file..
If you have no experience with Linux, virtual machines and other similar things, installing and running Kali Linux will become somewhat more complicated. You have 2 options:
1. Read the official Kali documentation
From it you will learn what a virtual machine is, how to run an OS from a USB drive, and how to create a partition and install 2 OSes on your computer at once. That is what I recommend.
Hidden from guests
.2. Read my edited version of the Kali documentation
The second option is to check out these posts, which are a slightly modified version of the Kali documentation. This will save you some time as the official text contains a lot of additional information, which you don't need to know... yet. I provide links to them here:
- Detailed step by step guide for installing Kali Linux on VmWare (note: being written)
If you're really sure you want to be a hacker, you'll have to get used to linux and the command line interface in particular. It is often compared to the Windows command line, but the Linux terminal is much better and more efficient. You will have to perform all normal tasks in command line linux. Use cd to navigate, poweroff to shut down the computer, and so on.
The site will help you learn all the commands
Hidden from guests
.The materials on this site will keep you busy for a whole month, but you can move forward gradually. The first few tutorials here are written with the reader not very familiar with the command line.
A few useful commands:
If you don't plan to learn everything linux commands, here are some useful things to help you stay afloat.
- The default username and password are "root" and "toor".
- Type "poweroff" into the terminal to turn off your computer.
- The "apt-get" command can be used to install tools and updates.
- "apt-get update" and "apt-get upgrade" will update all programs installed on your machine.
- "apt-get dist-upgrade" will install the latest Kali distribution (i.e. upgrade your OS).
Once you've gone through all the steps above and are comfortable with your new environment, it's time to get started with some real hacking with Kali Linux. I would recommend hacking wifi first, then doing penetration testing, and reading about denial of service attacks in your free time. You will find links below.
Today we continue to get acquainted with the operating system created for pentesters. Backtrack and now Kali linux is of interest to many, but not everyone has experience with Linux systems. In this article, I will try to tell you what to do after downloading Kali Linux and how to use it.
Starting Kali linux
First, let's analyze the launch of this distribution. There are options depending on whether you are running Kali from a DVD, a flash drive, or it is installed on HDD. Starting from DVD may be needed only for informational purposes, since changes are not saved after reboot, so I will not dwell on this option. I do not recommend installing Kali as the main system, as this is a very narrow distribution and there is no point in using it on a daily basis. Here, starting from a flash drive is optimal, since in case of modification (for example, installing updates), all changes are saved and you can run Kali on any computer.
Starting from a flash drive is not much different from starting from a DVD. You need to go into the BIOS of the computer / laptop and put the USB flash drive as the first device in the boot priority list. This list is displayed differently on different computers, so you will have to find it yourself. The second option, when starting the computer, is to call up a list of devices to boot. This is usually done with the F8, F11 or F12 keys. But in any case, the flash drive must be inserted before you turn on the computer / laptop.
Download options
There are 3 options for downloading Kali linux. The first is the normal boot, we use it most of all. The next one is safe mode(Failsafe), we use it when it is impossible to boot in the usual way. The most interesting boot mode is Forensic mode. This is a mode for forensic examination, the essence of the mode is that the operating system leaves no traces on a running computer (example: it does not automatically mount disks, does not use swap partitions, etc.). If you do not understand why this is necessary - do not go there.
After loading
Kali linux boots into GUI, but sometimes a console may appear in front of you and the computer will wait for a command. It's okay, just start the graphical environment with the "startx" command.
If you need to enter a password, then in Kali linux the default user is root and the password is toor
It is very important to work in an updated system, so the first thing you should do is update the software. To do this, go to the terminal (Terminal program) and execute 2 commands in turn:
apt-get update
apt-get upgrade
From time to time we will be asked if we really want to install this or that package - we agree by pressing the Y button.
To make programs work
Many of the programs that I described in the Kali Linux review require running daemons for their work (in Windows this is called services), so in Kali they are stopped by default and you can start them from the Kali Linux → System Service menu
Do not forget to connect to the network, since in Kali this is done using the Network manager, which is usually located on the taskbar.
Additional software can be installed using "Add/Remove Software" found in the System Tools menu.
How to work in the terminal (console)
Despite the fact that the graphical environment in Kali is made to five with a plus, we still have to work with the command line quite often. To do this, we have the program "Terminal" (although you can install another program for this purpose).
First install "MC" - it's great file manager for the command line.
You can install it with the command:
apt-get install mc
Great, now let's talk about the features of working in the Linux command line. Let's start by remembering the following:
- Case matters, Folder and folder are not the same!
- The graphical environment treats folders and files starting with a dot (example: .folder) as hidden files.
- If you start typing a command and press Tab, the computer will add it if there is only one option or offer a list of options, if any.
- The terminal saves the history of your commands, you can scroll through previously typed commands with the up and down arrows.
- You can use the keyboard shortcut Ctrl-C, Ctrl-D, and Ctrl-Z to interrupt the execution of a command.
- To get a detailed manual for almost any program, you can use the "man" command, for example, man ls will show the manual for the ls command
This is information that may help a newbie to Linux, but I assume that you know how to work in the Windows console
Actually, this is all, this information is enough to start working with Kali linux, and read the rest in the following articles.
In our world of modern technology, many tasks are carried out digitally, it is fast and convenient, but at the same time brings the danger of hacking. Hackers can hack banking systems, ATMs, cards, and even your Accounts. Many users are wondering what tools are used for penetration testing, checking the security of systems, or hacking.
In this article, we will look at the best Kali Linux 2.0 tools used by professional hackers. When you know what hacking tools and hacking methods are, you can make your system more secure. You can check your system for susceptibility to a particular attack. Now on the Internet, no one is safe, even such large sites as Twitter and Facebook. Now let's move on to the list.
Jhon The Ripper is an open source brute-force password cracking tool. It was originally developed for Unix, but is now available on all Unix-like platforms, including Linux. The program is also known as JTR or Jhon. It is most often used for dictionary search of passwords.
The program takes a text string from a file, encrypts it in the same way that the password was encrypted, and then compares the encrypted password with the resulting string. If the strings match, you get the password, if not, the program takes another string from text file(dictionary). It can be considered as an offline password cracker.
2. Aircrack-ng
This is a suite of hacking and security testing software. wifi networks. Aircrack-ng utilities allow you to crack WEP keys, monitor traffic, enumerate WPA-PSK keys, and capture Wifi connection establishment keys. The Aircrack-ng utilities are the most commonly used Kali Linux 2.0 tools.
The utilities allow for FMS attacks, with some optimizations such as KoreK or PTW making them more powerful. You can crack WEP in a few minutes or try to brute force WPA.
3.THC Hydra
THC Hydra is a brute-force authentication cracking software. The program allows you to perform dictionary attacks on more than 50 protocols, including Telnet, FTP, HTTP, HTTPS, SMB, SSH, VNC, databases and many others. It is essentially a simple and fast Kali Linux login hacking tool.
If Jhon The Ripper is considered an offline password cracker, then Hydra is a similar tool, only working online.
4 Burp Suite
Burp Suite is a tool for finding vulnerabilities on Internet sites and web applications that can work over both HTTP and HTTPS. It is used by many experts for troubleshooting and penetration testing of web applications. The program allows you to combine manual methods with your automation tools to perform testing as efficiently as possible. Burp Suite is written in Java and distributed in Jar format.
5 WireShark
Wireshark is a very popular analyzer network packets open source. It can be used for network troubleshooting, application and communication protocol analysis, and program development.
The program allows you to see which packets pass through the network interface in real time, providing information in a form that is easy to understand. For an accurate search, you can use a powerful filter system. It is one of the most important tools for security professionals.
6. OWASP Zed
It is a very effective web application testing tool for both beginners and professionals. The program allows you to find vulnerabilities in web applications, there are automated scanners, as well as various tools that allow you to do all the work manually. This program will be very useful not only for security specialists, but also for application developers.
7.Maltego
Maltego is not a tool for hacking, but for analytics. It allows you to find connections between various subjects and objects. You can search open sources, combine data for analysis, and automatically build dependencies between them.
The program can establish possible dependencies between people, sites, domains, companies, IP addresses, factors and files. All this can be visualized.
8. Metasploit
Metasploit is a very popular system security testing and hacking platform. We can say that this is a collection of exploits and tools that can be used to exploit various vulnerabilities. The program was released in 2004 and immediately gained immense popularity.
It is the most powerful platform for developing, testing and using exploit code. It contains tools that allow you to combine the work of various components.
9. Acunetix
It is a very powerful tool for scanning websites for vulnerabilities. Most sites on the Internet are vulnerable and we need to work very hard to make our sites more secure. The Acunetix scanner allows you to check all pages of a site and detect possible SQL injections, XSS, XXE, SSRF, header attack, and other 3000 known vulnerabilities.
10.Nmap
Namp or Network Mapper is an open source Kali Linux utility that can be used for network security auditing and port scanning. Many administrators use Nmap to view devices connected to local network, checking open ports, or monitoring server uptime.
With Nmap, any user can determine if their local programs are accessible from the network. Also, this program was shown in almost all films about hackers.
11. Cain and Abel
Cain and Abel or simply Cain is a very popular password cracking tool. It was originally intended to recover a Microsoft Windows password, but it can be used for other purposes. With this program, you can recover various types of passwords.
Packet sniffing, hash brute force, dictionary attacks, rainbow table parsing, and cryptanalysis attacks can be used to obtain passwords.
12. Nikto Website Vulnerability Scanner
This is another classic tool for scanning servers for vulnerabilities. The program searches the database of more than 6000 potentially dangerous files, can also detect outdated versions of network software for more than 1300 different programs, you can also check the server configuration files. Therefore, these Kali Linux programs will be very helpful when doing penetration testing.
13. Social-Engineer Toolkit
The Social-Engineer Toolkit is a tool that allows you to perform various social engineering attacks. This Python program allows you to perform various social attacks, automate the execution of attacks, generate messages Email, mask malicious web pages and more. Without this program, our list of the best kali linux utilities would be incomplete.
conclusions
In this article, we made a small overview of kali linux programs that can be used to test the security of computer systems. If you know others great programs Kali Linux, which were missed but deserve a place in this article, write in the comments!
The Kali Linux distribution has been gaining immense popularity lately. Hacking and security testing is becoming part of our culture and more and more people are interested in it. Perhaps the series "Mr. Robot" contributed to this process.
Kali Linux is one of Linux distributions, designed for hackers and professionals with information security. Therefore, it is not surprising that this series raises its popularity and many newcomers and people who have no knowledge of information security try to use this distribution as their main system. But Kali Linux is not designed for this at all. In today's article, we will look at what Kali Linux is, why we need it, and we will review Kali Linux.
Kali Linux was developed by Offensive Security, a security firm. It is based on Debian and contains the achievements of the digital forensics and security testing distribution BackTrack.
The first version of BackTrack was released in 2006, it combined several projects, the main purpose of which was penetration testing. The distribution was intended to be used as a LiveCD.
In 2012, a distribution such as BackTrack ceased to exist, and Kali Linux appeared instead, which took over all the advantages previous version and all software. It was the result of a merger between two projects: WHAX and the Auditor Security Collection. Now the distribution is developing steadily and the efforts of developers are focused on fixing bugs and expanding the set of tools.
2. Purpose
The official website has the following description of the distribution: "Penetration Testing and Ethical Hacking Linux Distribution" or, in our opinion, a distribution for penetration testing and ethical hacking. Simply put, this distribution contains a variety of security and networking related tools that are aimed at computer security experts.
A Linux distribution is nothing more than a kernel and a set of basic utilities, applications, and default settings. Kali Linux does not provide anything unique in this regard. Most software can be easily installed on any other distribution, or even on Windows.
What makes Kali Linux different is that it is filled with tools and settings that are needed for security testing, and not for normal user experience. If you want to use Kali instead of the main distribution, you are making a mistake. This is a specialized distribution kit for solving a certain range of tasks, which means that solving tasks for which it was not intended will be more difficult, for example, the same search for programs. The capabilities of Kali Linux are focused on security testing.
3. Installation
You can download the installation image on the official website, you just need to select the architecture. After booting, be sure to check the disk for damage by comparing the SHA256 checksum. Since this distribution is intended for security testing, I don't want it to be broken in any way. How to do it is described in a separate article.
The rest of the installation of Kali Linux is not much different from Debian. Depending on the method and power of the computer, it can take from several minutes to half an hour. We examined everything in detail in the article.
4. Features
Many will be surprised, but the default user in Kali Linux is root. This is necessary because many programs need superuser rights to run. This is one of the reasons why you should not use Kali for everyday tasks such as surfing the Internet or using office applications.
If we talk about software, then all the supplied programs are focused on security. There are graphic programs, and there are terminal commands, and several basic utilities are included in the system, such as an image viewer, a calculator, and text editor. But here you will not find office programs, readers, email programs and organizers.
Kali Linux is based on Debian, and nothing prevents you from installing the program from the repositories, for example, thunderbird for collecting mail. But browsing mail as root is not a good idea. Of course, no one is stopping you from creating an unprivileged user, but this is extra work.
On the Kali Linux login screen, you may see the motto "The quieter you become, the more you are able to hear" or "The quieter you become, the more you can hear". If you watch the packets sent to the network by the Debian system, you will notice that some packages are regularly sent to the network. Some of them are sent by the user's applications, others by background services.
For example, if you scan your Linux machine with , you may see several open ports. For example, it could be a never used VNC port and an HTTP server. Some of these programs are supplied by default, some you installed and forgot.
Kali Linux strives to be as quiet as possible. This is necessary to hide your presence in the attacked network and protect yourself from potential attacks. To achieve this goal, Kali disables many services that are enabled by default in Debian. Of course, you can install the desired service from the Debian repositories. For example, apache2:
However, after that, the utility will not start automatically and will not be added to startup. If you need it, you will have to start it manually. With each reboot, all unnecessary services are disabled. It is possible to go around and whitelist the service in /usr/sbin/update-rc.d, but this is not entirely safe as you are exposing the system path. Nobody knows if there are vulnerabilities there.
Kali Linux is a specialized distribution, if only because it is designed to work in an aggressive environment. And if you installed a web server and a few other programs, and added them to startup, you may have already broken Kali and reduced its security.
5. Programs
As mentioned above, the Kali Linux distribution only contains specific security testing software. You can find a list of the most popular programs in the article. But there are not many programs necessary for normal work. And there is no guarantee that you will find them in the repositories, even if they are available in Debian.
You may want to add third-party repositories and application sources to install what you need, or add a repository that contains the most latest version programs. You can, but you don't have to. Even for Debian, this is not recommended, the developers call this phenomenon FrankenDebian and say that it can break the stability of the system.
With Kali Linux, things are even more complicated. You risk not only damaging the system, but also making it unsafe. Packages from the repositories are checked and contain additional changes, for example, the same Apache is not added to autoload. Third party packages will not have such precautions.
conclusions
Our overview of the features of Kali Linux is coming to an end. Whether you should choose this distribution or not depends on you and the tasks that you are trying to solve with the help of the system. If you only need a few tools, then it is better to choose some simpler distribution, such as Ubuntu or Debian. You can install all the necessary tools in it. The same option is better suited for new users.
But if you are already well versed in Linux and are willing to spend a lot of time to understand information security, perhaps this system is for you. But do not rush to install it on your computer. Use a virtual machine, then install it as an additional, second system.
Perhaps you disagree with the opinion described in the article, leave comments and tell us about your point of view.
Kali Linux is one of the varieties of the popular operating system, which is a tool primarily aimed at the use of advanced users, because. its main task is to conduct tests to identify vulnerabilities, as well as to take measures to eliminate them. Initially, Kali Linux was known to users under a slightly different name - BackTrack.
Kali Linux is a specialized version of the distribution that allows users to perform penetration tests. The uniqueness of this operating system lies in the fact that Kali Linux was ported to the ARM architecture, so this operating system can be installed not only on computers, but also as a .
Kali Linux is widely used by both hackers and those who fight them. With over 300 built-in tools, users will be able to perform penetration testing.
Key features of Kali Linux:
1. A wide range of tools for analysis and penetration testing;
2. Updated visual interface Gnome 3.14;
3. The menu has a function that allows you to jump to the ten most popular tools;
4. Kali Linux does not require installation (and in principle you should not do this);
5. Secure processing environment;
6. It has the ability to deeply customize down to the core;
7. Distributed absolutely free.
Kali Linux is not the version of the distribution that users use to get acquainted with the Linux family, but a professional tool aimed primarily not at hacking, but at identifying vulnerabilities and timely fixing the problems found.
Download Kali Linux for free
Download the operating system from the official website
