Friday, January 13, 2023

Kali linux

What is Kali Linux?
Kali linux logo



  Kali Linux is a security distribution of Linux derived from Debian and specifically designed for computer forensics and advanced penetration testing. It was developed through rewriting of BackTrack by Mati Aharoni and Devon Kearns of Offensive Security. Kali Linux contains several hundred tools that are well-designed towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering.

BackTrack was their previous information security Operating System. The first iteration of Kali Linux was Kali 1.0.0 was introduced in March 2013. Offensive Security currently funds and supports Kalin Linux. If you were to visit Kali’s website today (www.kali.org), you would see a large banner stating, “Our Most Advanced Penetration Testing Distribution, Ever.” A very bold statement that ironically has yet to be disproven.

Kali Linux has over 600 preinstalled penetration-testing applications to discover. Each program with its unique flexibility and use case. Kali Linux does excellent job separating these useful utilities into the following categories:
Information Gathering
Vulnerability Analysis
Wireless Attacks
Web Applications
Exploitation Tools
Stress Testing
Forensics Tools
Sniffing & Spoofing
Password Attacks
Maintaining Access
Reverse Engineering
Reporting Tools
Hardware Hacking
In this Kali Linux tutorial for beginners, you will learn basics of Kali Linux like:

What is Kali Linux?
Who uses Kali Linux and Why?
Kali Linux Installation Methods
How To Install Kali Linux using Virtual Box
Getting Started with Kali Linux GUI
What is Nmap?
Nmap Target Selection
How to Perform a Basic Nmap Scan on Kali Linux
Nmap OS Scan
What is Metasploit?
Metasploit and Nmap
Metasploit Exploit Utility
Who uses Kali Linux and Why?
Kali Linux is truly a unique operating system, as its one of the few platforms openly used by both good guys and bad guys. Security Administrators, and Black Hat Hackers both use this operating system extensively. One to detect and prevent security breaches, and the other to identify and possibly exploit security breaches. The number of tools configured and preinstalled on the operating system, make Kali Linux the Swiss Army knife in any security professionals toolbox.

Professionals that use Kali Linux

Security Administrators – Security Administrators are responsible for safeguarding their institution’s information and data. They use Kali Linux to review their environment(s) and ensure there are no easily discoverable vulnerabilities.
Network Administrators – Network Administrators are responsible for maintaining an efficient and secure network. They use Kali Linux to audit their network. For example, Kali Linux has the ability to detect rogue access points.
Network Architects – Network Architects, are responsible for designing secure network environments. They utilize Kali Linux to audit their initial designs and ensure nothing was overlooked or misconfigured.
Pen Testers – Pen Testers, utilize Kali Linux to audit environments and perform reconnaissance on corporate environments which they have been hired to review.
CISO – CISO or Chief Information Security Officers, use Kali Linux to internally audit their environment and discover if any new applications or rouge configurations have been put in place.
Forensic Engineers – Kali Linux posses a “Forensic Mode”, which allows a Forensic Engineer to perform data discovery and recovery in some instances.
White Hat Hackers – White Hat Hackers, similar to Pen Testers use Kali Linux to audit and discover vulnerabilities which may be present in an environment.
Black Hat Hackers – Black Hat Hackers, utilize Kali Linux to discover and exploit vulnerabilities. Kali Linux also has numerous social engineer applications, which can be utilized by a Black Hat Hacker to compromise an organization or individual.
Grey Hat Hackers – Grey Hat Hackers, lie in between White Hat and Black Hat Hackers. They will utilize Kali Linux in the same methods as the two listed above.
Computer Enthusiast – Computer Enthusiast is a pretty generic term, but anyone interested in learning more about networking or computers, in general, can use Kali Linux to learn more about Information Technology, networking, and common vulnerabilities.
Kali Linux Installation Methods
Kali Linux can be installed using the following methods:

Ways to Run Kali Linux:

Directly on a PC, Laptop – Utilizing a Kali ISO image, Kali Linux can be installed directly onto a PC or Laptop. This method is best if you have a spare PC and are familiar with Kali Linux. Also, if you plan or doing any access point testing, installing Kali Linux directly onto Wi-Fi enabled laptop is recommended.
Virtualized (VMware, Hyper-V, Oracle VirtualBox, Citrix) – Kali Linux supports most known hypervisors and can be easily into the most popular ones. Pre-configured images are available for download from https://www.kali.org/, or an ISO can be used to install the operating system into the preferred hypervisor manually.
Cloud (Amazon AWS, Microsoft Azure) – Given the popularity of Kali Linux, both AWS and Azure provide images for Kali Linux.
USB Boot Disc – Utilizing Kali Linux’s ISO, a boot disc can be created to either run Kali Linux on a machine without actually installing it or for Forensic purposes.
Windows 10 (App) – Kali Linux can now natively run on Windows 10, via the Command Line. Not all features work yet as this is still in beta mode.
Mac (Dual or Single boot) – Kali Linux can be installed on Mac, as a secondary operating system or as the primary. Parallels or Mac’s boot functionality can be utilized to configure this setup.
How To Install Kali Linux using Virtual Box
Here is a step by step process on how to install Kali Linux using Vitual Box and how to use Kali Linux:

The easiest method and arguably the most widely used is installing Kali Linux and running it from Oracle’s VirtualBox.

This method allows you to continue to use your existing hardware while experimenting with the featured enriched Kali Linux in a completely isolated environment. Best of all everything is free. Both Kali Linux and Oracle VirtualBox are free to use. This Kali Linux tutorial assumes you have already installed Oracle’s VirtualBox on your system and have enabled 64-bit Virtualization via the Bios.

Step 1) Go to https://www.kali.org/downloads/

This will download an OVA image, which can be imported into VirtualBox

Step 2) Open the Oracle VirtualBox Application, and from the File, Menu select Import Appliance

File Menu -> Import Appliance

Step 3) On the following screen “Appliance to Import” Browse to the location of the downloaded OVA file and click Open


Step 4) Once you click Open, you will be taken back to the “Appliance to Import” simply click Next

Step 5) The following screen “Appliance Settings” displays a summary of the systems settings, leaving the default settings is fine. As shown in the screenshot below, make a note of where the Virtual Machine is located and then click Import.

Step 6) VirtualBox will now Import the Kali Linux OVA appliance. This process could take anywhere from 5 to 10 minutes to complete.

Step 7) Congratulations, Kali Linux has been successfully installed on VirtualBox. You should now see the Kali Linux VM in the VirtualBox Console. Next, we’ll take a look at Kali Linux and some initial steps to perform.

Step 8) Click on the Kali Linux VM within the VirtualBox Dashboard and click Start, this will boot up the Kali Linux Operating System.

Step 9) On the login screen, enter “Root” as the username and click Next.

Step 10) As mentioned earlier, enter “toor” as the password and click SignIn.

You will now be present with the Kali Linux GUI Desktop. Congratulations you have successfully logged into Kali Linux.

Getting Started with Kali Linux GUI
The Kali Desktop has a few tabs you should initially make a note of and become familiar with. Applications Tab, Places Tab, and the Kali Linux Dock.


Applications Tab – Provides a Graphical Dropdown List of all the applications and tools pre-installed on Kali Linux. Reviewing the Applications Tab is a great way to become familiar with the featured enriched Kali Linux Operating System. Two applications we’ll discuss in this Kali Linux tutorial are Nmap and Metasploit. The applications are placed into different categories which makes searching for an application much easier.

Accessing Applications

Step 1) Click on Applications Tab

Step 2) Browse to the particular category you’re interested in exploring

Step 3) Click on the Application you would like to start.


Places Tab – Similar to any other GUI Operating System, such as Windows or Mac, easy access to your Folders, Pictures and My Documents is an essential component. Places on Kali Linux provides that accessibility that is vital to any Operating System. By default, the Places menu has the following tabs, Home, Desktop, Documents, Downloads, Music, Pictures, Videos, Computer and Browse Network.

Accessing Places

Step 1) Click on the Places Tab

Step 2) Select the location you would like to access.

Kali Linux Dock – Similar to Apple Mac’s Dock or Microsoft Windows Task Bar, the Kali Linux Dock provides quick access to frequently used / favorite applications. Applications can be added or removed easily.

To Remove an Item from the Dock

Step 1) Right-Click on the Dock Item

Step 2) Select Remove From Favorites

To Add Item to Dock

Adding an item to the Dock is very similar to removing an item from the Dock

Step 1) Click on the Show Applications button at the bottom of the Dock

Step 2) Right Click on Application

Step 3) Select Add to Favorites

Once completed the item will be displayed within the Dock

Kali Linux has many other unique features, which makes this Operating System the primary choice by Security Engineers and Hackers alike. Unfortunately, covering them all is not possible within this Kali Linux hacking tutorials; however, you should feel free to explore the different buttons displayed on the desktop.


2 comments:

New

Owasp-zap

  OWASP ZAP   (short for Zed Attack Proxy) is an   open-source   web application security scanner . It is intended to be used by both those ...