Kali Linux

Jack GiddingFox Valley Linux Users Group18 October 2014

What is Kali Linux?

• A distribution for penetration testing, forensics and security auditing created and maintained by Offensive Security• Previously known as BackTrack (BackTrack5 R3), which was a combination

of WHAX/WHOPPIX, and Auditor• Rewritten to use Debian standards• Released v1.0 on 12 March 2013• 300+ pentesting applications• Vast wireless card support• Patched kernel for packet injection• Source all available at git.kali.org/gitweb/

My interest in Kali

A warning!

Use of these tools against a live website, for which you do not have permission, is illegal and may land you in jail

Important Laws18 USC Section 1029: The Access Device Statute

18 USC Section 1030 of The Computer Fraud and Abuse Act

Installing Kali

• kali.org/downloads (v1.0.9a – 6 October 2014)• 32-bit, 64-bit, ARMEL and ARMHF ISOs• Kali minimal image (v1.0.6) in Amazon EC2 (Free Tier eleigible)• Images for VMWare, Raspberry Pi, Beaglebone Black, HP Chromebook, Cubieboard 2, CuBox,

EfikaMax, Odroid U2/XU/XU3, Samsung Chromebook, Utilite Pro, Galaxy Note, SS808 at: www.offensive-security.com/kali-linux-vmware-arm-image-download/

• Google Nexus 5/7/10 (NetHunter) www.kali.org/kali-linux-nethunter/• Root password is “toor” (Change this!)• Or build your own:

apt-get install git live-build cdebootstrapgit clone git://git.kali.org/live-build-config.gitcd live-build-configlb configlb build

Installing Kali (cont.)

• Make sure that these are in /etc/apt/sources.listdeb http://http.kali.org/kali kali main non-free contribdeb-src http://http.kali.org kali main non-free contrib

Metapackages

apt-get update && apt-cache show kali-linuxkali-linux – Base Linux systemkali-linux-full – Default Kali Linux installkali-linux-all – All available packages kali-linux-sdr – Software Defined Radiokali-linux-wireless – Wireless toolskali-linux-gpu – GPU powered toolskali-linux-web – WebApp assessment toolskali-linux-forensic – Forensic toolskali-linux-voip – VoIP toolskali-linux-pwtools – Password Cracking toolskali-linux-top10 – The most used toolskali-linux-rfid – Radio Frequency ID tools

Password Cracking Tools

apt-cache show kali-linux-pwtools | grep DependsDepends: kali-linux, kali-linux-gpu, chntpw, cmospwd, crunch, dbpwaudit, fcrackzip, findmyhash, gpp-decrypt, hash-identifier, hashcat, hashcat-utils, hashid, hydra, hydra-gtk, john, johnny, keimpx, maskprocessor, medusa, mimikatz, ncrack, ophcrack, ophcrack-cli, pack, passing-the-hash, patator, phrasendrescher, pipal, polenum, rainbowcrack, rcracki-mt, rsmangler, samdump2, seclists, sipcrack, sipvicious, sqldict, statsprocessor, sucrack, thc-pptp-bruter, truecrack, twofi, wce, wordlists

Top 10 Tools

apt-cache show kali-linux-pwtools | grep DependsDepends: kali-linux, aircrack-ng, burpsuite, hydra, john, maltego, maltego-teeth, metasploit, metasploit-framework, nmap, zaproxy, sqlmap, wireshark

• Aircrack-ng – 802.11 WEP and WPA/WPA2-PSK key cracking• Burpsuite – Extensible tool for testing web applications – intercepting proxy, scanner, spider + more• Hydra – fast network login cracker• John (the Ripper) – finds weak user passwords from password files • Maltego – intelligence and forensics for gathering information• Metasploit – Vulnerability exploitation framework• Nmap – network scanning• Zaproxy – OWASP Zed Attack Proxy for finding web vulnerabilities• SQLmap – detect and exploit SQLi • Wireshark – network packet capture & analysis

Tools are well organized to help you find the right tool for the job.

If it’s illegal, how do I learn?

• Metasploitable 2Virtual machine with lots of vulns built ininformation.rapid7.com/metasploitable-download.htmllogin & password: msfadmin

• CTF365Security training platform for Capture the FlagMetasploitable 2 in the cloud ctf365.com

• HackxorWebapp hacking game with XSS, CSRF, SQLi, ReDoS, DOR, command injection, etcsourceforge.net/projects/hackxor/

• Othershttp://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

Demo time