Learn Kali Linux The Easy Way Getting Started With Kali Linux
Learn Kali Linux: Welcome to HackingVision, you have installed Kali Linux and you’re wondering how to use some of the popular and powerful tools included in the Kali Linux Operating System. Don’t worry we have put together some tips and tutorials to help you get started with Kali Linux.
Kali Linux is based on Debian Linux distribution some of the tools you will come across in Kali Linux don’t always include a graphical GUI interface. It’s always best to first learn the basics of the Linux command line. You can find a fully comprehensive tutorial to help you learn the Linux command line at Ubuntu that will take around an average of 52 minutes to complete.
There is a lot of different software included in Kali Linux that support a wide range of defence and offensive security tools. Being a good penetration tester does not always come from only having the best security tools. Before starting any exploits or attacks it’s always best to do reconnaissance on the target. This helps the attacker gather and log information about the target or target applications. By going into attacks blind penetration testers can miss a lot of vital information about the target that could have assisted in exploiting the target earlier.
Reconnaissance can be done by scanning target IP addresses, open ports, and services. Fingerprinting web applications and Operating systems. It’s quite pointless going into a pen-test and just trying any attack vectors as quite often it won’t work and often take up a lot of time following the correct procedures will save you hours of time.
I recommend getting started by performing some of the basic attack tutorials linked below. I have created a few tutorials that will teach you the process of web server vulnerability scanning, SQL injection attack, Port Scanning, Man-in-the-middle attack, cracking & phishing wireless networks I hope this will be enough to help you get started with Kali Linux.
If you’re stuck with any options to use with command-line based tools or you need help always check man pages of tools as often the help you will need will be listed in man and help pages.
Example: man nmap nmap -h
Anonymity always keep anonymity in mind! use Tor alongside these tools this will stop information about your host machine from being leaked to the target.
Scan Web Servers For Vulnerabilities Using Nikto Kali Linux
Before attacking a website its vital to do reconnaissance on the target website this helps us gather & log various information about the website or target web application. This then helps us to understand what configuration the target web server is using. Doing a little re-con allows pen-testers to save a lot of time by targeting the configuration of the webserver and web application the attacker can quickly find exploits to comprise the webserver. In the tutorial linked below, we will learn how to use the Nikto vulnerability scanner in Kali Linux.
Scan website for vulnerabilities with Uniscan Kali Linux Tutorial
In the linked tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities using Uniscan.
A port scanner is a tool that is designed to probe webservers or hosts for open or closed ports. Port scanners can be used by system administrators to verify security policies. Port scanners are also used by penetration testers and hackers to identify services by open and closed ports on a host. Information gathered by port scanners can help attackers exploit vulnerabilities in networks.
There are many port scanners available one of the best and most popular port scanners is Nmap.
Nmap comes pre-included in Kali Linux we can use Nmap by opening a command terminal and using command.
Nmap also offers a GUI alternative to their command-line version you can launch the GUI version of Nmap by searching for nmap-gui in the Kali Linux menu or by using command.
Nmap Usage Example
Scan in verbose mode (-v), enable OS detection, version detection, script scanning, and traceroute (-A), with version detection (-sV) against the target IP (192.168.1.1):
root@kali:~# nmap -v -A -sV 192.168.1.1 Starting Nmap 6.45 ( http://nmap.org ) at 2014-05-13 18:40 MDT NSE: Loaded 118 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 18:40 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 18:40, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 18:40 Completed Parallel DNS resolution of 1 host. at 18:40, 0.00s elapsed Initiating SYN Stealth Scan at 18:40 Scanning router.localdomain (192.168.1.1) [1000 ports] Discovered open port 53/tcp on 192.168.1.1 Discovered open port 22/tcp on 192.168.1.1 Discovered open port 80/tcp on 192.168.1.1 Discovered open port 3001/tcp on 192.168.1.1
In computer security, a man-in-the-middle attack (often abbreviated MITM, or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
In the linked tutorial below we discuss how to use popular man-in-the-middle attack tools such as Aprsproof, Urlsnarf, Driftnet.
SQL Injection attack
In the linked article below I demonstrate how an attacker would target and compromise a MySQL database using SQL Injection attacks. SQL Injection attacks allow an attacker to gain database information such as usernames and passwords and potentially compromise websites and web applications that rely on the database.
Cracking Wireless Networks
Monitor mode: or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first.
Master Mode: is a type of wireless mode that is often associated with Access Point or Base Station to provide network access.
Scanning For Wireless Access Point Information Using Airodump-ng
Learn how to scan for wireless network information using airodump-ng. This information will allow further attacks to be performed on Wireless Access Points in range. Airodump-ng comes pre-installed in Kali Linux.
Cracking Wireless Router Using Aircrack-ng with crunch
Since cracking wireless networks can rely heavily on cracking hashed passwords to retrieve the password in plain text. I will show you another type of wireless attack that targets the WPS aspect of wireless security in some cases this method can be the fastest.
Check if a router has WPS enabled
Find out if a nearby router is WPS enabled in Kali Linux using Wash. A lot of modern routers support Wifi Protected Setup (WPS) and it’s quite often enabled by default by the router manufacturer or ISP.
Cracking WPS Wireless Networks
What is WPS? WPS Stands for Wi-Fi Protected Setup WPS usually has a physical push button on the front of your router to allow internet devices such as Phones, iPods, iPads, Laptops Etc. to connect without ever entering the wireless passphrase. There are 100,000,000 Possible Key Values although the ending digit of the key value is known as a checksum which is calculated based on the last 7 digits lowering the process down to 10,000,000 possibilities. WPS breaks the Pins/Keys in half during this process the keys are then broken down to 10,000 values for the first half and 1,000 for the second half of the key-chain this totals 11,000 possible pins to try lowering the overall time of this process drastically.
Phishing Wireless Networks
Hack Wi-Fi Networks Without Cracking with Wifiphisher
Wifiphisher is a wireless security tool that mounts automated victim customized phishing attacks against WiFi clients. This allows the attacker to obtain credentials or infect the target machine with malware. This method uses a social engineering attack method that can quickly trick the target into unknowingly handing over their password. Unlike other methods, it does not include any brute forcing of any kind. It is a quick and easy way to obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.