38,39 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!
About This Book
- Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before
- Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town—Kali Linux 2 (aka Sana).
- Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smoother
Who This Book Is For
If you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.
What You Will Learn
- Find out to download and install your own copy of Kali Linux
- Properly scope and conduct the initial stages of a penetration test
- Conduct reconnaissance and enumeration of target networks
- Exploit and gain a foothold on a target system or network
- Obtain and crack passwords
- Use the Kali Linux NetHunter install to conduct wireless penetration testing
- Create proper penetration testing reports
In Detail
Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.
Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.
Style and approach
This practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 596
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2011
Second edition: April 2014
Third edition: September 2016
Production reference: 1130916
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-842-7
www.packtpub.com
Credits
Authors
Gerard Johansen
Lee Allen
Tedi Heriyanto
Shakeel Ali
Reviewer
Jack Miller
Commissioning Editor
Kartikey Pandey
Acquisition Editor
Rahul Nair
Content Development Editor
Sanjeet Rao
Technical Editor
Naveenkumar Jain
Copy Editor
Safis Editing
Project Coordinator
Judie Jose
Proofreader
Safis Editing
Indexer
Pratik Shirodkar
Graphics
Disha Haria
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade
Disclaimer
The content within this book is for educational purposes only. It is designed to help users test their own system against information security threats and protect their IT infrastructure from similar attacks. Packt Publishing and the authors of this book take no responsibility for actions resulting from the inappropriate usage of learning materials contained within this book.
About the Authors
Gerard Johansen is an information security professional with over a decade of experience in areas such as penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his information security career as a cybercrime investigator, Gerard has built on that experience while working as a consultant and security analyst for clients and organizations ranging from healthcare to finance. Gerard is a graduate of Norwich Univer sity with a Masters of Science in Information Assurance, and he is a certified information systems security professional.
Gerard is currently employed with an information security consulting firm in the United States focusing on penetration testing and threat assessments. He has also contributed to several online publications focused on various aspects of penetration testing.
I would like to thank Lisa, Caleb, and Jenna for their support during this project. Their support was instrumental. I would also like to thank Dr. Marie Wright, who opened my eyes to the challenging and rewarding nature of information security. To the staff at Packt Publishing, especially Sanjeet, your patience and support made this possible. Finally, to all those in the past, present, and future who have shown me new and inventive ways to help keep the keys to the kingdom safe, thank you.
Lee Allen is currently working as a security architect at a prominent university. Throughout the years, he has continued his attempts to remain up to date with the latest and greatest developments in the security industry and the security community. He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years.
Lee Allen is the author of Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide, Packt Publishing.
I would like to thank my wife, Kellie, and our children for allowing me to give the time I needed to work on this book. I would also like to thank my grandparents, Raymond and Ruth Johnson, and my wife's parents, George and Helen Slocum. I appreciate your encouragement and support throughout the years.
Tedi Heriyanto is currently working as an information security analyst at a financial institution. He has worked with several well-known institutions in Indonesia and overseas, for designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing various network, web and mobile application penetration testing, and also giving information security trainings. In his spare times, he perseveres to deepen his knowledge and skills in the field of information security. He shares his knowledge in information security field by writing information security books and has written several of them.
I would like to thank my family for supporting me during the book writing process. After this book has been published, I would have more free time for you all. A huge thanks to the Packt publishing team and their technical reviewers and editors, who provide comments, feedbacks, and support to make the book development project successful. Last but not least, I would like to give my big thanks to my co-authors, Lee Allen, Shakeel Ali and Gerard Johansen, whose technical knowledge, motivation, ideas, challenges, questions, and suggestions make this book writing process a wonderful journey.
Finally, I would like to thank you, the reader, who had bought this book; I hope you enjoy reading the book as much as I enjoyed writing it. I wish you good luck in your information security endeavor.
Shakeel Ali is a security and risk management consultant at a Fortune 500 company. He is also the key founder of Cipher Storm Ltd., UK. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, compliance, governance, incident response, and forensic projects that he carries out in day-to-day operations. He has also supported the security and research initiatives at CSS Providers SAL. As a senior security evangelist, and having spent endless nights, he provides constant security support to various businesses, fi nancial institutions, educational organizations, and government entities globally. He is an active, independent researcher who writes various articles and white papers and manages Ethical-Hacker.net to provide insights into threat intelligence space. He also regularly participates in BugCon Security Conferences held in Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven counter measures.
I would like to thank all my friends, reviewers, and colleagues who were wholeheartedly involved in this book project. Special thanks to the entire Packt publishing team and their technical editors and reviewers, who have given invaluable comments, suggestions, feedbacks, and support to make this project successful. I also want to thank my co-authors, Lee Allen, Tedi Heriyanto, and Gerard Johansen, whose continuous dedication, contributions, ideas, and technical discussions led to the production of such a useful book that you see today. Last but not the least, thanks to my pals from past and present with whom the sudden discovery never ends and their vigilant eyes that turn the IT industry into a secure and stable environment.
About the Reviewer
Jack Miller has been working as a YouTube content creator on the JackkTutorials channel since 2011. Since then he has accumulated over 75,000 subscribers and 8 million video views at the time of writing. On YouTube, he presents video tutorials covering topics such as Kali Linux, Programming, and Hacking and Security. Topics such as the Metasploit Framework, Wireshark, Social Engineering Toolkit, and many more have been explored by him and taught to millions of people around the world.
Alongside YouTube, Jack has also worked on reviews for Packt Publishing for other titles such as Learning Zanti2 for Android Pentesting, Kali Linux CTF Blueprints, and many more. He is beginning to teach online courses on other platforms apart from YouTube to expand his audience and knowledge and to help others learn.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
I would like to dedicate this book to my loving family for their kind support throughout the years, especially to my niece, Jennifer, and nephews, Adan and Jason, whose smiles are an inspiration and encouragement in my life; to my brilliant teachers, the ones who turned an ordinary child into this superior, excellent, and extraordinary individual; to a special human, Nguyen Thi Ly (Lily) and to all my friends and colleagues, Amreeta Poran, Li Xiang, KW, Touraj, Armin, Mada, Jester, Rafael, Khaldoun, Niel, Oscar, Serhat, Kenan, Michael, Ursina, Nic, Nicole, Andreina, Amin, Pedro, Juzer, Ronak, Cornel, Marco, Selin, Jenna, Yvonne, Cynthia, May, Corinne, Stefanie, Rio, Jannik, Carmen, Gul Naz, Stella, Patricia, Mikka, Julian, Snow, Matt, Sukhi, Tristan, Srajna, Eljean Desamparado, Asif, Salman, and all those whom I have forgotten to mention here.
--Shakeel AliI would like to dedicate this book to God for the amazing gifts that have been given to me; to my beloved family for their supports all of the years; to my wonderful teachers and mentors for being so patient in teaching and guiding me in the information security field; to my friends and colleagues for having good discussions during our works; to my excellent clients for trusting me and giving me the chance to work with you; and last but not least, I would like to thank you, the reader, who has bought this book and/or e-book.
--Tedi HeriyantoPreface
In the world of penetration testing, one operating system stands out as the standard for tools. Kali Linux is an operating system that has been designed to provide the penetration tester a flexible platform to perform the panoply of penetration tasks such as enumerating a target, identifying vulnerabilities, and exploiting targets in a networked environment. Taking the technical methods of penetration testing in concert with an industry standard penetration testing methodology along with appropriate planning and objectives allows penetration testers to ascertain the vulnerabilities of a targeted network and deliver guidance for their organizations on appropriate changes to their security infrastructure.
This updated volume of Kali Linux – Assuring Security by Penetration Testing presents a structured method for developing a skill set tailored to the unique nature of penetration testing. What follows is a systematic approach that takes the tools and techniques of penetration testing and combines it with a framework that addresses the tasks related to penetration testing.
Starting off with installing Kali Linux and preparing a testing platform, we will move toward the penetration testing methodologies and frameworks. Next, the preliminary steps of a penetration test are covered. From there, we begin the examination of tools for gathering the open source information about our target networks. Next, we incorporate tools and techniques to gather more detailed information about our target by enumerating ports, detecting operating systems, and identifying services. Building on that information, performing vulnerability assessments will provide a greater depth in understanding potential vulnerabilities on the target network. With this information in hand, we will then discuss leveraging one of the most significant vulnerabilities, people, with an examination of social engineering. With the information we have gathered, we will then exploit our target with the aim of taking control of a system and compromising credentials. Next, we will look at maintaining control of our target network and retrieving data. Finally, we will look at attacking wireless networks to gain access to the internal network. In addition to using the tools in Kali Linux, we will also explore how to use the portable version of Kali Linux—Kali NetHunter.
Throughout this process, we will demonstrate the tools and techniques and their applicability to real-world penetration testing scenarios. In addition, resources for further clarification and direction along with other tools have been presented to address the wide range of situations a penetration tester may find themselves in.
This edition of Kali Linux – Assuring Security by Penetration Testing has been prepared to give the reader, whether a student, security professional, or penetration tester, a roadmap to develop skills and methodologies for use in the challenging world of security testing or for use in their own laboratory. Kali Linux is a powerful tool in the hands of professionals, and this book was developed to allow professionals to see and experience the full extent of what this toolset can do.
What this book covers
Chapter 1, Beginning with Kali Linux, focuses on installing Kali Linux as either a primary operating system, virtual machine, or on removable media. For installation as virtual machine, there will be additional information on the additional features available. After installation, the chapter will discuss additional services such as database and webserver settings that can be configured. Finally, to have a platform to test the skills that will be developed in the coming chapters, the installation of the deliberately vulnerable Linux OS, Metasploitable2 will be discussed.
Chapter 2, Penetration Testing Methodology, explores the various methodologies available to penetration testers. Methodologies such as the OWASP, OSSTM, ISSAF, and WASC-TC set the baseline rules and flow of a penetration test. These methodologies serve the vital function of providing a guideline for penetration testing. The chapter will also differentiate the process of a vulnerability assessment and a penetration test. It will also explore the differences between a white-box and black-box test. Finally, this chapter provides a solid foundation and process for testing a network in a systemic manner.
Chapter 3, Target Scoping, discusses the preliminary activities associated with a penetration test. It will walk you through the critical steps to prepare for a penetration test; gathering client requirements, preparing a test plan, understanding the test boundaries, and clearly defining business objectives. It will also discuss project management techniques to ensure that the penetration test is conducted on schedule.
Chapter 4, Information Gathering, is the first technical step of a penetration test and involves utilizing tools and techniques to gather data about the target. This chapter addresses tools for analyzing DNS records; network routing information and leveraging search engines to identify target e-mail addresses. In addition, a look at leveraging Open Source Intelligence (OSINT) sources and leaked information will be explored.
Chapter 5, Target Discovery, covers the variety of tools available to identify target systems as Kali Linux has a great many tools to gain a more detailed look at the systems that are part of the target network. It will also look at the methods used to identify target operating systems.
Chapter 6, Enumerating Target, discusses the basics of port scanning and one of the gold standard tools for enumerating target hosts, NMAP, because as we move farther along in the penetration testing process, we will explore tools that increase the amount of information we can discover about the target systems. In addition to port discovery, we will put other tools to use to identify SMB, SNMP, and VPN services on our target network.
Chapter 7, Vulnerability Mapping, discusses the types of vulnerability, the vulnerability taxonomy, and the tools that are available, because understanding the role that vulnerability identification and reporting is critical to the penetration testing process. As the chapter progresses, you will be guided through configuring tools to identify vulnerabilities within the target network.
Chapter 8, Social Engineering, examines the tools and techniques available to penetration testers to exploit the vulnerability within the human element because arguably the hardest part of any enterprise to secure is the human element. A great deal of real-world attacks involve social engineering. This chapter will include examining the process of attack and the methods used in social engineering. These will then be combined with tools that can be leveraged in real-world scenarios. Taken in concert, these tools and techniques give the penetration tester an insight into the security around the human element.
Chapter 9, Target Exploitation, looks at the powerful penetration testing tool, Metasploit, following the penetration testing process, we have identified information about our target network. Here is where we put that information to use. Using Metasploit, we will discuss the variety of methods that the penetration tester can leverage against a target network.
Chapter 10, Privilege Escalation, is an exploration of the methods used to compromise credentials. This chapter includes information about how to obtain credentials through network spoofing and sniffing. There is also a good deal dedicated to cracking passwords through a variety of tools.
Chapter 11, Maintaining Access, discusses some of the methods that can be leveraged to maintain control of a compromised system. We will examine the Meterpreter back door in addition to using tunneling tools and configuring web back doors. These techniques allow the penetration tester to maintain access to compromised systems and fly below the radar.
Chapter 12, Wireless Penetration Testing, addresses the unique tools and techniques involved in gaining access to wireless networks. This begins with an overview of the authentication and encryption methods in use by wireless networks. From there, it addresses capturing wireless traffic and the methods utilized to ascertain valid authentication credentials. Finally, once access is obtained, the actions that can be taken as part of an overall penetration test are addressed.
Chapter 13, Kali Nethunter, explores installing Nethunter on compatible Android devices, configuring tools, and real-world examples for use in penetration testing as taking Kali Linux on the road is now easier with the development of Kali Nethunter. This Android operating system allows a penetration tester to leverage the tools of Kali Linux on a portable platform.
Chapter 14, Documentation and Reporting, discusses the different types of report, the contents of different types of report, and finally, how to prepare a presentation of your findings, because reporting the findings of a penetration testing engagement is an often overlooked facet but one that is of paramount importance.
Appendix A, Supplementary Tools, provides some additional tools that may be of use in penetration testing engagements, while there is an in-depth exploration of the tools available in Kali Linux.
Appendix B, Key Resources, provides links to various resources available to further increase the penetration tester's skills and knowledge, while there are a great deal of resources available online that address aspects of penetration testing.
What you need for this book
To maximize the demonstrations in this book, you will need to have a computer or other device in which to install Kali Linux, as well as a deliberately vulnerable operating system. For this book, Metasploitable2 and Windows XP Mode were utilized. Both of these are virtual machines that are free to users. In addition, having access to a wireless access point to configure a wireless network will allow you to follow later chapters that address wireless penetration testing.
Who this book is for
If you are an IT security professional or a student with a basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "We can include other contexts through the use of the include directive."
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Select the file by navigating to File | Add Files to find out the SHA1 hash value of a file."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/KaliLinux2AssuringSecuritybyPenetrationTesting_thirdEdition_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Beginning with Kali Linux
This chapter will guide you through the wonderful world of Kali Linux v 2.0—a specialized Linux distribution for the purpose of penetration testing. In this chapter, we will cover the following topics:
At the end of this chapter, we will describe how to install additional weapons and how to configure Kali Linux.
A brief history of Kali Linux
Kali Linux (Kali) is a Linux distribution system that was developed with a focus on penetration testing. Previously, Kali Linux was distributed as BackTrack, which itself is a merger between three different live Linux penetration testing distributions: IWHAX, WHOPPIX, and Auditor.
BackTrack is one of the most famous Linux distribution systems, as can be proven by the number of downloads, which reached more than four million as of BackTrack Linux 4.0 pre final.
Kali Linux Version 1.0 was released on March 12, 2013. Five days later, Version 1.0.1 was released, which fixed the USB keyboard issue. In those five days, Kali had been downloaded more than 90,000 times.
An updated version, Kali Linux 2.0, was released on August 11, 2015. This distribution aimed to provide a better end-user experience, while still maintaining the full functionality of the previous versions. One of the major improvements available in Kali Linux 2.0 was moving toward a rolling distribution. This meant that the Kali Linux developers were pulling updated base Linux packages directly as they were updated, giving the user a stable platform that is updated regularly.
The following are the major features of Kali Linux (http://docs.kali.org/introduction/what-is-kali-linux):
Kali Linux tool categories
Kali Linux contains a number of tools that can be used during the penetration testing process. The penetration testing tools included in Kali Linux can be categorized into the following categories:
To ease the life of a penetration tester, Kali Linux has provided us with a category called Top 10 Security Tools. Based on its name, these are the top 10 security tools commonly used by penetration testers. The tools included in this category are aircrack-ng, burp-suite, hydra, john, maltego, metasploit, nmap, sqlmap, wireshark, and zaproxy.
Besides containing tools that can be used for the penetration testing task, Kali Linux also comes with several tools that you can use for the following:
For the purposes of this book, we are focusing only on Kali Linux's penetration testing tools.
Downloading Kali Linux
The first thing to do before installing and using Kali Linux is to download it. You can get Kali Linux from the Kali Linux website (http://www.kali.org/downloads/).
On the download page, you can select the official Kali Linux image based on the following items, which are also shown in the next screenshot:
Machine architecture: i386, amd64, armel, and armhf
Image type: ISO image or VMware image
If you want to burn the image to a DVD or install Kali Linux to your machine, you might want to download the ISO image version. However, if you want to use Kali Linux for VMWare, you can use the VMWare image file to speed up the installation and configuration for a virtual environment.
After you have downloaded the image file successfully, you need to compare the SHA1 hash value from the downloaded image with the SHA1 hash value provided on the download page. The purpose of checking the SHA1 value is to ensure the integrity of the downloaded image is preserved. This prevents the user from either installing a corrupt image or an image file that has been maliciously tampered with.
In the Unix/Linux/BSD operating system, you can use the sha1sum command to check the SHA1 hash value of the downloaded image file. Remember that it might take some time to compute the hash value of the Kali Linux image file due to its size. For example, to generate the hash value of the kali-linux-2.0-i386.iso file, the following command is used:
In the Windows world, there are many tools that can be used to generate the SHA1 hash value; one of them is sha1sum. It is available from http://www.ring.gr.jp/pub/net/gnupg/binary/sha1sum.exe.
We like it because of its small size, and it just works. If you want an alternative tool instead of sha1sum, there is HashMyFiles (http://www.nirsoft.net/utils/hash_my_files.html). HashMyFiles supports MD5, SHA1, CRC32, SHA-256, SHA-384, and SHA-512 hash algorithms.
After you have downloaded HashMyFiles, just run the HashMyFiles and select the file by navigating to File | Add Files to find out the SHA1 hash value of a file. Or, you can press F2 to perform the same function. Then, choose the image file you want.
The following screenshot resembles the SHA1 hash value generated by HashMyFiles for the Kali Linux v 2.0 i386.iso image file:
You need to compare the SHA1 hash value generated by sha1sum, HashMyFiles, or other similar tools with the SHA1 hash value displayed on the Kali Linux download page.
If both the values match, you can go straight to the Using Kali Linux section. However, if they do not match, it means that your image file is broken; you may want to download the file again from an official download mirror. When we run the hash of our downloaded file and compare it to the hash on the website, we see that they match, indicating that the package has been fully downloaded and is complete.
Using Kali Linux
You can use Kali Linux in one of the following ways:
In the following sections, we will briefly describe each of those methods.
Running Kali using Live DVD
If you want to use Kali Linux without installing it first, you can do so by burning the ISO image file to a DVD. After the burn process finishes successfully, boot up your machine with that DVD. You need to make sure that you have set the machine to boot from the DVD.
The advantage of using Kali Linux as a Live DVD is that it is very fast to set up and is very easy to use.
Unfortunately, the Live DVD has several drawbacks; for example, any files or configuration changes will not be saved after the reboot. Additionally, running Kali Linux from the DVD is slow as compared to running Kali Linux from the hard disk because the DVD's reading speed is slower than the hard disk's reading speed.
This method of running Kali is recommended only if you just want to test Kali. However, if you want to work with Kali Linux extensively, we suggest that you install Kali Linux.
Installing on a hard disk
To install Kali Linux on your hard disk, you can choose one of the following methods:
You can choose whichever method is suitable for you, but we personally prefer to install Kali Linux on a virtual machine.
Installing Kali on a physical machine
Before you install Kali Linux on a physical/real machine, make sure that you install it on an empty hard drive. If your hard drive already has some data on it, that data will be lost during the installation process because the installer will format the hard drive. For the easiest installations, it is recommended that you use the entire hard disk. For more advanced setups, there is the option of installing Kali Linux on a partition of a single logical drive. To do this, you will have to have a primary partition that boots the operating system and another partition for Kali Linux. Take care when doing this because it is easy for the bootable operating system to become corrupted.
Note
The official Kali Linux documentation that describes how to install Kali Linux with the Windows operating system can be found at http://docs.kali.org/installation/dual-boot-kali-with-windows.
There are several tools that can be used to help you perform disk partitioning. In the open source area, the following Linux Live CDs are available:
To use the Linux Live CD, you just need to boot it up and you are ready for disk partitioning. Make sure that you back up your data before you use the Linux Live CD disk-partitioning tool. Even though they are safe for use in our experience, there is nothing wrong with being cautious, especially if you have important data on the hard disk.
After you are done with the disk partitioning (or you just want to use all the hard disk space), you can boot your machine using the Kali Linux Live DVD and select the Install or Graphical install option when you are prompted with the Kali Linux Live CD menu:
After that, you will see an installation window. You need to set up several things during the installation process:
Installing kali on a virtual machine
You can also install Kali Linux to a virtual machine environment as a guest operating system. The advantages of this type of installation are that you do not need to prepare a separate physical hard disk partition for the Kali Linux image and can use your existing operating system as is.
Note
We will use VirtualBox (http://www.virtualbox.org) as the virtual machine software. VirtualBox is an open source virtualization software that is available for Windows, Linux, OS X, and Solaris operating systems.
Unfortunately, there is also a disadvantage of running Kali Linux on a virtual machine; it is slower than running Kali Linux on a physical machine.
There are two options that can be utilized for installing Kali Linux on a virtual machine. The first option is to install the Kali Linux ISO image into a virtual machine. This option will take more time compared to the VMware image installation. The advantage of this method is that you can customize your Kali installation.
Installing Kali on a virtual machine from the ISO image
To install a Kali Linux ISO image on a virtual machine, the following steps can be used:
Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
The second option is using the VMWare image provided by Kali Linux. With this option, you can install Kali Linux on a virtual machine with ease:
After clicking the Kali Virtual Images, we are brought to another page listing the packages and their associated SHA1 values:
After downloading the Kali Linux VMware image (Kali-Linux-2.0.0-vm-amd64.7z), you need to verify the SHA1 hash of the downloaded file with the hash value provided in the download page. If the hash value is the same, you can extract the image file to the appropriate folder.
As the Vmware image is compressed in the GZ format, you can use any software that can extract a .gz file such as gzip, or 7-Zip if you use a Windows operating system. If you have extracted it successfully, you will find 13 files in the directory:
The following is the default configuration of the Kali Linux VMware image:
Note
For penetration purposes, we should avoid using NAT as the network type. The recommended network type is bridged. Change the default password for Kali when you configure the Kali VM.
If successful, you will see the new virtual machine in the virtual manager list within Virtual Box.
To run the Kali Linux virtual machine, click on the Start icon at the top of the VirtualBox menu bar. After the boot process, Kali Linux will display its login prompt.
If you got the following error message, you need to install the VirtualBox Extension Pack. You can get it from http://www.virtualbox.org/wiki/Downloads:
Clicking OKwill bring you to the following:
Go ahead and click on Install and the following will appear:
Saving or Moving the virtual machine
There are two other advantages to using Kali Linux as a virtual machine. The first is the ease with which the virtual machine can be paused. Pausing the virtual machine allows you to suspend your activity without losing any of your work. For example, if you have to shut down the host system and the virtual machine is still processing an action, suspending it will allow you to pick up right where you left off. To pause the virtual machine, click on the pause button located at the upper left-hand corner of the virtual machine window:
Another feature of the virtual machine is the ability to move it from one host to another. This is very handy if you need to change host systems. For example, running on a laptop and then moving it to a newer, more powerful laptop. This ensures that any configurations or modifications you have made remain so that you do not have to go through the whole process again.
To export a virtual machine, go to File and click on Export Virtual Appliance. You will then be guided through exporting the Kali Linux virtual machine. Select a location to export to and leave the application settings the same. Finally, click Export and the virtual machine will be exported to the location. This may take some time, depending on how large the virtual machine is.
Once the export has concluded, you can use whatever storage device you would like and transfer the virtual machine to another host system. Keep in mind that if you use Oracle Virtual Box to create the virtual machine, use the same version on the new host computer. Once it has transferred, you can import the virtual machine by going to File, Import virtual machine, and following the instructions.
Installing Kali on a USB disk
The third option to use Kali Linux is by installing it to a USB flash disk; we call this method Portable Kali Linux. According to the official Kali documentation, this is the Kali developer's favorite and fastest method of booting and installing Kali. Compared to the hard disk installation, you can run Kali Linux using any computer that supports booting from the USB flash disk with this method.
Note
The installation procedure for the USB flash disk is also applicable to the installation of memory cards (SSD, SDHC, SDXC, and so on).
There are several tools available to create portable Kali Linux. One of them is Rufus (http://rufus.akeo.ie/). This tool can be run only from a Windows operating system.
You can use other tools to create a bootable disk from the ISO image, such as:
Before creating portable Kali Linux, you need to prepare a couple of things:
After downloading Rufus, you can run it on your Windows computer by double-clicking on the rufus.exe file. You will then see the Rufus window.
Tip
If you use a Unix-based operating system, you can create the image using the dd command. The following is an example of imaging:
Here, /dev/sdb is your USB flash disk.
To create a bootable Kali USB flash disk, we need to fill in the following options:
After the process is complete, save all your work first and then reboot your system if you want to try the USB flash disk right away. You may want to configure your Basic Input Output System (BIOS) to boot it from the USB disk. If there is no error, you can boot up Kali Linux from the USB flash disk.
Tip
If you want to add persistence capabilities to the USB flash disk, you can follow the steps described in the documentation section Adding Persistence to Your Kali Live USB located at http://docs.kali.org/installation/kali-linux-live-usb-install.
Configuring the virtual machine
Once installed, there are several configuration steps necessary for the Kali Linux virtual machine. These steps allow for greater functionality and usability.
VirtualBox Guest Additions
It is recommended that after you have successfully created the Kali Linux virtual machine using VirtualBox, you install VirtualBox guest additions. This add-on will provide you with the following additional features:
To install the guest additions, you can perform the following steps:
You may need to wait for several minutes until all of the required modules are successfully built and installed:
Setting up Networking
In the following section, we will discuss how to set up networking in Kali Linux for a wired and wireless network.
Setting up a wired connection
In the default Kali Linux VMware image or ISO configuration, Kali Linux uses NAT (Network Address Translation) as the network's connection type. In this connection mode, the Kali Linux machine will be able to connect to the outside world through the host operating system, whereas the outside world, including the host operating system, will not be able to connect to the Kali Linux virtual machine.
For the penetration testing task, you might need to change this networking method to Bridged Adapter. The following are the steps to change it:
To be able to use the bridge network connection, the host machine needs to connect to a network device that can give you an IP address via DHCP, such as a router or a switch.
As you may be aware, a DHCP IP address is not a permanent IP address; it's just a lease IP address. After several times (as defined in the DHCP lease time), the Kali Linux virtual machine will need to get a lease IP address again. This IP address might be the same as the previous one or might be a different one.
If you want to make the IP address permanent, you can do so by saving the IP address in the /etc/network/interfaces file.
The following is the default content of this file in Kali Linux:
In the default configuration, all of the network cards are set to use DHCP to get the IP address. To make a network card bind to an IP address permanently, we have to edit that file and change the content to the following:
Here, we set the first network card (eth0) to bind to the IP address of 10.0.2.15. You may need to adjust this configuration according to the network environment you want to test.
Setting up a wireless connection
By running Kali Linux as a virtual machine, you cannot use the wireless card that is embedded in your host OS. Fortunately, you can use an external USB-based wireless card. For this demonstration, we are using the USB Ralink wireless card/external antenna (there will be an in-depth discussion of wireless antenna selection later on in the section concerning wireless penetration testing):
