Kali Linux 2018: Assuring Security by Penetration Testing E-Book

Kali Linux 2018: Assuring Security by Penetration Testing Fourth Edition

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Rahul NairContent Development Editor: Nithin George VargheseTechnical Editor:Prashant ChaudhariCopy Editor: Safis EditingProject Coordinator: Drashti PanchalProofreader: Safis EditingIndexer: Mariammal ChettiyarGraphics: Tom ScariaProduction Coordinator: Deepika Naik

First published: April 2011 Second edition: April 2014 Third edition: September 2016 Fourth edition: October 2018

Production reference: 1261018

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78934-176-8

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the authors

Shiva V. N Parasram is the director of the Computer Forensics and Security Institute (www.CFSI.co) and is a cyber security trainer, pentester, and forensic investigator with 14 years in the field. His qualifications include an MSc in Network Security (distinction), CCISO, CEH, CHFI, and CCNA. As a Certified EC-Council Instructor (CEI), he has also trained several hundred people in ethical hacking and forensics and has recently been selected as the sole trainer for cyber security courses for staff at Fujitsu Trinidad. He is also the author of Digital Forensics with Kali Linux published by Packt.

Alex Samm is an IT and computer security professional with 11 years' experience. He's currently working for ESP Global Services. His roles includes system and network administrator, programmer, VMware infrastructure support engineer, and security consultant, among others, for many of the world's largest airlines and pharmaceutical companies, including Roche Diabetes, Norvatis, Ingredion, and Shire Pharmaceuticals. He holds a BSc in Computer Science and CEH, ACE, AME, and NSE, and is currently pursuing OSCP. He also lectures at the Computer Forensics and Security Institute.

Damian Boodoo is a penetration tester and security researcher who wants to live in a world where people have safer networks and don't live in fear of evildoers. With more than 10 years' experience of working in IT, he is the co-founder of DKIT Solutions, who provide security services and other creative solutions to problems that are commonly overlooked. When he's not obsessing over zero days or finding holes in firewalls, he spend his time either tinkering with devices to see how they can be made better or pondering "is it too late to make it into e-sports?"

Gerard Johansen is an information security professional with over a decade of experience in penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his career as a cyber crime investigator, he has also worked as a consultant and security analyst for clients and organizations ranging from healthcare to finance. He is a graduate from Norwich University, gaining an MSc in Information Assurance and also a CISSP, and is currently employed with an international information technology services firm that specializes in incident response and threat intelligence.

Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development.

Tedi Heriyanto currently works as an information security analyst at a Fortune 500 company. He has experience of designing secure network architectures, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing various network, web, and mobile application penetration testing, and giving information security training. In his spare time, he deepens his knowledge and skills in information fields.

Shakeel Ali is a senior cybersecurity consultant at a global Fortune 500 organization. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, attack simulations, SOC/CSIRC facilitation, incident response, and forensic projects that he carries out in day-to-day operations. He is an independent researcher who writes various articles and white papers to provide insights into threat intelligence, and also provides constant security support to various businesses globally.

About the reviewers

Shivanand Persad has a master's in Business Administration from the Australian Institute of Business, and a bachelor's of science in Electrical and Computer Engineering from the University of the West Indies. He possesses a wide variety of specializations, including controls and instrumentation systems, wireless and wired communication systems, strategic management, and business process re-engineering. With over a decade of experience across multiple engineering disciplines, and a lengthy tenure with one of the largest ISPs in the Caribbean, he continues to be passionate about technology and its continuous development. When he's not reading everything in sight, he enjoys archery, martial arts, biking, and tinkering.

Lystra K. Maingot is a trained ethical hacker and digital forensics investigator. He has conducted numerous tests and investigations and has worked in penetration testing and digital forensics investigation training for several years. He is also trained in networking and earned his MSc in Network Security from the Anglia Ruskin University in the UK. He intends to pursue his passion for cyber security in hope of making our cyber environment a safer place.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Kali Linux 2018: Assuring Security by Penetration Testing Fourth Edition

Dedication

Packt Upsell

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Get in touch

Reviews

Installing and Configuring Kali Linux

Technical requirements

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Running Kali using a Live DVD

Installing on a hard disk

Installing Kali on a physical machine

Installing Kali on a virtual machine

Installing Kali on a virtual machine from the ISO image

Installing Kali Linux on a virtual machine using the Kali Linux VM image provided

Saving or moving the virtual machine

Installing Kali on a USB disk

Configuring the virtual machine

VirtualBox guest additions

Setting up networking

Setting up a wired connection

Setting up a wireless connection

Updating Kali Linux

Setting up Kali Linux AMI on Amazon AWS Cloud

Summary

Questions

Further reading

Setting Up Your Test Lab

Technical requirements

Physical or virtual?

Setting up a Windows environment in a VM

Installing vulnerable servers

Setting up Metasploitable 2 in a VM

Setting up Metasploitable 3 in a VM

Installing Packer

Installing Vagrant

Pre-built Metasploit 3

Setting up BadStore in a VM

Installing additional tools in Kali Linux

Network services in Kali Linux

HTTP

MySQL

SSH

Additional labs and resources

Summary

Questions

Further reading

Penetration Testing Methodology

Technical requirements

Penetration testing methodology

OWASP testing guide

PCI penetration testing guide

Penetration Testing Execution Standard

NIST 800-115

Open Source Security Testing Methodology Manual 

General penetration testing framework

Reconnaissance

Scanning and enumeration

Scanning

ARP scanning

The network mapper (Nmap)

Nmap port scanner/TCP scan

Nmap half-open/stealth scan

Nmap OS-detection

Nmap service-detection

Nmap ping sweeps

Enumeration

SMB shares

DNS zone transfer

DNSRecon

SNMP devices

Packet captures

tcpdump

Wireshark

Gaining access

Exploits

Exploits for Linux

Exploits for Windows

Escalating privileges

Maintaining access

Covering your tracks

Reporting

Summary

Footprinting and Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Host

dig

DMitry

Maltego

Getting network routing information

tcptraceroute

tctrace

Utilizing the search engine

SimplyEmail

Google Hacking Database (GHDB)

Metagoofil

Automated footprinting and information gathering tools

Devploit

Red Hawk v2

Using Shodan to find internet connected devices

Search queries in Shodan

Blue-Thunder-IP-Locator

Summary

Questions

Further reading

Scanning and Evasion Techniques

Technical requirements

Starting off with target discovery

Identifying the target machine

ping

fping

hping3

OS fingerprinting

p0f

Introducing port scanning

Understanding TCP/IP protocol

Understanding TCP and UDP message formats

The network scanner

Nmap

Nmap target specification

Nmap TCP scan options

Nmap UDP scan options

Nmap port specification

Nmap output options

Nmap timing options

Useful Nmap options

Service version detection

Operating system detection

Disabling host discovery

Aggressive scan

Nmap for scanning the IPv6 target

The Nmap scripting engine

Nmap options for firewall/IDS evasion

Scanning with Netdiscover

Automated scanning with Striker

Anonymity using Nipe

Summary

Questions

Further Reading

Vulnerability Scanning

Technical requirements

Types of vulnerabilities

Local vulnerability

Remote vulnerability

Vulnerability taxonomy

Automated vulnerability scanning

Vulnerability scanning with Nessus 7

Installing the Nessus vulnerability scanner

Vulnerability scanning with OpenVAS

Linux vulnerability scanning with Lynis

Vulnerability scanning and enumeration using SPARTA

Summary

Questions

Further reading

Social Engineering

Technical requirements

Modeling human psychology

Attack process

Attack methods

Impersonation

Reciprocation

Influential authority

Scarcity

Social relationships

Curiosity

Social Engineering Toolkit

Anonymous USB attack

Credential-harvesting

Malicious Java applet

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Scenario 1

Scenario 2

SMB usernames

VNC blank authentication scanners

PostGRESQL logins

Scenario 3

Bind shells

Reverse shells

Meterpreters

Writing exploit modules

Summary

Privilege Escalation and Maintaining Access

Technical requirements

Privilege-escalation

Local escalation

Password-attack tools

Offline attack tools

John the Ripper

Ophcrack

samdump2

Online attack tools

CeWL

Hydra

Mimikatz

Maintaining access

Operating-system backdoors

Cymothoa

The Meterpreter backdoor

Summary

Web Application Testing

Technical requirements

Web analysis

Nikto

OWASP ZAP

Burp Suite

Paros proxy

W3AF

WebScarab

Cross-Site Scripting

Testing for XSS

SQL injection

Manual SQL injection

Automated SQL injection

sqlmap

Command-execution, directory-traversal, and file-inclusion

Directory-traversal and file-inclusion

Command execution

Summary

Further reading

Wireless Penetration Testing

Technical requirements

Wireless networking

Overview of 802.11

The Wired Equivalent Privacy standard

Wi-Fi Protected Access (WPA)

Wireless network reconnaissance

Antennas

Iwlist

Kismet

WAIDPS

Wireless testing tools

Aircrack-ng

WPA pre-shared key-cracking

WEP-cracking

PixieWPS

Wifite

Fern Wifi-Cracker

Evil Twin attack

Post cracking

MAC-spoofing

Persistence

Sniffing wireless traffic

Sniffing WLAN traffic

Passive sniffing

Summary

Mobile Penetration Testing with Kali NetHunter

Technical requirements

Kali NetHunter

Deployment

Network deployment

Wireless deployment

Host deployment

Installing Kali NetHunter

NetHunter icons

NetHunter tools

Nmap

Metasploit

MAC changer

Third-party Android applications

The NetHunter Terminal Application

DriveDroid

USB Keyboard

Shodan

Router Keygen

cSploit

Wireless attacks

Wireless scanning

WPA/WPA2 cracking

WPS cracking

Evil AP attack

Mana evil AP

HID attacks

DuckHunter HID attacks

Summary

Questions

Further reading

PCI DSS Scanning and Penetration Testing

PCI DSS v3.2.1 requirement 11.3

Scoping the PCI DSS penetration test

Gathering client requirements

Creating the customer requirements form

Preparing the test plan

The test plan checklist

Profiling test boundaries

Defining business objectives

Project management and scheduling

Tools for executing the PCI DSS penetration test

Summary

Questions

Further reading

Tools for Penetration Testing Reporting

Technical requirements

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report

Preparing your presentation

Post-testing procedures

Using the Dradis framework for penetration testing reporting

Penetration testing reporting tools

Faraday IDE

MagicTree

Summary

Questions

Further reading

Assessments

Chapter 1 – Assessment answers

Chapter 2 – Assessment answers

Chapter 4 – Assessment answers

Chapter 5 – Assessment answers

Chapter 6 – Assessment answers

Chapter 12 – Assessment answers

Chapter 13 – Assessment answers

Chapter 14 – Assessment answers

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

This book, now in its fourth edition, uses the updated Kali Linux 2018 and many new and updated tools used by professional penetration testers and security professionals in the industry. Kali Linux has, over the years, proven to be the tool of choice in every penetration tester's arsenal, and this book provides readers with in-depth knowledge through hands-on practical labs, allowing them to immerse themselves in the realm of penetration testing in a safe environment that they themselves will build.

Who this book is for

This book targets pentesters, ethical hackers, and IT security professionals with basic knowledge of the Unix/Linux operating systems. Some awareness and knowledge of information security concepts is expected.

What this book covers

Chapter 1, Installing and Configuring Kali Linux, introduces Kali Linux 2018 and focuses on the various methods for using Kali Linux. This chapter is written in such a way as to allow even the inexperienced user to run Kali Linux from a live DVD; install and configure Kali Linux onto a hard disk, SD card, or USB thumb drive; or even install Kali Linux as a virtual machine. New to this edition is the installation of Kali Linux in the cloud using AWS.

Chapter 2, Setting Up Your Test Lab, explains the creation of a safe environment where readers can legally practice all hands-on practical examples within each chapter in a virtualized environment. This chapter gives detailed instructions on setting up virtual machines such as Metasploitable 2 and  Metasploitable 3 as targets against the penetration test.

Chapter 3, Penetration Testing Methodology, introduces you to the various methodologies for penetration testing for the purpose of planning and scoping the penetration test, outlining the steps and processes involved in a successful penetration test.

Chapter 4, Footprinting and Information Gathering, addresses the first phase in the penetration test by utilizing several common tools used for reconnaissance, including the Google Hacking Database. New to this edition is information on tools for automated information gathering, such as Devploit, RedHawk, and Shodan.

 Chapter 5, Scanning and Evasion Techniques, covers target, host, and service discovery using the very powerful Nmap tool. Automated scanning and deep information gathering is also performed using Netdiscover and Striker. Also covered in this chapter is the Nipe tool, which offers some privacy and anonymity to users.

Chapter 6, Vulnerability Scanning, takes a more hands-on approach to this topic by providing the reader with step-by-step instructions on using very in-depth automated vulnerability assessment tools, such as Nessus 7 and OpenVAS. New to this edition is the information on the Linux vulnerability scanning and auditing tool Lynis, and the vulnerability assessment and enumeration tool SPARTA. All tools are used in a practice lab, ensuring that real-world type assessments are faithfully simulated.

Chapter 7, Social Engineering, discusses the core principles and practices adopted by professional social engineers to manipulate humans into divulging information or performing an act.

Chapter 8, Target Exploitation, is where the reader will apply techniques and tools in order to exploit computer systems. The exploits will take advantage of vulnerabilities and flaws in the systems, which will enable the user to gain access to the system.

Chapter 9, Privilege Escalation and Maintaining Access, shows the reader how to escalate their current access level and compromise other accounts on the system. Finally, they will use the compromised accounts to return to the system (maintain access) and gain further access to the network.

Chapter 10, Web Application Testing, takes a look at some of the major tools used for web application testing and, by extension, cloud applications, as they are built on the same protocols and use many of the same platforms.

Chapter 11, Wireless Penetration Testing, covers setting up the tools  you need to capture the data needed to crack and gain access to wireless networks, including setting up fake access points.

Chapter 12, Mobile Penetration Testing with Kali NetHunter, takes a purely hands-on approach to the mobile penetration testing distribution application. This chapter details the installation and configuration process and demonstrates the performance of scanning, vulnerability assessments, man-in-the-middle attacks, and wireless attacks, which can all be performed by this mobile distribution.

 Chapter 13,  PCI DSS Scanning and Penetration Testing, introduces the standard and its 6 goals and 12 requirements. Focus is placed on the PCI DSSv3 11.3.1 and 11.3.2 requirements, as these specifically address the scoping of the penetration test.

Chapter 14, Tools for Penetration Testing Reporting,discusses the various types of reports and post-testing procedures, and demonstrates the use of the Dradis Framework to organize and fully document the penetration test.

To get the most out of this book

This book covers many topics, and the while the authors have done their best to explain these topics, there are some fundamental topics of networking and security that readers may wish to review in order to better understand the concepts taught throughout the book.

Some of these topics include the following:

The seven layers of the OSI model

The TCP/IP suite

The TCP three-way handshake

Protocols and port numbers

Wireless basics (802.11 a,b,g,n,ac), WEP, and WPA2

Basic Linux commands (including

ls

,

cd

, and

clear

)

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

Any command-line input or output is written as follows:

Nmap 172.16.54.144 –sV

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Installing and Configuring Kali Linux

This chapter will guide you through the wonderful world ofKali Linux 2018.2, a specialized Linux distribution for the purpose of penetration testing. In this chapter, we will cover the following topics:

A brief history of Kali

Several common uses of Kali

Downloading and installing Kali

Configuring and updating Kali

Technical requirements

For this chapter and throughout the book, readers will need a laptop or desktop with 6 GB of RAM or greater and also 100 GB hard disk space if installing Kali Linux and test lab environments as virtual machines. If installing Kali on a flash drive or SD/micro-SD card, minimum storage space should be 8 GB (with 16 GB or more recommended). Readers will also be required to download the following:

VirtualBox (

https://www.virtualbox.org/wiki/Downloads

)

Vmware Player (

https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/14_0

)

Kali Linux (

https://www.kali.org/downloads/

)

Kali Linux tool categories

As of the writing of this, the latest release of Kali Linux is version 2018.2, released on. As listed on the official website at https://bugs.kali.org/changelog_page.php, this version includes:

Better support for AMD GPUs

Fixes for x86 and x64 architecture against Spectre and Meltdown vulnerabilities

Easier access to Metasploit with

metasploit-framework-4.16.34-0Kali2

and newer

Updates to tools including Bloodhound v1.51, Reaver 1.6.4, PixieWPS 1.42, BurpSuite 1.7.32, Hashcat 4.0, and others

Improvements to Wpscan, Openvas, Xplico, Responder, and Dradis

Kali Linux contains a number of tools that can be used during the penetration testing process. The penetration testing tools included in Kali Linux can be categorized into the following:

Information gathering

: This category contains several tools that can be used to gather information about DNS, IDS/IPS, network scanning, operating systems, routing, SSL, SMB, VPN, voice over IP, SNMP, email addresses, and VPN.

Vulnerability assessment

: In this category, you can find tools to scan vulnerabilities in general. It also contains tools to assess the Cisco network, and tools to assess vulnerability in several database servers. This category also includes several fuzzing tools.

Web applications

: This category contains tools related to web applications such as the content management system scanner, database exploitation, web application fuzzers, web application proxies, web crawlers, and web vulnerability scanners.

Database assessment

: Tools in this category test the security of a variety of databases. There are a number of tools designed specifically to test SQL databases.

Password attacks

: In this category, you will find several tools that can be used to perform password attacks, online or offline.

Wireless attacks

: Testing wireless security is becoming more and more common. This category includes tools to attack Bluetooth, RFID/NFC, and wireless devices.

Exploitation tools

: This category contains tools that can be used to exploit the vulnerabilities found in the target environment. You can find exploitation tools for the network, web, and databases. There are also tools to perform social engineering attacks and find exploit information.

Sniffing and spoofing

: Tools in this category can be used to sniff the network and web traffic. This category also includes network spoofing tools such as Ettercap and Yersinia.

Post exploitation

: Tools in this category will be able to help you maintain access to the target machine. You might need to get the highest privilege level in the machine before you can install tools in this category. Here, you can find tools for backdooring the operating system and web application. You can also find tools for tunneling.

Forensics

: This category contains tools to perform digital forensic acquisitions, data recovery, incident response, and file carving.

Reporting tools

: In this category, you will find tools that help you document the penetration testing process and results.

Social engineering tools

: This category contains the very powerful Maltego and

Social Engineering Toolkit

(

SET

), among others, which are very useful in the reconnaissance and exploitation phases of penetration testing.

System services

: This category contains several services that can be useful during the penetration testing task, such as the Apache service, MySQL service, SSH service, and Metasploit service.

To simplify the life of a penetration tester, Kali Linux has provided us with a category called Top 10 Security Tools. As its name implies, these are the top 10 security tools most commonly used by penetration testers. The tools included in this category are aircrack-ng, burp-suite, hydra, john, maltego, metasploit, nmap, sqlmap, wireshark, and zaproxy.

Besides containing tools that can be used for the penetration testing tasks, Kali Linux also comes with several tools that you can use for the following:

Reverse engineering

: This category contains tools that can be used to debug a program or disassemble an executable file.

Stress testing

: This category contains tools that can be used to help you in stress testing your network, wireless, web, and VOIP environment.

Hardware hacking

: Tools in this category can be used if you want to work with Android and Arduino applications.

Forensics

: Tools in this category can be used for a variety of digital forensic tasks. This includes imaging disks, analyzing memory images, and file carving. One of the best forensic tools that is available with Kali Linux is Volatility. This command-line tool has a number of features for analyzing memory images. There are also several GUI tools available such as Autopsy and Guymager and also Xplico, which has been fixed.

For the purposes of this book, we are focusing only on Kali Linux's penetration testing tools.

Downloading Kali Linux

The first thing to do before installing and using Kali Linux is to download it. You can get Kali Linux from the Kali Linux website (http://www.kali.org/downloads/).

On the Downloads page, you can select the official Kali Linux image based on the following items:

Images for VMware, VirtualBox, and Hyper-V can also be downloaded from the Offensive Security Downloads page at https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/, as seen in the following screenshot:

Kali Linux Custom ARM downloads can be downloaded from https://www.offensive-security.com/kali-linux-arm-images/. Images can be downloaded for devices such as Chromebooks, Raspberry Pi, and others by clicking on the arrow to the right of the device names.

Kali NetHunter v3.o can be downloaded from the Offensive Security website at https://www.offensive-security.com/kali-linux-nethunter-download/.

More on choosing, installing, and using the appropriate version of NetHunter will be discussed in later chapters:

If you want to burn the image to a DVD or install Kali Linux on your machine, you might want to download the ISO image version. However, if you want to use Kali Linux in a virtual environment such as VirtualBox, VMWare, or Hyper-V, you can use the relevant image files to speed up the installation and configuration for a virtual environment, available at https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/.

After you have downloaded the image file successfully, you need to compare the SHA hash value from the downloaded image with the sha256sum hash value provided on the download page. The purpose of checking the SHA-256 value is to ensure the integrity of the downloaded image is preserved. This prevents the user from either installing a corrupt image or an image file that has been maliciously tampered with.

In the UNIX/Linux/BSD operating system, you can use the sha256sum command to check the SHA-256 hash value of the downloaded image file. Remember that it might take some time to compute the hash value of the Kali Linux image file due to its size. For example, to generate the hash value of the kali-linux-2018.2-amd64.iso file, the following command is used:

sha256sum kali-linux-2018.2-amd64.iso

For Windows users, a small and free tool created by Raymond Lin, called the MD5 & SHA Checksum Utility, can be used. This tool calculates MD5, SHA-1, SHA-256, and even SHA-512 hashes of files and also allows for the comparison and verification of hashes.

The MD5 & SHA Checksum Utility can be downloaded at: https://download.cnet.com/MD5-SHA-Checksum-Utility/3000-2092_4-10911445.html. Once downloaded and run, click on the Browse button and browse to the path of the downloaded file. In this instance, I'll be using my kali-linux-2018.2-amd64.iso file, as seen in this screenshot:

In the preceding screenshot, the hash of the kali-linux-2018.2-amd64.iso file was also copied from the Kali Linux Downloads page and pasted into the Hash field for verification. Click on the Verify button to compare and verify the SHA-256 hashes:

If both the values match, you can go straight to the Using Kali Linux section. However, if they do not match, it means that your image file is broken; you may want to download the file again from an official download mirror. When we run the hash of our downloaded file and compare it to the hash on the website, we see that they match, indicating that the package has been fully downloaded and is complete.

Using Kali Linux

You can use Kali Linux in one of the following ways:

You can run Kali Linux directly from the Live DVD

You can install Kali Linux on the hard disk and then run it

You can install Kali Linux on the USB disk (as a portable Kali Linux)

In the following sections, we will briefly describe each of those methods.

Running Kali using a Live DVD

If you want to use Kali Linux without installing it first, you can do so by burning the ISO image file to a DVD. After the burn process finishes successfully, boot up your machine with that DVD. You need to make sure that you have set the machine to boot from the DVD.

The advantage of using Kali Linux as a Live DVD is that it is very fast to set up and is very easy to use.

Unfortunately, a Live DVD has several drawbacks; for example, any files or configuration changes will not be saved after a reboot. Additionally, running Kali Linux from the DVD is slow compared to running Kali Linux from the hard disk because the DVD's reading speed is slower than the hard disk's reading speed.

This method of running Kali is recommended only if you just want to test Kali. However, if you want to work with Kali Linux extensively, we suggest that you install Kali Linux.

Installing on a hard disk

To install Kali Linux on your hard disk, you can choose one of the following methods:

Installation on a physical/real machine (regular installation)

Installation on a virtual machine

You can choose whichever method is suitable for you, but we personally prefer to install Kali Linux on a virtual machine.

Installing Kali on a physical machine

Before you install Kali Linux on a physical/real machine, make sure that you install it on an empty hard drive. If your hard drive already has some data on it, that data will be lost during the installation process because the installer will format the hard drive. For the easiest installation, it is recommended that you use the entire hard disk. For more advanced setups, there is the option of installing Kali Linux on a partition of a single logical drive. To do this, you will have to have a primary partition that boots the operating system and another partition for Kali Linux. Take care when doing this because it is easy for the bootable operating system to become corrupted.

There are several tools that can be used to help you perform disk partitioning. In the open source area, the following Linux Live CDs are available:

SystemRescueCD (

http://www.sysresccd.org/

)

GParted Live (

http://gparted.sourceforge.net/livecd.php

)

Kali Linux (

http://www.kali.org

)

To use the Linux Live CD, you just need to boot it up and you are ready for disk partitioning. Make sure that you back up your data before you use the Linux Live CD disk-partitioning tool. Even though they are safe for use in our experience, there is nothing wrong with being cautious, especially if you have important data on the hard disk.

After you are done with the disk partitioning (or you just want to use all the hard disk space), you can boot your machine using the Kali Linux Live DVD and select the Install or Graphical install option when you are prompted with the Kali Linux Live CD menu:

After that, you will see an installation window. You need to set up several things during the installation process:

Set Language

: The default is

English

.

Selection Location

: Use the drop-down menu to select your country.

Configure the Keyboard

: Select the keyboard that best fits your needs.

Host Name for the system

: The default is Kali. For beginners, you can leave the default in place. Host names are often used in enterprise environments where an accounting of all systems connected to the network is necessary.

Set the Domain

: For beginners, this should be left blank. This would only be used if the installation was to be part of a network domain.

Set Password

: This will be the password for the ROOT account. Choose a strong one, do not share it, and do not forget it.

Configure the clock

: Choose your time zone.

Partition Disk

: The installer will guide you through the disk partitioning process. If you use an empty hard disk, just select the default

Guided - use entire disk

option for convenience. If you have some other operating system installed on your machine, you might first want to create a separate partition for Kali Linux and then select

Manual

in this menu. After you have selected a suitable menu, the installer will create the partition.

The installer will ask you about the partitioning scheme; the default scheme is

All

files in one partition. Remember that if you want to store files in the home directory, you should select

Separate /home partition

so that those files won't be deleted if you reinstall the system. The /home partition's size really depends on your needs. If you want to put all your data in that directory, you may want a big partition size (more than 50 GB). For average use, you can go ahead with 10 to 20 GB.

For beginners, it is recommended that you select the 

Guided - use entire disk

 option. Then, select the disk that you want to install Kali Linux to. Select

All files

in one partition.

The installer will display an overview of your currently configured partitions, as shown in the following screenshot:

Make sure 

Finish

partitioning and write changes to disk

is selected and then click

Continue

. Finally, click the

Yes

radio button and click

Continue

to write the changes to the disk.

Network Mirror

: For beginners, choose no. We will cover updating Kali Linux.

Next, the installer will install the Kali Linux system. The installation will be completed in several minutes and you will have Kali Linux installed on your hard disk afterwards. In our test machine, the installation took around 20 minutes.

After the installation is finished, the installer will ask you to configure the package manager. Next, it will ask you to install GRUB to the

Master Boot Record

 (

MBR

)

. You can just choose the default values for these two questions. Beware: if you have some other operating system on the same machine, you should not choose to install GRUB to the MBR.

If you see the following message, it means that your Kali installation is complete:

You can restart the machine to test your new Kali installation by selecting the

Continue

button. After restarting, you will see the following Kali login screen. You can log in using the credentials that you configured in the installation process. 

The default username is 

root

:

The default password is toor:

Installing Kali on a virtual machine

You can also install Kali Linux on a virtual machine environment as a guest operating system. The advantages of this type of installation are that you do not need to prepare a separate physical hard disk partition for the Kali Linux image and can use your existing operating system as is.

Unfortunately, there is also the disadvantage of running Kali Linux on a virtual machine; it is slower than running Kali Linux on a physical machine.

There are two options that can be utilized for installing Kali Linux on a virtual machine. The first option is to install the Kali Linux ISO image into a virtual machine. This option will take more time compared to VMware image installation. The advantage of this method is that you can customize your Kali installation.

Installing Kali on a virtual machine from the ISO image

To install a Kali Linux ISO image on a virtual machine, these steps can be followed:

Create a new virtual machine by selecting

New

from the VirtualBox 
toolbar menu:

After that, you need to define the virtual machine's name and the operating system's type. Here, we set the VM's name to

Kali Linux

and we choose

Linux

for the OS type and

Debian

for the version.

Then, you need to define the VM's base memory size. The more memory you provide, the better the virtual machine will be. Here, we allocated 2,048 MB of memory to the Kali Linux virtual machine. Remember that you can't give all of your physical memory to the VM because you still need the memory to run your host operating system:

Next, you will be asked to create a virtual hard disk. You can just select VDI as the hard disk type along with a dynamically allocated virtual disk file. We suggest creating at least a 32 GB virtual hard disk. If you want to install some software packages later on, you may want to create a larger virtual hard disk. Choose

Create a virtual hard disk now

and click

Create

:

Now select a file location and size. Click

Create

:

Read the dialog box and click

Continue.

After this, your newly created VM will be listed in the VirtualBox menu:

Double-click on the new Kali Linux VM:

Using the file icon, navigate to where you have the Kali Linux 2018.2 ISO of your choice. Once selected, click

Start

.

Once the installation starts, follow the directions as they were defined in the previous section on installing Kali Linux 2.0.

Installing Kali Linux on a virtual machine using the Kali Linux VM image provided

The second option is using the VMware image provided by Kali Linux.

With this option, you can install Kali Linux on a virtual machine with ease; it is located on the Kali Linux Downloads page at https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/:

After clicking Kali Virtual Images, we are brought to another page listing the packages and their associated sha256sum values on the Offensive Security page:

As the VMware image is compressed in the ZIP format, you can use any software that can extract a .gz file such as gzip, or 7-Zip if you use a Windows operating system. If you have extracted it successfully, you will find 13 files in the directory:

To create the new virtual machine using this VM image file, select

New

from the VirtualBox icon toolbar.

We will use Kali Linux from VM as the VM name and choose

Linux

as the operating system and

Debian

as the version.

We configure the Kali Linux virtual machine to use 2,048 MB as its memory size.

Next, we define the virtual hard disk to

Use an existing virtual hard drive file

. Then, we select the

kali-linux-2018.2-vm-amd64.vmdk

file for the hard disk. After that, we choose

Create

to create the virtual machine, as shown in the following screenshot:

The following is the default configuration of the Kali Linux VMware image:

Hard disk size: 30 GB

Network type: NAT

Username:

root

Password:

toor

If successful, you will see the new virtual machine in the virtual manager list in Virtual Box.

To run the Kali Linux virtual machine, click on the start icon at the top of the VirtualBox menu bar. After the boot process, Kali Linux will display its login prompt.

If there are any error messages, install the VirtualBox Extension Pack. You can get it from http://www.virtualbox.org/wiki/Downloads.

Clicking OK will bring you to the following dialog:

Go ahead and click on Install and then click on OK.

Saving or moving the virtual machine

There are two other advantages to using Kali Linux as a virtual machine. The first is the ease with which the virtual machine can be paused. Pausing the virtual machine allows you to suspend your activity without losing any of your work. For example, if you have to shut down the host system and the virtual machine is still processing an action, suspending it will allow you to pick up right where you left off. To pause the virtual machine, click on the Pause button located at the upper-left-hand corner of the virtual machine window.

Another feature of the virtual machine is the ability to move it from one host to another. This is very handy if you need to change host systems, for example, running on a laptop and then moving it to a newer, more powerful laptop. This ensures that any configurations or modifications you have made remain, so that you do not have to go through the whole process again.

To export a virtual machine, go to File and click on Export Appliance. You will then be guided through exporting the Kali Linux virtual machine. Select a location to export to and leave the application settings the same. Finally, click Export and the virtual machine will be exported to the location. This may take some time, depending on how large the virtual machine is.

Once the export has concluded, you can use whatever storage device you would like and transfer the virtual machine to another host system. Keep in mind that if you use Oracle VirtualBox to create the virtual machine, use the same version on the new host computer. Once it has transferred, you can import the virtual machine by going to File, Import Appliance, and following the instructions.

Installing Kali on a USB disk

The third option to use Kali Linux is by installing it on a USB flash disk; we call this method Portable Kali Linux. According to the official Kali documentation, this is Kali developers' favorite and fastest method of booting and installing Kali. Compared to the hard disk installation, you can run Kali Linux using any computer that supports booting from the USB flash disk with this method.

There are several tools available to create portable Kali Linux. One of them is Rufus (http://rufus.akeo.ie/). This tool can be run only from a Windows operating system.

You can use other tools to create a bootable disk from the ISO image, such as these:

Win32DiskImager (

https://launchpad.net/win32-image-writer

)

Universal USB Installer (

http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

)

LinuxLive USB Creator (

http://www.linuxliveusb.com

)

Before creating portable Kali Linux, you need to prepare a couple of things:

Kali Linux ISO image

: Even though you can use the portable creator tool to download the image directly while making Kali Linux portable, we think it's much better to download the ISO first and then configure Rufus to use the image file.

USB flash disk

: You need an empty USB flash disk with enough space on it. We suggest using a USB flash disk with a minimum size of 16 GB.

After downloading Rufus, you can run it on your Windows computer by double-clicking on the rufus.exe file. You will then see the Rufus window.

If you use a UNIX-based operating system, you can create the image using the dd command. The following is an example of imaging:

dd if=kali-linux-2.0-i386.iso of=/dev/sdb bs=512k

To create a bootable Kali USB flash disk, we need to fill in the following options:

For

Device

, we choose the location of the USB flash disk. In my case, it is the E drive in my Windows system.

For

Partition

scheme and target system type, set it to MBR partition scheme for BIOS or UEFI computers.

In the

Create a bootable disk

using option, set the value to

ISO image

and select the ISO image using the disk icon:

Click on

Start

to create the bootable image.

After the process is complete, save all your work first and then reboot your system if you want to try the USB flash disk right away. You may want to configure your Basic Input Output System (BIOS) to boot it from the USB disk. If there is no error, you can boot up Kali Linux from the USB flash disk.

Configuring the virtual machine

Once installed, there are several configuration steps necessary for the Kali Linux virtual machine. These steps allow for greater functionality and usability.

VirtualBox guest additions

It is recommended that after you have successfully created the Kali Linux virtual machine using VirtualBox, you install VirtualBox guest additions. This add-on will provide you with the following additional features:

It will enable the virtual machine to be viewed in full screen

It will make the mouse move faster in the virtual machine

It will enable you to copy and paste the text between the host and guest machine

It will enable the guest and host machines to share folders

To install the guest additions, perform the following steps:

From the

VirtualBox

menu, navigate to

Devices

|

Install Guest Additions

. You will then see that the VirtualBox guest addition file is mounted as a disk.

The VirtualBox will then display the following message. Click on

Cancel

to close the window:

Open the Terminal console and change the VirtualBox guest additions CD ROM mount point (

/media/cdrom0

):

Execute

VBoxLinuxAdditions.run

to run the VirtualBox guest additions installer by typing

sh ./VBoxLinuxAdditions.run

, as seen here:

You may need to wait for several minutes until all of the required modules are successfully built and installed. Follow these steps to switch the VM to full-screen mode:

Change to the

root

home directory.

Eject the VBoxAdditions CD image by right-clicking on the icon and selecting

Eject

from the menu. If successful, the VBoxAdditions icon will disappear from the desktop.

Reboot the virtual machine by typing the

reboot

command in the terminal console.

After the reboot, you can switch to full screen (

View

|

Switch to fullscreen

) from the VirtualBox menu.

Setting up networking

In the following section, we will discuss how to set up  networking in Kali Linux for a wired and wireless network.

Setting up a wired connection

In the default Kali Linux VMware image or ISO configuration, Kali Linux uses Network Address Translation (NAT) as the network's connection type. In this connection mode, the Kali Linux machine will be able to connect to the outside world through the host operating system, whereas the outside world, including the host operating system, will not be able to connect to the Kali Linux virtual machine.

For the penetration testing task, you might need to change this networking method to Bridged Adapter. The following are the steps to change it:

First, make sure you have already powered off the virtual machine.

Then, open up the VirtualBox Manager, select the appropriate virtual machine—in this case we are using the Kali Linux virtual machine—and then click on the

Network

icon on the right-hand side and change the

Attached to

drop-down box from

NAT

to

Bridged Adapter

in

Adapter 1

. In the

Name

field, you can select the network interface that is connected to the network you want to test, as shown in the following screenshot: