Kali Linux Intrusion and Exploitation Cookbook E-Book

   BIRMINGHAM - MUMBAI

Kali Linux Intrusion and Exploitation Cookbook

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: April 2017

Production reference: 1140417

ISBN 978-1-78398-216-5

www.packtpub.com

Credits

Authors

Dhruv Shah Ishan Girdhar

Copy Editor

Safis Editing

Reviewers

Akash Mahajan Nishant Das Patnaik Sreenath Sasikumar Bhargav Tandel

Project Coordinator

Vaidehi Sawant

Commissioning Editor

Julian Ursell

Proofreader

Safis Editing

Acquisition Editor

Vinay Argekar

Indexer

Tejal Daruwale Soni

Content Development Editor

Rohit Kumar Singh

Production Coordinator

Nilesh Mohite

Technical Editor

Vivek Pala

About the Authors

Dhruv Shah is an information security consultant and security researcher. He started his career as an information security trainer and later moved to consulting. He has a great passion for security. He has been working in the security industry for nearly 7 years. Over this period, he has performed network security assessments, web application assessments, and mobile application assessments for various private and public organizations, as well as private sector banks.

He runs the security-geek.in website, a popular resource of security guides, cheat sheets, and walkthroughs for vulnerable machines of VulnHub. He holds a masters of science in information technology (MSc IT)  degree from Mumbai University. His certifications include CEH, CISE, and ECSA.

Outside of work, he can be found gaming on Steam, playing CS GO and Rocket League.

Ishan Girdhar is a senior pentester and DevSecOps engineer. With over 7 years of work experience, he has been vigorously involved in building application security and bug bounty programs, in his current and previous roles, helping businesses and organizations to be more secure ad aware. He is currently working with Southeast Asia’s biggest ride-hailing platform, Grab. Previously, he has worked with organizations such as InMobi and one of the biggest Internet payment company, PayPal. He holds bachelor's and master's degrees in computer science and has the MCP, CCNA, RHCE, and OSCP certifications. He has also conducted various trainings for Red Hat Linux and web application and network security. He loves to share his work with the InfoSec and developer community through public speaking and open source projects. He loves to code in Python.

In his spare time, he prefers reading, scripting, tweeting (@ishangirdhar), and writing articles at his blog (www.securityninja.io), which aims on sharing knowledge and encouraging budding enthusiasts. You can check out some of his open source projects at github.com/ishangirdhar. He was a part of NullCon (Goa 2012,2013, 2014, and 2015) and has been actively engaged in Null Meets (the Delhi, Bangalore, and Singapore chapters).

About the Reviewers

Akash Mahajan is an accomplished security professional with over a decade's experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments, and organizations around the world.

He has a lot of experience of working with clients to provide cutting edge security insight that truly reflects the commercial and operational needs of the organization, ranging from strategic advice and testing and analysis to incident response and recovery.

 He is an active participant in the international security community and a conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP--the global organization responsible for defining the standards for web application security--and as a co-founder of NULL, India’s largest open security community.

He is the author of Burp Suite Essentials, by Packt, and also a technical reviewer for Mobile Application Penetration Testing.

Nishant Das Patnaik is an experienced application security and DevSecOps engineer. He is currently working as an application security engineer at eBay Bangalore. In the past, he has worked as an application security researcher at InMobi and as a senior paranoid at Yahoo!. He loves to share his work with the InfoSec and developer community through public speaking and open source projects. Hence, he has been a presenter at Black Hat Europe 2016, Black Hat USA 2016, Black Hat USA 2013, and Nullcon 2012. He loves to code in Python, Node.js, and PHP. He has authored a book, Software Hacking, published by Vikas Publishing, and he is also the technical reviewer of a book, iOS Penetration Testing: A Definitive Guide to iOS Security, published by Apress Inc. When he is not working, you can either find him playing the piano or experimenting in the kitchen. You may reach out to him on Twitter at @dpnishant and check out some of his open source projects at github.com/dpnishant.

Sreenath Sasikumar is the CEO of MashupAcademy, a fullstack educational startup, and also a web security consultant. He also works with Kerala Police Cyberdome as a deputy commander and is the board member of OWASP, Kerala. He loves open source and has created eight Mozilla add-ons, including Clear Console, the featured add-on, which was selected among the best Firefox add-ons of 2013. He has created the world's first-of-its-kind hacking browser, PenQ. He works as start-up mentor to technology firms and student start-ups. He is also a co-organizer and speaker at Google Developer Group, Trivandrum.

Bhargav Tandel has over 5 years of experience in Information Security with companies such as Reliance Jio, Vodafone, and Wipro. His core expertise and passions are vulnerability assessment, penetration testing, ethical hacking, information security, and system administration.  He is currently pursuing the OSCP certification. He has the ability to solve complex problems involving a wide variety of information systems, work independently on large-scale projects, and thrive under pressure in fast-paced environments while directing multiple projects from the concept to the implementation.

You can connect with him on LinkedIn at https://www.linkedin.com/in/bhargav-tandel-aa046646 or e-mail him at [email protected]. You can also subscribe his YouTube Channel, www.youtube.com/bhargavtandel.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://goo.gl/QcxheF.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Getting Started - Setting Up an Environment

Introduction

Installing Kali Linux on Cloud - Amazon AWS

Getting ready

How to do it...

How it works...

There's more...

Installing Kali Linux on Docker

Getting ready

How to do it...

How it works...

There's more...

Installing NetHunter on OnePlus One

Getting ready

How to do it...

How it works...

There's more...

Installing Kali Linux on a virtual machine

Getting ready

How to do it...

How it works...

Customizing Kali Linux for faster package updates

Getting ready

How to do it...

How it works...

Customizing Kali Linux for faster operations

Getting ready

How to do it...

How it works...

Configuring remote connectivity services - HTTP, TFTP, and SSH

Getting ready

How to do it...

How it works...

Configuring Nessus and Metasploit

Getting ready

How to do it...

How it works...

There's more...

Configuring third-party tools

Getting ready

How to do it...

How it works...

Installing Docker on Kali Linux

Getting ready

How to do it...

How it works...

Network Information Gathering

Introduction

Discovering live servers over the network

Getting ready

How to do it...

How it works...

There's more...

See also

Bypassing IDS/IPS/firewall

Getting ready

How to do it...

How it works...

There's more...

Discovering ports over the network

Getting ready

How to do it...

How it works...

There's more...

See also

Using unicornscan for faster port scanning

Getting ready

How to do it...

How it works...

There's more...

Service fingerprinting

Getting ready

How to do it...

How it works...

There's more...

Determining the OS using nmap and xprobe2

Getting ready

How to do it...

How it works...

There's more...

Service enumeration

Getting ready

How to do it...

How it works...

There's more...

Open-source information gathering

Getting ready

How to do it...

How it works...

There's more...

Network Vulnerability Assessment

Introduction

Using nmap for manual vulnerability assessment

Getting ready

How to do it...

How it works...

There's more...

See also...

Integrating nmap with Metasploit

Getting ready

How to do it...

How it works...

There's more...

Walkthrough of Metasploitable assessment with Metasploit

Getting ready...

How to do it...

How it works...

There's more...

See also...

Vulnerability assessment with OpenVAS framework

Getting ready

How to do it...

How it works...

There's more...

PTES

OWASP

Web Application Hacker's Methodology

See also...

Network Exploitation

Introduction

Gathering information for credential cracking

Getting ready

How to do it...

Cracking FTP login using custom wordlist

Getting ready

How to do it...

How it works...

There's more...

Cracking SSH login using custom wordlist

Getting ready

How to do it...

How it works...

There's more...

Cracking HTTP logins using custom wordlist

Getting ready

How to do it...

How it works...

There's more...

Cracking MySql and PostgreSQL login using custom wordlist

Getting ready

How to do it...

How it works...

There's more...

Cracking Cisco login using custom wordlist

Getting ready

How to do it...

How it works...

There's more...

Exploiting vulnerable services (Unix)

Getting ready

How to do it...

How it works...

There's more...

Exploiting vulnerable services (Windows)

Getting ready

How to do it...

How it works...

There's more...

Exploiting services using exploit-db scripts

Getting ready

How to do it...

How it works...

There's more...

Web Application Information Gathering

Introduction

Setting up API keys for recon-ng

Getting ready

How to do it...

How it works...

Using recon-ng for reconnaissance

Getting ready

How to do it...

Gathering information using theharvester

Getting ready

How to do it...

How it works...

Using DNS protocol for information gathering

Getting ready

How to do it...

How it works...

There's more...

Web application firewall detection

Getting ready

How to do it...

How it works...

HTTP and DNS load balancer detection

Getting ready

How to do it...

How it works...

Discovering hidden files/directories using DirBuster

Getting ready

How to do it...

How it works...

CMS and plugins detection using WhatWeb and p0f

Getting ready

How to do it...

How it works...

There's more...

Finding SSL cipher vulnerabilities

Getting ready

How to do it...

How it works...

Building a Classification Model with Spark *

Types of classification models

Linear models

Logistic regression

Multinomial logistic regression

Visualizing the StumbleUpon dataset

Extracting features from the Kaggle/StumbleUpon evergreen classification dataset

StumbleUponExecutor

Linear support vector machines

The naïve Bayes model

Decision trees

Ensembles of trees

Random Forests

Gradient-Boosted trees

Multilayer perceptron classifier

Extracting the right features from your data

Training classification models

Training a classification model on the Kaggle/StumbleUpon evergreen classification dataset

Using classification models

Generating predictions for the Kaggle/StumbleUpon evergreen classification dataset

Evaluating the performance of classification models

Accuracy and prediction error

Precision and recall

ROC curve and AUC

Improving model performance and tuning parameters

Feature standardization

Additional features

Using the correct form of data

Tuning model parameters

Linear models

Iterations

Step size

Regularization

Decision trees

Tuning tree depth and impurity

The naïve Bayes model

Cross-validation

Summary

Web Application Vulnerability Assessment

Introduction

Running vulnerable web applications in Docker

Getting ready

How to do it...

How it works...

Using W3af for vulnerability assessment

Getting ready

How to do it...

How it works...

Using Nikto for web server assessment

Getting ready

How to do it...

How it works...

Using Skipfish for vulnerability assessment

Getting ready

How it works...

Using Burp Proxy to intercept HTTP traffic

Getting ready

How to do it...

How it works...

Using Burp Intruder for customized attack automation

Getting ready

How to do it...

How it works...

Using Burp Sequencer to test the session randomness

Getting ready

How to do it...

How it works...

Web Application Exploitation

Introduction

Using Burp for active/passive scanning

Getting ready

How to do it...

How it works...

Using sqlmap to find SQL Injection on the login page

Getting ready

How to do it...

How it works...

Exploiting SQL Injection on URL parameters using SQL Injection

Getting ready

How to do it...

How it works...

Getting ready

How to do it...

How it works...

Using Weevely for file upload vulnerability

Getting ready

How to do it...

How it works...

Exploiting Shellshock using Burp

Getting ready

How to do it...

How it works...

Using Metasploit to exploit Heartbleed

Getting ready

How to do it...

How it works...

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

Getting ready

How to do it...

How it works...

System and Password Exploitation

Introduction

Using local password-attack tools

Getting ready

How to do it...

How it works...

There's more...

Cracking password hashes

Getting ready

How to do it...

How it works...

There's more...

Using Social-Engineering Toolkit

Getting ready

How to do it...

How it works...

There's more...

Using BeEF for browser exploitation

Getting ready

How to do it...

How it works...

There's more...

Cracking NTLM hashes using rainbow tables

Getting ready

How to do it...

How it works...

There's more...

Privilege Escalation and Exploitation

Introduction

Using WMIC to find privilege-escalation vulnerabilities

Getting ready

How to do it...

How it works...

There's more...

Sensitive-information gathering

Getting ready

How to do it...

There's more...

Unquoted service-path exploitation

Getting ready

How to do it...

How it works...

There's more...

See also...

Service permission issues

Getting ready

How to do it...

How it works...

There's more...

Misconfigured software installations/insecure file permissions

Getting ready

How to do it...

How it works...

There's more...

See also...

Linux privilege escalation

Getting ready

How to do it...

How it works...

There's more...

See also...

Wireless Exploitation

Introduction

Setting up a wireless network

Getting ready

How to do it...

Bypassing MAC address filtering

Getting ready

How to do it...

There's more...

Sniffing network traffic

Getting ready

How to do it...

How it works...

There's more...

Cracking WEP encryption

Getting ready

How to do it...

How it works...

There's more...

Cracking WPA/WPA2 encryption

Getting ready

How to do it...

How it works...

There's more...

Cracking WPS

Getting ready

How to do it...

How it works...

There's more...

Denial-of-service attacks

Getting ready

How to do it...

How it works...

There's more...

Pen Testing 101 Basics

Introduction

What is penetration testing?

What is vulnerability assessment

Penetration testing versus vulnerability assessment

Objectives of penetration testing

Types of penetration testing

Black box

White box

Gray box

Who should be doing penetration testing?

What is the goal here?

General penetration testing phases

Gathering requirements

Preparing and planning

Defining scope

Conducting a penetration test

Categorization of vulnerabilities

Asset risk rating

Reporting

Conclusion

Preface

This book reveals the best methodologies and techniques for a penetration testing process with the help of Kali Linux. This is a value add for network system admins, aiding them to understand the entire security testing methodology. This will help protect them from day-to-day attacks by allowing them to find and patch the vulnerability beforehand. As penetration testing in corporate environments usually happens on an annual basis, this will assist the admins to proactively protect their network on a regular basis.

This book covers recipes to get you started with security testing and performing your own security assessment in the corporate network or the server being tested. By the end of this book, you will have developed a greater skill set and knowledge of a complete penetration testing scenario, and you will be able to perform a successful penetration test of any network.

Kali Linux is an advanced OS with advanced tools that will help identify, detect, and exploit vulnerability. It is considered a one-stop OS for successful security testing.

What this book covers

Chapter 1, Getting Started - Setting Up an Environment, teaches you how to install Kali Linux and Kali products on your system, Amazon Cloud, mobile device, and Docker. This chapter helps you get familiarized with the installation of Kali Linux on multiple mediums of convenience, along with the installation of multiple third-party tools.  

Chapter 2, Network Information Gathering, covers discovering servers and open ports over the network. You will also learn to probe services and grab banners, and different ways to scan the network, including IDS/IPS/firewall bypass.

Chapter 3, Network Vulnerability Assessment, shows you how to use certain Kali tools for vulnerability assessment. You will learn about vulnerability assessment by testing one of the vulnerable machines as a part of the learning process. You will also learn to use advanced tools to perform assessment.

Chapter 4, Network Exploitation, covers multiple techniques to break into network services such as FTP, HTTP, SSH, SQL. Additionally, you will learn how to exploit vulnerable services on Linux and Windows machines.

Chapter 5, Web Application Information Gathering, shows how to perform web application reconnaissance, gathering via DNS protocol, and detecting WAF firewalls/load balancers. You will also learn how to perform brute forcing to discover hidden files/folders and CMS/plugin detection, along with finding SSL cipher vulnerabilities.

Chapter 6, Web Application Vulnerability Assessment, demonstrates how to install Docker using various web application testing tools to find vulnerabilities on applications, and setting up proxy and various attacks via proxy.

Chapter 7, Web Application Exploitation, teaches you how to perform the exploitation of web-based vulnerabilities. You will learn how to perform RFI/LFI attacks, WebDAV exploiting, exploiting file upload vulnerabilities, SQL injection vulnerabilities, and so on.

Chapter 8, System and Password Exploitation, shows how to crack password hashes on Windows/Linux OS. You will also learn a practical approach to how to use the social engineering toolkit and BEef-xxs for exploitation, and gain access to target systems.

Chapter 9, Privilege Escalation and Exploitation, gives you a practical approach to elevating privileges to system/root level. You will learn various techniques that will help you elevate privileges on Windows machines.

Chapter 10, Wireless Exploitation, teaches you how to set up the wireless network for penetration testing and understanding the basics. You will also learn how to crack WEP, WPA2, and WPS. Along with this, you will also learn denial of service attacks.

Appendix, Pen Testing 101 Basics, this will help the reader understand the different types of testing methods, what is the purpose of doing it and also give an insight of how corporate level testing works like. It also gives an understanding of the entire security testing objective.

What you need for this book

To follow the recipes in this book, you will need the latest instance of Kali Linux; it can be found at https://www.kali.org/downloads/. Detailed installation steps are presented in the readme section of Kali, which can be found at http://docs.kali.org/category/installation. For wireless testing, a wireless device will be required; for testing purposes we have demonstrated using the alfa awus036h card. Chipsets with similar capabilities can be found at https://www.aircrack-ng.org/doku.php?id=compatibility_drivers.

In certain instances, it is necessary to install Docker, from which the reader can pull the vulnerable image and begin testing. Docker can be installed from https://www.docker.com/get-docker. We have also shown how NetHunter can be installed on OnePlus One mobile devices; to do the same, a OnePlus One or a Kali NetHunter supported device will be required. NetHunter supported devices include the following: Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and OnePlus One.

Who this book is for

This book is dedicated to all the system network admins, individuals aspiring to understand security testing methodologies in corporate networks. Even beginners can find suitable content to understand testing Linux, Windows servers, and wireless networks.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it, How it works, There's more, and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "In your terminal window, open the /etc/apt/sources.list.d/backports.list file in your favorite editor."

Any command-line input or output is written as follows:

docker pull kalilinux/kali-linux-docker

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Choose your preferred language and click on Continue."

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors .

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at [email protected] with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Getting Started - Setting Up an Environment

In this chapter, we will cover the basic tasks related to setting up Kali Linux for first time use. The recipes include:

Installing Kali Linux on Cloud - Amazon AWS

Installing Kali Linux on Docker

Installing NetHunter on OnePlus One

Installing Kali Linux on a virtual machine

Customizing Kali Linux for faster package updates

Customizing Kali Linux for faster operations

Configuring remote connectivity services - HTTP, TFTP, and SSH

Configuring Nessus and Metasploit

Configuring third-party tools

Installing Docker on Kali Linux

Introduction

Kali Linux was a complete revamp of the most popular Linux penetration testing distribution, Backtrack. Kali Linux 2.0 launched on August 11, 2015, is an improved version of Kali Linux, which features brand new kernel 4.0, and is based on the Jessie version of Debian with improved hardware and wireless driver coverage, support for a variety of desktop environments (GNOME, KDE, XFCE, MATE, e17, LXDE, and i3wm) and tools, and the list goes on.

If you are upgrading to Kali Linux 2.0 from Kali Linux, there is a good news. The good news is that now we have a rolling distribution. For example, the Kali Linux core gets updated continuously.

Kali Linux has got everything you will need for penetration testing and security assessment without thinking of downloading, installing, and setting up the environment for each tool in your arsenal. Kali Linux 2.0 includes over 300 security tools. You can now get the most preferred security tools by professionals all over the world, all at one place installed, configured, and ready to use.

All security tools have been logically categorized and mapped to the testers performing a combination of steps while assessing a target, for example, reconnaissance, scanning, exploitation, privilege escalation, maintaining access, and covering tracks.

Security tools are usually expensive but Kali Linux is free. The biggest advantage of using Kali is that it contains open source or community versions of various commercial security products.

Kali Linux 2.0 now supports even more hardware devices than ever. Since ARM-based systems are getting cheaper and readily available, running Kali Linux on these devices is now possible with ARMEL and ARMHF support. Currently, Kali Linux can be used for the following ARM Devices:

Raspberry Pi (Raspberry Pi 2, Raspberry Pi A/B+, and Raspberry Pi A/B+ TFT)

CompuLab - Utilite and Trim-Slice

BeagleBone Black

ODROID U2/X2

Chromebook - HP, Acer and Samsung

Cubieboard 2

CuBox (CuBox and CuBox-i)

Nexus 5 (Kali Nethunter)

Odroid (U2, XU, and XU3)

USBArmory

RioTboard

FriendlyARM

BananaPi

Installing Kali Linux on Cloud - Amazon AWS

Almost 2 years ago, Kali Linux has been listed in Amazon EC2 Marketplace. It was a really good news for penetration testers, as they can setup their very own Kali Linux in Amazon AWS Infrastructure and use for penetration testing, moreover it is even eligible for Free Tier, wherein you can use it to set up your EC2 instance for $0, as long as you stay within the designated limits, which is fair enough.

The steps provided in this recipe will help you in setting up an instance running a Kali Linux on Amazon AWS EC2 console securely within minutes.

Getting ready

For this recipe, you require:

An Amazon AWS Account

Minimum 2 GB RAM, if you want to run Metasploit

How to do it...

Perform the following steps for this recipe:

Once you have the Amazon AWS account created, login to

https://aws.amazon.com

and navigate to

Amazon Web Services

dashboard as shown in the following screenshot. Go to

EC2

|

Launch Instance

:

You will need to select

Amazon Machine Image (AMI)

as shown in the following screenshot:

Click on the

AWS Marketplace

option and search for Kali Linux on

AWS Marketplace

as shown in the following screenshot:

Click on

Select

and then click on

Continue

as shown in the following screenshot:

Now you are on the screen displayed in step 2. Here you can select an instance type; be informed that only

t1.micro

and

t2.micro

will be eligible for free tier. However, running Metasploit requires minimum 2 GB RAM. For this you can opt for

t2.small

or

t2.medium

as per your budget as shown in the following screenshot:

Click on

Review and Launch

. You will see a popup window asking you to use SSD as your boot volume. Select

Make general purpose (SSH)...(recommended)

and click on

Next

, as shown in the following screenshot:

You will be directly taken to step 7 for review, as shown in the following screenshot:

You will first see the warning, which is to improve your instance security; click on

6. Configure Security Group

, as shown in the following screenshot:

Click on the

Source

listbox and select

My IP

, it will automatically detect your public IP range. Click on

Review and Launch

. Note that it would only work if you have a dedicated public IP. If you have a dynamic IP, you will need to login back to the AWS console and allow your updated IP address:

As you can see, there is a warning that says you are not eligible for free usage tier since we have selected

m2.medium

for minimum 2GB RAM:

Click on

Launch

; here you need to create a new key pair before and download it before you can proceed, as shown in the following screenshot:

Once you have downloaded the key pair, go ahead and click on

Launch Instances

, as shown in the following screenshot:

How it works...

EC in EC2 stands for elastic computing, and the short answer is bringing up a virtual server in the cloud. Amazon AWS has a collection of all the popular OS images already available and all you need to do is select the one you need for your requirement, followed by the hardware requirement. Based on your OS and the hardware configuration you selected, AWS will provision that hardware configuration and install that OS. You can select the type of storage you want, traditional or SSD, and then attach/de-attach the hard drive based on your requirement. Best of all, you only pay for the time you want to use it, and when you stop the EC2 machine, AWS will free up those resources and add them back its stock, that's how flexible AWS is. Now, it's time for a quick recap of what we did in this recipe. As a prerequisite, you need to first create an amazon AWS account, which is very easy to create. Then, step 1 shows you how to select EC2. Steps 2 and 3 show how to search and select Kali Linux's minimal image. In step 4, you get to read everything that Kali Linux AMI has to offer, the basic requirements and the user login information. Step 5 shows you how to select an instance type depending on your requirement and budget. In steps 6 to 7 you will go through the simple wizard while choosing the default recommended SSD to boot from. Step 8 shows you the final page with warnings and points you should take care of or be aware of. In step 9, you choose to set up a security group on SSH protocol port 22 only to allow you from a specific IP range that belongs to you. In step 10, you are shown the review page, where based on your instance type selection it informs you whether you are eligible for free tier or not. In step 11, you create a new SSH Key pair and download it on your local machine. In step 12, you finally click on launch to start the instance.

There's more...

Having Kali Linux installed in Amazon AWS infrastructure with a public IP address, with just few clicks, can prove to be very helpful during external penetration testing. As you know, we have selected and installed Kali Linux's minimal image for use in AWS infrastructure, due to which our installation does not have any tools installed by default.

In our next recipe, we will cover how to use SSH and setup Kali Linux on Amazon AWS box for use. In this recipe, we will also solve few problems that you might face while updating the repository and installing Kali Linux tools and setting up GUI and installing all the required tools we will need for use.

Installing Kali Linux on Docker

I think a little introduction about Docker is justified here. Docker is a new open source container technology, released in March 2013 that automates the deployment of applications inside self-sufficient software containers. Docker (built on top of Linux containers) provides a much simpler way of managing multiple containers on a single machine. Think of it as a virtual machine but it is more lightweight and efficient.

The beauty of this is that you can install Kali Linux on almost any system, which can run Docker. Let's say, for example, you want to run Kali on Digital Ocean droplet but it does not let you spin-off a Kali Linux directly like it does for Ubuntu. But now, you can simply spin-off Ubuntu or centos on digital ocean and install Docker on it and pull the Kali Linux Docker image and you are good to go.