Kali Linux Web Penetration Testing Cookbook E-Book

Kali Linux Web Penetration Testing Cookbook Second Edition

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Rahul NairContent Development Editor: Priyanka DeshpandeTechnical Editor: Komal KarneCopy Editor: Safis EditingProject Coordinator:Drashti PanchalProofreader: Safis EditingIndexer: Tejal Daruwale SoniGraphics: Tom ScariaProduction Coordinator: Arvindkumar Gupta

First published: October 2016 Second edition: August 2018

Production reference: 1310818

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78899-151-3

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the best security testing teams in Australia. He has successfully conducted penetration tests on networks and web applications for top corporations, government agencies, and financial institutions in Mexico and Australia.

Gilberto also holds world-leading professional certifications, such as Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher, and Advanced Penetration Tester (GXPN).

About the reviewer

Alex Samm has over 10 years' experience in the IT field, holding a BSc in computer science from the University of Hertfordshire. His experience includes EUC support, Linux and UNIX, server and network administration, security, and more.

He currently works at ESP Global Services and lectures at the Computer Forensics and Security Institute on IT security courses, including ethical hacking and penetration testing.

He recently reviewed Digital Forensics with Kali Linux by Shiva Parasram and Advanced Infrastructure Penetration Testing by Chiheb Chebbi published by Packt.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Kali Linux Web Penetration Testing Cookbook Second Edition

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Sections

Getting ready

How to do it...

How it works...

There's more...

See also

Get in touch

Reviews

Disclaimer

Setting Up Kali Linux and the Testing Lab

Introduction

Installing VirtualBox on Windows and Linux

Getting ready

How to do it...

How it works...

There's more...

See also

Creating a Kali Linux virtual machine

Getting ready

How to do it...

How it works...

There's more...

Updating and upgrading Kali Linux

How to do it...

How it works...

Configuring the web browser for penetration testing

How to do it...

How it works...

See also

Creating a client virtual machine

How to do it...

How it works...

See also

Configuring virtual machines for correct communication

Getting ready

How to do it...

How it works...

Getting to know web applications on a vulnerable virtual machine

Getting ready

How to do it...

How it works...

See also

Reconnaissance

Introduction

Passive reconnaissance

Getting ready

How to do it...

How it works...

See also

Using Recon-ng to gather information

Getting ready

How to do it...

How it works...

See also

Scanning and identifying services with Nmap

Getting ready

How to do it...

How it works...

There's more...

See also

Identifying web application firewalls

How to do it...

How it works...

Identifying HTTPS encryption parameters

Getting ready

How to do it...

How it works...

See also

Using the browser's developer tools to analyze and alter basic behavior

How to do it...

How it works...

There's more...

Obtaining and modifying cookies

Getting ready

How to do it...

How it works...

There's more...

Taking advantage of robots.txt

How to do it...

How it works...

Using Proxies, Crawlers, and Spiders

Introduction

Finding files and folders with DirBuster

Getting ready

How to do it...

How it works...

See also

Finding files and folders with ZAP

Getting ready

How to do it...

How it works...

See also

Using Burp Suite to view and alter requests

Getting ready

How to do it...

How it works...

See also

Using Burp Suite's Intruder to find files and folders

How to do it...

How it works...

Using the ZAP proxy to view and alter requests

How to do it...

How it works...

Using ZAP spider

How to do it...

How it works...

There's more

Using Burp Suite to spider a website

Getting ready

How to do it...

How it works...

There's more

Repeating requests with Burp Suite's repeater

Getting ready

How to do it...

How it works...

Using WebScarab

Getting ready

How to do it...

How it works...

Identifying relevant files and directories from crawling results

How to do it...

How it works...

Testing Authentication and Session Management

Introduction

Username enumeration

Getting ready

How to do it...

How it works...

Dictionary attack on login pages with Burp Suite

How to do it...

How it works...

There's more...

Brute forcing basic authentication with Hydra

Getting ready

How to do it...

How it works...

There's more...

See also

Attacking Tomcat's passwords with Metasploit

Getting ready

How to do it...

How it works...

There's more...

Manually identifying vulnerabilities in cookies

How to do it...

How it works...

There's more...

Attacking a session fixation vulnerability

How to do it...

How it works...

Evaluating the quality of session identifiers with Burp Sequencer

Getting ready

How to do it...

How it works...

See also

Abusing insecure direct object references

Getting ready

How to do it...

How it works...

Performing a Cross-Site Request Forgery attack

Getting ready

How to do it...

How it works...

See also

Cross-Site Scripting and Client-Side Attacks

Introduction

Bypassing client-side controls using the browser

How to do it...

How it works...

See also

Identifying Cross-Site Scripting vulnerabilities

How to do it...

How it works...

There's more...

Obtaining session cookies through XSS

How to do it...

How it works...

See also

Exploiting DOM XSS

How to do it...

How it works...

Man-in-the-Browser attack with XSS and BeEF

Getting ready

How to do it...

How it works...

There's more...

Extracting information from web storage

How to do it...

How it works...

There's more...

Testing WebSockets with ZAP

Getting ready

How to do it...

How it works...

Using XSS and Metasploit to get a remote shell

Getting ready

How to do it...

How it works...

Exploiting Injection Vulnerabilities

Introduction

Looking for file inclusions

How to do it...

How it works...

There's more...

Abusing file inclusions and uploads

Getting ready

How to do it...

How it works...

There's more...

Manually identifying SQL injection

How to do it...

How it works...

There's more...

Step-by-step error-based SQL injections

How to do it...

How it works...

Identifying and exploiting blind SQL injections

How to do it...

How it works...

There's more...

See also

Finding and exploiting SQL injections with SQLMap

How to do it...

How it works...

There's more...

See also

Exploiting an XML External Entity injection

Getting ready

How to do it...

How it works...

There's more...

See also

Detecting and exploiting command injection vulnerabilities

How to do it...

How it works...

Exploiting Platform Vulnerabilities

Introduction

Exploiting Heartbleed vulnerability using Exploit-DB

Getting ready

How to do it...

How it works...

There's more...

See also

Executing commands by exploiting Shellshock

How to do it...

How it works...

There's more...

Creating and capturing a reverse shell with Metasploit

How to do it...

How it works...

Privilege escalation on Linux

Getting ready

How to do it...

How it works...

See also

Privilege escalation on Windows

Getting ready

How to do it...

How it works...

See also

Using Tomcat Manager to execute code

How to do it...

How it works...

Cracking password hashes with John the Ripper by using a dictionary

Getting ready

How to do it...

How it works...

Cracking password hashes via Brute Force using Hashcat

Getting ready

How to do it...

How it works...

Using Automated Scanners

Introduction

Scanning with Nikto

How to do it...

How it works...

Considerations when doing automated scanning

How to do it...

How it works...

Finding vulnerabilities with Wapiti

How to do it...

How it works...

Using OWASP ZAP to scan for vulnerabilities

Getting ready

How to do it...

How it works...

There's more...

Scanning with Skipfish

How to do it...

How it works...

Finding vulnerabilities in WordPress with WPScan

How to do it...

How it works...

Finding vulnerabilities in Joomla with JoomScan

How to do it...

How it works...

Scanning Drupal with CMSmap

Getting ready

How to do it...

How it works...

Bypassing Basic Security Controls

Introduction

Basic input validation bypass in Cross-Site Scripting attacks

How to do it...

How it works...

There's more...

Exploiting Cross-Site Scripting using obfuscated code

How to do it...

How it works...

Bypassing file upload restrictions

How to do it...

How it works...

Avoiding CORS restrictions in web services

Getting ready

How to do it...

How it works...

Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions

How to do it...

How it works...

Exploiting HTTP parameter pollution

How to do it...

How it works...

Exploiting vulnerabilities through HTTP headers

How to do it...

How it works...

Mitigation of OWASP Top 10 Vulnerabilities

Introduction

A1 – Preventing injection attacks

How to do it...

How it works...

See also

A2 – Building proper authentication and session management

How to do it...

How it works...

See also

A3 – Protecting sensitive data

How to do it...

How it works...

A4 – Using XML external entities securely

How to do it...

How it works...

A5 – Securing access control

How to do it...

How it works...

A6 – Basic security configuration guide

How to do it...

How it works...

A7 – Preventing Cross-Site Scripting

How to do it...

How it works...

See also

A8 – Implementing object serialization and deserialization

How to do it...

How it works...

A9 – Where to look for known vulnerabilities on third-party components

How to do it...

How it works...

A10 – Logging and monitoring for web applications' security

How to do it...

How it works...

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Nowadays, information security is a hot topic all over the news and the internet. We hear almost every day about web page defacement, data leaks of millions of user accounts and passwords or credit card numbers from websites, and identity theft on social networks. Terms such as cyberattack, cybercrime, hacker, and even cyberwar are becoming part of the daily lexicon in the media.

All this exposure to information security subjects and the very real need to protect both sensitive data and their reputations has made organizations more aware of the need to know where their systems are vulnerable, especially ones that are accessible to the world through the internet, how they could be attacked, and what the consequences would be in terms of information lost or systems being compromised if an attack were successful. Also, much more importantly, how to fix those vulnerabilities and minimize the risks.

The task of detecting vulnerabilities and discovering their impact on organizations can be addressed with penetration testing. A penetration test is an attack, or attacks, made by a trained security professional who uses the same techniques and tools real hackers use, to discover all of the possible weak spots in an organization's systems. Those weak spots are then exploited and the impact is measured. When the test is finished, the penetration tester reports all of their findings and suggests how future damage could be prevented.

In this book, we follow the whole path of a web application penetration test and, in the form of easy-to-follow, step-by-step recipes, show how the vulnerabilities in web applications and web servers can be discovered, exploited, and fixed.

Who this book is for

We have tried to write this book with many kinds of readers in mind. Firstly, computer science students, developers, and systems administrators who want to take their information security knowledge one step further or want to pursue a career in the field will find some very easy-to-follow recipes here that will allow them to perform their first penetration test in their own testing laboratory, and will also give them the basis and tools to continue practicing and learning.

Application developers and systems administrators will also learn how attackers behave in the real world, what steps can be followed to build more secure applications and systems, and how to detect malicious behavior.

Finally, seasoned security professionals will find some intermediate and advanced exploitation techniques, and ideas on how to combine two or more vulnerabilities in order to perform a more sophisticated attack.

What this book covers

Chapter 1, Setting up Kali Linux and the Testing Lab, takes the reader through the process of configuring and updating the system. The installation of virtualization software is also covered, including the configuration of the virtual machines that will compose our penetration testing lab.

Chapter 2, Reconnaissance, allows the reader to put into practice some information-gathering techniques in order to gain intelligence about the system to be tested, the software installed on it, and how the target web application is built.

Chapter 3, Using Proxies, Crawlers, and Spiders, guides the reader on how to use these tools, which are a must in every analysis of a web application, be it a functional one or a more security-focused one, such as a penetration test.

Chapter 4, Testing Authentication and Session Management, focuses on identifying and exploiting vulnerabilities commonly found in the mechanisms used by web applications to verify the identity of users and the authenticity of their actions.

Chapter 5, Cross-Site Scripting and Client-Side Attacks, introduces the reader to one of the most common and severe security flaws in web applications, Cross-Site Scripting, and other attacks that have other users as targets instead of the application itself.

Chapter 6, Exploiting Injection Vulnerabilities, covers several ways in which applications' functionalities may be abused to execute arbitrary code of different languages and systems, such as SQL and XML, among others, on the server side.

Chapter 7, Exploiting Platform Vulnerabilities, goes one step further in the analysis and exploitation of vulnerabilities by looking into the platform that supports the application. Vulnerabilities in the web server, operating systems, and development frameworks are covered in this chapter.

Chapter 8, Using Automated Scanners, covers a very important aspect of the discovery of vulnerabilities, the use of tools specially designed to automatically find security flaws in web applications: automated vulnerability scanners.

Chapter 9, Bypassing Basic Security Controls, moves on to the advanced topic of evasion and bypassing measures that are not properly implemented by developers when attempting to mitigate or fix vulnerabilities, leaving the application still open to attacks, although more complex ones.

Chapter 10, Mitigation of OWASP Top 10 Vulnerabilities, covers the topic of organizations hiring penetration testers to attack their servers and applications with the goal of knowing what's wrong in order to know what they should fix and how. The chapter covers that area of penetration testing by giving simple and direct guidelines on what to do to fix and prevent the most critical web application vulnerabilities according to Open Web Application Security Project (OWASP).

To get the most out of this book

To successfully follow all of the recipes in this book, the reader is recommended to have a basic understanding of the following topics:

Linux OS installation

Unix/Linux command-line usage

HTML language

PHP web application programming

The only hardware necessary is a personal computer, preferably with Kali Linux 2.0 installed, although it may have any other operating system capable of running VirtualBox or other virtualization software. As for specifications, the recommended setup is:

Intel i5, i7, or a similar CPU

500 GB on the hard drive

8 GB on RAM

An internet connection

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packtpub.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub athttps://github.com/PacktPublishing/Kali-Linux-Web-Penetration-Testing-Cookbook-Second-Edition. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available athttps://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/KaliLinuxWebPenetrationTestingCookbookSecondEdition_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Let's test the communication; we are going to ping vm_ 1 from our Kali Linux."

A block of code is set as follows:

<html><script>function submit_form(){ document.getElementById('form1').submit();}</script>

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

<html><script>function submit_form(){

document.getElementById('form1').submit();

}</script>

Any command-line input or output is written as follows:

# sudo apt-get update

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).

To give clear instructions on how to complete a recipe, use these sections as follows:

Getting ready

This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.

How to do it...

This section contains the steps required to follow the recipe.

How it works...

This section usually consists of a detailed explanation of what happened in the previous section.

There's more...

This section consists of additional information about the recipe in order to make you more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Disclaimer

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.

Setting Up Kali Linux and the Testing Lab

In this chapter, we will cover:

Installing VirtualBox on Windows and Linux

Creating a Kali Linux virtual machine

Updating and upgrading Kali Linux

Configuring the web browser for penetration testing

Creating a vulnerable virtual machine

Creating a client virtual machine

Configuring virtual machines for correct communication

Getting to know web applications on a vulnerable virtual machine

Introduction

In this first chapter, we will cover how to prepare our Kali Linux installation to be able to follow all the recipes in the book and set up a laboratory with vulnerable web applications using virtual machines.

Installing VirtualBox on Windows and Linux

Virtualization is, perhaps, the most convenient tool when it comes to setting up testing laboratories or experimenting with different operating systems, since it allows us to run multiple virtual computers inside our own without the need for any additional hardware.

Throughout this book, we will use VirtualBox as a virtualization platform to create our testing targets as well as our Kali Linux attacking machine.

In this first recipe, we will show you how to install VirtualBox on Windows and on any Debian-based GNU/Linux operating system (for example, Ubuntu).

Getting ready

If we are using Linux as a base operating system, we will need to update our software repository's information before installing anything on it. Open a Terminal and issue the following command:

# sudo apt-get update

How to do it...

The following steps need to be performed for installing VirtualBox:

To install VirtualBox in any Debian-based Linux VirtualBox, we can just open a Terminal and enter the following command:

# sudo apt-get install virtualbox

After the installation finishes, we will find VirtualBox in the menu by navigating to

Applications

|

Accessories

|

VirtualBox

. Alternatively, we can call it from a Terminal:

# virtualbox

In Windows, we need to download the VirtualBox installer from

https://www.virtualbox.org/wiki/Downloads

Once the file is downloaded we open it and start the installation process.

In the first dialog box, click

Next

and follow the installation process.

We may be asked about installing network adapters from the Oracle corporation; we need to install these for the network in the virtual machines to work properly:

After the installation finishes, we just open VirtualBox from the menu:

Now we have VirtualBox running and we are ready to set up the virtual machines to make our own testing laboratory.

How it works...

VirtualBox will allow us to run multiple machines inside our computer through virtualization. With this, we can mount a full laboratory with different computers using different operating systems and run them in parallel as far as the memory resources and processing power of our host allow us to.

There's more...

The VirtualBox extension pack gives the VirtualBox's virtual machine extra features, such as USB 2.0/3.0 support and remote desktop capabilities. It can be downloaded from https://www.virtualbox.org/wiki/Downloads. After it is downloaded, just double-click on it and VirtualBox will do the rest.

See also

There are some other virtualization options out there. If you don't feel comfortable using VirtualBox, you may want to try the following:

VMware Player/Workstation

QEMU

Xen

Kernel-based Virtual Machine

(

KVM

)

Creating a Kali Linux virtual machine

Kali is a GNU/Linux distribution built by Offensive Security that is focused on security and penetration testing. It comes with a multitude of tools preinstalled, including the most popular open source tools used by security professionals for reverse engineering, penetration testing, and forensic analysis.

We will use Kali Linux throughout this book as our attacking platform and we will create a virtual machine from scratch and install Kali Linux in it in this recipe.

Getting ready

Kali Linux can be obtained from its official download page https://www.kali.org/downloads/. For this recipe, we will use the 64-bit image (the first option on the page).

How to do it...

The process of creating a virtual machine in VirtualBox is pretty straightforward; let's look at this and perform the following steps:

To create a new virtual machine in VirtualBox, we can use the main menu,

Machine

|

New

, or click the

New

button.

New dialog will pop up; here, we choose a name for our virtual machine, the type, and the version of the operating system:

Next, we are asked about the memory size for this virtual machine. Kali Linux requires a minimum of 1 GB; we will set 2 GB for our virtual machine. This value depends on the resources of your system.

We click

Next

and get to the hard disk setup. Select

Create a virtual hard disk now

and click

Create

for VirtualBox to create a new virtual disk file in our host filesystem:

On the next screen, select these options:

Dynamically allocated

: This means the disk image for this virtual machine will be growing in size (in fact, it will be adding new virtual disk files) when we add or edit files in the virtual system.

For

Hard disk file type

, pick

VDI (VirtualBox Disk Image)

and click

Next

.

Next, we need to select where the files will be stored in our host filesystem and the maximum size they will have; this is the storage capacity for the virtual operating system. We leave the default location alone and select a

35.36 GB

size. This depends on your base machine's resources, but should be at least 20 GB in order to install the requisite tools. Now, click on

Create

:

Once the virtual machine is created, select it and click

Settings

, and then go to

Storage

and select the CD icon under

Controller: IDE

. In the

Attributes

panel, click on the CD icon and select

Choose Virtual Optical Disk File

and browse to the Kali image downloaded from the official page. Then click

OK

:

We have created a virtual machine, but we still need to install the operating system. Start the virtual machine and it will boot using the Kali image we configured as the virtual CD/DVD. Use the arrows to select

Graphical install

and hit

Enter

:

We are starting the installation process. On the next screens, select the language, keyboard distribution, hostname, and domain for the system.

After that, you will be asked for a

Root password

; root is the administrative, all-powerful user in Unix-based systems and, in Kali, it is the default login account. Set a password, confirm it, and click

Continue

:

Next, we need to select the time zone, followed by configuration of the hard disk; we will use guided setup using the entire disk:

Select the disk on which you want to install the system (there should only be one).

The next step is to select the partitioning options; we will use

All files in one partition

.

Next, we need to confirm the setup by selecting

Finish partitioning and write changes to disk

and clicking

Continue

. Then select

Yes

to write the changes and

Continue

again on the next screen. This will start the installation process:

When the installation is finished, the installer will ask you to configure the package manager. Answer

Yes

to

Use a network mirror

and set up your proxy configuration; leave it blank if you don't use a proxy to connect to the internet.

The final step is to configure the GRUB loader: just answer

Yes

and, on the next screen, select the hard disk from the list. Then, click

Continue

and the installation will be complete.

Click

Continue

in the

Installation complete

window to restart the VM.

When the VM restarts, it will ask for a username; type

root

and hit

Enter

. Then enter the password you set for the root user to log in. Now we have Kali Linux installed.

How it works...

In this recipe, we created our first virtual machine in VirtualBox, set the reserved amount of memory our base operating system will share with it, and created a new virtual hard disk file for the VM to use and set the maximum size. We also configured the VM to start with a CD/DVD image and, from there, installed Kali Linux the same way we would install it on a physical computer.

To install Kali Linux, we used the graphical installer and selected guided disk partitioning, this is, when we install an operating system, especially a Unix-based one, we need to define which parts of the system are installed (or mounted) in which partitions of the hard disk; luckily for us, Kali Linux's installation can take care of that and we only need to select the hard disk and confirm the proposed partitioning. We also configured Kali to use the network repositories for the package manager. This will allow us to install and update software from the internet and keep our system up to date.

There's more...

There are different (and easier) ways to get Kali Linux running in a virtual machine. For example, there are pre-built virtual machine images available to download from the Offensive Security site: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/. We chose this method as it involves the complete process of creating a virtual machine and installing Kali Linux from scratch.

Updating and upgrading Kali Linux

Before we start testing the security of our web application, we need to be sure that we have all the necessary up-to-date tools. This recipe covers the basic task of maintaining the most up-to-date Kali Linux tools and their most recent versions. We will also install the web applications testing meta-package.

How to do it...

Once you have a working instance of Kali Linux up and running, perform the following steps:

Log in as a root on Kali Linux; and open a Terminal.

Run the

apt-get update

command. This will download the updated list of packages (applications and tools) that are available to install:

Once the update is finished, run the

apt-get full-upgrade

command to update the system to the latest version:

When asked to continue, press

Y

and then press

Enter

.

Now, we have our Kali Linux up to date and ready to continue.

Although Kali comes with a good set of tools preinstalled, there are some others that are included in its software repositories but not installed by default. To be sure we have everything we need for web application penetration testing, we install the

kali-linux-web

meta-package by entering the

apt-get install kali-linux-web

command:

We can find the tools we have installed in the

Applications

menu under

03 - Web Applications Analysis

:

How it works...

In this recipe, we have covered a basic procedure for package updates in Debian-based systems (such as Kali Linux) by using the standard software manager, apt. The first call to apt-get with the update parameter downloaded the most recent list of packages available for our specific system in the configured repositories. As Kali Linux is now a rolling distribution, this means that it is constantly updated and that there are no breaks between one version and the next; the full-upgrade parameter downloads and installs system (such as kernel and kernel modules) and non-system packages up to their latest version. If no major changes have been made, or we are just trying to keep an already installed version up to date, we can use the upgrade parameter instead.

In the last part of this recipe, we installed the kali-linux-web meta-package. A meta-package for apt