What is Kali Linux?

In one of my recent post I explained and easy and safe way to set up your own Digital Forensics Lab and I mentioned a Linux based operating system by the name of Kali Linux. But what is it? and why would you use it in your virtual hacking lab?

Kali Linux is a Debian based operating system that uses the Gnome desktop environment, but unlike Ubuntu and Gnome Kali is packed full of usefully tools and applications for cyber security and digital forensics. Meaning that it is pretty much a one stop shop for just about any tools you could need, this makes things very convenient as you do not have to search around and download multiple applications they are already there in one place. It makes use of the Gnome menu system and groups all of the tools into named folders with the type of tool it is. This again means there is no hunting around when you have installed all of your tools.

There are a number off different use cases for a package such as Kali and the could be from a general curiosity to using it in industry as a professional. I personally use it along side my degree as is part of my course. But with it being free you can start using it when ever you want and with the many tutorial online it is really simple to get started and learn how to use it.

Because it uses the Gnome desktop it feels nice to use just like Ubuntu or Gnome, and it doesn’t feel like a tool your using. Granted a lot of people would be very unfamiliar with either of these Linux system but after a little bit it feels natural or like using any other graphical operating system. It also means that you could use it as a daily operating system if you were that way inclined. And don’t worry about requiring the latest computer hardware to run it because due to it being Linux based it doesn’t require all to much. Granted for certain task an application a little extra power wouldn’t go amiss but if you where to run it on 1 or 2 cores with 1 or 2 GB or ram it wouldn’t feel sluggish. And better yet you can run it live from a USB stick so you don’t even have to install it to benefit from it tools and features.

I tend to run it through a virtual machine, this is due to the safe lab that I mentioned before, and again it runs just like any other system within a VM. One benefit of doing this is that you can play around with the hardware the VM will supply it with. So if you have the hardware to spare you can build a beefy Kali System.

Tools Included in Kali

  • AirCrack
    • AirCrack is a WEP and WPA (Router Password) cracking tool, meaning that if you where preforming a penetration test on a company you may be able to gain access to there network through the WiFi.
  • Burp Suite
    • This package allows you to test the security of web applications, it does this by canning the application the searches for possible vulnerability. This is a very helpful tool for developers who wish to make there product as secrecy as possible.
  • Hydra
    • Hydra is a brute force password cracking application that on the surface looks limited and outdated. But in reality is a powerful tool allowing you to attack one or many users with either a single password or from a list of passwords.
  • John the Ripper
    • John the Ripper is another password cracking application that is command line based, although you can use a graphical version in the form of Jonny the ripper. It has been know for its speed at being able to crack passwords.
  • Maltego
    • This is one that you are very unlikely to have used or heard of and it is Maltego, this application is an effective relationship tracker that can work on social media platforms, Computer networks and websites. Once it scans the target location it produces a map using graphics making it clear and easy to understand.
  • Megasploit Framework
    • This is another application that works well for developers or system admin, Megasplot Framework runs simulated attacks on your network trying to find vulnerabilities. This allows you to patch or alter the vulnerability and make your system as secure as possible. And because it is all simulated there is no negative effects on the network its self.
  • Nmap
    • Is another command line application that has a graphical front end application as well this time its in the form of Zenamp. The purpose of this tool is to preform network discover scan and also security auditing.
  • Zed Attack Proxy
    • The Zed Atatck Proxy or ZAP is another penetration testing tool targeting web applications, It supports the Open Web Application Security Project or OWASP and is pack to the brim with functionality and features.
  • Sqlmap
    • Sqlmap is again a penetration testing tool but this time it is targeting SQL databases and looks for weakness in SQL injection, In some cases SQL injection can compromise an entire database. This could potentially leave the target in a whole heap of trouble.
  • Wireshark
    • Wireshark is a network protocol analyser, it boast some features such as being able to scan hundreds of protocols and preform offline analysis.

Other Similar Operating Systems

All of the above are aimed to provide a similar services to Kali Linux, and although I have limited hands on experience with each of them. I do know from others that they are good at what they do and that they should be considered as an alternative to Kali. Some of them are more tailored towards anonymity online while other are again forensics packages.

 

 

 

 

How to Setup an Ethical Hacking Lab

I have recently been setting up a Virtual Lab to use with Kali Linux, to safely practice some pen-testing. And just messing around with some stuff, but the first thing I needed to do before I started was to create a safe environment for myself to practice in. I did this by using VMware

VMware is a virtual machine package allowing you to run virtual machines on your main devices, this can be used for a number of different things. Such as setting up a forensics test environment to discover how some application change the machines as they are used. Or to practice ethical hacking in a safe and secure environment. This can be important because unless you had permission to practice on a real network you would be in breach of a number off different laws depending on the country your in.

This means without having access to a functional lab you’d struggle to either practice away from your studies or to even get started without the worry of getting yourself into trouble. Due to these reasons I went about setting my self up a little lab using VMware. This was very straight forward and simple to-do. And now means I can practice to my hearts content without the risk of breaking any laws.And here is how I did it.

VMWare Downlaod Page
First thing you will need to do is go to the VMware website, and download the VMware Workstation Player (And don’t worry its free for personal use)
VMware Welcome Screen
Once you have downloaded and installed VMware, you will be greeted by this window. From here we are going to select “Create a New Virtual Machine”
Create VM 1
Once you have selected to create a new virtual machine, you will have to select the ISO you wish to install (I will leave a list of Linux ISO below)
Create VM 3
Once you have selected your operating system you will be asked to enter information about the user
Create VM 4
The next step is to decided where you want to save your VM files and to name the VM if you have multiple VM’s of the same operating system this is usefulto manage and keep track of them.
Create VM 5
You will then be asked to select how much storage you want the virtual machine to have, I usually leave it around the 20GB mark but you can do what ever best suites your needs. As I only use mine for testing purpose and never store any data on them.
Create VM 6
This is the final stage before powering on your VM, and is also the stage you are give the option to assign how much hardware the VM will receive.
Create VM 7
Once you have decided how many cores and how much ram your VM is going to require you need to go down to the networking option and select Host-Only. This means that you will only be able to communicate with machines on the same virtual network as yourself.
Create VM 8
And finally you should be able to power on your virtual machine and install the operating system. Once this machine boots up you will be in your own virtual network and can practice your hacking in a safe and secure environment.

 

So if you follow all of the steps above you will be able to repeat this step to install OS such as Kali Linux, this is my go to operating system for practicing ethical hacking as it has all the tools you could need and is used within industry meaning you will have access to tools that are used by professionals.

I found it useful to play around with some older operating systems to practice on first, this tended to be Windows XP or an older version of Ubuntu. This is due to the security features on Windows 10 for example and more advance making it more of a struggle to practice. I also found the easiest way to get a Windows XP key was to have a look around the house and try and find an old laptop that ran windows XP and use the serial off that. But if you don’t have any laying round the house you can buy them on eBay for about £30.

 

Linux ISO Downloads