Kali Linux Security & Penetration Testing

Introduction

This is a straightforward implementation but requires significant research/reading and exploration after Kali is implemented.  As a result, this FP must be started within 1 week of the FP assignment and installation assistance will not be provided the week prior to the FP due date since this will not provide sufficient time for research and exploration of Kali’s security application functionality.

First, to put this into context, in a very corny but appropriate way, recall the Star Wars movies and Anakin Skywalker.  You are about to be presented with some very powerful tools.  Please make sure you use them for ethical hacking/vulnerability assessment/penetration testing or put simply, please do not follow the path to the “Dark Side”. Note you should understand what penetrating testing is so research this as necessary.

As an overview, we will install Kali Linux (formerly Backtrack Linux which I have retained in the Kali Linux sub-menu) in your choice of a Virtual Machine (VMWare or Virtual Box) or on a DVD/USB Thumb Drive.  As background, Kali Linux is an optimized Debian implementation. Note that you may want to review the previous VM Ubuntu installation instructions and any notes you may have taken.  The USB install is a wonderful portable tool however you will need to research and deploy persistence in the USB configuration on your own.  As an aside I see Backtrack/Kali has now launched an image for the Droid Incredible (ARM).

Note to do penetration testing professionally and take full advantage of Kali’s functionality you would want to purchase a USB Wifi Adapter that supports packet injection and packet sniffing but this is not necessary for this FP or to see the rudimentary functionality of Kali.  I use the TP-Link TL-WN722NC.

Preparation and Download

First, please follow my instructions (e.g. 32 bit implementations as we need to be on the same platform and if you choose the 64 bit implementation you are on your own). Also please read these instructions in their entirety before proceeding as the lack of comprehensive knowledge could have negative effects.

1. The first task is to prepare and that means extensive reading but we can get a download going as we read and prepare. Please be sure to see footnote* below.

a. Goto http://www.kali.org/, choose “Downloads” and download the KALI LINUX 32 BIT ISO (not the mini ISO) to your desktop.  You may download it to another area but my instructions will reference a desktop download. Note the SHASUM as you will need to verify your download and submit a screenshot of your SHASUM verification in your FP pdf document.

b. Please read (and reread as necessary) all components of the Kali documentation on their Website that includes: Introduction to Kali Linux, Downloading Kali Linux particularly noting the Hard Drive and USB installations, Installing Kali Linux,  Kali Linux General Use particularly noting the VMWare Tools section, Troubleshooting Kali Linux and 09. Kali Community Support particularly noting the Community Forums as these too will be a troubleshooting resource.

Note: My VM implementation will be a VM Hard Drive installation. If you choose this Irepeat, we will install Kali in a VM not directly on our Hard Drive which would remove our host OS (i.e. blow away your Windows).  Of course Windows users may alternatively complete the USB installation. 

Footnote* – It appears Kali has recently moved to VMWare images.  This should be tried first but in the event it doesn’t work, Kali iso located here: Kali Download

Exercise 2 (there is no Exercise 1)

2. When your download is complete, verify your download by computing a SHASUM of your download and contrasting this with the SHASUM key on kali.org.  Of course if they differ please redownload the iso.  Take a screenshot of your verification and paste it into your FP pdf document labeling the screenshot SHASUM verification.

3. Install Kali in VMWare.  For your VM installation you will follow the steps you followed in LL10 but of course you will choose the kali.iso and adhere to the installation hardware requirements and instructions specified on kali.org.  Also, please rename your VM to Kali from Debian 7.

Note, your VM installation may capture your mouse so you may need to research how to release a mouse from your VM.

Upon rebooting you need to login as user: root with your password.

Have a look around your system and note the Terminal is located in Applications => Accessories.

Exercise 4:

4. Install VMWare Tools from the Terminal per the kali.org instructions noting open-vm-Toolbox worked well for me.  If this doesn’t work please install VMWare Tools from the Terminal per the instructions.  Now if you get an error message please see Troubleshooting below but you may proceed even if VMWare Tools Installation fails so Take a screenshot of your system with open Terminal and paste into your .pdf document.

Assignment

Your assignment document will  include the two screenshots specified above and a write up of your testing and use of Kali Linux.    This write up will also serve as your FP discussion board post.  You should minimally test the functionality of three Kali applications.

Please note the major component of this FP will be the FP DB where you will document your research and testing/evaluation of Kali Linux’s security and penetration testing functionality.  You will need a paragraph documenting your research and a paragraph documenting your testing/evaluation of 3 separate Kali Linux tools.  Minimally this will be 6 distinct paragraphs.

Within Kali there is a large amount of functionality here that includes password crackers, forensics tools, etc (Remember the lines in the Matrix, “What do you need? Guns… lots of guns”, well you now have “Tools… lots of tools”).  I realize the advanced features are at this point be beyond our comprehension however you will return to this tool from this point forward. To understand this, consider when you purchased your first computer or first new phone with a new OS, did you understand its functionality and application out of the box or did the fact that you had the tool accelerate your learning?

For those of you interested in Web Design, Wireshark shows that everything that takes place over Wifi is readable if not encrypted. This also applies for all you software developers as nearly every application now has a Web interface. For those of you who are Business students, do you want your sales force using unencrypted transmissions at Panera?

Now what you should do is find 3 items in the menu system. Google them to learn how to use them on an introductory level and post your findings and what you learned.

Minimally, check out Applications -> Backtrack -> Priviledge Escalation -> Sniffers -> Network Sniffers -> Wireshark and see the wireless network traffic at your site (minimally you will see your host machine outside your VM communicating periodically as this is a separate host). Packet Capture instructions are here:  http://wiki.wireshark.org/CaptureSetup.  Please comment on your experiences with these applications and your installation in the Final Project DB.

I also recommend you look at metasploit.  An interesting ethics question (suitable for discussion in the Ethics DB) is whether Jack and John the Ripper should be included in Kali’s functionality.

Resources:  Here are some good starting points (links) to learn about and try out Kali Linux functionality but I also recommend you search out YouTube videos etc. Again this is just a beginning and if you are in the CSA or CWW programs you should continue developing these skills.  If in the CWW program you should run some of these tools (Arachni Web Scanner) against your Website.

Linux User & Developer – this is a nice overview of a structured penetration attempt/test.

EFY Times

Lastly, please do not forget to shutdown Kali using the shutdown command found in the top menu.

Troubleshooting

Please Google your exact error message and include the keywords “Kali”, “VMWare”, etc. both in isolation and together.  Note VMWare Tools are not necessary to continue as they just enhance functionality (i.e. full screen mode, etc.).  I recommend you try to reinstall periodically (i.e. in ensuing months) as VMWare will update drivers and get the tools working correctly.

Also, if your Kali instance does not have WiFi connectivity, please review past materials and online forums as you should be able to solve this yourself.

Leave a Reply