CCSA# 8

Introduction to KALI linux

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/Instructor do not support/promote hacking. For more details, head to our t&c page.

KALI linux

KALI Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools that are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

KALI Linux is Free, Open source and have more than 600 penetration testing tools included.

Installing kali linux in virtual machines

Live KALI Linux

Persistent KALI Linux

Dual boot with windows

KALI Linux in Vmware Workstation

Vmware’s workstation allows users to create multiple virtual environments, or virtual computer systems, on a single computer or server. The software virtualizes hardware components such as the video card, network adapters and hard drive. To install KALI Linux in VMware go to;

persistent kali linux

Kali Linux “Live” has two options in the default boot menu which enable persistence - the preservation of data on the “Kali Live” USB drive - across reboots of “Kali Live”. This can be an extremely useful enhancement, and enables you to retain documents, collected testing results, configurations, etc., when running Kali Linux “Live” from the USB drive, even across different systems. The persistent data is stored in its own partition on the USB drive, which can also be optionally LUKS-encrypted.

Basic linux commands

information gathering through kali

TraceRoute

Traceroute is a computer network diagnostic tool for displaying the connection route and measuring transit delays of packets across an IP network.

traceroute the computer joker kali

KALI tools:

what web

WhatWeb

WhatWeb is a website fingerprint utility. It identifies websites including CMS, blogging platforms, statistic/analytic packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognize something different. WhatWeb also identifies versions, email addresses, account IDs & more.

whatweb kali the computer joker

Kali tools: whois

Whois :

Whois is a database managed by local internet registrars, it is a query and response protocol that is widely used for querying databases that store the registered users of an Internet resource, such as a domain name or an IP address block and information about domain owner.

whois the computer joker kali

kali tools: nmap

Nmap:

Network Mapper (NMap) is a tool used for network discovery and security auditing. To view full list of NMAP features, see the help page instead by entering following command:

Nmap --help

nmap the computer joker

KALI tools: For anonymity

MacChanger :

There are several reasons changing the MAC address is important, I use MacChanger while pentesting a wireless network with MAC filtering enabled and have to assign an approved MAC address to the wireless adapter. Or just literally to change to a random MAC while pentesting.

ProxyChains :

Proxychains cover and handle whatever job. Add command “proxychains” for every job, that means we enable Proxychains service.

kali tools for vulnerability analysis: nikto

Nikto :

Nikto is webserver and web application assessment tool to find potential security issues and vulnerabilities.

Nikto scans for 6700 potentially dangerous files/programs.

nikto the computer joker

kali tools for vulnerability analysis: Burp suite

BurpSuite :

Burp Suite is a  collection of tools bundled into a single suite which performs security testing of web applications, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. The main features of Burpsuite is that it can function as an intercepting proxy. Burpsuite intercepts the traffic between a web browser and the web server.

KALI TOOLS for database assessment: SQLMAP

SQLMap :

SQLMAP automates the process of detecting and exploiting SQL injection vulnerabilities and taking over databases. To use SQLMap, you need to find a website URL which is SQL injection vulnerable, you can find it by either using SQLiv (see list number) or using Google dork. Once you’ve got the vulnerable SQL injection URL, then open the terminal and run the following command pattern:

Sqlmap -u ‘URL’

KALI TOOLS for password attacks

findmyhash :

Findmyhash is a tool to crack encrypted passwords or data using online services.

John The Ripper (OFFLINE PASSWORD CRACKING SERVICE)

John The Ripper is one of the most popular password testing and cracking programs as it combines a number of password crackers into one package, auto-detects password hash types, and includes a customization cracker. In Linux, “passwd” file located at /etc/passwd contains all user information

KALI TOOLS for exploitation

Metasploit :

Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. It provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing and thanks to the open source community and Rapid7’s own hard working content team, new modules are added on a regular basis, which means that the latest exploit is available to you as soon as it’s published.

Metasploit is world’s best tool for vulnerability assessment and penetration testing.

That's all for this module!

Click below to get to the Next Module - Reverse Engineering Basics


“Talk is cheap, show me the code”

-LINUS TORVALDS <Creator of Linux kernel>

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/owner/Instructor do not support/promote hacking. For more details, head to our t&c page.

want a training?

Please contact us by filling the form on the right side for:

--> Live One to One Training

--> Course materials (pdf, tools & videos)

--> For any queries/feedback & suggestions.

Social
Contact

hi@thecomputerjoker.com

© copyrighted 2021. All Rights Reserved.