Learn Hacking: Fundamentals of Kali Linux

Kali Linux is a powerful, Debian-based Linux distribution designed for digital forensics and penetration testing.

Packed with a plethora of tools for ethical hacking and security research, Kali Linux is an essential platform for cybersecurity professionals and enthusiasts.

Photo by Kevin Horvat on Unsplash

We aim to provide a thorough introduction to learning Kali Linux from scratch, covering installation, basic commands, and key tools with practical examples.

Table of Contents

1. Introduction to Kali Linux
2. Setting Up Kali Linux
3. Basic Linux Commands
4. Network Configuration and Troubleshooting
5. Package Management
6. Introduction to Key Tools
7. Web Application Security Testing
8. Network Security Testing
9. Wireless Security Testing
10. Post-Exploitation Techniques
11. Maintaining and Updating Kali Linux

1. Introduction to Kali Linux

What is Kali Linux?

Kali Linux is a specialized Linux distribution aimed at security professionals.

Photo by Lukas on Unsplash

It includes numerous pre-installed tools for penetration testing, forensics, and reverse engineering.

Developed by Offensive Security, Kali Linux is the successor to Back Track.

Why Use Kali Linux?

1. Comprehensive Toolkit

Hundreds of security tools are pre-installed.

2. Community Support

A large, active community and extensive documentation.

3. Regular Updates

Continuous development and frequent updates.

4. Customizability

Highly customizable to fit specific needs.

2. Setting Up Kali Linux

Photo by Patrick Lindenberg on Unsplash

System Requirements

Minimum Requirements: 2 GB RAM, 20 GB disk space, 32-bit or 64-bit processor.

Recommended: 4 GB RAM, 50 GB disk space, dual-core processor.

Installation Methods

1. Virtual Machine (VM)

Using VirtualBox or VMware.

2. Live USB

Bootable USB drive.

3. Hard Disk Installation

Direct installation on a computer’s hard drive.

Installing Kali Linux on VirtualBox

Photo by rivage on Unsplash

1. Download Kali Linux ISO

Official Kali Linux Downloads at kali.org/downloads

2. Install VirtualBox

Download and install VirtualBox from virtualbox.org

3. Create a New VM

1. Open VirtualBox and click New

2. Name the VM and select the type as Linux and version as Debian (64-bit).

3. Allocate at least 2 GB RAM.

4. Create a new virtual hard disk with at least 20 GB storage.

4. Install Kali Linux

1. Start the VM and select the downloaded ISO file.

2. Follow the installation prompts.

3. Select default options unless customization is needed.

3. Basic Linux Commands

Photo by Gabriel Heinzer on Unsplash

Navigating the File System

ls: List directory contents

ls
ls -la

cd: Change directory

cd /path/to/directory
cd ~ Go to home directory

pwd: Print working directory

pwd

File and Directory Management

mkdir: Create a directory

mkdir new_directory

touch: Create a new file

touch new_file.txt

cp: Copy files and directories

cp source_file.txt destination_file.txt
cp -r source_directory/ destination_directory/

mv: Move or rename files and directories

mv old_name.txt new_name.txt
mv file.txt /path/to/destination/

rm: Remove files and directories

rm file.txt
rm -r directory/

Viewing and Editing Files

cat: Display file contents

cat file.txt

nano: Simple text editor

nano file.txt

4. Network Configuration and Troubleshooting

Viewing Network Interfaces

ifconfig: Display network interfaces

ifconfig

ip a: Another command to display network interfaces

ip a

Configuring Network Interfaces

Assigning IP Address

sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0

Bringing Interface Up/Down

sudo ifconfig eth0 up
sudo ifconfig eth0 down

Troubleshooting Network Issues

ping: Check connectivity

ping 8.8.8.8
ping google.com

traceroute: Trace route to a host

traceroute google.com

netstat: Network statistics

netstat -tuln

5. Package Management

Using APT (Advanced Package Tool)

Update Package List

sudo apt update

Upgrade Installed Packages

sudo apt upgrade

Install a Package

sudo apt install package_name

Remove a Package

sudo apt remove package_name

Search for Packages

apt search package_name

6. Introduction to Key Tools

Kali Linux includes numerous tools categorized for various purposes. Below are some key categories and popular tools within them.

Information Gathering

Nmap: Network mapping and port scanning

nmap -sP 192.168.1.0/24
nmap -sS -A target_ip

Whois: Domain information lookup

whois example.com

Vulnerability Analysis

OpenVAS: Comprehensive vulnerability scanner

sudo openvas-setup
sudo openvas-start

Web Application Security

OWASP ZAP: Web application security scanner

sudo zaproxy

Exploitation Tools

Metasploit Framework: Comprehensive exploitation framework

sudo msfconsole

Password Attacks

John the Ripper: Password cracker

john - wordlist=/path/to/wordlist.txt /path/to/password_hashes.txt

7. Web Application Security Testing

Using OWASP ZAP

OWASP ZAP (Zed Attack Proxy) is a powerful tool for finding vulnerabilities in web applications.

Starting ZAP

sudo zaproxy

Basic Usage

1. Spider: Crawls the website to find all links.

2. Active Scan: Actively tests for vulnerabilities.

3. Reports: Generates detailed reports of findings.

Using Burp Suite

Burp Suite is another powerful web vulnerability scanner.

Starting Burp Suite

sudo burpsuite

Intercepting Traffic

1. Configure browser proxy settings to use Burp’s proxy.

2. Intercept and modify requests.

Scanning for Vulnerabilities

1. Use the scanner to find common web vulnerabilities.

2. Review results and perform manual testing.

3. Network Security Testing

Using Nmap

Nmap is a versatile network scanner used to discover hosts and services on a computer network.

Basic Scan

nmap -sP 192.168.1.0/24

Port Scanning

nmap -sS -p 1–65535 target_ip

Service Version Detection

nmap -sV target_ip

Using Metasploit Framework

The Metasploit Framework is a powerful tool for developing and executing exploit code against a remote target machine.

Starting Metasploit

sudo msfconsole

Searching for Exploits

search vsftpd

Using an Exploit

use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST target_ip
run

9. Wireless Security Testing

Using Aircrack-ng Suite

Aircrack-ng is a set of tools for auditing wireless networks.

Putting Interface in Monitor Mode

sudo airmon-ng start wlan0

Capturing Packets

sudo airodump-ng wlan0mon

Cracking WEP

sudo aircrack-ng -b target_bssid capture_file.cap

Cracking WPA/WPA2

sudo aircrack-ng -w /path/to/wordlist.txt -b target_bssid capture_file.cap

Using Reaver

Reaver is a tool for performing brute force attacks against WPS (WiFi Protected Setup)

Finding WPS-Enabled Networks

sudo wash
-i wlan0mon

Attacking WPS

sudo reaver -i wlan0mon -b target_bssid -vv

10. Post-Exploitation Techniques

Photo by Glenn Carstens-Peters on Unsplash

Using Meterpreter

Meterpreter is a post-exploitation tool included with Metasploit.

Establishing a Meterpreter Session

exploit

Common Meterpreter Commands

sysinfo
ps
shell
download /path/to/file
upload /path/to/file

Pivoting

Use Meterpreter to pivot and access internal networks.

11. Maintaining and Updating Kali Linux

Photo by Luke Chesser on Unsplash

Regular Updates

Keeping Kali Linux updated ensures you have the latest tools and features.

Update Package List

sudo apt update

Upgrade Installed Packages

sudo apt upgrade

Customizing Kali Linux

Kali Linux is highly customizable to fit specific needs.

Adding Repositories

sudo nano /etc/apt/sources.list

Installing Additional Tools

sudo apt install tool_name

Conclusion

Learning Kali Linux from scratch involves understanding its installation, basic commands, and the various tools it offers.

Photo by Kevin Ku on Unsplash

This guide has provided an overview of these areas, equipping you with the foundational knowledge needed to start exploring and using Kali Linux effectively.

As you progress, you’ll find that Kali Linux is an indispensable platform for security professionals, offering a robust environment for conducting penetration tests, security audits, and forensics analysis.

Always remember to use these tools responsibly and ethically, respecting privacy and legal boundaries.