Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Kali Linux for Advanced Penetration Testing

You're reading from   Mastering Kali Linux for Advanced Penetration Testing Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit

Arrow left icon
Product type Paperback
Published in Jan 2019
Publisher Packt
ISBN-13 9781789340563
Length 548 pages
Edition 3rd Edition
Arrow right icon
Authors (2):
Arrow left icon
Robert Beggs Robert Beggs
Author Profile Icon Robert Beggs
Robert Beggs
Vijay Kumar Velu Vijay Kumar Velu
Author Profile Icon Vijay Kumar Velu
Vijay Kumar Velu
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Goal-Based Penetration Testing FREE CHAPTER 2. Open Source Intelligence and Passive Reconnaissance 3. Active Reconnaissance of External and Internal Networks 4. Vulnerability Assessment 5. Advanced Social Engineering and Physical Security 6. Wireless Attacks 7. Exploiting Web-Based Applications 8. Client-Side Exploitation 9. Bypassing Security Controls 10. Exploitation 11. Action on the Objective and Lateral Movement 12. Privilege Escalation 13. Command and Control 14. Embedded Devices and RFID Hacking 15. Other Books You May Enjoy

Installing and updating Kali Linux

In the last edition, we focused on the installation of Kali Linux to VMware player, VirtualBox, and Amazon AWS and using the Docker appliance. In this section, we will touch base on installing on the same platforms along with Raspberry Pi 3.

Using as a portable device

It is fairly simple to install Kali Linux onto a portable device. In some situations, clients do not permit the use of an external laptop inside a secure facility. In those cases, typically a testing laptop is provided by the client to the pentester to perform the scan. Running Kali Linux from a portable device has more advantages during a pentest or RTE:

  • It's in the pocket, in case of a USB or mobile device
  • It can be run live without making any changes to the host operating system
  • You can customize the build of Kali Linux and you can even make the storage persistent

There are a simple three steps to make a USB into a portable Kali from a Windows PC:

  1. Download the official Kali Linux image from: http://docs.kali.org/introduction/download-official-kali-linux-images.
  2. Download Win32 Disk Imager from: https://sourceforge.net/projects/win32diskimager/. We will be using Win32 Disk Imager 1.0.
  3. Open the Win32 Disk Imager as administrator. Plug the USB drive into the PC's available USB port. Browse to the location where you've downloaded your image. You should be able to see what's shown in the following screenshot. Select the right drive name and then click Write:

Once complete, exit the Win32 Disk Imager and safely remove the USB. The Kali Linux is now ready as a portable device to be plugged into any laptop to boot it up live. It is also possible to generate a hash value using the Win32 Disk Imager. If your host operating system is Linux this can be achieved by two standard commands:

sudo fdisk -l

This will display all of the disks mounted on the drive:

dd if=kali linux.iso of=/dev/nameofthedrive bs=512k

That's it. The dd command-line utility does the convert and copy, if is used for input file , of is for output file, and bs is for the block size.

Installing Kali to Raspberry Pi 3

Raspberry Pis are single board devices that are compact in nature and can run just like a fully loaded computer with minimal functionalities. These devices are extremely useful during RTE and penetration testing activities. The base of the operating system is loaded from a SD card just like a hard disk drive for normal computers/laptops.

The same steps as those outlined in the previous section, Using as a portable device, can be performed on a high speed SD card that can be plugged into a Raspberry Pi. We are ready to use the system without any issues. If the installation is successful, the following screen must be present when Kali Linux is booted from a Raspberry Pi. We've used Raspberry Pi 3 for this demonstration and accessed the Pi Operating system using VNC viewer:

Installing Kali onto a VM

In this section, we will take a quick tour of how to install Kali onto VMware Workstation Player and Oracle VirtualBox.

VMware Workstation Player

VMware Workstation Player, formerly known as VMware Player, is free for personal use and a commercial product for business use from VMware as a desktop application that allows us to run a VM inside your host operating system. This application can be downloaded from: https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0.

We will be using version 12.5.9 VMware Workstation Player. Once the installer is downloaded, go ahead and install the VMware Player accordingly, based on your host operating system. If the installation is complete, you should have the following screen:

The next step to install the Kali-Linux to VMware is to click on Create a New Virtual machine and select Installer disc image file (iso). Browse your ISO file that was downloaded and then click Next. You can now enter the name of your choice (for example, HackBox) and select the Custom Location where you would like to store your VMware image. Click Next and then you'll specify the disk capacity. It is recommended that a minimum of 10 GB is needed to run Kali. Click Next until you finish.

Another way is to directly download the VMware image and open the .vmx file and select I copied it. That should boot up the fully loaded Kali Linux in VMware.

You can either choose to install the Kali-Linux to the host operating system or run it as a live image. Once all of the installation steps are complete, you are ready to launch Kali Linux from VMware without any problem, as shown in the following screenshot:

VirtualBox

Similar to VMware workstation player, VirtualBox is the hypervisor that is completely open source and a free desktop application from which you can run any VM from the host operating system. This application can be downloaded from: https://www.virtualbox.org/wiki/Downloads.

We will now go ahead and install Kali to VirtualBox. Similar to VMware, we will just execute the downloaded executable until we have a successful installation of Oracle VirtualBox, as shown in the following screenshot:

During installation, it is recommended that the RAM be set to at least 1 or 2 GB, and that you create the virtual hard drive with a minimum of 10 GB to have no performance issues. After the final step, you should be able to load Kali Linux in VirtualBox, as shown in the following screenshot:

Installing to a Docker Appliance

Docker is an open source project that is designed to automate the deployment of software containers and applications instantly. Docker also provides the additional abstraction and automation layer of operating system-level virtualization on Linux.

Docker is available for Windows, Mac, Linux, AWS (Amazon Web Services), and Azure. For Windows, Docker can be downloaded from: https://download.docker.com/.

After the Docker installation, it should be fairly simple to run Kali Linux by running the docker pull kalilinux/kali-linux-docker and docker run -t -i kalilinux/kali-linux-docker /bin/bash commands to confirm installation.

We should be able to run Kali Linux directly from Docker as shown in the following screenshot. Also, note that Docker utilizes the VirtualBox environment in the background. So, technically, it is a VM running on VirtualBox through the Docker appliance:

Once the Docker download is complete, you can run the Docker image by running docker run -t -i kalilinux/kali-linux-docker /bin/bash. You should be able to see what's shown in the following screenshot:

Ensure that VT-X is enabled on your system BIOS and Hyper-V is enabled on Windows. Do note that enabling Hyper-V will disable VirtualBox, as shown in the following screenshot:

Kali on AWS Cloud

Amazon Web Services (AWS) provide Kali Linux as part of Amazon Machine Interface (AMI) and Software as a Service (SaaS). A penetration tester or hacker can utilize AWS to conduct penetration testing and more efficient phishing attacks. In this section, we will go through the steps to bring up the Kali Linux on AWS.

First, you'll need to have a valid AWS account. You can sign up by visiting the following URL: https://console.aws.amazon.com/console/home.

When we log in to the AWS account, we should be able to see all of the AWS services. Search for Kali Linux. You'll see the following as per the screenshot, https://aws.amazon.com/marketplace/pp/B01M26MMTT:

AWS services- Kali Linux

The open source community has made it very simple to directly launch with pre-configured Kali Linux 2018.1 in the Amazon marketplace. The following URL will take us to a direct launch of Kali-Linux within a few minutes, https://aws.amazon.com/marketplace/pp/B01M26MMTT. Follow the instructions and then you should be able to launch the instance by selecting Continue to Subscribe. This should take you to the following option to select as shown in the following screenshot. Finally, just click Launch:

Before you launch Kali Linux 2018.3 from AWS, it is recommended that you create a new key pair as shown in the following screenshot:

As usual, to use any AWS VM, you must create your own key pair in order to ensure the security of the environment. Then, you should be able to log in by entering the following command from your command shell. In order to use the private key to log in without the password, Amazon enforces the file permission to be tunneled. We will use the following commands to connect to the Kali Linux instance:

chmod 600 privatekey.pem
ssh -i privatekey.pem ec2-user@amazon-dns-ip

The following screenshot depicts the successful usage of Kali on AWS:

All of the terms and conditions must be met in order to utilize AWS to perform penetration testing. Legal terms and conditions must be met before launching any attacks from the cloud host.
You have been reading a chapter from
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
Published in: Jan 2019
Publisher: Packt
ISBN-13: 9781789340563
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image