You're reading from Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition Become a cybersecurity ethical hacking expert using Metasploit, Nmap, Wireshark, and Burp Suite

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801819770

Length 572 pages

Edition 4th Edition

Languages

PowerShell

Tools

Burp Suite

Concepts

Cybersecurity

Author (1):

Vijay Kumar Velu

View More author details

Table of Contents (17) Chapters

Preface

1. Goal-Based Penetration Testing FREE CHAPTER

2. Open-Source Intelligence and Passive Reconnaissance

3. Active Reconnaissance of External and Internal Networks

4. Vulnerability Assessment

5. Advanced Social Engineering and Physical Security

6. Wireless and Bluetooth Attacks

7. Exploiting Web-Based Applications

8. Cloud Security Exploitation

9. Bypassing Security Controls

10. Exploitation

11. Action on the Objective and Lateral Movement

12. Privilege Escalations

13. Command and Control

14. Embedded Devices and RFID Hacking

15. Other Books You May Enjoy

16. Index

Organizing Kali Linux

Installation is just the beginning; organizing Kali Linux is a very important next step. In this section, we will explore the different ways in which our Kali Linux can be organized through customization.

Configuring and customizing Kali Linux

Kali is a framework that is used to perform penetration testing. The tester, however, should never feel tied to the tools that have been installed by default, or by the look and feel of the Kali desktop. By customizing Kali, a tester can increase the security of client data that is being collected and make it easier to perform a penetration test. Common customization options that can be made in Kali include the following:

Resetting the Kali password
Adding a non-root user
Configuring network services and secure communications
Adjusting network proxy settings
Accessing the secure shell
Speeding up Kali operations
Sharing folders with Microsoft Windows
Creating encrypted folders

Let us now take a further look at these options.

Resetting the default password

If you downloaded the preconfigured VMware or VirtualBox image, the default username and password to access Kali Linux is kali. It is recommended to change the default password; to do so, run the following command in the Kali Linux terminal:

sudo passwd kali

You will then be prompted to enter a new password, and then to confirm it.

Configuring network services and secure communications

The first step to ensure that we are able to access the internal network is to make sure that it has connectivity to either a wired or wireless network to support updates and communications. You may need to obtain an IP address through Dynamic Host Configuration Protocol (DHCP) by appending a network configuration file and adding an Ethernet adapter to it, in the form of the following commands from the Kali Linux terminal:

# sudo nano /etc/network/interfaces
iface eth0 inet dhcp

Once the network configuration file is appended, you should be able to bring up the ifup script to automatically assign the IP address, as displayed in Figure 1.28:

Figure 1.28: Successful assignment of an IP address through DHCP using the ifup script

In the case of a static IP, you can append the same network configuration file with the following lines and quickly set up a static IP to your version of Kali Linux:

# nano /etc/network/interfaces
iface eth0 inet static
address <your address>
netmask <subnet mask>
broadcast <broadcast mask>
gateway <default gateway>
# nano /etc/resolv.conf
nameserver <your DNS ip> or <Google DNS (8.8.8.8)>

By default, Kali starts with the DHCP service enabled. Doing so announces the new IP address to the network, which may alert administrators to the presence of the tester. For some test cases, this may not be an issue, and it may be advantageous to have certain services start automatically during boot-up. This can be achieved by entering the following commands:

update-rc.d networking defaults
/etc/init.d/networking restart

Kali installs with network services that can be started or stopped as required, including DHCP, HTTP, SSH, TFTP, and the VNC server. These services are usually invoked from the command line; however, some are accessible from the Kali menu.

Adjusting network proxy settings

Users located behind an authenticated or unauthenticated proxy connection must modify the bash.bashrc and apt.conf files. Both files are located in the /etc/ directory. Edit the bash.bashrc file, as the following shows, using a text editor to add the following lines to the bottom of the bash.bashrc file:

export ftp_proxy=ftp://username:password@proxyIP:port
export http_proxy=http://username:password@proxyIP:port
export https_proxy=https://username:password@proxyIP:port
export socks_proxy="https://username:password@proxyIP:port"

Replace proxyIP and port with your proxy IP address and port number, respectively, and replace the username and password with your authentication username and password. If there’s no need to authenticate, write only the part following the @ symbol. Save and close the file.

Accessing the secure shell remotely

To minimize detection by a target network during testing, Kali does not enable any external listening network services. Some services, such as SSH, are already installed. However, they must be enabled prior to use. Kali comes preconfigured with default SSH keys. Before starting the SSH service, it is a good idea to disable the default keys and generate a unique keyset for use, as the following code shows. Move the default SSH keys to a backup folder, and then generate a new SSH keyset using the following command:

sudo dpkg-reconfigure openssh-server

To confirm the SSH service is running, you can verify this by using the command sudo service ssh status.

Note that with the default configuration of SSH, root login will be disabled. If you require access with the root account, you may have to edit /etc/ssh/sshd_config and set PermitRootLogin to yes, save, and then exit. Finally, from any system on the same network, you should be able to access the SSH service and utilize Kali Linux. In this example, we use PuTTY, which is a free and portable SSH client for Windows. Now you should be able to access Kali Linux from another machine, accept the SSH certificate, and enter your credentials.

Speeding up Kali operations

Several tools can be used to optimize and speed up Kali operations:

When using a VM, install its software drive package, either Guest Additions (VirtualBox) or VMware Tools (VMware).

We have to ensure that we run apt-get update before the installation.

When creating a VM, select a fixed disk size instead of one that is dynamically allocated. It is faster to add files to a fixed disk, and there is less file fragmentation.
By default, Kali does not show all applications that are present in the startup menu. Each application that is installed during the boot-up process slows the system data and may impact memory usage and system performance. This can be performed by the following commands in the terminal:
- To list all the startup services at bootup, type sudo systemctl list-unit-files --type=service in the terminal and you can choose to disable the unwanted services by running sudo systemctl disable --now <nameoftheservice>
- Finally, you can list the enabled services by running sudo systemctl list-unit-files --type=service --state=enabled --all in the terminal

Sharing folders with the host operating system

The Kali toolset has the flexibility to share results with applications residing on different operating systems, especially Microsoft Windows. The most effective way to share data is to create a folder that is accessible from the host operating system as well as the Kali Linux VM guest. When data is placed in a shared folder from either the host or the VM, it is immediately available via the shared folder to all systems that access that shared folder. To create a shared folder, perform the following steps:

Create a folder on the host operating system. In this example, it will be called kali_Share.
Right-click on the folder and select the Sharing tab. From this menu, select Share.
Ensure that the file is shared with Everyone and that Permission Level for this share is set to Read/Write.
If you haven’t already done so, install the VMware tools/Virtual Box Guest additions onto Kali Linux, respectively.
When the installation is complete, go to the VMware player menu and select Manage and click on Virtual Machine Settings. Find the menu that enables Shared Folders and select Always Enabled.
In the case of Oracle VirtualBox, select the VM and go to Settings and select Shared Folders, as shown in Figure 1.29:

Figure 1.29: Mounting a shared drive from the original operating system to the guest operating system

Please note that older versions of VMware Player use a different menu.
Now the folder should be automatically mounted to the /media/ folder, as shown in Figure 1.30:

Figure 1.30: Successful mounting of the shared drive to the Kali Linux VM
Everything placed in the folder will be accessible in the folder of the same name on the host operating system, and vice versa.

The shared folder, which will contain sensitive data from a penetration test, must be encrypted to protect the client’s network and reduce the tester’s liability should the data ever be lost or stolen.

Using Bash scripts to customize Kali

Typically, to maintain system and software development, command-line interfaces were developed as multiple shells in Linux, namely, sh, bash, csh, tcsh, and ksh.

We can utilize the following Bash scripts to customize Kali Linux depending upon the goal of our penetration testing: https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Advanced-Penetration-Testing-4E.