Getting Started with Kali Linux
Before we begin our adventure into hacking, let's take a brief moment to make certain everyone has some basic Linux skills.
Let's begin with some of the most basic Linux commands.
First a word about case-sensitivity. If you have worked you entire life/career in Windows, you may not be accustomed to case-sensitivity as Windows is case-insensitive. On the other hand, Linux is case sensitive. This means that the file "hacking" is different from the file "Hacking" and the directory "Desktop" is different from "desktop".
In addition, the file structure in Linux is different than Windows. Whereas, Windows has physical drive, say C:, at the root of its file structure, Linux does not. At the top of the Linux file hierarchy is root /.
Since we will nearly always be working in the command line (CLI) in Linux, there are some key commands that are critical for just finding our way around. Probably the most important of these is ls.
kali > ls
The ls command will list all the files and subdirectories as seen above.
If we use the -l switch, Linux will display much more information including the owner, group and security of the files and sub directories.
kali > ls -l
Probably the second most commonly used command in Linux is cd or change directory.
Often, in Linux, final names and commands can be very long and complex. To resolve this issue, you can type the first few letters of a file or command and if you have enough characters to make it unique, you can tab and Linux will autocomplete it
To copy a file from one location to another, we use the same command as Windows cp
While the copy command will make a copy of the file in the new location, the move mv will move the file to the new location and delete the previous file and location
As we are moving around the command line we can often lose track of what directory we are in. To find what our present working directory is, we can use the pwd command.
As the root user, we can use any user's account and it is advisable that we not use the root account when doing normal maintenance. As a result, we will not always be logged in as root. If we forget what user we are logged in as, we can ask the system "whoami".
To list the contents of a file, we can use the cat command followed by the file name. While is useful for short files, for longer files it scrolls to the end the file before stopping. So, for a 1000 page file it will keep scrolling until it come sto page 1000. Not so useful.
The more command is used to display the contents of a file. It will display the first page and stop, unlike cat. You can then use the Enter key to scroll down through the file one line at a time or page down using the PGDN key. You exit by typing q to return to the command prompt.
When hacking or administering on Linux, we often need to see what processes are running. The command is ps
Grep is a filter command. We can use grep to filter for any keyword.
Sometimes an application or process will hang or zombie. To stop it we can use the kill command.
As mentioned above, cat can be used to print a file to screen. Its useful for printing small files but of limited usefulness with large files. For our purposes in this class, cat can be useful for creating small text files. To create a text file with cat, simply type the command cat followed by the redirect > and then the name of the file you want to create such as;
kali > cat > hackingfile
Hacking is the most important skill set of the 21st century.
When you hit enter, cat will enter interactive mode and whatever you type next will be entered into the file. To exit and save, simply hit cntl+d
When networking in Linux, we usually will need to see and know our interfaces and IP addresses. Similar to the ipconfig command in Windows, Linux has the 'ifconfig" command.
Before we begin on this long journey, we first need to put into place some stepping stones to get us there. In this first module, we will introduce you to Offensive Security’s hacking distribution, Kali Linux. Kali Linux is Offensive Security’s latest hacking/penetration testing platform, having replaced Offensive Security’s widely known and used BackTrack. Unlike Backtrack, Kali is built on Debian Linux rather than Ubuntu.
I. Navigating Kali
As we will be using Kali as our primary means of attacking IT assets, it is important that we have an introduction and tour of Kali. For those of you who are new to Kali, please make certain that you spend adequate time familiarizing yourself with it and Linux, as it will pay dividends in the long run in this course and your career as a penetration tester. For those of you who already have significant experience with Kali and Linux, consider this a review and bear with us for just a moment.
Kali is a Debian distribution of Linux with a GNOME interface by default (if you are more comfortable with KDE or other interface, you can replace it, but I will be using the default interface in this course), built by Offensive Security and for offensive security. It has hundreds of tools built-in and is designed for hacking. Most of the tools we want to access and use can be found under the Kali Linux tab under the Applications tab at the top of the screen. Let’s take a look at those.
As you can see in the screenshot above, when I click on the Applications tab at the top of the screen, it pulls down a list of choices and about mid-way down, we can see the Kali Linux tab. When we click on it, it expands to numerous categories of hacking tools. Hovering the mouse over any of those categories will reveal the tools available to us in each of those areas.
We can also select Top 10 Security Tools and it will reveal some very common and effective security/hacking tools. These are;
6. metasploit framework
One can quibble over whether these are the Top 10 security tools, but they are ALL great tools and we will be using each of them in this course.
The tools will generally be run from the CLI or command line interface. Unlike earlier versions of Backtrack and other hacking distributions, Offensive Security has placed all the applications in the /usr/bin directory and since this directory is in our PATH variable, these applications can be run from any directory, making using Kali a bit simpler than BackTrack or other security distributions. If we navigate to /usr/bin and type ls -l, we can see displayed all of the applications available to us.
For those new to Linux and Kali, there are numerous commands that are useful. Probably the most important initially are the locate and find commands. Locate enables us to search through a database maintained by the operating system for the name of a particular file. So, if we were looking for the apache2.conf file, we could type
kali > locate apache2.conf
The locate command is fast and easy, but it can only find files that have been there at least 24 hours as the database is updated overnight on most systems. A file that you created a couple of hours ago, will not appear in the database until tomorrow.
While the locate command is fast, the find command is far more powerful. It enables us to find files by attributes and define where to look for them. For instance, if I wanted to find the same apache2.conf file, I could tell it to start looking in the /etc directory and look for a file (-type f) with the name (-name) apache2.conf
kali > find /etc -type f -name apache2.conf
/etc is the directory to search in
-type f tells it to search for a file
-name tells find to search by name
apache2.conf is the name of the file to search for
After running this command, it comes back and tells us that apache2.conf is in the /etc/apache2 directory. The find command is a very powerful Linux command with almost innumerable switches and options to help us find files based upon various attributes such ownership, time, size, permissions, etc. It would be worth your time to explore further this command, but it is beyond the scope of our course.
II. Kali Linux Services
Kali has a number of built-in services that will be useful to our attacks. Probably most importantly will be the apache web server, but also SSH, TFTP, FTP and others. Many of these services can be started, stopped and restarted from the GUI interface.
As you can see from the screenshot above, I can find the GUI interface for these services by going to Applications then Kali Linux and then System Services. When I hover over System Services it opens a menu of services. This is NOT a complete list of services, but only those that can started and stopped via the GUI.
Other services are available, but much be started via the command line interface (CLI). We can start and stop any service by typing;
kali > service <name of service><action:start,stop,restart>
So, if I wanted to start the apache web server via the command line, it would be;
kali > service apache2 start
If addition, apache2 has a control script named apache2ctl. We can use it to start and stop the apache web server.
III. Networking in Kali
Throughout this course, we will need to configure and reconfigure our network for optimal hacking. To do so we will need to be familiar with a few commands in Linux. The first and probably most important is ifconfig. It is very similar to windows ipconfig as it will reveal the requisite networking and interface information.
To acquire DHCP assigned IP address, simply use the dhclient command with the name of the interface, in this case eth0.
kali > dhclient eth0
Setting a Static IP
To set a static IP, you can use the ifconfig as follows;
kali > ifconfig eth0 <IP address>
Next, we want to install the pure-ftpd server. I prefer the pure-ftp server and it is in our Kali repository, so we can install it by typing;
kali > apt-get install pure-ftpd
We will need a trivial FTP server for some of labs, so let’s start one now. Built into this Kali Linux is the advanced TFTP server or atftpd. We can start it by typing;
kali> atftpd –daemon –port 69 /tmp
–daemon tells the service to run in the background
–port tells atftpd to listen on port 69
/tmp tells the service to use the /tmp directory as a source of files
To test to make certain the aftpd daemon is running, we can use the netstat command and pipe it to grep filtering it for aftpd. As you can see in the screenshot above, we found it running on port 69.
Last, let’s test the vncserver built into Kali. We can activate it by typing;
Note that the first time you activate VNC Server, it will prompt you for a password. Provide it a password up to 8 characters and remember it as you will need it again later.
For more on using Linux for hacking, check out my book "Linux Basics for Hackers" now available here on Amazon.