SlideShare a Scribd company logo

penetration test using Kali linux seminar report

A
AbhayNaik8

This document is a seminar report submitted by Mr. Naik Abhay Suresh to fulfill requirements for a Bachelor of Engineering degree. The report discusses penetration testing using Kali Linux. It provides background on Kali Linux, including its history and relationship to Debian. It then describes the methodology of penetration testing, including phases such as information gathering, scanning, exploitation, and post-exploitation. The report discusses advantages and applications of using Kali Linux for penetration testing.

Technology
1 of 24
Download to read offline
Visvesvaraya Technological University Belagavi-590 014, Karnataka A Seminar Report on “Penetration Test Using Kali Linux” Submitted in partial fulfilment of the requirements for the award of Bachelor of Engineering In Computer Science and Engineering Submitted By Mr. Naik Abhay Suresh 2JI15CS025 Under the Guidance of Dr. Dinesha H. A. Department of Computer Science and Engineering Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s Jain College of Engineering Belagavi-590 014 Academic Year 2018-19
Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s Jain College of Engineering Belagavi-590 014 Department Of Computer Science and Engineering Certificate This is to certify that the seminar entitled “Penetration Test Using Kali Linux” is carried out by Mr. Naik Abhay Suresh, bearing USN-2JI15CS025, a bonafide student of Jain College of Engineering, Belagavi, in partial fulfilment for the award of Bachelor of Engineering in Computer Science and Engineering from Visvesvaraya Technological University, Belagavi, during the academic year 2018- 19. It is certified that all corrections/suggestions indicated for internal assessment have been incorporated in the report. The seminar report has been approved as it satisfies the academic requirements in respect of seminar work prescribed for the said degree. -------------------------- ------------------------------------ Dr. Dinesha H. A. Prof. Praveen Y Chitti GUIDE HOD, CSE Name of Examiner Signature of Examiner 1.______________ 1. ________________ 2.______________ 2. ________________
ACKNOWLEDGEMENT The satisfaction and euphoria that accompany the progress and completion of any task would be incomplete without the mention of the people who made it possible, whose constant guidance and encouragement ground my efforts with success. I consider it is a privilege to express my sincere gratitude and respect to all those who guided and inspired me. I express my sincere thanks and gratitude to our guide Prof. Dr. Dinesha. H. A, Department of Computer Science & Engineering, JCE, Belagavi, for his constant guidance and suggestions. His incessant encouragement and invaluable support has been of immense help. It’s a great privilege to express my respect to Prof. Praveen Chitti, HOD, Department of Computer Science & Engineering, JCE, Belagavi, who had been great source of inspiration towards taking up this project and its successful completion. I am thankful to Dr. K. G. Vishwanath, Principal, JCE, Belagavi for providing us with the necessary facilities for carrying out this project work successfully.
ABSTRACT Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. It is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing services to the users. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering etc.
TABLE OF CONTENTS 1. Introduction……………………………………………………………………...1 2. Literature Survey...…………....…………………………………………………6 3. Methodology.……………………….…………………………..…………….…7 4. Advantages Of Kali Linux..……………...………………..……………………11 5. Applications Of Kali Linux ..…...……………...………………………………14 Conclusion ………………………………………….………………………….....18 References…………...………...……………………………….……………..…..19
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 1 CHAPTER – 1 INTRODUCTION 1.1 WHAT IS KALI LINUX As we are very well aware of the dynamic Linux platform and the increase in the utilization of the Linux system, so the need to provide the secure environment also increased by the Linux experts. To curb the secure Linux browsing a Kali Linux has been introduced on 13th March 2013. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing services to the users. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering etc. This fully awesome security package of Kali Linux is adhesively developed, funded and maintained by Offensive Security, which is one of the leading information security training company and has achieved numerous excellence in the field of the digital security system. In true sense, Kali Linux is an overall make over of the BackTrack Linux, but in this Linux, all the limitations of BackTrack Linux have been removed with some new and better security tools. 1.2 HISTORY OF KALI LINUX Knoppix, ancestor of Kali Linux was the first ever bootable Live Linux Operating system, which is still in existence. Knoppix project was then forked into Whoppix and then re-forked into WHAX. WHAX was then re-branded and streamlined into the BackTrack, the predecessor of Kali Linux. BackTrack had a long reign of almost seven years as the pen- testers and hackers choice. BackTrack is a customised native environment dedicated to hacking. As of 2011 it was used by more than four million amateur and professional security researchers. The latest version, BackTrack 5, is built on Ubuntu Lucid and contains some 350 penetration testing tools. However, as of March 2013 the venerated distro was decommissioned and replaced by Kali Linux. The main issue with BackTrack v1-v5 was that it was a headache for dependencies. Too many pentesting tools embedded within Back Track all struggled to co- exist within the dependencies. The solution was to rebuild the distro bottom-up by making Kali Debian based. Kali Linux has 300 tools which automatically work within the Kali ecosphere. Kali also has been created with the clean “File system Hierarchy Standard” and offers vast plug and play wireless support. The main attraction was the ARM support
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 2 provided by Kali Linux. Incidentally, you can also create your own .iso file with Kali through the Debian life build feature. Figure 1.1 Kali Linux Family Tree 1.3 Relationship with Debian The Kali Linux distribution is based on Debian Testing. Therefore, most of the packages available in Kali Linux come straight from this Debian repository. While Kali Linux relies heavily on Debian, it is also entirely independent in the sense that we have our own infrastructure and retain the freedom to make any changes we want. 1.3.1 The Flow of Packages On the Debian side, the contributors are working every day on updating packages and uploading them to the Debian Unstable distribution. From there, packages migrate to the Debian Testing distribution once the most troublesome bugs have been taken out. The migration process also ensures that no dependencies are broken in Debian Testing. The goal is that Testing is always in a usable (or even releasable!) state. Debian Testing’s goals align quite well with those of Kali Linux so we picked it as the base. To add the Kali-specific packages in the distribution, we follow a two-step process.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 3 First, we take Debian Testing and force-inject our own Kali packages (located in our kali- dev-only repository) to build the kali-dev repository. This repository will break from time to time: for instance, our Kali-specific packages might not be installable until they have been recompiled against newer libraries. In other situations, packages that we have forked might also have to be updated, either to become installable again, or to fix the installability of another package that depends on a newer version of the forked package. In any case, kali-dev is not for end-users. kali-rolling is the distribution that Kali Linux users are expected to track and is built out of kali-dev in the same way that Debian Testing is built out of Debian Unstable. Packages migrate only when all dependencies can be satisfied in the target distribution. 1.3.2. Managing the Difference with Debian As a design decision, we try to minimize the number of forked packages as much as possible. However, in order to implement some of Kali’s unique features, some changes must be made. To limit the impact of these changes, we strive to send them upstream, either by integrating the feature directly, or by adding the required hooks so that it is straightforward to enable the desired features without further modifying the upstream packages themselves. The Kali Package Tracker10 helps us to keep track of our divergence with Debian. At any time, we can look up which package has been forked and whether it is in sync with Debian, or if an update is required. All our packages are maintained in Git repositories11 hosting a Debian branch and a Kali branch side-by-side. Thanks to this, updating a forked package is a simple two- step process: update the Debian branch and then merge it into the Kali branch. While the number of forked packages in Kali is relatively low, the number of additional packages is rather high: in April 2017 there were almost 400. Most of these packages are free software complying with the Debian Free Software Guidelines12 and our ultimate goal would be to maintain those packages within Debian whenever possible. That is why we strive to comply with the Debian. Unfortunately, there are also quite a few exceptions where proper packaging was nearly impossible to create. As a result of time being scarce, few packages have been pushed to Debian.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 4 Figure 1.2 Logo Of Kali Linux 1.4 BASIC PENETRATION TESTING TERMINOLOGY Penetration Testing is the massive field in security systems. It deals with most of common things that usually a developer forgets to cover during the development process. But, by the magic of Penetration Testing it is possible to remove such kind of holes in the application or in any system. This is as crucial as development process since a single hole can spoil the whole system without even knowing that this is actually being happened. So, in this research in order to understand the concept of Penetration Testing some terms related to it must be understood, the terms like: 1.4.1 Introduction to Penetration Penetration Testing is the process of simulating attacks (on purpose) on the system that needs to be flawed-free (i.e., there should not be any holes) in order to stop a hacker or attacker to follow out an attack along the organization. Hacker are Penetration Tester (Pen-Tester)? So, there is a major difference between a hacker and pen-tester, a hacker implements an attack on a system without having rights to do this that is, in simple words hacker is doing these activities in an unauthorized manner. But, a Pen-Tester is having all the rights to simulate such attacks in order to make the system secure from hackers. A pen-tester may be having a full access or a partial access to the system. Penetration Testing is also known as:
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 5  Pen-Test  PT  Ethical Hacking  White Hat Hacking  Offensive Security  Red Teaming Penetration Testing is basically done to make sure that the attacker(mainly a Hacker) should not enter into the network, system or an application from any other way i.e., without being authorized. 1.4.2. Legality Let’s make it pretty clear: Penetration testing requires that you get permissions from the person who owns the system. Otherwise, as mentioned above you are doing the hacking. And you may be charged under the I.T. Act 2000 Section (66) for performing illegal activities or hacking acts. 1.4.3. Introduction to Vulnerability Vulnerability is a security hole in a Software, Operating System, and Web Application or in any Network that allows an attacker to enter into it without having the permissions of the owner.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 6 CHAPTER – 2 LITERATURE SURVEY Devanshu Bhatt’s in his work on Modern Day Penetration Testing Distribution Open Source Platform Kali Linux, concluded that By utilizing Kali Linux–Open source Distribution Framework and number of applications it supports like Dmitry and Metasploit, he’s been able to get access on the target Debian Linux machine. Kali Linux's Dmitry and Metasploit Framework offers significant variety of exploits with the collection of all operating system with available versions and service packs. Specifically in actual world situation; it is essential to include complete variety of threats and available most critical categories applications from Kali Linux. The assessment need to be carried out on systems with anti-virus and firewalls to get the precise final result. And all those resources need to be utilized which have most recent vulnerability exploits. [1] Gurdeep Singh and Jaswinder Singh in their paper on Evaluation of Penetration Testing Tools of KALI LINUX, concluded that Web applications are becoming popular and have wide spread interaction medium in our daily lives. But at same point many vulnerabilities explore sensitive data. The different web application vulnerabilities based on the security properties that web application should be preserved. However vulnerability assessment tools are automated one which saves time and money and also defend the web applications from modern threats. At the last the new advanced security attacks are always emerging, requires the security professional to have positive security solution without putting huge number of web applications at risk. [2]
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 7 CHAPTER – 3 METHODOLOGY 3.1 PHASES OF PENETRATION TESTING Basically, the overall process of penetration testing can be carved up into a no. of steps that make an inclusive methodology of penetration testing. The main purpose behind using methodology is that it allows you to divide a complex process into a series of simple, more manageable tasks or modules. Different methodologies use different names for the steps, although the purpose or tasks are similar. For example, some methodologies use the term “Information Gathering”, whereas others use the term “Reconnaissance” or “Recon” The phases of penetration testing are as follows:  Information Gathering  Scanning  Exploitation  Post Exploitation & Maintaining Access Figure 3.1 Zero Entry Pen-Testing Methodology Figure.3.1 shows the “Zero Entry Penetration Testing Methodology”. The purpose of using the inverted triangle is that it allows to describe the steps from broader to more specific manner. For example, the information gathering stage produces a massive information regarding the target, so the triangle shows the broad step, indicating that the data produced by this step or phase is big or large. The first phase involves gathering or exploring all the necessary details of the target such as the target IP (Internet Protocol) address or in case of physical devices the MAC address is
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 8 also required. The second phase includes a deep scanning of the target (obviously, not the antivirus scanning). So that the tracks (holes or backdoors) can be found to get the access into the system or application. In simple words, the second phase is about exploring the vulnerabilities in the target using variety of tools. In the third phase we use the results of previous phases (like, target and its vulnerabilities) in order to exploit the system or application. The final phase include maintaining access over the target after the exploitation, which is quite tricky. Oftentimes, the payloads delivered by the exploits give temporary access over the target. 3.1.1. Information Gathering (Reconnaissance) This phase needs patience and lots of time, since this phase generates a massive amount of information about the target. The deeper you go, the more information you explore about the target that helps in the further activities like finding vulnerabilities of the target. In this research Kali Linux tools are being used to simulate the testing on the target. So, Kali Linux provides a variety of tools for gathering information about the target. To be successful at reconnaissance, there must be a proper strategy. The most essential thing is the power of internet. There are two types of reconnaissance:  Active Reconnaissance: Where the pen-tester directly interacts with the target. During this type of process the target may record the pen-testers IP address and other activity log.  Passive Reconnaissance: In this type of reconnaissance, the use of enormous amount of information available on the web come into the picture. The benefit is that the target cannot track the pen-tester at all (i.e., pen-tester’s IP address or activity logs). The main motto of Information Gathering is to collect as much information as possible on the target. The information that has been explored in this phase must be centrally organized and that too in electronic format. The reason behind storing the information in electronic format is that it allows easier data processing such as, data editing, sorting, searching and data retrieval later on whenever required. Most of the times, if you are going for the web application penetration testing then the very first thing required is the website of that web-application. Which is not a hard part of the phase as we can make use of any search engine to locate the website. 3.1.2. Scanning This stage is the most important phase where the pen-tester needs to identify the exposures of the target. This can be also referred to as “Vulnerability Assessment”. The pen-tester uses different tools and utilities to reveal the holes in the services, ports and applications running on the host. The typical path is to skim for the ports on the web server and find the open port for granting the access into it.Webservers use different TCP ports, and luckily you may encounter any one of them opened. Many protocols on the servers are handled through
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 9 readable non-encrypted text. Table-II gives a list of common port numbers and their corresponding service. So, let‟s take a look at some of the tools available in Kali Linux for finding the vulnerabilities of the target 1) Webshag: Webshag is a multi-threaded multi-platform tool used to audit the web servers. The tool gathers some common functionalities of a web server such as port scanning, URL scanning and file fuzzing (security loophole). It can be used to scan a web server in HTTP or HTTPS, using a proxy or HTTPS authentication. This tool can also perform fingerprinting of the web pages. 2) Vega: Vega is a security testing tool used to crawl a website and analyse page content to find links as well as form parameters. To launch Vega in Kali Linux, go to Web Applications > Web Vulnerability Scanners and select Vega. The tool can work as a proxy as well as a scanner so in this research scanner is required to scan the target 3.1.3. Exploitation Now, the environment is set up and the vulnerabilities of the target are also discovered. Now it’s time to take over the target through the holes (vulnerabilities) of the target. This process is nothing but the Exploitation process. In simple words gaining access to the target using its vulnerabilities is known as Exploitation. Exploitation delivers the payloads on the target in order to forcefully grant the access into the target. Some vulnerabilities such as default password are easy to exploit, it hardly feels like exploitation is being done. There are different types of exploits available over the Internet, but the widely used is the “Metasploit Project”. 1) Metasploit Project: The Metasploit is a computer security project that provides information about security vulnerabilities and aids in penetration testing. Metasploit is pre-loaded in Kali Linux and can be used in either GUI environment or through the command line interface. 3.1.4. Post Exploitation and Marinating Access This phase plays a crucial role in the penetration testing process. Maintaining access to the target after the exploitation is a very serious activity and needs to done carefully. Several years ago, hackers were used to exploit the target, steal the data or manipulate the data or crash the files and leave. But now a day‟s many modern attackers (hackers) are interested in long-term or even permanent access to the target. Thus, in order to achieve this “backdoors” are required to be created and needs to be loaded on the target. Backdoors are nothing but a piece of software that allows the unauthorized user
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 10 to get into the target at any time. Basically, backdoors are the background process that is hidden from the normal user. Some exploits are fleeting (short-lived). In simple words, some exploits allow access as only as the exploited target is running. If the target reboots or the exploit stops then the connection is lost to the target. There are different backdoor tools in Kali Linux like: Netcat, Cryptcat, WeBaCoo (Web Backdoor Cookie), etc…
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 11 CHAPTER – 4 ADVANTAGES OF KALI LINUX 4.1 Advanced Penetration Testing tools. In the Kali Linux, more than 600+ super amazing advanced Penetration’ Testing tools are incorporated. The tools of BackTrack Linux which are not up to the mark or repeated in many ways has been replaced in the Kali Linux system with the advanced Penetration testing tools. 4.2 Ultimate free Linux tool. The Kali Linux system is totally free like the BackTrack Linux and will always offer their users the free life time services. This is huge plus factor which forces people to use this system. 4.3 Open sourced Git tree. This Kali Linux is openly sourced system and can be easily accessed by the users. All the codes in the Kali Linux can be viewed easily by the anyone and the open development tree makes easy to view the development of coding at every step. 4.4 FHS support. Kali adheres to the File-system Hierarchy Standard, allowing Linux users to easily locate binaries, support files, libraries, etc. This is the very important feature of the Kali Linux that makes it stand out among the other Linux systems. 4.5 Cool Wireless support. Kali Linux stands out in the department of connecting with the wireless support systems as you can connect it with as many WiFi spots or USB ports you want to connect at one time. Kali Linux allows it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices. 4.6 Custom kernel patched for injection. As penetration testers, the development team often needs to do wireless assessments so the kali linux kernel has the latest injection patches included.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 12 4.7 Secure development environment. The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols. 4.8 GPG signed packages and repos. All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well. 4.9 Kali is linguistic. As the Kali Linux has all the Penetration’ tools in the English language, but other than that it allows users to work in numerous languages and get the comfort of their local language. 4.10 Completely Customizable. Kali Linux is built by penetration testers for penetration testers but we understand that not everyone will agree with our design decisions or choice of tools to include by default. With this in mind, we always ensure that Kali Linux is easy to customize based on your own needs and preferences. To this end, we publish the live-build configuration used to build the official Kali images so you can customize it to your liking. It is very easy to start from this published configuration and implement various changes based on your needs thanks to the versatility of live-build. Live-build includes many features to modify the installed system, install supplementary files, install additional packages, run arbitrary commands, and change the values pre-seeded to debconf. 4.11 ARMEL and ARMHF support. As the ARM-based single-board systems like the Raspberry Pi and BeagleBone Black, among others, are becoming more and more prevalent and inexpensive, so in their substitute, Kali’s ARM support would need to be as robust as a management tool, with fully working installations for both ARMEL and ARMHF systems. Kali is currently available for the following ARM devices:  rk3306 mk/ss808  Raspberry Pi  ODROID U2/X2  Samsung Chromebook  EfikaMX
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 13  Beaglebone Black  CuBox  Galaxy Note 10.1
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 14 CHAPTER – 5 APPLICATIONS OF KALI LINUX While Kali’s focus can be quickly summarized as “penetration testing and security auditing”, there are many different tasks involved behind those activities. Kali Linux is built as a framework, because it includes many tools covering very different use cases (though they may certainly be used in combination during a penetration test). For example, Kali Linux can be used on various types of computers: obviously on the laptops of penetration testers, but also on servers of system administrators wishing to monitor their network, on the workstations of forensic analysts, and more unexpectedly, on stealthy embedded devices, typically with ARM CPUs, that can be dropped in the range of a wireless network or plugged in the computer of target users. Many ARM devices are also perfect attack machines due to their small form factors and low power requirements. Kali Linux can also be deployed in the cloud to quickly build a farm of password-cracking machines and on mobile phones and tablets to allow for truly portable penetration testing. But that is not all; penetration testers also need servers: to use collaboration software within a team of pen-testers, to set up a web server for use in phishing campaigns, to run vulnerability scanning tools, and other related activities. Once you have booted Kali, you will quickly discover that Kali Linux’s main menu is organized by theme across the various kind of tasks and activities that are relevant for pen-testers and other information security professionals as shown in Figure, “Kali Linux’s Applications Menu”.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 15 Figure 5.1. Kali Linux’s Applications Menu 5.1 Application menu includes • Information Gathering: Collecting data about the target network and its structure, identifying computers, their operating systems, and the services that they run. Identifying potentially sensitive parts of the information system. Extracting all sorts of listings from running directory services. • Vulnerability Analysis: Quickly testing whether a local or remote system is affected by a number of known vulnerabilities or insecure configurations. Vulnerability scanners use databases containing thousands of signatures to identify potential vulnerabilities. • Web Application Analysis: Identifying misconfigurations and security weaknesses in web applications. It is crucial to identify and mitigate these issues given that the public availability of these applications makes them ideal targets for attackers. • Database Assessment: From SQL injection to attacking credentials, database attacks are a very common vector for attackers. Tools that test for attack vectors ranging from SQL injection to data extraction and analysis can be found here.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 16 • Password Attacks: Authentication systems are always a go-to attack vector. Many useful tools can be found here, from online password attack tools to offline attacks against the encryption or hashing systems. • Wireless Attacks: The pervasive nature of wireless networks means that they will always be a commonly attacked vector. With its wide range of support for multiple wireless cards, Kali is an obvious choice for attacks against multiple types of wireless networks. • Reverse Engineering: Reverse engineering is an activity with many purposes. In support of offensive activities, it is one of the primary methods for vulnerability identification and exploit development. On the defensive side, it is used to analyze malware employed in targeted attacks. In this capacity, the goal is to identify the capabilities of a given piece of tradecraft. • Exploitation Tools: Exploiting, or taking advantage of a (formerly identified) vulnerability, allows you to gain control of a remote machine (or device). This access can then be used for further privilege escalation attacks, either locally on the compromised machine, or on other machines accessible on its local network. This category contains a number of tools and utilities that simplify the process of writing your own exploits. • Sniffing & Spoofing: Gaining access to the data as they travel across the network is often advantageous for an attacker. Here you can find spoofing tools that allow you to impersonate a legitimate user as well as sniffing tools that allow you to capture and analyze data right off the wire. When used together, these tools can be very powerful. • Post Exploitation: Once you have gained access to a system, you will often want to maintain that level of access or extend control by laterally moving across the network. Tools that assist in these goals are found here. • Forensics: Forensic Linux live boot environments have been very popular for years now. Kali contains a large number of popular Linux-based forensic tools allowing you to do everything from initial triage, to data imaging, to full analysis and case management. • Reporting Tools: A penetration test is only complete once the findings have been reported. This category contains tools to help collate the data collected from information-gathering tools, discover non-obvious relationships, and bring everything together in various reports.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 17 • Social Engineering Tools: When the technical side is well-secured, there is often the possibility of exploiting human behavior as an attack vector. Given the right influence, people can frequently be induced to take actions that compromise the security of the environment. Did the USB key that the secretary just plugged in contain a harmless PDF? Or was it also a Trojan horse that installed a backdoor? Was the banking website the accountant just logged into the expected website or a perfect copy used for phishing purposes? This category contains tools that aid in these types of attacks. • System Services: This category contains tools that allow you to start and stop applicationsthat run in the background as system services.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 18 CONCLUSION Kali Linux is proved to be very useful and completely free Operating System that can be used for the penetration testing. Penetration testing requires lots of time and patience to get the results and to get them repaired. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing. Penetration Testing can be implemented using Kali Linux for future security regarding the applications that require high level of security. Security for such applications or systems can be tested for any risks that may or may not be associated with it with the help of Zero Entry Methodology of penetration testing. This will lead to cover all the vulnerabilities (if any) of the developed system or an application. Penetration Testing or Pen-Testing is the most essential focus of any system, it may be a web application or a standalone machine. Penetration testing allows the developer to ascertain and define the security issues associated with the system that he/she has acquired.
Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 19 REFERENCES [1] Devanshu Bhatt’s paper on Modern Day Penetration Testing Distribution Open Source Platform -Kali Linux. International journal of scientific & technology research volume 7, issue 4 , April 2018. [2] Gurdeep Singh and Jaswinder Singh’s paper on Evaluation of Penetration Testing Tools of KALI LINUX. International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 5, Issue 9, September 2016. [3] Matthew Denis, Carlos Zena and Thaier Hayajneh’s paper on Penetration Testing: Attack Methods, and Defence Strategies. IEEE paper, 29 April 2016. [4] Suraj S. Mundalik’s paper on Penetration Testing: An Art of Securing the System (Using Kali Linux). International Journal of Advanced Research in Computer Science and Software Engineering Volume 5, Issue 10, October-2016. [5] Kali Linux Revealed “Mastering the Penetration Testing Distribution” text book by Raphaël Hertzog, Jim O’Gorman and Mati Aharoni 2017. [6] Dr K. Raja Kumar’s paper on Penetration Testing using Linux Tools: Attacks and Defense Strategies. International Journal of Engineering Research & Technology (IJERT), Vol. 5 Issue 12, December-2016 [7] Harmandeep Singh’s paper on Penetration Testing: Analyzing the Security of the Network by Hacker’s Mind, IEEE paper Volume V, Issue V, May 2016. [8] Ms. Shyaml Virnodkar, Rahul Gupta, Tejas Bharambe’s paper on Cross Platform Penetration Testing Suite. International Research Journal of Engineering and Technology (IRJET), Volume: 05 Issue: 03, Mar-2018. [9] Young B. Choi’s paper on Building a Penetration Testing Device for Black Box using Modified Linux for Under $50. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017. [10] Jyoti Pathak, Afzl Ayyub, Satyendra Mohan Srivastava’s paper on Penetration Testing: Rolling Kali Linux. IJSRD - International Journal for Scientific Research & Development, Vol. 4, Issue 12, 2017.

Recommended

Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 
Kali linux
Kali linux Kali linux
Kali linux Fa6ma_
 

Recommended

Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 
Kali linux
Kali linux Kali linux
Kali linux Fa6ma_
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "Innovation Roots
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDSteve Mactaggart
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Devops | CICD Pipeline
Devops | CICD PipelineDevops | CICD Pipeline
Devops | CICD PipelineBinish Siddiqui
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...Edureka!
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Edureka!
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Securityn|u - The Open Security Community
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.pptAhmedalhassar1
 
Linux ppt
Linux pptLinux ppt
Linux pptlincy21
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxShubham Agrawal
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsMatthew David
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 
Operating system
Operating systemOperating system
Operating systemKartikeyBanjara1
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 

More Related Content

What's hot

Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouKevin Fealey
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...Edureka!
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Edureka!
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
Linux ppt
Linux pptLinux ppt
Linux pptlincy21
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsMatthew David
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 

What's hot (20)

"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CD
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
Devops | CICD Pipeline
Devops | CICD PipelineDevops | CICD Pipeline
Devops | CICD Pipeline
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
kali linux
kali linuxkali linux
kali linux
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux Presentaion
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
Linux ppt
Linux pptLinux ppt
Linux ppt
 
Container Security
Container SecurityContainer Security
Container Security
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
 

Similar to penetration test using Kali linux seminar report

(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Unleash the Power: How to Install Kali Linux With a Twist
Unleash the Power: How to Install Kali Linux With a TwistUnleash the Power: How to Install Kali Linux With a Twist
Unleash the Power: How to Install Kali Linux With a TwistFredReynolds2
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Operating project
Operating projectOperating project
Operating projectISMAT CH
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryVirendra Bhalothia
 
Getting Started with Azure Artifacts
Getting Started with Azure ArtifactsGetting Started with Azure Artifacts
Getting Started with Azure ArtifactsCallon Campbell
 
Continuous Delivery With Containers
Continuous Delivery With ContainersContinuous Delivery With Containers
Continuous Delivery With ContainersAll Things Open
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introductionGourav Varma
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introductionKalkey
 
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...Amish Patel
 
How to install Kali Linux? | Edureka
How to install Kali Linux? | EdurekaHow to install Kali Linux? | Edureka
How to install Kali Linux? | EdurekaEdureka!
 
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...Puppet
 

Similar to penetration test using Kali linux seminar report (20)

Operating system
Operating systemOperating system
Operating system
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linux
 
Unleash the Power: How to Install Kali Linux With a Twist
Unleash the Power: How to Install Kali Linux With a TwistUnleash the Power: How to Install Kali Linux With a Twist
Unleash the Power: How to Install Kali Linux With a Twist
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
Operating project
Operating projectOperating project
Operating project
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Kali linux
Kali linuxKali linux
Kali linux
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
 
Getting Started with Azure Artifacts
Getting Started with Azure ArtifactsGetting Started with Azure Artifacts
Getting Started with Azure Artifacts
 
Kali linux 2021.2
Kali linux 2021.2Kali linux 2021.2
Kali linux 2021.2
 
Continuous Delivery With Containers
Continuous Delivery With ContainersContinuous Delivery With Containers
Continuous Delivery With Containers
 
Kali linux
Kali linuxKali linux
Kali linux
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introduction
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introduction
 
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...
Hackers OS Kali Linux for Penetration Testing - By Cyber Expert Amish Patel -...
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
How to install Kali Linux? | Edureka
How to install Kali Linux? | EdurekaHow to install Kali Linux? | Edureka
How to install Kali Linux? | Edureka
 
Tour of Azure DevOps
Tour of Azure DevOpsTour of Azure DevOps
Tour of Azure DevOps
 
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...
PuppetConf 2016: Continuous Delivery and DevOps with Jenkins and Puppet Enter...
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

penetration test using Kali linux seminar report

  • 1. Visvesvaraya Technological University Belagavi-590 014, Karnataka A Seminar Report on “Penetration Test Using Kali Linux” Submitted in partial fulfilment of the requirements for the award of Bachelor of Engineering In Computer Science and Engineering Submitted By Mr. Naik Abhay Suresh 2JI15CS025 Under the Guidance of Dr. Dinesha H. A. Department of Computer Science and Engineering Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s Jain College of Engineering Belagavi-590 014 Academic Year 2018-19
  • 2. Sri Bhagawan Mahaveer Jain Educational & Cultural Trust’s Jain College of Engineering Belagavi-590 014 Department Of Computer Science and Engineering Certificate This is to certify that the seminar entitled “Penetration Test Using Kali Linux” is carried out by Mr. Naik Abhay Suresh, bearing USN-2JI15CS025, a bonafide student of Jain College of Engineering, Belagavi, in partial fulfilment for the award of Bachelor of Engineering in Computer Science and Engineering from Visvesvaraya Technological University, Belagavi, during the academic year 2018- 19. It is certified that all corrections/suggestions indicated for internal assessment have been incorporated in the report. The seminar report has been approved as it satisfies the academic requirements in respect of seminar work prescribed for the said degree. -------------------------- ------------------------------------ Dr. Dinesha H. A. Prof. Praveen Y Chitti GUIDE HOD, CSE Name of Examiner Signature of Examiner 1.______________ 1. ________________ 2.______________ 2. ________________
  • 3. ACKNOWLEDGEMENT The satisfaction and euphoria that accompany the progress and completion of any task would be incomplete without the mention of the people who made it possible, whose constant guidance and encouragement ground my efforts with success. I consider it is a privilege to express my sincere gratitude and respect to all those who guided and inspired me. I express my sincere thanks and gratitude to our guide Prof. Dr. Dinesha. H. A, Department of Computer Science & Engineering, JCE, Belagavi, for his constant guidance and suggestions. His incessant encouragement and invaluable support has been of immense help. It’s a great privilege to express my respect to Prof. Praveen Chitti, HOD, Department of Computer Science & Engineering, JCE, Belagavi, who had been great source of inspiration towards taking up this project and its successful completion. I am thankful to Dr. K. G. Vishwanath, Principal, JCE, Belagavi for providing us with the necessary facilities for carrying out this project work successfully.
  • 4. ABSTRACT Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. It is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing services to the users. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering etc.
  • 5. TABLE OF CONTENTS 1. Introduction……………………………………………………………………...1 2. Literature Survey...…………....…………………………………………………6 3. Methodology.……………………….…………………………..…………….…7 4. Advantages Of Kali Linux..……………...………………..……………………11 5. Applications Of Kali Linux ..…...……………...………………………………14 Conclusion ………………………………………….………………………….....18 References…………...………...……………………………….……………..…..19
  • 6. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 1 CHAPTER – 1 INTRODUCTION 1.1 WHAT IS KALI LINUX As we are very well aware of the dynamic Linux platform and the increase in the utilization of the Linux system, so the need to provide the secure environment also increased by the Linux experts. To curb the secure Linux browsing a Kali Linux has been introduced on 13th March 2013. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing services to the users. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering etc. This fully awesome security package of Kali Linux is adhesively developed, funded and maintained by Offensive Security, which is one of the leading information security training company and has achieved numerous excellence in the field of the digital security system. In true sense, Kali Linux is an overall make over of the BackTrack Linux, but in this Linux, all the limitations of BackTrack Linux have been removed with some new and better security tools. 1.2 HISTORY OF KALI LINUX Knoppix, ancestor of Kali Linux was the first ever bootable Live Linux Operating system, which is still in existence. Knoppix project was then forked into Whoppix and then re-forked into WHAX. WHAX was then re-branded and streamlined into the BackTrack, the predecessor of Kali Linux. BackTrack had a long reign of almost seven years as the pen- testers and hackers choice. BackTrack is a customised native environment dedicated to hacking. As of 2011 it was used by more than four million amateur and professional security researchers. The latest version, BackTrack 5, is built on Ubuntu Lucid and contains some 350 penetration testing tools. However, as of March 2013 the venerated distro was decommissioned and replaced by Kali Linux. The main issue with BackTrack v1-v5 was that it was a headache for dependencies. Too many pentesting tools embedded within Back Track all struggled to co- exist within the dependencies. The solution was to rebuild the distro bottom-up by making Kali Debian based. Kali Linux has 300 tools which automatically work within the Kali ecosphere. Kali also has been created with the clean “File system Hierarchy Standard” and offers vast plug and play wireless support. The main attraction was the ARM support
  • 7. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 2 provided by Kali Linux. Incidentally, you can also create your own .iso file with Kali through the Debian life build feature. Figure 1.1 Kali Linux Family Tree 1.3 Relationship with Debian The Kali Linux distribution is based on Debian Testing. Therefore, most of the packages available in Kali Linux come straight from this Debian repository. While Kali Linux relies heavily on Debian, it is also entirely independent in the sense that we have our own infrastructure and retain the freedom to make any changes we want. 1.3.1 The Flow of Packages On the Debian side, the contributors are working every day on updating packages and uploading them to the Debian Unstable distribution. From there, packages migrate to the Debian Testing distribution once the most troublesome bugs have been taken out. The migration process also ensures that no dependencies are broken in Debian Testing. The goal is that Testing is always in a usable (or even releasable!) state. Debian Testing’s goals align quite well with those of Kali Linux so we picked it as the base. To add the Kali-specific packages in the distribution, we follow a two-step process.
  • 8. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 3 First, we take Debian Testing and force-inject our own Kali packages (located in our kali- dev-only repository) to build the kali-dev repository. This repository will break from time to time: for instance, our Kali-specific packages might not be installable until they have been recompiled against newer libraries. In other situations, packages that we have forked might also have to be updated, either to become installable again, or to fix the installability of another package that depends on a newer version of the forked package. In any case, kali-dev is not for end-users. kali-rolling is the distribution that Kali Linux users are expected to track and is built out of kali-dev in the same way that Debian Testing is built out of Debian Unstable. Packages migrate only when all dependencies can be satisfied in the target distribution. 1.3.2. Managing the Difference with Debian As a design decision, we try to minimize the number of forked packages as much as possible. However, in order to implement some of Kali’s unique features, some changes must be made. To limit the impact of these changes, we strive to send them upstream, either by integrating the feature directly, or by adding the required hooks so that it is straightforward to enable the desired features without further modifying the upstream packages themselves. The Kali Package Tracker10 helps us to keep track of our divergence with Debian. At any time, we can look up which package has been forked and whether it is in sync with Debian, or if an update is required. All our packages are maintained in Git repositories11 hosting a Debian branch and a Kali branch side-by-side. Thanks to this, updating a forked package is a simple two- step process: update the Debian branch and then merge it into the Kali branch. While the number of forked packages in Kali is relatively low, the number of additional packages is rather high: in April 2017 there were almost 400. Most of these packages are free software complying with the Debian Free Software Guidelines12 and our ultimate goal would be to maintain those packages within Debian whenever possible. That is why we strive to comply with the Debian. Unfortunately, there are also quite a few exceptions where proper packaging was nearly impossible to create. As a result of time being scarce, few packages have been pushed to Debian.
  • 9. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 4 Figure 1.2 Logo Of Kali Linux 1.4 BASIC PENETRATION TESTING TERMINOLOGY Penetration Testing is the massive field in security systems. It deals with most of common things that usually a developer forgets to cover during the development process. But, by the magic of Penetration Testing it is possible to remove such kind of holes in the application or in any system. This is as crucial as development process since a single hole can spoil the whole system without even knowing that this is actually being happened. So, in this research in order to understand the concept of Penetration Testing some terms related to it must be understood, the terms like: 1.4.1 Introduction to Penetration Penetration Testing is the process of simulating attacks (on purpose) on the system that needs to be flawed-free (i.e., there should not be any holes) in order to stop a hacker or attacker to follow out an attack along the organization. Hacker are Penetration Tester (Pen-Tester)? So, there is a major difference between a hacker and pen-tester, a hacker implements an attack on a system without having rights to do this that is, in simple words hacker is doing these activities in an unauthorized manner. But, a Pen-Tester is having all the rights to simulate such attacks in order to make the system secure from hackers. A pen-tester may be having a full access or a partial access to the system. Penetration Testing is also known as:
  • 10. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 5  Pen-Test  PT  Ethical Hacking  White Hat Hacking  Offensive Security  Red Teaming Penetration Testing is basically done to make sure that the attacker(mainly a Hacker) should not enter into the network, system or an application from any other way i.e., without being authorized. 1.4.2. Legality Let’s make it pretty clear: Penetration testing requires that you get permissions from the person who owns the system. Otherwise, as mentioned above you are doing the hacking. And you may be charged under the I.T. Act 2000 Section (66) for performing illegal activities or hacking acts. 1.4.3. Introduction to Vulnerability Vulnerability is a security hole in a Software, Operating System, and Web Application or in any Network that allows an attacker to enter into it without having the permissions of the owner.
  • 11. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 6 CHAPTER – 2 LITERATURE SURVEY Devanshu Bhatt’s in his work on Modern Day Penetration Testing Distribution Open Source Platform Kali Linux, concluded that By utilizing Kali Linux–Open source Distribution Framework and number of applications it supports like Dmitry and Metasploit, he’s been able to get access on the target Debian Linux machine. Kali Linux's Dmitry and Metasploit Framework offers significant variety of exploits with the collection of all operating system with available versions and service packs. Specifically in actual world situation; it is essential to include complete variety of threats and available most critical categories applications from Kali Linux. The assessment need to be carried out on systems with anti-virus and firewalls to get the precise final result. And all those resources need to be utilized which have most recent vulnerability exploits. [1] Gurdeep Singh and Jaswinder Singh in their paper on Evaluation of Penetration Testing Tools of KALI LINUX, concluded that Web applications are becoming popular and have wide spread interaction medium in our daily lives. But at same point many vulnerabilities explore sensitive data. The different web application vulnerabilities based on the security properties that web application should be preserved. However vulnerability assessment tools are automated one which saves time and money and also defend the web applications from modern threats. At the last the new advanced security attacks are always emerging, requires the security professional to have positive security solution without putting huge number of web applications at risk. [2]
  • 12. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 7 CHAPTER – 3 METHODOLOGY 3.1 PHASES OF PENETRATION TESTING Basically, the overall process of penetration testing can be carved up into a no. of steps that make an inclusive methodology of penetration testing. The main purpose behind using methodology is that it allows you to divide a complex process into a series of simple, more manageable tasks or modules. Different methodologies use different names for the steps, although the purpose or tasks are similar. For example, some methodologies use the term “Information Gathering”, whereas others use the term “Reconnaissance” or “Recon” The phases of penetration testing are as follows:  Information Gathering  Scanning  Exploitation  Post Exploitation & Maintaining Access Figure 3.1 Zero Entry Pen-Testing Methodology Figure.3.1 shows the “Zero Entry Penetration Testing Methodology”. The purpose of using the inverted triangle is that it allows to describe the steps from broader to more specific manner. For example, the information gathering stage produces a massive information regarding the target, so the triangle shows the broad step, indicating that the data produced by this step or phase is big or large. The first phase involves gathering or exploring all the necessary details of the target such as the target IP (Internet Protocol) address or in case of physical devices the MAC address is
  • 13. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 8 also required. The second phase includes a deep scanning of the target (obviously, not the antivirus scanning). So that the tracks (holes or backdoors) can be found to get the access into the system or application. In simple words, the second phase is about exploring the vulnerabilities in the target using variety of tools. In the third phase we use the results of previous phases (like, target and its vulnerabilities) in order to exploit the system or application. The final phase include maintaining access over the target after the exploitation, which is quite tricky. Oftentimes, the payloads delivered by the exploits give temporary access over the target. 3.1.1. Information Gathering (Reconnaissance) This phase needs patience and lots of time, since this phase generates a massive amount of information about the target. The deeper you go, the more information you explore about the target that helps in the further activities like finding vulnerabilities of the target. In this research Kali Linux tools are being used to simulate the testing on the target. So, Kali Linux provides a variety of tools for gathering information about the target. To be successful at reconnaissance, there must be a proper strategy. The most essential thing is the power of internet. There are two types of reconnaissance:  Active Reconnaissance: Where the pen-tester directly interacts with the target. During this type of process the target may record the pen-testers IP address and other activity log.  Passive Reconnaissance: In this type of reconnaissance, the use of enormous amount of information available on the web come into the picture. The benefit is that the target cannot track the pen-tester at all (i.e., pen-tester’s IP address or activity logs). The main motto of Information Gathering is to collect as much information as possible on the target. The information that has been explored in this phase must be centrally organized and that too in electronic format. The reason behind storing the information in electronic format is that it allows easier data processing such as, data editing, sorting, searching and data retrieval later on whenever required. Most of the times, if you are going for the web application penetration testing then the very first thing required is the website of that web-application. Which is not a hard part of the phase as we can make use of any search engine to locate the website. 3.1.2. Scanning This stage is the most important phase where the pen-tester needs to identify the exposures of the target. This can be also referred to as “Vulnerability Assessment”. The pen-tester uses different tools and utilities to reveal the holes in the services, ports and applications running on the host. The typical path is to skim for the ports on the web server and find the open port for granting the access into it.Webservers use different TCP ports, and luckily you may encounter any one of them opened. Many protocols on the servers are handled through
  • 14. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 9 readable non-encrypted text. Table-II gives a list of common port numbers and their corresponding service. So, let‟s take a look at some of the tools available in Kali Linux for finding the vulnerabilities of the target 1) Webshag: Webshag is a multi-threaded multi-platform tool used to audit the web servers. The tool gathers some common functionalities of a web server such as port scanning, URL scanning and file fuzzing (security loophole). It can be used to scan a web server in HTTP or HTTPS, using a proxy or HTTPS authentication. This tool can also perform fingerprinting of the web pages. 2) Vega: Vega is a security testing tool used to crawl a website and analyse page content to find links as well as form parameters. To launch Vega in Kali Linux, go to Web Applications > Web Vulnerability Scanners and select Vega. The tool can work as a proxy as well as a scanner so in this research scanner is required to scan the target 3.1.3. Exploitation Now, the environment is set up and the vulnerabilities of the target are also discovered. Now it’s time to take over the target through the holes (vulnerabilities) of the target. This process is nothing but the Exploitation process. In simple words gaining access to the target using its vulnerabilities is known as Exploitation. Exploitation delivers the payloads on the target in order to forcefully grant the access into the target. Some vulnerabilities such as default password are easy to exploit, it hardly feels like exploitation is being done. There are different types of exploits available over the Internet, but the widely used is the “Metasploit Project”. 1) Metasploit Project: The Metasploit is a computer security project that provides information about security vulnerabilities and aids in penetration testing. Metasploit is pre-loaded in Kali Linux and can be used in either GUI environment or through the command line interface. 3.1.4. Post Exploitation and Marinating Access This phase plays a crucial role in the penetration testing process. Maintaining access to the target after the exploitation is a very serious activity and needs to done carefully. Several years ago, hackers were used to exploit the target, steal the data or manipulate the data or crash the files and leave. But now a day‟s many modern attackers (hackers) are interested in long-term or even permanent access to the target. Thus, in order to achieve this “backdoors” are required to be created and needs to be loaded on the target. Backdoors are nothing but a piece of software that allows the unauthorized user
  • 15. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 10 to get into the target at any time. Basically, backdoors are the background process that is hidden from the normal user. Some exploits are fleeting (short-lived). In simple words, some exploits allow access as only as the exploited target is running. If the target reboots or the exploit stops then the connection is lost to the target. There are different backdoor tools in Kali Linux like: Netcat, Cryptcat, WeBaCoo (Web Backdoor Cookie), etc…
  • 16. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 11 CHAPTER – 4 ADVANTAGES OF KALI LINUX 4.1 Advanced Penetration Testing tools. In the Kali Linux, more than 600+ super amazing advanced Penetration’ Testing tools are incorporated. The tools of BackTrack Linux which are not up to the mark or repeated in many ways has been replaced in the Kali Linux system with the advanced Penetration testing tools. 4.2 Ultimate free Linux tool. The Kali Linux system is totally free like the BackTrack Linux and will always offer their users the free life time services. This is huge plus factor which forces people to use this system. 4.3 Open sourced Git tree. This Kali Linux is openly sourced system and can be easily accessed by the users. All the codes in the Kali Linux can be viewed easily by the anyone and the open development tree makes easy to view the development of coding at every step. 4.4 FHS support. Kali adheres to the File-system Hierarchy Standard, allowing Linux users to easily locate binaries, support files, libraries, etc. This is the very important feature of the Kali Linux that makes it stand out among the other Linux systems. 4.5 Cool Wireless support. Kali Linux stands out in the department of connecting with the wireless support systems as you can connect it with as many WiFi spots or USB ports you want to connect at one time. Kali Linux allows it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices. 4.6 Custom kernel patched for injection. As penetration testers, the development team often needs to do wireless assessments so the kali linux kernel has the latest injection patches included.
  • 17. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 12 4.7 Secure development environment. The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols. 4.8 GPG signed packages and repos. All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well. 4.9 Kali is linguistic. As the Kali Linux has all the Penetration’ tools in the English language, but other than that it allows users to work in numerous languages and get the comfort of their local language. 4.10 Completely Customizable. Kali Linux is built by penetration testers for penetration testers but we understand that not everyone will agree with our design decisions or choice of tools to include by default. With this in mind, we always ensure that Kali Linux is easy to customize based on your own needs and preferences. To this end, we publish the live-build configuration used to build the official Kali images so you can customize it to your liking. It is very easy to start from this published configuration and implement various changes based on your needs thanks to the versatility of live-build. Live-build includes many features to modify the installed system, install supplementary files, install additional packages, run arbitrary commands, and change the values pre-seeded to debconf. 4.11 ARMEL and ARMHF support. As the ARM-based single-board systems like the Raspberry Pi and BeagleBone Black, among others, are becoming more and more prevalent and inexpensive, so in their substitute, Kali’s ARM support would need to be as robust as a management tool, with fully working installations for both ARMEL and ARMHF systems. Kali is currently available for the following ARM devices:  rk3306 mk/ss808  Raspberry Pi  ODROID U2/X2  Samsung Chromebook  EfikaMX
  • 18. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 13  Beaglebone Black  CuBox  Galaxy Note 10.1
  • 19. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 14 CHAPTER – 5 APPLICATIONS OF KALI LINUX While Kali’s focus can be quickly summarized as “penetration testing and security auditing”, there are many different tasks involved behind those activities. Kali Linux is built as a framework, because it includes many tools covering very different use cases (though they may certainly be used in combination during a penetration test). For example, Kali Linux can be used on various types of computers: obviously on the laptops of penetration testers, but also on servers of system administrators wishing to monitor their network, on the workstations of forensic analysts, and more unexpectedly, on stealthy embedded devices, typically with ARM CPUs, that can be dropped in the range of a wireless network or plugged in the computer of target users. Many ARM devices are also perfect attack machines due to their small form factors and low power requirements. Kali Linux can also be deployed in the cloud to quickly build a farm of password-cracking machines and on mobile phones and tablets to allow for truly portable penetration testing. But that is not all; penetration testers also need servers: to use collaboration software within a team of pen-testers, to set up a web server for use in phishing campaigns, to run vulnerability scanning tools, and other related activities. Once you have booted Kali, you will quickly discover that Kali Linux’s main menu is organized by theme across the various kind of tasks and activities that are relevant for pen-testers and other information security professionals as shown in Figure, “Kali Linux’s Applications Menu”.
  • 20. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 15 Figure 5.1. Kali Linux’s Applications Menu 5.1 Application menu includes • Information Gathering: Collecting data about the target network and its structure, identifying computers, their operating systems, and the services that they run. Identifying potentially sensitive parts of the information system. Extracting all sorts of listings from running directory services. • Vulnerability Analysis: Quickly testing whether a local or remote system is affected by a number of known vulnerabilities or insecure configurations. Vulnerability scanners use databases containing thousands of signatures to identify potential vulnerabilities. • Web Application Analysis: Identifying misconfigurations and security weaknesses in web applications. It is crucial to identify and mitigate these issues given that the public availability of these applications makes them ideal targets for attackers. • Database Assessment: From SQL injection to attacking credentials, database attacks are a very common vector for attackers. Tools that test for attack vectors ranging from SQL injection to data extraction and analysis can be found here.
  • 21. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 16 • Password Attacks: Authentication systems are always a go-to attack vector. Many useful tools can be found here, from online password attack tools to offline attacks against the encryption or hashing systems. • Wireless Attacks: The pervasive nature of wireless networks means that they will always be a commonly attacked vector. With its wide range of support for multiple wireless cards, Kali is an obvious choice for attacks against multiple types of wireless networks. • Reverse Engineering: Reverse engineering is an activity with many purposes. In support of offensive activities, it is one of the primary methods for vulnerability identification and exploit development. On the defensive side, it is used to analyze malware employed in targeted attacks. In this capacity, the goal is to identify the capabilities of a given piece of tradecraft. • Exploitation Tools: Exploiting, or taking advantage of a (formerly identified) vulnerability, allows you to gain control of a remote machine (or device). This access can then be used for further privilege escalation attacks, either locally on the compromised machine, or on other machines accessible on its local network. This category contains a number of tools and utilities that simplify the process of writing your own exploits. • Sniffing & Spoofing: Gaining access to the data as they travel across the network is often advantageous for an attacker. Here you can find spoofing tools that allow you to impersonate a legitimate user as well as sniffing tools that allow you to capture and analyze data right off the wire. When used together, these tools can be very powerful. • Post Exploitation: Once you have gained access to a system, you will often want to maintain that level of access or extend control by laterally moving across the network. Tools that assist in these goals are found here. • Forensics: Forensic Linux live boot environments have been very popular for years now. Kali contains a large number of popular Linux-based forensic tools allowing you to do everything from initial triage, to data imaging, to full analysis and case management. • Reporting Tools: A penetration test is only complete once the findings have been reported. This category contains tools to help collate the data collected from information-gathering tools, discover non-obvious relationships, and bring everything together in various reports.
  • 22. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 17 • Social Engineering Tools: When the technical side is well-secured, there is often the possibility of exploiting human behavior as an attack vector. Given the right influence, people can frequently be induced to take actions that compromise the security of the environment. Did the USB key that the secretary just plugged in contain a harmless PDF? Or was it also a Trojan horse that installed a backdoor? Was the banking website the accountant just logged into the expected website or a perfect copy used for phishing purposes? This category contains tools that aid in these types of attacks. • System Services: This category contains tools that allow you to start and stop applicationsthat run in the background as system services.
  • 23. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 18 CONCLUSION Kali Linux is proved to be very useful and completely free Operating System that can be used for the penetration testing. Penetration testing requires lots of time and patience to get the results and to get them repaired. The Kali is a tool for the Linux users to provide them numerous tricks in the security department. Kali is packed with the tools which helps in achieving goals towards various information security tasks, such as Penetration Testing. Penetration Testing can be implemented using Kali Linux for future security regarding the applications that require high level of security. Security for such applications or systems can be tested for any risks that may or may not be associated with it with the help of Zero Entry Methodology of penetration testing. This will lead to cover all the vulnerabilities (if any) of the developed system or an application. Penetration Testing or Pen-Testing is the most essential focus of any system, it may be a web application or a standalone machine. Penetration testing allows the developer to ascertain and define the security issues associated with the system that he/she has acquired.
  • 24. Penetration Test Using Kali Linux Dept. of CSE JCE-Belagavi Page 19 REFERENCES [1] Devanshu Bhatt’s paper on Modern Day Penetration Testing Distribution Open Source Platform -Kali Linux. International journal of scientific & technology research volume 7, issue 4 , April 2018. [2] Gurdeep Singh and Jaswinder Singh’s paper on Evaluation of Penetration Testing Tools of KALI LINUX. International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 5, Issue 9, September 2016. [3] Matthew Denis, Carlos Zena and Thaier Hayajneh’s paper on Penetration Testing: Attack Methods, and Defence Strategies. IEEE paper, 29 April 2016. [4] Suraj S. Mundalik’s paper on Penetration Testing: An Art of Securing the System (Using Kali Linux). International Journal of Advanced Research in Computer Science and Software Engineering Volume 5, Issue 10, October-2016. [5] Kali Linux Revealed “Mastering the Penetration Testing Distribution” text book by Raphaël Hertzog, Jim O’Gorman and Mati Aharoni 2017. [6] Dr K. Raja Kumar’s paper on Penetration Testing using Linux Tools: Attacks and Defense Strategies. International Journal of Engineering Research & Technology (IJERT), Vol. 5 Issue 12, December-2016 [7] Harmandeep Singh’s paper on Penetration Testing: Analyzing the Security of the Network by Hacker’s Mind, IEEE paper Volume V, Issue V, May 2016. [8] Ms. Shyaml Virnodkar, Rahul Gupta, Tejas Bharambe’s paper on Cross Platform Penetration Testing Suite. International Research Journal of Engineering and Technology (IRJET), Volume: 05 Issue: 03, Mar-2018. [9] Young B. Choi’s paper on Building a Penetration Testing Device for Black Box using Modified Linux for Under $50. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017. [10] Jyoti Pathak, Afzl Ayyub, Satyendra Mohan Srivastava’s paper on Penetration Testing: Rolling Kali Linux. IJSRD - International Journal for Scientific Research & Development, Vol. 4, Issue 12, 2017.