If you’ve ever had an interest in hacking – Installing Kali-Linux is a great place to start. Kali (previously known as backtrack) is a Debian Linux OS that comes completely saturated with a huge list of Penetration testing tools pre-installed. Whether you’re a professional in your field or just starting out, a little bit of old-school hacking is always in season 😀
Kali-Linux has a huge library of over 300 Penetration Testing tools that will be available to you right out of the box. Here is a quick glimpse at what Kali can do….
- Vulnerability Analysis
- Brute Force Password Attacks
- Packet sniffing
- IP spoofing
- Digital Forensics
- Reporting Tools
If you are not working with a brand-new drive, ( and this should go without saying…) you will want to make sure that any important data has been recovered from your Destination drive before proceeding.
It is important to start with a clean slate before we continue, as such we will be running DiskPart to get rid of any lingering images or data. The following set of commands can be run as Administrator in a Windows Command Prompt.
select disk ?
create partition primary
select partition 1
format fs=ntfs quick label=”My_New_HD”
[/learn_more][learn_more caption=”Installing A Truly Persistent Image of Kali to USB”]
- A 16GB+ Flash Drive
- A minimum of 512MB RAM.
- CD-DVD Drive / VirtualBox
This install process will essentially mimic the Kali-Linux Install Process for Installing to a Hard Disk. If you do not care to have a Persistent Image, or simply don’t have a 16GB+ Flash drive at your disposal – You can Check out the USB Install instructions. It is important to note however that if you are using the Kali-Linux USB Install Instructions for creating a persistent USB image, you will have to manually enter “Persistence” upon boot up to access any saved changes! I will be detailing the install process via VirtualBox, However if you choose to Burn the .iso to a DVD – It will be an identical process once you hit Step 5.
1.) Download the Kali-Linux Iso.
2.) Open VirtualBox and Create a new Virtual Machine. Since we intend to install Kali to a USB Flash drive, You can set allocated memory to whatever value you would like and Skip creating a Virtual Hard Drive.
3.) Select Your New Virtual Box > Settings. Then we are going to mount our Kali .iso.
4.) Start your Kali VirtualBox Machine, and Then we are going to mount our USB drive.
6.) You will then be prompted to input your Language, Country and a Keyboard Layout.
7.) Next we will enter a Host name. If you are prompted for a Domain Name following the below screen – you can simply leave it blank and continue to Step 8.
10.) For the purposes of this guide, we are going to be using the entire drive to create our Kali-Linux Image. Select “Guided-Use Entire Disk”
15.) After you hit continue, Kali-Linux will begin the installation process. This can take awhile, so now is a good time to crack open a beer and relax for awhile.
(Settle in – My installation took over an hour… )
I’ve Installed Kali, Now What?
Kali has way too many tools than I could possibly cover here, but as I familiarize myself with the wonderful world of exploitation and pen-testing – I will be updating this post with Beginner Guides on using some of the more popular tools. For the time being however – You can check out:
Fern Wifi-Cracker offers you a GUI interface to attempt to crack WEP or WPA router passwords. It leverages AirCrack behind the scenes to do most of the work for you without having to delve into the command line interface.
1.) To access the Fern WiFI Cracker tool go to:
Applications > Kali Linux > Wireless Attacks > 802.11 Wireless Tools > Fern-wifi-cracker
2.) Select your wireless adapter from the drop-down box.
3.) Then click on the big green Wifi Image to your left, you should be presented with the below window. Check “Enable XTerms” and hit OK.
4.) Next, click the “Scan for Access Points” button. You should see a terminal window pop up with the resulting available access points in your area.
5.) For the purposes of this guide I am going to select my home network entitled “Brok3n_Network”. The scan shows us that this is a WPA2 secured network – Next we go back into fern and hit the WPA button.
6.) One last step before we can initaite the attack… We have to supply the program with a wordlist to perform the brute force attack on the victim network. For the purposes of this Guide, we are going to use the supplied wordlist.
It’s important to note that the password file is the most critical element when attempting a brute force attack to gain entry. The larger the password file – the better your odds. Depending on the horsepower of your machine this process can take several hours or several days. Your best targets will typically be networks with a Generic network name, it is a good indicator that the person who set it up doesn’t know too much about strong passwords, Mac address filtering or securing their network in general.
There are huge number of Wordlists available to you online if you do a bit of searching, But below are 2 great ones to help get you started.
7.) Finally, you can hit the “Attack” button to initiate the attack. Each step on the left will turn yellow to indicate what stage of the attack Fern is on. If there are no active connections on the network at the time of the attack – It will hang at the De-authentication step until an active connection is made on the victims network. Below is a screen-shot of what you can expect to see upon a successful attack.
Subterfuge is a Linux based tool that is inherently more nefarious than most of the tools in the Kali-Linux Kit. While Kali-Linux can be used for security audits and by network administrators to find and fix weaknesses in the network – Most Users of Subterfgue will be looking to do one thing… Steal your credentials! From Facebook to E-bay, to E-mail accounts – Subterfuge exploits a vulnerability in the Address Resolution Protocol to easily capture the login credentials of anyone on your network. HTTP or HTTPS…it doesn’t matter – Subterfuge can extract your login information in literally seconds.
1.) Download Subterfuge
2.) Untar and Install
tar fvxz Subt*
sudo python install.py -i
3.) Select Full Install With Dependencies
4.) When it is finished, a small window will appear and you must hit “Finish” to complete the installation.
5.) Start Subterfuge:
6.) Subterfuge will Start and begin checking for an update. It will halt and wait for user input – When prompted type in “mf ”
7.) Now you should be able to browse to http://127.0.0.1 – To Enter the SubterFuge WEB GUI.
- You will have to go into Command Prompt to start Subterfuge each time you reboot your PC
- If you use Subterfuge often, Consider placing a bookmark for it in your browser
Use of Kali-Linux or Subterfuge can easily get you in some serious trouble… The best way to safeguard yourself from johnny law is to limit the use of these tools to your own private home network.