The creators of BackTrack have released a new, advanced penetration testing Linux distribution named Kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system.
Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite andOWASP ZAP (both web application security scanners). Kali Linux can run natively when installed on a computer’s hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project‘s Metasploit Framework, a tool for developing and executing security exploits.
Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, and as an image for the ARM architecture for use on the BeagleBoard computer and on Samsung’s ARM Chromebook. Kali Linux is based on Debian Wheezy. Most packages Kali uses are imported from the Debian repositories.
Top Kali Linux Tools:
Metasploit is a framework for developing exploits, shellcodes, fuzzing tool, payloads etc. And it has a very vast collection of exploits and exploitation tools bundled into this single framework. It is available for all major Operating Sytems out there Windows, OS X, and Linux and comes pre-installed in Kali Linux. It is an offensive tool and to attack your own or your company’s infrastructure to check for security loopholes and to fix them before an actual attacker can break in.
There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.
1) Metasploit Framework Edition
The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing.
2) Metasploit Community Edition
In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.
3) Metasploit Express
In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.
4) Metasploit Pro
In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.
Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.
6) Cobalt Strike
Cobalt Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features..
The MSFCONSOLE (lower case) is the primary metasploit interface. The basic commands are:
HELP – show help
SEARCH – search for a specific module
USE – use a selected module
SESSION – manage sessions, including interacting with a session
SHOW OPTIONS – display configuration of a selected module
SET, SETG – set values of selected variables
EXPLOIT – run a selected exploit
RUN – run a module
Using Metasploit can be as simple as choosing, configuring and running and exploit
A full attack:
Choose and configure an exploit
Choose a payload (e.g. Meterpreter shell)
Execute an exploit
Switch to a spawned session set up with the target system
- Metasploit is the core framework used by the hackers after the innovation of KALI LINUX in the past time Backtrack was the king but in 2018 and so on Metasploit has no competition whatsoever!
Nmap (Network Mapper):
Nmap is used to scan whole networks for open ports and for mapping networks and a lot more things. It is mainly used for scanning networks and discover the online PC’s and for security auditing. Most of the network admins use Nmap to discover online computer’s, open ports and manage services running. It uses raw IP packets in such a creative way to know what hosts are available on the network and what ports are open which services (applications name and version) are running on those systems.
It comes into version GUI and Command Line. Zenmap is the GUI version what I recommend is that first learn the command line and then move on to the GUI if you feel confident.
Armitage is a graphical cyber attack management tool and it provides a GUI interface for all Metasploit features and makes it easier to understand and use. If you really want to understand and grow into the advanced features then Armitage is a great choice for you.
Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.
And if you are working in a team then it can be a real help to share information with your team:
- Use the same sessions
- Share victim hosts, capture data, download files etc.
- Communicate using a shared event log.
- Run bots to automate the tasks.
Jhon The Ripper (JTR):
Jhon The Ripper is a very popular tool for password cracking it is also known as JTR and also it has the coolest name of all the tools. Mostly it is simply referred as ‘Jhon’ it is the most commonly used tool for password cracking and to perform dictionary attacks. Jhon The Ripper takes text files, referred as a ‘wordlist’, which contains the list of commonly used passwords or real passwords cracked before, and it encrypts the password in the wordlist in the same way as the password which is being cracked. And then compare the output string with the encrypted string of the provided password.
This tool can be used to perform different types of dictionary attacks. If you are confused between Jhon The Ripper and THC Hydra then the most simple way to explain it is that THC Hydra is used to crack a password for online services and Jhon The Ripper is used for offline password cracking.
Wireshark is an open source tool for network analysis and profiling network traffic and packets and this kind of tools are referred as Network Sniffers.
Wireshark, previously known as Ethereal, is used to monitor network traffic and analyze the packets that are sent out. Wireshark can intercept network traffic ranging from connection level information to bits of the information which make up a signal packet. All of this is done in real time and show to the user in a readable format. There are a lot of developments made in the tool (platform) over the years and it includes filters, color-coding the packets depending on their information and these features really help the penetration testers to dig deeper in the network traffic and inspect the packets in detail.
Note: If you are really interested in Network administration and penetration testing then knowing how to use Wireshark is a required skill. There are a lot of resources available online from where you can learn about using Wireshark in depth.
THC Hydra is another tool for password cracking and mostly Jhon The Ripper and Hydra are used hand to hand. THC Hydra also known as Hydra is really popular password cracking tool for hacking Network Login it uses both Brute Force attack as well as dictionary attacks at the login page. And it supports the wide range of network protocols like SSH, Mail (POP3, IMAP, etc.), Database, SMB, VNC, LDAP, SMB, and a whole lot of other protocols.
Burp Suite is a web application penetration testers Dream tool and the most powerful tool out there on the internet can it can be used to cover everything full in depth that you ever wanted. So I will be my best to thoroughly explain all the details as there are a lot of things to cover. Here is a quick list of Burp Suite components:
Intercepting Proxy – This part of Burp lets to inspect and modify all the requests and responses that your browser make to the target application.
Spider – It is a very handy tool for listing out all the directories and files on the server and its functionality.
Web Scanner* – The important part as it detects list of vulnerabilities present in the site.
Intruder – This is used to create and perform customized attacks to find and exploit unexpected errors.
Repeater – Modify and re-send any individual requests.
Sequencer – To test the randomness of the tokens (csrf , authenticity_token etc )
Hands On Masscan to Find Open Ports Quickly
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million packets per second. It uses asynchronous transmission & a custom TCP/IP stack. So different threads are used for transmission of packets.
It is the best tool to enumerate and find open ports on a large number of hosts on the network or the internet very quickly. Another use of Masscan can be in stress testing due to its high transmission rate.
- Ultra Fast port scanning: Transmits up to 10M packets/sec ( Capable- NIC & PF_RING Drivers)
- Nmap style target specification and options
- Banner grabbing
- Basic Vulnerability Scanning like Heartbleed
- Custom TCP/IP stack
- It can be used as a first level recon tool to map the network
- Enumerate a large no of hosts
- Enumerate various subnets inside an organization
- Enumerating the internet!
Why Kali Linux
- Free (as in beer) and always will be: Kali Linux, like BackTrack, is completely free of charge and always will be. You will never, ever have to pay for Kali Linux.
- Open source Git tree: We are committed to the open source development model and our development tree is available for all to see. All of the source code which goes into Kali Linux is available for anyone who wants to tweak or rebuild packages to suit their specific needs.
- FHS compliant: Kali adheres to the Filesystem Hierarchy Standard, allowing Linux users to easily locate binaries, support files, libraries, etc.
- Wide-ranging wireless device support: A regular sticking point with Linux distributions has been supported for wireless interfaces. We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.
- Custom kernel, patched for injection: As penetration testers, the development team often needs to do wireless assessments, so our kernel has the latest injection patches included.
- Developed in a secure environment: The Kali Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the repositories, all of which is done using multiple secure protocols.
- GPG signed packages and repositories: Every package in Kali Linux is signed by each individual developer who built and committed it, and the repositories subsequently sign the packages as well.
- Multi-language support: Although penetration tools tend to be written in English, we have ensured that Kali includes true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.
- Completely customizable: We thoroughly understand that not everyone will agree with our design decisions, so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.
- ARMEL and ARMHF support: Since ARM-based single-board systems like the Raspberry Pi and BeagleBone Black, among others, are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, with fully working installations for both ARMEL and ARMHF systems. Kali Linux is available on a wide range of ARM devices and has ARM repositories integrated with the mainline distribution so tools for ARM are updated in conjunction with the rest of the distribution.
In summary, Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.