Practical: 1

Aim: Step by Step Guide to install Kali Linux on VirtualBox

Kali linux is a linux distribution that is Debian-derived and is designed for advanced
penetration testing, digital forensics, and security auditing. Kali contains quite a few
tools that help in performing several information security responsibilities.
We will require at least 20 GB disk space to install kali linux
We can direct start the kali linux in oracle VM virtual box by import the ova file
which already downloads.

1. Download and install VirtualBox

The first thing we need to do is to download and install VirtualBox from
Oracle’s official website.
This one of the version of virtual box:-

(Figure 1.1)Virtualbox Download

Once you download the installer, just double click on it to install Virtual Box. It’s
the same for installing Virtual Box on Ubuntu as well.
2. Download virtual image of Kali Linux
After installing virtual box successfully, for running kali linux in virtual box we have
to download kali linux virtual box images in your pc or laptop.

As you can see the file size is well over 3 GB, you should either use the torrent
option or download it using a download manager.

Kali Linux Virtual mage

(Figure 1.2)Kali live VirtualBox

3. Install Kali Linux on Virtual Box

Once we installed Virtual Box and downloaded the Kali Linux images on computer,
then we just need to import it to Virtual Box in order to make it work on virtual box.
Here’s how to import the VirtualBox image for Kali Linux:
Step 1: Launch Virtual Box.
When we start virtual box at top we will notice an Import button – click on that button.
 (Figure 1.3)Click on Import button

Step 2:
Next, browse the file you just downloaded and choose it to be imported (as you can
see in the image below). The file name should start with ‘kali linux’ and end with
.ova extension.

(Figure 1.4)Importing Kali Linux image

Once we selected, we may proceed by clicking on Next button.

Step 3:
Now, you will be shown the settings for the virtual machine you are about to import.
So, you can customize them or not – that is your choice. It is okay if you go with
the default settings.

You need to select a path where you have sufficient storage available. we never
recommend the C: drive on Windows.

(Figure 1.5)Import hard drives as VDI

After you are done with the settings, hit Import and wait for a while.

Step 4:
You will now see it listed. So, just hit Start to launch it.
You might get an error at first for USB port 2.0 controller support, you can disable
it to resolve it or just follow the on-screen instruction of installing an additional
package to fix it. And, you are done!
 (Figure 1.6)Kali Linux running in VirtualBox

Since January 2020, Kali Linux is not using the root account.
Now, the default account and password both are kali.

we should be able to login to the system with it.

Few of tools used in kali are as follows:-

1. Nmap

 Kali Linux Nmap or “Network Mapper” is one of the most popular tools on
Kali Linux for information gathering. In other words, to get insights about the
host, its IP address, OS detection, and similar network security details (like
the number of open ports and what they are).

It also offers features for firewall evasion and spoofing.

2. Lynis
Lynis Kali Linux Tool
  Lynis is a powerful tool for security auditing, compliance testing, and system
hardening. Of course, you can also utilize this for vulnerabilitydetection and
penetration testing as well.
 It will scan the system according to the components it detects. For example,
if it detects Apache – it will run Apache-related tests for pin point information.

3. WPScan
Wpscan Kali Linux
 WordPress is one of the best open source CMS and this would be the best free
WordPress security auditing tool. It’s free but not open source.
 If you want to know whether a WordPress blog is vulnerable in some way,
WPScan is your friend.
 In addition, it also gives you details of the plugins active. Of course, a well-
secured blog may not give you a lot of details, but it is still the best tool for
WordPress security scans to find potential vulnerabilities.

4. Aircrack-ng
Aircrack Ng Kali Linux Tool
 Aircrack-ng is a collection of tools to assess WiFi network security. It isn’t
just limited to monitor and get insights – but it also includes the ability to
compromise a network (WEP, WPA 1, and WPA 2).
 If you forgot the password of your own WiFi network – you can try using this
to regain access. It also includes a variety of wireless attacks with which you
can target/monitor a WiFi network to enhance its security.

5. Hydra
Hydra Kali Linux
 If you are looking for an interesting tool to crack login/password pairs,
Hydra will be one of the best Kali Linux tools that comes pre-installed.
 It may not be actively maintained anymore – but it is now on GitHub, so you
can contribute working on it as well.
 6. Wireshark
Wireshark Network Analyzer
 Wireshark is the most popular network analyzer that comes baked in with Kali
Linux. It can be categorized as one of the best Kali Linux tools for network
sniffing as well.
 It is being actively maintained, so I would definitely recommend trying this
out. And it’s really easy to install Wireshark on Linux.


7. Skipfish
Skipfish Kali Linux Tool
 Similar to WPScan, but not just focused for WordPress. Skipfish is a web
application scanner that would give you insights for almost every type of
web applications. It’s fast and easy to use. In addition, its recursive crawl
method makes it even better.
 For professional web application security assessments, the report generated
by Skipfish will come in handy.

8. Maltego
Maltego
 Maltego is an impressive data mining tool to analyze information online and connect the
dots (if any). As per the information, it creates a directed graph to help analyze the link
between those pieces of data.
 Do note, that this isn’t an open source tool.

9. Nessus
Nessus
 If you have a computer connected to a network, Nessus can help find
vulnerabilities that a potential attacker may take advantage of. Of course, if
you are an administrator for multiple computers connected to a network, you
 can make use of it and secure those computers.
  However, this is not a free tool anymore , you can try it free for 7 days
on from its official website.
10. sqlmap
Sqlmap
 If you were looking for an open source penetration testing tool –
sqlmap is one of the best. It automates the process of exploiting SQL
injection flaws and helps you take over database servers.
11. John the Ripper
John The Ripper
John the Ripper is a popular password cracker tool available on Kali Linux. It’s
free and open source as well. But, if you are not interested in thecommunity-
enhanced version, you can choose the pro version for commercial