What is penetration testing?

the process of evaluating

system,
application, and protocols with
the
intent of identifying
vulnerabilities
usually from the perspective of
an unprivileged or anonymous
user to determine potential real
world impacts.
@Table_of_Contents:~#
1. —Introduction
History
Overview
Design Goals
2. —Operating System Components
Memory Management
Process Management
Device Management
File Management
Security Management
1. —User Command Interface
Command-Driven Interfaces
Graphical User Interfaces
2. —System Requirements
Hardware
@History:~#
It began out of necessity for lead Kali
developer Mati Aharoni

Quietly began in 2012. When Offensive

Security decided that they wanted to
replace their venerable BackTrack Linux
project. Which was manually maintained
@History:~#

Debian-derived Linux distribution designed for digital forensicsand

penetration testing. It is maintained and funded by Offensive
Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are
the core developers.
 Release History

1. Kali 2018.1 – 6th February, 2018 – The first 2018 Kali Rolling release.
Kernel 4.14.12, GNOME 3.26.2
2. Kali 2017.3 – 21st November, 2017 – The third 2017 Kali Rolling release.
Kernel 4.13, GNOME 3.26
3. Kali 2017.2 – 20th September, 2017 – The second 2017 Kali Rolling
release. Kernel 4.12, GNOME 3.25.
4. Kali 2017.1 – 25th April, 2017 – The first 2017 Kali Rolling release.
Kernel 4.9, GNOME 3.22.
5. Kali 2016.2 – 31st August, 2016 – The second Kali Rolling release.
Kernel 4.6, GNOME 3.20.2.
6. Kali 2016.1 – 21st January, 2016 – The first Kali Rolling release. Kernel
4.3, GNOME 3.18.
1. Kali 2.0 – 11th August, 2015 – Major release, “safi”, now a rolling distribution, major UI
changes.
2. Kali 1.1.0a – 13th March, 2015 – No fanfare release fixing kernel ABI inconsistencies in
the installers.
3. Kali 1.1.0 – 9th Febuary, 2015 – First dot release in 2 years. New kernel, new tools
and updates.
4. Kali 1.0.9a – 6th October, 2014 – Security BugFix release covering shellshock and
Debian apt vulnerabilities.
5. Kali 1.0.9 – 25th August, 2014 – BugFix release including installer and a set of
tool updates and package fixes.
6. Kali 1.0.8 – 22nd July, 2014 – EFI Support for our “full” ISOs and a set of tool updates
and package fixes.
7. Kali 1.0.7 – 27th May, 2014 – Kernel 3.14, tool updates, package fixes,
Kali Live Encrypted USB Persistence.
8. Kali 1.0.6 – 9th January, 2014 – Kernel 3.12, cryptsetup nuke option, Amazon AMI, ARM build scripts.
1. Kali 1.0.5 – 5th September, 2013 – BugFix rollup.
LVM Encrypted installs, Software Defined Radio (SDR) tools.
2. Kali 1.0.4 – 25th July, 2013 – BugFix rollup.
Penetration testing tool additions and updates.
3. Kali 1.0.3 – 26th April, 2013 – BugFix rollup. New accessibility features.
Added live Desktop installer.
4. Kali 1.0.2 – 27th March, 2013 – Minor BugFix release and update
roll-up.
5. Kali 1.0.1 – 14th March, 2013 – Minor BugFix release (USB Keyboard
).
6. Kali 1.0.0 – 13th March, 2013 – Initial release, “moto”.
@Overview:~#
Using open source hacking tools comes with a major
drawback. They contain a whole lot of dependencies when
installed on Linux, and they need to be installed in
predefined sequence: authors of some tools have not
released accurate documentation.
@Overview:~#
Kali Linux simplifies this process: it contains many tools preinstalled
with all the dependencies and are in ready-to-use condition so that
you can pay more attention for the actual attack and not on
installing the tool. Updates for tools installed in Kali Linux are more
frequently released. Which helps you to keep the tools up to date. A
noncommercial toolkit that has all the major hacking tools pre-
installed to test real-world networks and applications is very usefull
for ethical hackers. This enables hackers to spend more time on
finding the actual flaws rather than building a toolkit.
@System_Requirements:~#
1. A minimum of 20 GB disk space for the Kali
2. Linux install.
3. RAM for i386 and amd64 architectures, minimum: 1GB,
recommended: 2GB or more.
4. CD-DVD Drive / USB boot support
@Design_Goals:~#
1. Take responsibility for the user’s experience - Design with
understanding that a user’s needs change frequently while they work
and play

2. Principle of non-preemption - human attention is the most valuable

and scarcest commodity in human computer interaction

Individual interactive programs operate in a non-intrusive manner with

respect to the user’s activities.

3. Principle of least Astonishment - Or “Uniformity in command interface”

4. The technology should act as a mediator - “Be the vehicle, not the
destination”“Strive for transparency”
4. Design a self-teaching interface for beginners, and an efficient
interface for advanced users, but optimize for intermediates - Balance
learnability and discoverabilty utility

5. Don’t unnecessarily rely on metaphor - Especially mechanical-age,

which may be antiquated to many users, and eventually all users

6. Less is more - Reduce visual, memory, intellectual, and motor work

7. Be considerate and forgiving - it is better to offer to undo a mistake

than to ask a user if they are “sure”
@System_Components:~#
Memory Management - different types of virtual memory spaces and
mappings are used in the Linux kernel such as:

Large Address Spaces The operating system makes the system appear as if it
has a larger amount of memory than it actually has.
Protection Each process in the system has its own virtual address space. These
virtual address spaces are completely separate from each other and so a process
running one application cannot affect another.
@File_Management:~#
FHS compliant: Kali adheres to the Filesystem Hierarchy Standard, allowing
Linux users to easily locate binaries, support files, libraries, etc.
@Process_Management
Graphical User Interface

Kali Linux uses

GNOME as its
GUI
Command Driven Interface
Uses Linux Terminal
Emulator as its
command driven
interface
NMAP
NMAP is an essential tool for
hackers. It is used to locate hosts
and services and create a map of
the network.

Commonly used for:

Scan targets using domain or ip

Scan for vulnerabilities
Test whether target is
vulnerable
Launch an attack
NMAP scripts cover the following categories:
1. Auth: test whether you can bypass authentication mechanism
example: x11-access, ftp-anon, oracle-enum-users

2. Broadcast: find other hosts on the network and automatically add

them to scanning que
example: newtargets
3. Brute: brute password guessing
example: http-brute, oracle-brute, snmp-brute
4. Discovery: discover more about the network
example: html-title, smb-enum-shares, snmp-
sysdescr
1. Dos: test whether a target is vulnerable to Dos attack

2. Exploit: to actively exploit a vulnerability

example: jdwp-exec, http-shellshock
3. Malware: to test target for presence of malware
example: smtp-strangeport
4. Vuln: to find vulnerabilities on the target
example: realvnc-auth-bypass, afp-
path-vuln
METASPLOIT
pentesting tool capable
of enumeration,
exploitation, and
injecting shell code.

6 Types of modules

Payloads
Exploits
Post
Nops
auxillary
encoders
SOCIAL ENGINEERING TOOLKIT
open-source Python-
driven tool aimed at
penetration testing
around Social-
Engineering.

specifically designed
to perform advanced
attacks against the
human element
Examples of SEC attacks
1. Spear-Phishing Attack Vectors
-allows you to send e-mails with a malicious file as payload
2. Website Attack Vectors
-allows you to create a malicious website link.
3. Infectious Media Generator
-creates a payload and a .ini file for a usb, cd or dvd injection
4. Create a Payload and Listener
-creates a .exe file and opens a listener
5. Mass Mailer Attack
-send e-mails to the target
6. Ardiuno Based Attack
-For use with a “Teensy usb”
7. SMS Spoofing Attack
-craft sms messages and send them
That’s it