Hacking with Kali Linux

The Ultimate Guide on Kali Linux for Beginners and How to Use Hacking
Tools for Computers. Practical Step-by-Step Examples to Learn How to Hack
Anything, in a Short Time.
By Daniel Géron

Table of Contents
Introduction
Chapter 1
 An Insight Into Kali Linux
Chapter 2
What is Hacking?
Chapter 3:
Kali Linux for Beginners
Chapter 4
Kali Linux Installation
Chapter 5
Real examples of how to hack with Kali Linux
Chapter 6
Advanced Kali Linux Concept
Chapter 7
How to Initiate a Hack Using Kali Linux
Chapter 8
How to Successfully Launch an Attack
Conclusion

Copyright 2019 by Daniel Géron - All rights reserved.

The following eBook is reproduced below with the goal of providing information
that is as accurate and reliable as possible. Regardless, purchasing this eBook can
be seen as consent to the fact that both the publisher and the author of this book are
in no way experts on the topics discussed within and that any recommendations or
suggestions that are made herein are for entertainment purposes only. Professionals
should be consulted as needed prior to undertaking any of the action endorsed
herein.
This declaration is deemed fair and valid by both the American Bar Association
and the Committee of Publishers Association and is legally binding throughout the
United States.
Furthermore, the transmission, duplication or reproduction of any of the following
work including specific information will be considered an illegal act irrespective of
if it is done electronically or in print. This extends to creating a secondary or
tertiary copy of the work or a recorded copy and is only allowed with express
written consent from the Publisher. All additional right reserved.
The information in the following pages is broadly considered to be a truthful and
accurate account of facts and as such any inattention, use or misuse of the
information in question by the reader will render any resulting actions solely under
their purview. There are no scenarios in which the publisher or the original author
of this work can be in any fashion deemed liable for any hardship or damages that
may befall them after undertaking information described herein.
Additionally, the information in the following pages is intended only for
informational purposes and should thus be thought of as universal. As befitting its
nature, it is presented without assurance regarding its prolonged validity or interim
quality. Trademarks that are mentioned are done without written consent and can in
no way be considered an endorsement from the trademark holder.
Introduction

Congratulations on downloading a copy of the Hacking with Kali Linux

Handbook. I am delighted that you have chosen this book so that you may learn
more about hacking using the Kali Linux operating system. In this handbook, the
main focus has been on hacking with Kali Linux. As you read the book, you will
learn more about how to carry out a reconnaissance. All this information will be
present in the section where we will be discussing how to plan an attack. As a
reader, you will also learn from some examples that will be present on how to hack
using Kali Linux. The examples will come in handy as you learn more about how
to use the tools present in the operating system. Also, there is an entire chapter on
Kali Linux installation. In that chapter, you will notice that Kali Linux can be
installed in diverse platforms including the Apple platform.

There is also an entire chapter about hacking. In that chapter, you will learn more
about the types of hackers. The ethical hackers do not engage in malicious
activities. The black hat hackers usually engage in illegal activities. As a hacker,
you must learn more about how to plan an attack. As a penetration tester or an
attacker, you will learn more about how to plan the attack and then launch a post-
exploit. The knowledge within this book will come in handy since it contains a lot
of information about how you can hack using Kali Linux.
Chapter 1
An Insight into Kali Linux
This is an operating system that is used when carrying out security auditing and
advanced penetration testing. The operating system has many tools that can be
used when performing security audits and penetration tests. Some of these tools
come in handy when carrying out security research, reverse engineering, and
computer forensics. Offensive security developed the operating system and they
have also been maintaining and funding it. The company deals with information
security. When Kali Linux was released, it was evident that the operating system
had adhered to the Debian development standards. Kali Linux has more than 600
tools that can be used when performing penetration testing.

The operating system is also free and you do not have to pay any amount of money
to access it. We will discuss some of the tools offered by Kali Linux and you can
get a better idea about what Kali Linux has to offer. Kali Linux has also adhered to
the Filesystem Hierarchy Standard and that is why Linux users can easily locate
support files, binaries, and libraries. The platform has also been supporting
wireless devices. Such capabilities also allow users to run any piece of hardware
since Kali Linux is able to support many wireless devices including USBs. It is
evident that penetration testers have to carry out wireless assessments regularly
and they can make use of the custom kernel since it has some of the recent
injection patches.

Kali Linux was also created in a secure environment by various committed

individuals who were deemed to be trustworthy. During the creation process, they
were able to interact with numerous secure protocols. All the developers were also
accorded the privilege of signing Kali Linux since they were greatly committed to
coming up with the operating system. Kali Linux also offers multi-language
support; however, the tools offered by Kali Linux were written in English. The
main advantages of using the platform include the presence of multilingual support
and that is why multiple users can access Kali Linux in their preferred language. It
is also easy to locate the tools that you need. Also, the operating system can be
easily customized. The main reason why Kali Linux offers such features is because
they understand not everyone can agree with their design process. On the other
hand, Kali Linux is somewhat adventurous. Since platforms such as Beagle Bone
Black and Raspberry Pi have been unveiled, the ARMHF and ARMEL systems
offered by Kali Linux have been expanded. As a security professional, Kali Linux
offers you all that you need to effectively perform penetration tests. The Linux
operating system has proven to be very effective.

While discussing about Kali Linux, it is good to ask questions such as, should I use
Kali Linux? Such questions are important since the platform was also created for a
specific user base. To get a precise answer to the question, it is good to look into
what makes Kali Linux unique. As for Kali Linux, it was created to suit the needs
of people who carry out security auditing and penetration testing. To suit the needs
of security professionals, Kali Linux has the following features:
1. Single users with root access- Kali Linux was created to be a “single, root
user.” To use some of these tools you must have some escalated privileges.
Root privileges are also important.
2. Custom Linux kernel- the operating system uses an upstream kernel and it
has been fully patched to allow wireless injection.
3. A trusted and minimal set of repositories- Kali Linux focuses on maintaining
integrity and that is why the platform makes use of some upstream software
resources to ensure that there is an absolute minimum. There are also many
Kali Linux users who have been trying to add some additional repositories
to their source list. The main issue with adding repositories is that you may
break your Kali Linux installation.
Although the developers of the operating system may recommend Kali Linux, it is
not meant for everyone. The platform is mainly suited to some of the professional
penetration testers and the security professionals. The operating system is also
unique in different ways. To swiftly use Kali Linux, you should be conversant with
the Linux platform. It is also good to note that even the people who have had some
exposure with Kali Linux also undergo a series of challenges when using Kali
Linux. Despite being open source, Kali Linux is limited to being a minor-open
source project due to security reasons. The developers’ team is also small and they
have also signed all repositories. When you add some unverified applications, you
will experience a series of problems.
Although Kali Linux can be easily customized, it is not possible to add some
packages that have no relation to the Kali Linux software sources. When you add
other sources, there will be no support whatsoever. For instance, you may try to
add a package such as Steam. The repercussions of such an event would not be
desirable. If you are not familiar with Linux, you should first look for some
tutorials so that they may guide you. You should also not misuse some of the tools
that are provided by Kali Linux since you may face some legal consequences.
Although you may not fully understand what you are doing, such an excuse will
not suffice. If you are a security professional trying to perfect your skills, the
toolkit provided by Kali Linux will suffice.

Where can you get official kali Linux Images?

It is possible to run the Kali Linux operating system on the Apple and Windows
Pcs using a USB drive. You should have a bootable ISO image and it should be
either in the 64-bit or the 32-bit format. If you are not conversant with the system’s
architecture, you should run the uname-m command. You will get a variety of
responses. You will either run the 32-bit or the 64-bit image. Use the 64-bit image
in the instance whereby the response is “x86_64.” Use the 32-bit image in case the
response is “i386.” When using the Windows platform, you can directly download
the images. You can use the “.torrent” files.
VMware Images

When running the Kali Linux operating system as a “guest” under the virtual
machine platform, the VMware tools present within the Kali Linux platform come
in handy. The VMware images can also be accessed in both 32-bit and 64-bit. As
for the 32-bit, there is the PAE (i486) and i686 formats, whereas the 64-bit is
available in the amd64 format.

ARM Images

There are many ARM-based devices and their architecture varies and that is why
one image cannot be used across all platforms. There are some pre-built images
that can be used and they are compatible with most of the ARM-devices. You can
also build your own ARM images using some of the scripts that are provided by
GitHub which is an open source platform.

How do you verify a downloaded Kali Image?

Some people may not deem it important to verify a Kali Linux image that they
have downloaded. Before running Kali Linux in a live manner using a bootable
flash disk, you must first make sure that you have the real Kali Linux and not a
prototype. Since the operating system has many tools that can be used to carry out
penetration testing and security auditing, you must have some confidence in the
tools that you are using. As a professional, you should know that the credibility of
the Kali Linux operating system will also align with the credibility of the test
results that you will issue. Since Kali Linux has many strengths, it means that a
counterfeit version of Kali Linux will cause a lot of damage when you are carrying
out penetration testing.
There are some people who will try to come up with a counterfeit version of Kali
Linux since they have ulterior motives. To avoid being a victim, you should
download the operating system from the official Kali Linux web page
(https://www.kali.org/downloads). To access these web page, you should have SSL
certification. When you use an encrypted connection, an attacker cannot launch a
“man-in-the-middle” attack and that means that they cannot modify the download.
Although the source may be credible, there are some weaknesses that may be
present and they may bring about some serious consequences.

After downloading an image, you should also validate it. Some of the techniques
that you can use to verify an image include:
You can start by downloading an ISO image using the official site so that you may
not fall for the counterfeit versions of the operating system. You will then calculate
the SHA256 hash of the Kali ISO image. You will then compare it by inspecting
the values present on the official Kali Linux site. The process is quite simple and
that means that people can easily maneuver it regardless of their level of
experience. The major reason why images should be verified is because some
attackers may use loaded images to launch an attack targeting specific users. If you
want to download an ISO image, you can do so when using the torrents.
Depending on whether you are using the OSX or Linux, you should use the
shasum command. If you are using windows, you will use a utility so that you can
automatically verify the signature of the file. The process is easy but it has a
weakness whereby the file may not be Kali Linux and the signature may match.
Since there is a weakness, we will also discuss about verifying the signature of an
ISO image using the signature included in the file.

To ascertain that you have downloaded a Kali Linux image, you should first
download a file that has a clear signature field and you should also consider the
version of the file. It should be signed with the official Kali Linux private key. To
verify the image, you should first use the GNU Privacy Guard (GPG) since it will
help to compute the SHA256 signature. The process is quite complex, but it is very
effective. The only issue is when an attacker has carried out some modifications.

What do you need to verify the Kali Linux images?

When using Linux, the GNU Privacy Guard will be pre-installed. When using OS
X and Windows, you will have to look for the most suitable version of the GPG.
As for Windows, you should use the GPG4Win.
As for the Mac OS X, you may download the GPG Tools easily.
The main issue with the Windows platform is that it does not have the ability to
calculate the SHA256 checksums. Some of the utilities that you may need include
Microsoft File Checksum Integrity Verifier which will help to verify each of the
ISO images that you have downloaded.
After downloading the GPG and installing it, you should also import the Kali
Linux official key. To do so, you should use this command:

The desired output is as shown below:

Use the following command to verify that they key has been properly installed.
The desired output should look like this:

You can now verify the Kali Linux image that you have downloaded.
How will you verify the image that you have downloaded?
You can perform the verification process manually. You can use the following
procedure.
During the verification process, the operating system that you are using matters a
lot. When using the OS X and Linux, you will be able to generate the SHA256
checksum. For instance, the image may be labelled “kali-linux-2016.2-amd64.iso”
and it is present in your directory.
In this case, use this command:

The output after keying in the command is as shown below:

The SHA256 signature matches the signatures that have been displayed in the
“sha256sum” column.

Kali Linux images are produced monthly and you can easily download them. The
SHA256 Sum table that can offer some guidance when verifying images is shown
below:
If you downloaded the Kali Linux images using Torrents, you will notice that a
second file will be present and it will contain the SHA256 signature and an
extension will also be present. The file will be used to authenticate the downloaded
image. Depending on whether you are using Linux or the Mac platform, you can
use the following command:

If the image is authentic, the response that you expect will be as shown below:

In an instance whereby you cannot verify whether the Kali Linux image is
authentic, you should not use it so that you may safeguard your system. If the
image has been modified by an attacker, your network will be at risk. Always
ensure that all Kali Linux images are authentic by downloading them from a Kali
Linux mirror that is also legitimate.
Kali Linux - The Default Passwords

When you are installing Kali Linux, you are allowed to install a password that is
meant for the rot user. When booting live images, the default root password will be
– “toor.” The images will vary from amd64, i386, ARM, and VMWare images.

Kali Linux Live

The fastest way to run Kali Linux is by running it “live.” You should use a
bootable USB drive. The main advantages of running Kali Linux “live” include:
It is not destructive- it is not possible to make any changes to the hard drive
on the host system or the current operating system. After removing the
bootable USB drive, you can proceed with the normal operations.
It is portable- you can carry the bootable USB drive anywhere and you can
run the Kali Linux “Live” using any computer
It can be customized- Kali Linux can be easily customized.
It is persistent- although you may be using a bootable USB drive, it is
possible to create a persistent storage; however, you will need some extra
effort. The main advantage in this case is that the data you collect can also
be accessed later.
To achieve all this, you must first create USB drive that is bootable. The
prerequisites of creating a bootable USB drive include:
1. You should use an ISO image that you have already verified. Some of
information about downloading Kali Linux images has highlighted in the
context above.
2. If you are running the Kali Linux “Live” from a computer that is using the
Microsoft Windows operating system, you will need to download the utility
known as Won32 Disk Imager. When using Mac OS X and Linux, you will
 use the dd command and it is normally pre-installed in each of these
platforms.
3. You will have to use a thumb drive that has a storage capacity of 4GB and
above. It is also possible to use an SD card. It all depends on the specifics of
the laptop that you will use. Regardless of the storage device that you use,
the procedure is still the same.
The major difference will only arise depending on the specific operating system
that is in use when running the Kali Linux “Live.”

How to Create USB Drive that Is Bootable

1. Plug in the USB drive to your PC. Make sure that you have noted the
designated disk drive. For instance, the thumb drive may be designated to
the disk “F:\.”
2. You will choose an ISO file first. The file will be used during the imaging
process. You will then check the USB drive that you are using is the right
one before you can click the “Write” button.

3. After completing the entire process, make sure that you have ejected the
USB drive safely. The USB drive can then be used to boot the Kali Linux.
How to create a bootable USB Drive
You can easily create a bootable USB drive on Kali Linux. First, download the ISO
file. After that, you will key in the dd command. You must key in a certain
command to the USB drive. You will also not have to execute sudo when running
the dd command.

USB Persistence on Kali Linux Live

USB persistence is whereby you can store the data that you have collected while
running Kali Linux “Live.” We will now look into the procedure that is used to
create USB persistence Kali Linux “Live.” Such an enhancement comes in handy.
When collecting data and documents, you can easily access them as you wish. The
USB persistence comes in handy regardless of the operating system that you are
running the Kali Linux “Live” on. You will just create a partition in the USB drive.
Since Kali Linux is meant for people who carry out security audits and penetration
testing, it will be easy to collect evidence and all that. You also have the option of
encrypting the USB drive using the LUKS-encrypted.

To create USB persistence, you must have root privileges. Your privileges can be
escalated using the “sudo su” command. The main assumptions are:
You are running the Kali Linux “Live” and you are the root user.
 The USB drive should have a free space of about 8GB. When using a USB
drive with a capacity of 8GB, the partition that you create will have at least
4GB storage space.
When creating a USB partition, you will have to put an ext3 file system. Use the
following procedure:
Copy the Kali ISO image to the thumb drive. We may assume that there are
two partitions that have been formulated. You can verify all this information
using the “fdisk-l” command.
You can the format and create an additional partition on the USB drive. Start
by creating an empty space that will be above the Kali Linux partitions.

In most cases, you are supposed to use the exact figures that you may have
highlighted. You may receive a notification that the partition has not been placed in
a suitable location. You should just “ignore” the suggestion. When the partitioning
is complete, the new partition will be formed at /dev/sdb3. You can verify the
partition using the “fdisk-l” command.
3. You will then come up with an ext3 file system in the partition. You will then
label the partition. In this case, it has been labelled “persistence.”

4. Come up with a mount point and ensure that you have mounted the partition
there. You will come up with a configuration file and it will enforce the
persistence. Afterwards, the partition can be unmounted.
Using LUKS Encryption to Add USB Persistence
You can create a storage area that is persistent when using LUKS-encryption.
When using the LUKS encryption, you can easily add an extra layer of security
that will come in handy especially when you are dealing with some sensitive files
depending on whether you are running Kali Linux “Live.” To ensure that you will
be able to understand how to create a persistent storage when using LUKS
encryption, we will showcase an example. An ext3 file system will also be added
into the partition and a persistence.conf file will then be created. The procedure is
as follows;
1. Copy the Kali ISO to the USB drive. The process had been explained earlier.
2. Create a partition using the empty space that is above the Kali Linux
partitions.
Since the partition will be 7GB as compared to the earlier 4GB partition space that
was used in an earlier example, the command we will use is as shown below:

In some instances, the parted command may tell you that you will not be able to
use the value that you had specified. In such an instance, you should then accept
the value that has been suggested. You may also be advised that the partition is not
in an optimal location and you should “ignore it.” When the partitioning is
complete, the new partition should appear as /dev/sdb3. As always, you can use the
“fdisk-l” command to verify each partition.
3. The LUKS encryption should be initialized in the partition that has been newly-
created. The data that is present within the partition will be overwritten. You will
be prompted to proceed and you must press “YES.” Ensure that you have used the
uppercase. After that, you should press Enter. Make sure that you have picked a
phrase that you can easily remember when encrypting the data. If you fail to
remember the password that you have keyed in, the data within the thumb drive
cannot be accessed and you cannot also retrieve it.

4. You should create an ext3 filesystem and you should label it “persistence.”

5. Come up with a mount point where you will mount the partition that has
been encrypted. After that, you should set up the persistence.conf file. After
that, the partition can be unmounted.

6. The encrypted channel should be closed afterwards.

To utilize the persistent data features, you should plug the bootable USB drive to
the PC so that you may run the Kali Linux “Live.” The BIOS set up should enable
you to boot the Kali Linux from the bootable USB drive. After the boot screen
appears after launching Kali Linux, make sure that you have chosen persistent
option after the entire process is complete regardless of whether it is encrypted or
normal.
Live Build a Custom Kali Linux ISO
It is easy to build a customized Kali ISO. It is possible to virtually configure the
Kali Linux. Developers can use certain scripts when they want to come up with the
live system images. The development team that came up with Kali Linux also uses
these scripts to come up with the official Kali ISO releases.

The custom Kali ISO should be built within the Kali environment that already
exists. Start by setting up the live-build system. You should use the following
commands:

The above commands will allow you to create a Kali ISO that has been updated.
You will then run the ourbuild.sh wrapper script in the following manner:

It will take some time to complete the “build.sh” script. The script will download
all the required packages that will be used to create the custom Kali ISO.
Chapter 2
What is Hacking?

Concepts of Ethical Hacking

Hacking definition- this is the act of exploiting various security vulnerabilities in a
network or any other area of interest.
Computer hackers have been present for a long period specifically since the period
when the internet was unveiled. At the moment, the internet is being used in many
parts of the world. The instances of hacking have also risen; however, only a few
hackers have managed to gain some popularity globally. For instance, you may be
familiar with the name Snowden.
When discussing about hacking, it is good to note that there are different types of
hackers. We will discuss about three categories. The types of hackers include:
White hat hackers- they conduct ethical hacking.
Black hat hackers- they always hack for their own personal gain.
Grey hat hackers- they hack for their own personal gains; however, they
also conduct ethical hacking.
When describing a typical hacker, you will realize that such people are anti-social.
There are different types of hackers. The classification above has focused on the
activities that each hacker undertakes. There is a classification that relies on the
skill set of each hacker. Although hackers may seem unique, they are just normal
humans who have more knowledge about technology. It is also good to note that
every hacker has different motives and they are motivated by different things.
Some hackers are also social since they need to collect some information when
carrying out an attack. The hackers collect information through social engineering.
We will discuss more about how hackers collect information later in this chapter.
The most important aspect about hackers is that they are individuals who are filled
by curiosity and they are very sharp minded.
The term hacker also has two meanings:
 Traditionally, a hacker is a person who would try to play around with
electronic and software systems. The hackers enjoy learning and exploring
computer systems.
In the modern era, a hacker is a person who maliciously breaks into a
system and their main motive may be financial. In short, they always have
malicious motives.
At times, the hackers hack into a computer system so that they may gain fame. In
some instances, they may also be revenging. For example, an employee was
working in a certain organization and they were sacked. They may possess a lot of
knowledge about the organization and they may use it for their own personal gain.
They may seek revenge by hacking into the organization’s network.
As for hacking, the term carries different meanings. In some instances, it may
mean people are developing on their own knowledge. To become a hacker, you
must be skilled. Also, you must be willing to expound on your knowledge since
technology is always evolving rapidly. The main reason why technology evolves
fast is because various security personnel will try to come up with different
techniques that will be used to ensure that hackers cannot easily penetrate different
systems. The hackers on the other hand focus on learning more about how they can
hack into some of these systems. Without hackers, security professionals would not
be easily bothered about ensuring that they are working round the clock to create
defense mechanisms that are meant to protect an organizations network.

As a hacker, you must set some goals. You will then be able to work with a target
and you will make sure that you have achieved it through every means possible.
Most people may assume that hacking goes hand in hand with breaking the law; as
a result, when a person breaks into a network, they will be referred to as criminals.
Basically, hacking is more about following the law and a hacker will also perform
different steps during the hacking process.
A Hacker vs. Cracker
There is a huge difference between a cracker and a cracker. Most people may
assume that the term hacker and cracker may have the same meaning. People have
been assuming that a hacker is a person who will break into your computer system
and they will also steal some confidential data that they may use to blackmail you.
To learn the difference between a cracker and a hacker, let us first look at the
definition of both terms.
Definition of hacker- a hacker is an individual who has developed an interest in
working with different computer operating systems. In most cases, a hacker can be
likened to a programmer. They will try to gain more knowledge about different
operating systems as well as programming languages. They will also try to exploit
some of the security vulnerabilities present. A hacker will always be on the pursuit
of knowledge and they will always share each of their discoveries. An ethical
hacker will not try to damage and steal data.
Definition of cracker- a cracker is an individual who will try to break into
different systems and they always have malicious intentions. The crackers will
always try to gain access to some unauthorized data and they may also destroy it.
Their main focus is on causing problems for each of their targets. It is easy to
identify a cracker since they have some malicious motives.

Most people have always had a negative perspective about hackers. Anyone may
also become a hacker regardless of their gender and age. The skill set of each
hacker will always vary. There are some hackers who do not even know how to
completely surf the internet. Some hackers have also been coming up with
different software platforms that can also be used by other hackers.

Types of Hackers.
We will now classify the types of hackers depending on their skill set and the
knowledge that they possess.
Coders
A professional hacker must be good at programming. They must also possess some
knowledge about different programming languages. The coders are tacked with
coming up with different hacking techniques and they will also come up with
different tools that will be availed to different individuals in the market. A coder
can easily identify some of the security vulnerabilities and the weaknesses present
in certain software and they will then come up with their own exploits that will
allow them to patch the software fully thus ensuring that it is secure.

A coder also has the ability to discover some unique vulnerabilities that are present
in the existing software and they will also create some codes that they will use
during the exploitation process. Some of the individuals also have an in-depth
understanding of the TCP/IP protocols and the OSI layer Model.
Admins
The administrators are the individuals who use different tool and exploits that were
formulated by the coders. They never come up with hacking techniques. They rely
on the tricks that have been developed by the coders. They mainly focus on system
administration and monitoring the network. The security professionals fall under
this category. The administrators also have a lot of experience when dealing with
different operating systems. They also know how they can exploit different
vulnerabilities.

Script Kiddies
The script kiddies can be categorized as dangerous hackers. They just possess an
overview about hacking and they rely on the scripts and tools that have been
developed by professional individuals. Some of these tools are readily available on
the internet and they are free. The main issue about the script kiddies is that they
do not understand any of the activities taking place in the background;
nevertheless, the little knowledge that they possess allows them to cause a lot of
damage. Since they are quite sloppy, they can be easily caught. The security
professional can easily catch the script kiddies since they will always leave behind
a digital footprint. Most of these individuals are usually teenagers and their skills
are quite wanting since they do not really know what they are doing.

Categorizing the hackers depending on the activities that they perform.

White hat hacker

A white hat hacker is an individual who normally conducts ethical hacking. They
normally work as security professionals and they use their knowledge and tools to
helps different people. They can help to pin point the various security loop holes in
a network. Additionally, they can also help to patch all the security loop holes. The
white hat hackers are commonly known as penetration testers and they can help to
handle different security issues.

Black Hat Hacker

Black hat hackers normally perform unethical hacking. The engage in different
criminal activities and they collect different pieces of information that they use for
their own personal gain. They can violate the integrity of various remote machines.
They are famously known for stealing data and also security cracking.

Grey Hat Hacker

They are hackers that do not engage in illegal activities; however, they may engage
in some illegal acts at times. They never engage in hacking for their own personal
gain and their intentions are not malicious. They can commit crimes occasionally
when they are examining different systems. The gray hat hackers can be classified
as both black hat and white hat hackers.

Ethical Hacking

Ethical hacking involves testing different resources for good causes and various
forms of technology can be improved in the process. In most cases, ethical hacking
is likened to penetration testing and it focuses more on protecting IT systems and
securing them completely.

Hacktivism

Hacktivists are also hackers. Their main focus is on broadcasting various social
and political messages. They mainly want to bring about some public awareness
about different issues. Some of these hackers may be trying to spread some
messages about terrorism. When you visit some of their sites, you will find many
Jihad messages since they may be terrorists.

Cyber Terrorist
A cyber terrorist is also a hacker. They may attack government computers and
other public utilities such as the power grid. They can also attack the control
towers at airports so that they can gain control over the air traffic. Cyber terrorists
will crash some critical systems and they will steal confidential pieces of
information from the government. Such terrorists attack when two nations are in a
conflict. The information that they have gained is mainly used to blackmail the
other nation.
Why do hackers hack?
Well, the best answer to this question is that hackers hack because they possess the
skill set and the knowledge needed to hack into a system. For some people,
hacking is a hobby and they are just doing it for fun. At times, some of these
hackers use their skills and tools to test their own systems. Most of the hackers at
the moment are individuals who were working in some of the security and
government IT organizations. They may have been sacked for different reasons; as
a result, they will try to use their skills and knowledge to bring down all these
organizations while trying to revenge.

The hackers with malicious motives possess a lot of knowledge and they want to
make sure that the lives of other people are completely ruined. In some instances,
they want to be famous. The hackers will derive their motivation from curiosity,
revenge, boredom, and blackmail, theft for financial gain, challenge, corporate
work pressure, and also extortion. Some of these hackers also try to justify their
work since some of them to do not any malicious intentions. At times, they just
want to prove a point.

Prevention from Hackers

People may be wondering whether it is possible to find some new loop holes in the
different software as well as exploiting them. For starters, there are many
information researches teams that try to find some of these loop holes and they will
always notify each vendor so that they can patch all these loop holes to prevent
hackers from exploiting the software. There is also some competition that exists
between the hackers who are trying to break into systems and the ones trying to
exploit the systems. The competition ensures that the security systems are strong
and up to date. The black hat hackers always make sure that their hacking
techniques are sophisticated and complex.
A white hat hacker will come up with some detection systems that will come in
handy when trying to tack the hackers who are trying to penetrate the system. The
black hat hackers on the other hand will come up with some techniques that they
will use to bypass the systems without being detected. The results are positive
since people become smarter because they are always in the pursuit of different
forms of knowledge. The security of this systems will also improve since the
ethical and black hat hackers will focus more on innovation.
When you are in need of some protection from malicious hackers, you should
make sure that you have contacted the ethical hackers. They possess a positive
mindset, skills, and all the tools that are needed to make sure that they have
conducted penetration testing so that they may discover some of the loop holes that
are present in your system. The ethical hackers will use the same techniques,
tricks, and tools that are used by the malicious hackers. The major difference is
that ethical hacking is legal. When it comes to ethical hacking, the target will have
to issue permission first. Ethical hacking mainly focuses on looking into the
present vulnerabilities present in the system. After discovering the vulnerabilities,
the ethical hacker will then seal all the present security loop holes so that the
system can be safe from the external attackers. Ethical hacking also comes in
handy when it comes to information risk management and some security
improvements can also take place. Ethical hacking also helps to ascertain that the
claims by a vendor who is dealing in various security tools is legitimate.

The hackers also ensure they have expanded their knowledge. Their services are
also on a high demand since they help to secure your systems. As an ethical
hacker, you must be conversant with some of the activities that are carried out by
hackers. They should also learn more about how they can stop the efforts of some
of the external hackers. Although you may want to protect your system, you cannot
protect it completely. The only way to fully protect your system is by unplugging
the computer system and then locking it away so that no one can access it. Such an
approach is effective; however, with regard to information security that is not the
best approach. The main focus should be on protecting the system from known
vulnerabilities and some of the common hacker attacks.
You cannot be able to overcome some of the vulnerabilities present in the system.
You will also be unable to plan some of these possible attacks. Some of the
common attacks include the Zero Day Exploits and they are widely known. In
ethical hacking, you need to try different combinations so that you may be able to
test the entire system accordingly; that way, you will discover more vulnerabilities.

As a hacker, when launching an attack, you may follow the following steps:
Step 1- Pilot Study
The pilot study is known as the pre-attack phase. The hacker will focus on
locating, gathering, identifying, and also recording some important pieces of
information about their targets. The hacker makes sure that he has collected
enough information about the target.

Step 2- Scanning

Scanning is also a part of the pre-attack phase; this is the step whereby the
information that was collected during the pilot study will be used to examine the
network. During the scanning process, the attacker will carry out system port
scanning so that they may determine the present vulnerabilities as well as the open
ports. The attacker will use different tools that are automated so that they can be
able to discover some of the system vulnerabilities.

Step 3- Gaining Access

In this step, the actual hacking will take place. After discovering the vulnerabilities
during the scanning process, you will now exploit each of these vulnerabilities so
that you can access the system. The hacker can use different connection techniques
including the use of a LAN (local area network), the internet, or even locally
accessing the PC. When carrying out the exact security breach, the hacker will be
able to utilize different techniques that are simple; nevertheless, he will be able to
cause some damage that cannot be repaired.

Step 4- Maintaining Access

After gaining access, the hacker will ensure that they can easily access the system
in the future by placing backdoors which will be exclusive and they cannot be
easily accessed by security professionals and other hackers. They will make use of
Trojans and root kits. Since an attacker will have to erase the digital footprints,
they will utilize automated tools and scripts.

Step 5- Clearing Evidence

In this step, the attacker will be able to gain access while also maintaining it. They
will erase any evidence that showcases that an attack took place so that they cannot
be traced by some of the security professionals. By doing so, they can continue
using the system as they wish and they will also get rid of any evidence that
hacking took place within the system. At the moment, some of the successful
security breaches cannot be easily detected since they are carried out by
professionals. Although there was log checking and firewalls, the hackers can still
access some of these systems and they will make sure that they cannot be easily
detected.
About Ethical Hackers

As an ethical hacker, you must obey the ethical hacking commandments. Each
ethical hacker has to adhere to some basic principles. If they fail to follow these
principals, some bad things may happen. At times, people forget these principles
when executing an ethical hacking attack and the repercussions may be dire.

The term ethical means that a hacker should work while adhering to some
professional principles and morals. You may be performing a test so that you may
look into some of the present loop holes within your system. In some instances, the
ethical hacker may be hired. As an ethical hacker, make sure that you have
supported the goals of each client. You must also not have any hidden agendas.
Also, an ethical hacker should be trustworthy and they must ensure that they have
not misused any of the information that they have come across.

An ethical hacker is also supposed to respect the privacy of each of their clients.
They must make sure that all the information that they have accessed including
passwords has been kept private. They should also make sure that the systems will
not crash. The major mistakes that people make when trying to hack into a system
is that they may end up crashing their own systems. Poor planning techniques are
the main reason why some of these systems crash. The testers do not make an
effort to read the documentation and they will fail to understand the use of some of
the security tools and hacking techniques.

During the testing phase, you can come up with some miserable conditions by
conducting numerous tests while also causing different system lockups. Some of
the tools used during the security assessment are used to control how some of these
tests are performed. The tools come in handy especially when running tests on
production systems during the normal business hours.
As an ethical hacker, you may understand the importance of patience and time.
You should always be careful when performing an ethical hacking test. The
hackers may be attentive to learn more about what you are doing and they can also
use the information for their own benefit. For starters, make sure that there are no
hackers in the system before you can start to execute your plan. Make sure that
everything is private and quiet.

The main reason why privacy is important is because some of the external
attackers may gain access to the test results when they are being transmitted to the
relevant parties. You must first plan a pilot study. Make sure that you have looked
for some information about the hackers and the types of attacks that they have been
planning in the specific organization. Ensure that you have narrowed your focus.
You may conduct a search through the internet so that you may learn about the
organization’s name as well as the names of the network and computer names. You
can also gain some information about the IP address that you are using. The best
search engine to use in this case is Google.
Chapter 3:
Kali Linux for Beginners

Kali Linux was invented after the BackTrack platform that was used to carry out
penetration testing. The operating system has more than 600 tools that are used to
secure data as well as penetration testing. In this chapter, we will discuss about
Kali Linux in general so that beginners may get an overview. We will focus on
different areas such as how to customize Kali Linux so that it may support
different aspects of securing various forms of data as well as penetration testing. In
this chapter, the main focus will be on the following areas:
Updating Kali Linux.
Configuring secure communications and network services.
Customizing Kali Linux.
Effective management of penetration tests.
Extending the functionality of Kali Linux while using third-party
applications.
Kali Linux
The operating system has numerous defensive tools that can also be used to carry
out penetration testing. The tools were being used by network administrators as
well as security auditors and they would secure and assess different networks.
Black hat and white hat hackers also have access to these tools.

The main issue about BackTrack was that its architecture was quite complex and it
was not easy to manage the tools that were present. In the BackTrack platform, the
tools were present in the pen test directory. There were numerous subfolders and
they came in handy when locating some of the tools that were present on the
platform. Some of the tools include sqlninja. The tools were used to identify
instances of SQL injection. There were many more tools that would come in handy
when carrying out web exploitation while also assessing various vulnerabilities.
Kali Linux was then created and it has replaced BackTrack. The Kali Linux
operating system and its architecture is based on the Debian GNU. When using
Kali Linux, you can access the tools easily.

The features present on Kali Linux are:

The operating system is able to support numerous desktop environments
including KDE, Gnome, XFCE, LXDE, and Kali Linux also offers some
multilingual support.
The tools are Debian-compliant and they are also synchronized at least four
times a day with the Debian repositories; as a result, it is easy to update
different packages while also applying different security fixes.
The operating system supports ISO customizations and users will be able to
build different versions of Kali Linux.
Kali Linux also has ARMFH and ARMEL support and the users can install
the operating system in different devices including the Samsung
Chromebook and Raspberry Pi.
The tools present in the Kali Linux operating system have diverse uses
including some wireless support using kernel patches and it is possible to
carry out packet injection when carrying out some wireless attacks.
Kali Linux is also free since it is open source. A huge online community
also supports the Kali Linux platform.

We will focus on the use of Kali Linux after launching it on “Live mode”. In the
next chapter, we have discussed about how to install Kali Linux. When dealing
with the VMware, it means that the Kali Linux will be on the “Live Mode.” In
chapter 4, we will cover how to install Kali Linux ion different platforms including
the Mac OSX that is used on all Apple devices.
The main reason why the VMware is used is because it comes in handy when
executing some applications that are present in the main operating system. For
instance, if you install the Kali Linux “Live Mode” in the Windows operating
system, you will be able to use some of the applications present on the Microsoft
Windows operating system. It is also possible to retrieve the results that were
obtained when carrying out some tests on the virtual machine. The results of the
tests will allow you to look into the present vulnerabilities that are present in the
network.

After launching Kali Linux, the default desktop will always appear and a menu bar
will also be present as well as some few icons. When you select the menu item,
you will then gain access to some of the security tools that are present on Kali
Linux as well as different folders.
Configuring Secure Communications and Network Services

When using Kali Linux, you should make sure that there is connectivity to either a
wireless or a wired network so that the operating system can handle different
updates. The connectivity also allows users to customize the operating system. For
starters, you should obtain an IP address. You will then use the ifconfig command
when confirming the IP address. You will do so using the terminal window. An
example on how to use the ifconfig command is shown below:
As for this case, the current IP address is 192.168.204.132. If you were unable to
obtain an IP address, you can get one by using the dhclient eth0 command. The IP
address will be assigned by the DHCP protocols. You can also use other interfaces
since it is all dependent on the configurations present in the system that you are
using.
If you have used a static IP address, you will have to provide some additional
information. For instance, you may use 192.168.204.128 in the following manner.

Open a terminal window where you will key in the following command:

It is good to note that some of the changes that will be made to the Internet
Protocol settings will be non-persistent and they will not appear again after
rebooting the Kali Linux. If you want to ensure that all these changes are
permanent, must edit certain files. This screenshot can offer some guidance.
When starting Kali Linux, the DHCP service is never enabled. After enabling the
DHCP service, the new IP addresses present on the network will be announced and
the administrators will also be alerted that there is a tester present. In some
instances, this is not a major issue and it is advantageous since some services will
also start automatically during the booting process. To achieve all this, you should
key in the following commands on the terminal window:

Kali Linux has the ability to install different network services and they include
HTTP, DHCP, TFTP, SSH, and also VNC servers. Users normally invoke these
services from the command line. You can also access some of these services from
the Kali Linux menu.

How to Adjust the Network Proxy Settings

The users who are using a proxy that has been unauthenticated or authenticated
should start by modifying the apt.conf and the bash.bashrc.
1. Start by editing the bash.bashrc file. A screenshot will be provided since it
will offer some subtle guidance. A text editor will come in handy when
 adding the following lines to the bash.bashrc file:

2. The proxyIP should be replaced with the proxy Internet Protocol address
that you are using. You will also have the ability to change the password and
the username. At times there is no need to perform an authentication process
and you should key in the ‘@’ symbol.
3. You will then create the apt.conf file in the same directory and enter the
commands that will be showcased in the screenshot below:
 4. You will then save the file and then close it. You will also have to log in later
so that you may activate the new settings.

How to Use Secure Shell to Secure Communications

During the testing phase, as a penetration tester and security auditor, you will have
to ensure that there is minimal detection. When using Kali Linux, you cannot use
external listening network devices. You can use different services including Secure
Shell. After installing Secure Shell, you must start by enabling it before you can
use it.
As for Kali Linux, the operating system has some default SSH keys. Before you
can start any SSH service, you must disable some of the default keys while also
generating a keyset that is unique since you will also need it. The default SSH keys
should then be moved to the backup folder. You will then generate an SSH keyset
using this command:

The following screenshot will guide you on how to move the original keys and also
generate some new keysets.
You must also verify that each of the keys that you have generated is unique. You
can do so by calculating the md5sum hash values of each keyset. After that, you
will compare your findings with the original keys.

When starting the SSH service, you will select Applications- Kali Linux- System
Services-SSHD- SSHD start.
If you want to start the SSH when using the command line, the following
screenshot will guide you.

When you want to verify that the SSH is running, you will execute the netstat
query as shown below:
If you want to stop the SSH, you should use the following command:

Updating Kali Linux

Users should patch the Kali Linux operating system regularly to ensure that it is
up-to-date.

The Debian package management system usually depends on packages. As a user,

you can easily install or remove the packages when customizing the operating
system. The packages will then support different tasks including penetration
testing. The functionality of the operating system can also be extended to support
documentation as well as communications. As for documentation, you can also run
Microsoft Office when using the wine application. The packages are usually stored
in the repositories.
Packages and Repositories

Kali Linux normally uses the official Kali Linux repositories. If you fail to
complete the Kali Linux installation process, you will not be able to add the
repositories. There are different tools that are present on Kali Linux and they may
not be officially present in the repositories. The tools can also be updated manually
by overwriting some of the present packaged files while also breaking the
dependencies. As a result, the Bleeding Edge repository will maintain different
tools including dnsrecon, aircrack-ng, beef-xss, and sqlmap. It is good to note that
these tools will not be moved to the Debian repositories. You can add the Bleeding
Edge repository to the sources.list when using this command line:

Dpkg
The DPkg is a package management system that is based on Debian. You can also
remove, install, and also query some packages when using the command-line
application. When the dpkg-1 is triggered, some data is returned. You will also be
able to see all the applications that have been installed on the Kali Linux operating
system. Some of these applications can only be accessed through the command
line directly.

Using the APT (Advanced Packaging Tools)

The APT come in handy when extending the functionality of the dkpg by installing
and searching repositories. The packages can also be upgraded. The Advanced
Packaging Tools can also be used when upgrading the entire distribution.
The most common advanced packaging tools include:
apt-get update- the command is used when resynchronizing the local
packages with their sources. You should also use the update command first
when you ae performing an upgrade.
apt-get dist-upgrade- the command will upgrade all the packages that have
been installed into the system. All the obsolete packages will also be
removed.
apt-get upgrade- you can install different packages using this command. The
packages are already installed on the Kali Linux and they can be upgraded at
any given moment. If packages are not present, they cannot be updated. In
short, only the installed packages will be packaged.
If you want to view the full descriptions of different packages, you can use the apt-
get command. You can also identify some of the dependencies of the packages.
You can also remove the packages when using different commands. There are
some packages that can also not be upgraded when using the apt-get command.
Some of these packages should be upgraded manually by using the update.sh script
while also adding the following commands:

Customizing and Configuring Kali Linux

The Kali Linux framework comes in handy when performing penetration tests. The
security expert should not be limited to using only the tools that are pre-installed
on Kali Linux. The default Kali Linux desktop can also be adjusted. When you
customize the operating system, you will be able to ensure that the system is more
secure. The data that you may collect during the testing phase will also be safe and
you can easily carry out a penetration test.
Some of the common customizations include:
Being able to add a non-root user.
Resetting the root password.
Sharing some folders with the Microsoft Windows operating system.
Speeding up the Kali Linux operations.
Creating encrypted folders.

Resetting the Root Password

If you want to change the root password, you should use this command:
You will then type a new password. This screenshot will guide each user
accordingly:

How to add a non-root User

Kali Linux has provided many applications and they are run when using the root-
level privileges. The main issue with the root-level privileges is that they possess
some risks. Some of these risks include causing some damage to different
applications after using the wrong commands when testing a specific system. It is
advisable to make use of the user-level privileges when testing a certain system. If
you want to come up with a non-root user, make use of the adduser command. You
will key in the command on the terminal window and the screenshot below will
offer some guidance:

How to Speed Up the Operations on Kali Linux

There are many tools that can be used to speed up the operations on Kali Linux.
If you are using a virtual machine, you can install the VMware tools.
During the process of creating a virtual machine, you should select a disk
size that is fixed since it will be faster as compared to a disk that has been
allocated dynamically. When using a fixed disk, you can easily add files
faster and there will be less fragmentation.
There is a preload application that can be used to identify some of the
programs that are commonly used by a specific user. The application can
also preload the dependencies and binaries into the memory thus ensuring
that there will be faster access. The application normally works
automatically after the installation process is complete.
The BleachBit application can be used to free disk space while also deleting
cookies. Freeing the cache, and clearing all the internet history in a bid to
ensure that there is a higher level of privacy. Some of the advanced features
allow the shredding of files and wiping any disk space that may be free.
Some of the traces of the files that have not been fully deleted will also be
hidden.
Kali Linux has many applications and they do not all appear on the start-up
menu. The system data slows down whenever an application is being
installed during the start-up process and the system performance as well as
memory use will also be impacted. To disable some of the applications and
services that are unnecessary, you should install the BUM (Boot up
Manager). The screenshot below will offer some guidance.
 If you want to launch different applications from the keyboard directly, you
should add the gnome-do and you can access it from applications then
accessories menu. After the gnome-do has been launched, you should then
select the preferences menu and then activate the Quiet Launch function.
You should then select the launch command. After that, you will then clear
any of the commands that exist and enter the command line so that it may be
executed after the launch keys have been selected.
Besides launching different applications from the keyboard, it is also possible to
launch some of these applications using different scripts.
Sharing Folders with the Microsoft Windows Operating System
Kali Linux has many tools and the operating system also offers flexibility when it
comes to the applications that can be used on the operating system. If you want to
access the data in the host OS (operating system) and Kali Linux as the guest when
being used in the “Live mode,” you should create a folder that can be easily
accessed.
After placing the important data on the shared folder, you can easily access it from
either of the operating systems. You should follow the following steps to create a
folder:
1. The folder should be created on the operating system. In this instance, the
folder will be named “Kali.”
2. You should right click on the folder named “Kali.” After that, you will then
click on ‘share.’
3. Make sure that the file will be shared with ‘everyone.’ People can read or
write anything that will be present in the folder.
4. If you have not created a folder and also shared it, you may install some of
the VMware tools.
5. After completing the installation process, you will select the virtual machine
setting that is present on the VMware menu. You can then share folders and
select enabled. You will then create a path that will allow you to select the
shared folder that is located in the host operating system.
 6. You will then open the browser that is present in the Kali Linux desktop.
The shared folder can be accessed in the mint folder.
7. Make sure that you have dragged the folder to the Kali Linux desktop.
8. All the information that has been placed into the folder can be accessed on
both Kali Linux and the host operating system.

When carrying out a penetration test, you can store your findings in the shared
folder. Some of this information is sensitive and it is good to ensure that it has been
encrypted. There are different ways through which you can encrypt the folder. In
chapter 4, we have discussed about how to use LVM encryption. After encrypting a
folder or even a partition, you should always remember the password. If you fail to
remember the password, you cannot access the data present in the shared folder or
even the partition that you may have created during the Kali Linux installation
process. The main reason why encryption is important is because it ensures that
unauthorized individuals cannot access the data.
How to Manage the Third-Party Applications

Although Kali Linux has numerous applications that have already been pre-loaded,
you may also need to install other applications that will come in handy when
carrying out some security audits and penetration tests. Some of the tools that you
may need to install are quite advanced and you may also possess some knowledge
on how to effectively use them. When using Kali Linux, you can easily install
different applications and you can also locate them easily while also managing
them.

How to Install Third-Party Applications

There are many ways through which you can install third-party applications. The
most common technique is the use of the apt-getcommand which comes in handy
when accessing the GitHub repository while also installing the applications
directly.

When installing applications, you must make sure that they are from the Kali
Linux repository. During the installation process, you should use the apt-get install
command. You should execute the command from the terminal window. The
graphical package management tool may also come in handy during the
installation process.

Some of the third-party applications that you can install include:

 Apt-file- the command is used to search the packages that are present in the
APT packaging system. You can list all the contents of the packages and you
will not have to install each one of them.
openoffice: the application offers office productivity suite and it helps when
it comes to documenting various activities.

Gnome-tweak-tool: this is a command which enables the users to configure

different desktop options while also changing themes. You can also record
the activities that are taking place on the desktop.
shutter: this is a tool that is used to take screenshots when using Kali Linux.
team viewer: the tools supports remote administration and remote access.
When using this tool, the penetration tester can also carry out different tests
remotely.
scrub: this is a tool that is used to delete data in a secure while also
complying with different government standards.
terminator: the tool allows horizontal scrolling on Kali Linux.
There are some tools that are not present on the Debian repository and they can be
accessed using the apt-get install command. Also, there are many tools that are
present on the GitHub online repository and they are mainly used for the software
development projects. Most of the developers prefer to use the open repository
since it offers some flexibility. There are some applications that should be installed
manually. The installation process and the dependencies will always vary for every
application. You must refer to the README file that is always provided by the
developer. The file will offer some guidance on how you can install the application
and also configure correctly.

How to Run Third-Party Applications

In this case, the applications that are being discussed do not have any root
privileges. Kali Linux was invented to support penetration testing. Some of these
tools require the user to have some root-level access and that is why the data and
ability to access the toolset is protected using encryption and passwords. There are
some third-party tools that you can also run without the presence of root-level
privileges. Some of the tools that may be compromised include the web browsers.
The attacker can have access to some of the root privileges after the web browser
has been compromised. In some instances, the root access is not always required
and the user should run each of these applications as non-root users. To run
different applications as non-root user, you should start by logging into Kali Linux
when using a root account. Make sure that you have configured Kali Linux using a
non-root account. In the example provided in this case, the non-root user account
was created using the adduser command.
You should perform each of the following steps when running the Iceweasel
browser as a non-root:
1. Start by creating a non-root user account.
2. The application that we will use in this case is known as sux. Using this
application, it is possible to transfer the credentials to the non-root user from
the root user.
You will download the sux application. After that, use the apt-get install
command to install the application.
3. Start the web browser. After that, minimize the browser.
4. Use this command:

In this instance, Iceweasel is being run using the root privileges.

5. The Iceweasel should then be closed and relaunched. You will relaunch the
application using the sux- noroot Iceweasel command. This screenshot will
guide you:
After examining the Iceweasel title bar, you will notice that it was initially invoked
as the non-root user and the account does not possess the administrator privileges.

You must make sure that the browser is operating under the no root account. Make
sure you have examined all the open processes.

How to Effectively Manage a Penetration Test

When performing penetration tests, the main challenge is remembering all the tests
that should be carried out while trying to unveil some of the vulnerabilities that are
present in the system. In some cases, you may also fail to remember whether you
have conducted some tests as well as whether some tests have been completed.

There are some penetration tests that are complex and the methodology should also
adapt the specific target. Some of the applications that can be used by the testers
include Wireshark and keyloggers when carrying out different tests. The data that
has been obtain may come in handy in instances whereby there is an application
outage. When analyzing the packets, you can also identify the packet tools that
have been affected by the network.
Kali Linux has many tools that can be used to make rapid notes while also serving
as a repository to add data using the Zim and KeepNote desktop wiki. The testers
have to perform different tests while also collecting data that will come in handy
when providing some data to the clients. It may be difficult to collect the data since
some of the results may be transient. The tests usually demonstrate that some
things had been changed on the target system. Since some of the vulnerabilities
may fail to re-emerge, the documentation may come in handy. When you realize
that there are vulnerabilities within the system, you also need to make sure that as a
tester you can demonstrate that they exist. Always make sure that you have taken a
screenshot that will help to showcase your findings. Some of the tools that you
may use in this case include shutter. The tool comes in handy when capturing
images on the desktop. CutyCapt also comes in handy and it can save the images in
different formats including PS, PDF, JPEG, TIFF, PNG, BMP, and GIF.

We have been able to examine Kali Linux in this chapter. We have also been able
to discuss some of the tools that can be used to carry out some penetration tests
legitimately. We have also noted that some of these tools can also be used by
external attackers since Kali Linux is open source. When installing Kali Linux, you
can use it on the “Live Mode,” and both the main operating system and the Kali
Linux can be used when carrying out the tests.
Chapter 4
Kali Linux Installation
Installing Kali Linux
Installing Kali Linux on a Hard Disk
There are various requirements needed when installing Kali Linux on a hard disk.
When installing the operating system on a computer, the process is quite fast and
easy. For starters, you should make sure that the computer hardware is compatible.
Kali Linux can be supported on the amd64, i386, and ARM platforms. The
hardware requirements are not as many; however, better hardware will ensure that
you will get better performance. Always start by downloading the Kali Linux
operating system. You can burn the operating system on a DVD. Alternatively, you
can also use a USB stick when you are running Kali Linux “Live.”

Installation Prerequisites
The hard disk space should be at least 20GB in size.
As for the amd64 and i386 should have a 1GB RAM minimum. It is
recommended that you should have at least 2GB RAM.
CD-DVD Drive support.
Preparing to Install Kali Linux
1. First download Kali Linux from their official site.
2. Ensure you have a blank DVD where you can burn the Kali operating
system. You can also a USB drive if you want to run it live.
3. Make sure that the computer has the ability to boot on the BIOS.
Installing Kali Linux Step by Step
1. When you start installing Kali Linux, you should boot using the installation
medium that you have chosen. You can choose in between the Text-mode
and Graphical install. As per the image that we have showcased below, we
have used the GUI install.
2. Choose the language and the country of your choice. Use the suitable
keymap to configure the keyboard.
3. Ensure that you have specified your geographical location.
4. The image will be copied to the hard disk by the installer. Enter a hostname after
probing all the network interfaces. As per the image below, “Kali” is the hostname
that we have chosen.
5. You have the option of providing a default domain name that will be used by the
system.
6. The non-root user should also have a full name.
r
7. In the process, a default user ID will be similar to the hostname. It is also
possible to change it depending on your preferences.
8. Set your time zone.
9. Your disks will be probed by the installer. You will be provided with four
choices. In this instance, we will use the entire disk that is present on the PC. The
logical volume manager (LVM) will not be configured. If you are experienced, you
can partition the hard disk manually.
10. The hard disk that is to be partitioned will be selected.
11. Every user has different needs. You can choose a single partition depending on
your preferences.
12. You will be accorded the opportunity to review the disk configuration. After
clicking “continue,” you cannot make any further changes
13. You can go ahead and configure the network mirrors. Make sure that you have
installed an appropriate proxy.
After selecting “NO,” it will be impossible to install any packages from the Kali
Linux repositories.
14. You can go ahead and install GRUB.
15. After clicking “continue,” the system will reboot.
The Post Installation
After completing the installation process, you can go ahead to customize the
system. If you are not an experienced user, you can go ahead and look into the Kali
Linux user forums.

How to Dual Boot Kali Linux with Microsoft Windows Operating System.

It is possible to install Kali Linux and Microsoft Windows operating systems

alongside each other. You will have to be cautious during the setup process. You
must make sure that all the important documents on your PC have been backed up
during the installation process since the hard disk drive will be modified. After the
backup process is complete, you can go ahead with the installation process. Also
peruse through the Kali Linux hard Disk Install.
We will provide an example and, in this case, we will use the Microsoft Windows
7 operating system. Since the operating system has consumed some considerable
amount of space on the hard disk, we will start by resizing the hard disk so that it
may occupy less space thereby allowing us to install the Kali Linux operating
system.

After downloading the operating system, you can burn it into a blank DVD.
Alternatively, you can also use a USB drive if you want to run the Kali Linux
“Live.” You can also peruse through the Kali Linux Install just in case your laptop
does not have a USB port. You must have the following:
The free hard disk space should be at least 20GB.
Your PC should have a USB boot support/ CD-DVD.
Preparing to Install Kali Linux
1. Download the operating system.
2. Burn the operating system into a blank DVD or copy and paste it into a
thumb drive.
3. The PC should be able to boot from the USB drive in the BIOS.
Dual Boot Installation Procedure
1. When starting the installation process, make sure that the installation
medium that you have chosen is booted. The Kali boot screen will then
appear. You should select Live. After that, you will be booted into the
default desktop on Kali Linux.
2. You will then launch the gparted program. The program comes in handy
when shrinking the hard disk space that contains the Microsoft Windows
operating system. After that, you will have enough space to install the Kali
Linux operating system.
3. Select the Microsoft Windows partition. As per the current example, there are
two partitions. There is the System Recovery and the Windows partition which is
/dev/sda2. You can resize the Microsoft Windows partition and you must make
sure that you have left at least 20GB space that will be used to install the Kali
Linux operating system.
4. After resizing the partition with the host operating system, ensure that you have
clicked on “Apply All Operations” that are present on the PC’s hard disk drive.
Exit gparted. After that, reboot the PC.

The procedure on how to install Kali Linux

1. The installation procedure is similar in each case. The main difference is
when you arrive at the partitioning point. You have to select “Guided.” After
using gparted, make sure that you have used the largest free space present on
the hard disk.

2. After the installation process is complete, you should reboot the system. The
GRUB menu will then appear and you can then boot to either Microsoft
Windows or Kali Linux.
Post Installation
After the installation process is complete, you will be able to customize your
system. You can learn more about how to customize the Kali Linux system on
the Kali site as well as the User Forums.

Dual Boot Kali Linux on the Mac OS X Hardware

When installing the operating system on the Mac OS X hardware, there are
some factors that you should consider. At the moment, Kali Linux is able to
support EFI and that is why people can now easily install the operating system
on various Apple devices including MacBook Air. In this section, you will gain
some insight into how you can use rEFInd to dual boot the Kali operating
system with the Mac hardware. You can also encrypt the Kali Linux partition in
the process. It is also possible to single boot the Kali Linux operating system on
the Mac Hardware. The boot menu will appear when you use the third-party
 software rEFInd. After successfully installing the Kali Linux, you can
customize the rEFInd so that it may be completed completely or it may be
hidden.
Installation Prerequisites
The hard disk space must be at least 20GB.
The RAM should be at least 1GB. It is recommended that you need at
least 2GB RAM.
For the older Mac devices that were manufactured before 2012, you
should use a blank DVD. To use the USB booting, you must first install
the rEFInd software.
You need OSX 10.7 or higher.

Preparing to Install Kali Linux

1. Download the operating system
2. Burn the operating system to a blank DVD.
3. Any important information should be backed up.
Preparing the OSX (Installing the rEFInd)
1. In this context, we will use the version 0.8.3 of the rEFInd.

2. After you have downloaded the rEFInd, you can extract the content present
in the zip file. You will then install the shell script using the sudo command.

NOTE: If you fail to use the sudo command appropriately, you can lose some
important data since some of the important files on your PC may be deleted.
Always double check everything. To proceed, key in your password. To abort,
press Ctrl-C.

The sample configuration should be copied as refind.conf. The file should then be
edited to configure the rEFInd.

How to Partition the Hard Disk on Kali Linux

1. Before you install Kali Linux, you need to ensure that you have freed
some space on your hard disk. When booting Kali Linux “Live,” you will
be able to resize the hard disk. When you power on the PC, you must
press the option key and hold it. You will then wait for the rEFInd boot
menu to appear.
 2. After the boot menu has appeared, you shall insert the installation
medium that you have chosen. If everything works out, you will notice
that there are two volumes.
Kali Linux may be based in Debian; nevertheless, the rEFInd will detect it as
Windows.
Start by selecting the Windows volume to proceed.
When using a DVD, you will have to press ESC so that you may refresh the
menu after the disk has started spinning fully.
If you notice that only the EFI volume is present, it means that the
installation medium of your choice is not supported on the specific Apple
device. You should make sure that you have installed the rEFInd software
first.
When selecting the EFI volume, you will not be able to proceed since the
booting process will hang.

3. The boot screen will appear and you must click on the live option. You
will then be booted to the default desktop.
4. When resizing the hard disk, you can use gparted. By freeing up some
space, you will be able to install the Kali Linux. To find Gparted, you
should locate the Kali menu first. You will then go to applications, then
system tools, and you will then find the GParted Partition Editor.
5. After opening Gparted, you will then select the OSX partition. In most
cases, the second partition is normally the largest one. As per our
example, three partitions are present. There is the /dev/sda1 (EFI upgrade
partition), /dev/sda2 (OSX), and /dev/sda3 (System Recovery). The OSX
partition should be first resized. Make sure that minimum space left in
the partition is 20GB.
How to Install Kali Linux
1. In order to initiate the installation process, you must repeat the first two
steps that have been discussed above. After the boot screen appears, you can
choose the ‘graphic install’, ‘Live’ or the ‘Text mode install.’ The setup
process will then begin.
2. You will then select the language that you prefer.Use the most appropriate
keymap when configuring the keyboard.
3. The images will be copied into the hard disk by the installer. While probing
the network interfaces, you will be prompted to enter a hostname and a
domain name afterwards. As per the current example, the hostname we have
chosen is “Kali.”
If multiple NICs are detected, you will be prompted to choose one of
them so that the Kali Linux installation may proceed.
If you choose the 802.11 NIC, you will have to collect some
information about the wireless network. After that, you can key in a
hostname.
You will have to key in the network information manually before you
probe for the network interfaces in an instance whereby no DHCP
service is present on the network.
If the NIC is not detected by Kali Linux, you need to make sure that
you have included the drivers. You can also come up with a custom
Kali Linux ISO where the NIC may be pre-included.
4. When keying in the password for the root account, you have to make sure that it
is strong enough.
5. The next step entails setting your time zone.
6. The disks will be probed by the installer and you will have five choices to
choose from. In the example we have provided, we used the spare partition and it
was made when the live mode was being set up. We then selected “Guided-use the
largest continuous free space.”
If you are an experienced user, you can use the ‘manual’ option. You will
have some granular configuration options at your disposal. You can also set
up the encrypted LVM and that means the Kali Linux will be fully
encrypted. You will then be prompted to key in a password. When you start
the Kali Linux operating system at all times, you should key in that specific
password.
The system will be wiped securely before Kali Linux requests for a password. The
time it will take to wipe the hard disk drive will be dependent on its size. You also
have the option to skip it.
7. The next step involves the selection of the partition structure that you prefer to
use. In this case, we will use the default option and everything in the hard disk will
be in one partition. An overview will be displayed afterwards. You can press the
continue button of you agree with the present suggestions.

8. You will review the hard disk one more time before some permanent changes
are enforced by the installer. After clicking continue, the installation process will
be almost complete.
9. The network mirrors can be used in this case. The online repository can also be
used in this case and all the applications should be kept up to date. The additional
programs must also be kept up to date. In case you have to key in some proxy
information, you can enter the necessary details on the next screen. If you select
“NO’ in the screen, you cannot install any of the packages present in the Kali
Linux repositories.
10. Install the GRUB bootloader.
11. To complete the Kali Linux installation, you should press “Continue.” After the
installation process is complete, you should go ahead and restart your PC.
To boot into the “Live mode,” you should repeat the first two steps once more.

12. If the gdisk package is not present in the Kali Linux ISO, you should go ahead
and install it. If the network repository was enables, you can install the gdisk
package easily.
apt-get update
apt-get installgdisk

13. The MBR (Master Boot Record) should be converted to a hybrid so that the
Apple EFI can detect and also boot using GRUB.
Afterwards, you can turn off your PC and remove the installation media.
After the installation process is complete, power off the laptop and also remove the
installation media that you were using.

Partition table scan:

MBR: protective
Found valid GPT with protective MBR; using GPT.

Note: The Hybrid MBRs are dangerous. If you do not want to use any, you should
prompt the MBR partition table since it will be untouched.
 Final
checks complete. About to write GPT data. The existing partitions will be
overwritten.

14. We can now use the Mac OSX and Kali Linux. You can select one of the
operating systems after you have powered the PC.
rEFInd Configuration
It is possible to alter the rEFInd in different ways, including:
Direct boot into the default OS.
The timeout values.
The default operating system selection. The default operating system in this
case is Mac OSX.
You can also remove the rEFInd and it will enable you to use the usual
Apple Menu. You can still use the Mac OSX and Kali Linux on the same
PC.
If you want to make some of these changes, start by booting into the Mac OSX.
You will then later the following file:
If you want to make some changes, boot into OSX, and alter this file:
The timeout value will control the amount of time that it takes to select the
operating system from the boot menu that appears during the startup
process. When you select ‘-1,’ you will boot directly using the default
operating system.

The default value is selected during the startup process. The Mac OSX will
be placed at position ‘1’ whereas Kali Linux will be set at position ‘2.’ As
per the current example, the Mac OSX is the default operating system.

In an instance whereby the two alterations are combined and the changes are
saved, you will realize that nothing will have changed even after installing
Kali Linux. After pressing the ‘options’ key during the startup process, you
will see the following.
EFI Boot – OSX
Windows – Kali Linux
Recovery HD – OSX’s Recovery Partition
When using the boot menu provided by Apple, you cannot alter the value names;
however, you can customize the values when using rEFInd.
Single Booting Kali Linux on the Mac Hardware
We will start by considering the installation requirements. Kali Linux currently
supports EFI out of the box after version 1.0.8 of the operating system was
released. The added features have come in handy since they simplify the processes
of installing the Kali Linux operating system specifically on different Apple
devices such as the Apple Mac Book Air.
The model/make/ year matters. It is easy to install Kali Linux on some of the latest
versions. As for the older devices, first make sure that you have pre-installed the
rEFInd so that you may increase your chances of successfully installing Kali
Linux.
In this section, you will learn about how to replace the Mac OSX with the Kali
Linux. The partition that you create can also be encrypted. The single boot means
that you will use only Linux. For the dual boot, you will use both Mac OSX and
Kali Linux and the guide was outlined earlier.
The installation requirements are as follows:
The hard disk space should be at least 20GB and above.
The minimum RAM should be 1GB. It is advisable to use 2GB RAM and
above.
If your device was manufactured in 2012 or earlier, you should first burn the
Kali Linux ISO into a blank DVD. If you have installed the rEFInd, you can
install the Kali Linux ISO through USB booting.
The Mac OSX should be version 10.7 or higher.
Preparing to install Kali Linux
1. Start by downloading the Kali Linux operating system.
2. Make sure you have a blank DVD where you can burn the operating system.
You can also copy the operating system onto a USB drive.
3. The sensitive pieces of information on the PC should be backed up first onto
an external hard drive.
The Kali Linux Installation Procedure
1. When installing Kali Linux, first turn on the device and press the “option”
key. The boot menu will appear after some time.
 2. You will then choose the installation media. Two volumes will also appear-
the EFI and Windows. The Kali Linux operating system is Debian based;
however, Apple devices detect it as Windows.
You should the Windows volume so that you can proceed with the installation.
If the only volume appearing is the EFI, it means that the installation media
that you have chosen is not supported.
You should install the rEFInd and try to install the Kali Linux once again.
If you happen to choose the EFI volume, the device will hang and you
cannot proceed with the installation process.
3. The Kali Linux boot screen will appear and you can also choose between
“Live,” “Text-mode Install”, and the “Graphical Install.” In this instance, we
have chosen the “Graphical Install.”
4. You should select the language that you prefer as well as your present
country. The keyboard should also be configured with the appropriate
keymap.

5. The image will be copied to the hard disk by the installer. The network
interfaces will then be probed. After that, you will key in the domain name
and the hostname. In the example will have provided, the hostname we have
chosen is ‘Kali.’
If multiple NICs are detected during the setup process, you will have to
choose the specific one that you want to install.
If the NIC that you choose is 802.11 based, you should provide some
information about the wireless network after providing the hostname.
 If there is no DHCP service running on the current network, the network
information should be keyed in manually after probing the network
interfaces.
If the NICs are not detected by Kali Linux, you should ensure that you have
installed the necessary driers first. You can also generate a Kali Linux ISO
that is customized and the drivers should be pre-included.

6. Make sure that the root account is protected by a strong password.

7. Set the time zone.
 7. The disks will be probed by the installer and you will be offered five
choices. Since the Logical Value Manager (LVM) is not being used in this
case, we will use the entire disk. As a result, we have selected ‘Guided- use
the entire disk.’
If you are an experienced user, you can handle the entire process manually.
You can also set up the encrypted LVM in the process and that means the
entire Kali Linux will be encrypted. You will then be prompted to key in the
password. You should use the same password when logging in to the Kali
Linux.
The entire hard disk will be wiped and after that you will be prompted to enter the
LVM password. The process may take long depending on the size of your hard
disk. If you are not worried about the associated risks, you can skip the process.
9. You will choose the hard disk that you want to erase. Always double check
everything first.

10. You will then select the partition structure that suits your needs. If you fail to
choose, the default option entails ensuring that all the information will be present
on one partition. The overview will then be displayed by the installer. If the
suggestions provided suit your needs, you can press ‘Continue’.

11. You can review the hard disk drive configuration process once more. After that,
you cannot make any changes since the installation process will be complete.

12. The current screen showcases the configuration of the Internet network
mirrors. Kali Linux can easily distribute applications when using the online central
repository so that the packages may be up-to-date at every given moment. You can
also install additional programs easily.
When you select ‘NO,’ you will be unable to install any packages that are present
from the Kali Linux repositories unless you have been able to alter the sources.

13. You can install the GRUB loader.

14.
14. To complete the installation process, you should click ‘Continue.’ You should
restart the PC after the Kali Linux installation process has come to an end.
To boot into the kali Linux ‘Live Mode,’ you should repeat the few steps that have
been highlighted in the context within this chapter.
15. You should install the gdisk package if it has not been included in the Kali
Linux ISO.
If the network repository was enabled during the setup process, you can follow
these guidelines:

16. The MBR will then be converted into a hybrid and the Apple EFI will be able
to detect and boot to GRUB.
The MBR will be converted to a hybrid. Apple’s EFI will then be able to detect
and it will also boot to GRUB.
17. After completing the above process, you can reboot the PC and also remove the
installation media. You are now free to enjoy Kali Linux.

Kali Linux Remote Install via Rescue System

It is possible to install the Kali Linux operating system on a collaborated server.
On the servers, you can perform network scans among other activities. Before the
installation process commences, you should boot the server first into the rescue
mode and make sure that you have saved the network configuration. The tools
available on the Kali Linux will be dependent on the specific rescue system. After
the server has been connected through SSH, you will have to format the hard disk.
Kali Linux Encrypted Disk Install

There are some instances whereby some sensitive data may be stored on the PC.
To ensure that it cannot be accessed by unauthorized individuals, the entire hard
disk should be encrypted. During the installation process, the Kali Linux installer
will enable you to encrypt the disk after initiating the LVM encryption. The
installation procedure is the same as the “normal Kali Linux Install.” You can also
choose a partition that will be encrypted using LVM.

The Installation Requirements for the Encrypted Kali Linux

It is easy to install the Kali Linux. For starters, you have to make sure that that the
hardware is compatible. If the hardware is quite advanced, you will get better
performance when using the Kali Linux. You can install Kali Linux when using a
USB Drive or even a DVD after you have burned the Kali ISO image. The
installation medium you choose will depend on your preferences.

The Installation prerequisites-

The hard disk space should be at least 20GB.
When dealing with the amd64 and i386 architectures, you should ensure that
the PC has 1GB RAM minimum. 2GB is quite preferable.
The PC should have a USB port and you can also boot from the BIOS.
Preparing to Install Kali Linux
1. Download the operating system from the official website.
2. Start by burning the operating system to the blank DVD.
3. The PC should be set to boot from either of the installation media in the
BIOS.
The Kali Linux Installation Procedure
1. When starting the installation process, you should start by choosing your
preferred installation medium. The Kali Linux boot menu will appear first.
You will then choose the Text-Mode or Graphical Install. In the provided
example, we have used the Graphical Install commonly known as the GUI
install.
2. Select the county and the preferred language. You will then configure the
keyboard with the most suitable keymap.
3. The Kali ISO image will then be copied to the hard disk, the network
interfaces will be probed as usual and you must key in the host and domain
name. The hostname in the current example is “Kali.”
4. Ensure the root account password cannot be easily cracked.

5. You will then be prompted to set the time zone.

6. The hard disk will be probed using the installer. You will then be offered
four choices. For the LVM install that is encrypted. You should choose the
“Guided” option to set up the encrypted LVM.

7. You will then choose the destination drive where you will install Kali Linux.
As per the example in this section, we have chosen a USB drive destination.
The USB drive will then be used to boost the encrypted Kali Linux.
8. You should go ahead to confirm the partitioning scheme and the installation
process will then continue.
 9. You will be prompted to enter the encryption password. You must remember
the password at all times when you are accessing the Kali Linux operating
system.

10. You will then configure the network mirrors. You can distribute the
applications using the Kali Linux central repository. You will also have to
key in the correct proxy information.
IMPORTANT! You cannot install any packages from the Kali Linux repositories
after selecting “NO.”
11. You should install GRUB.

12. After the installation process has been completed, you can go ahead
and reboot your PC. You will then remove the installation medium. When
you turn on your PC, you will have to provide the encryption password in
 every instance.

Post Installation
After installing the Kali Linux operating system, you can go ahead and customize
it. You can also seek some information from some of the Kali Linux user forums if
you are not an experienced user.

Kali Linux Mini ISO Install

You can easily install the minimal Kali Linux system when using the Kali mini
ISO. The installation process starts from “scratch.” All the required packages will
be installed by the mini install ISO from the Kali Linux repositories. First, make
sure that your internet connection is fast and stable when using the Kali Linux
Mini ISO Install method.
The Installation Prerequisites
The hard disk should have at least 8GB free space.
For the amd64 and i386 architectures make sure that the minimum RAM
present on the PC is 512MB.
The PC should have USB/DVD Drive boot support.
Preparing for the Installation
1. First download the Kali mini ISO.
Graphical installer.
Text installer.
2. Burn the operating system to a blank DVD.
3. Make sure that the PC can boot from a USB or a DVD in the BIOS.

Kali Linux- How to Install the Operating System.

After booring the mini ISO for the first time, you will see a small boot menu that
will have numerous options. As for the example we will use in this case, we will be
dealing with a basic install.
You will be tasked with choosing the language you prefer, the keyboard type, the
country, and also the time zine. You will also have to select a hostname during the
installation process. The default hostname is normally “Kali.”
You will select the time zone and you will then see the present partition options.
You should opt for the ‘Guided- use entire disk’ while also following the prompts
that will appear during the installation process.
The network bandwidth can be reduced into small subset packages that will be
selected by default. You can make more selections to add new features.
The installer will now download the packages that are required and they will be
installed into the system. The internet speed will determine how long the process
will take. There will come a point whereby you will be prompted to install the
GRUB as you complete the entire installation process.
Post Installation
After completing the Kali Linux installation process, you will be able to
completely customize the system. To learn more about the operating system you
can get some tips on some of the Kali Linux User Forums.
Chapter 5
Real examples of how to hack with Kali Linux

Kali Linux has more than 600 tools. Each one of these tools performs different
functions. Since there are different types of hackers, each hacker will always try to
look into the vulnerabilities that are present within the system. The white hat
hackers ensure that they have patched all the present vulnerabilities. The black hat
hackers usually take advantage of these vulnerabilities so that they can gain access
to different pieces of information that they will use for their own personal gain. We
will now look into some of the examples on how a person can hack when using
Kali Linux.

When carrying out an attack, you must make sure that you have carried out a pilot
study. It helps you to gather information that you will use hen launching an attack.
After identifying some vulnerabilities, you can exploit a network or even the web
applications. During the exploitation process, some of the factors that you should
consider include:
The attacker should make sure that the target has been characterized fully. If
the attacker has not gained an in-depth understanding of the network, there
is a high likelihood that the attack will fully fail. Also, the attacker can be
easily detected.
The attacker should first look into whether the exploit is well known. Are
there some actions that have already been defined in the system? If an
exploit has not been fully characterized, there might be some consequences
that are unintended. It is good to make sure that all exploits have been
validated first.
First look into the manner in which the exploit is being carried out. For
instance, the attack may be conducted from a remote location and that means
 that you cannot be caught easily. The main issue is that you will not have a
lot of control over the exploits.
Consider some of the post-exploit activities. If you need to gather some data
first, you must make sure that you have established some interactive actions.
Consider whether you should maintain access or whether you will be
compromised. Such factors will help to ensure that you have come up with
a stealthy approach to avoid detection.
There are many vulnerabilities that can be easily identified. Some of these exploits
are based on different techniques and that is why the system can be compromised
easily. We will now provide some real examples on how to hack using Kali Linux.

Threat Modelling

The pilot study comes in handy and it makes sure that you can learn more about
the present vulnerabilities. Always make sure that the attack has been coordinated
in a planned manner. If not, you may fail to achieve your objectives. Also, you can
be caught easily. When carrying out an attack, there is a process commonly
referred to as threat modelling. It is good to note that the attackers and testers are
using the same tools. The main difference is the motive of each party.

Threat modelling comes in handy when trying to improve the success rate of an
attack. There is the offensive threat modelling and it involves the use of the
research and the results of the pilot study. As an attacker, you must first consider
the availability of targets. The types of targets are as shown in the list below:
Primary targets- when such a target is compromised, they will support the
objective.
Secondary targets- this is a target who can provide some information such as
passwords and security controls. The information will come in handy when
launching an attack.
 Tertiary targets- these are targets that can be compromised easily and they
can also be distracted easily and that means that they can also provide some
information that can be used to launch an attack.

For every target, the attacker should always determine the approach that they want
to use. If there are some vulnerabilities, the attacker will go ahead and launch the
attack. If there is a large-scale attack, some issues may occur. Some attackers make
use of the attack tree methodology. The following diagram will provide some
overview about the attack tree methodology:

The approach is used when trying to visualize some attack options that will ensure
that the attack has gone accordingly. After generating an attack tree, you can
visualize the attack options that are available. The vulnerabilities will ensure that
you have learned more about the most suitable attack options.

How to Use the Vulnerability Resources

The pilot study helps you to learn more about the target’s attack surface and that
means it is the total number of points that you will assess to find the
vulnerabilities. If a server has an operating system, it means that the server can
only be exploited if the operating system has some vulnerabilities. If many
applications have been installed into the system, there will be many vulnerabilities.

As an attacker, you will be tasked with finding some of the vulnerabilities that are
present within the system. For starters, you should make sure that you have looked
into some of the vendor sites. You will gain access to some information about
different vulnerabilities and the period when some patches and upgrades have been
released. There are some exploits for different weaknesses and they are commonly
known. There are many vendors who will provide some of this information to their
clients. When attackers gain access to such information, they will use it to their
own advantage. You can gain access to this information from numerous sources.

Kali Linux has an exploit database. It is situated in the /usr/share/exploitdb

directory. Before you can use it, you should update it using the following
command:

Start by opening a terminal window by searching for the exploitdb local copy. You
will then keyin the searchsploit in the command prompt. A script will then search
the database that possesses the list of all the exploits. You can then extract the
exploits, compile, and run them depending on the present vulnerabilities. The
following screenshot showcases some vulnerabilities.

Open a terminal window so that you can search the exploitdb. After opening a
terminal window, you can key in the searchsploit command. You will then key in
the search term that you want to look up. A script will be invoked and a database
will all the exploits will appear. The files will be in the .csv format. The search
allows you to learn about different vulnerabilities. You can also extract the
exploits, and later compile and run them against various vulnerabilities. The
screenshot below showcases a list if various vulnerabilities:

When searching the local database, you will realize that there are many exploits
that are present within the system. The path listing will also list some descriptions.
You must also make sure that the environment has been customized before you can
launch an attack. There are some exploits that are presented in the form of scripts
and they include PHP, Perl, and Ruby. Some of these exploits can be implemented
easily. If you want to hack into a server such as the Microsoft II 6.0, such an
exploit is easy since the server can be accessed remotely using the WebDAV. To
exploit the server, you should by copying the exploit and then copying it into the
root directory. You will then execute the exploit using a Perl script as shown
below:
Some of these exploits are in the form of source codes that should be compiled
before you can use them. For instance, if you are searching for the RPC
vulnerabilities, you will realize that there are many vulnerabilities. An example is
shown in the screenshot below:

There are many vulnerabilities including RPC DCOM. It is normally identified as

a 76.c When compiling this exploit, you will start by copying it from the storage
directory into the /tmp directory. Within the specified location, you will then
compile everything using the command that is shown below:

The 76.c will then be compiled using the GNU compiler. The screenshot below
will offer some guidance:
After invoking the application depending on your target, you should make sure that
you have called the executable using the following command:

As for this exploit, the source code has been well documented and you should also
adhere to some parameters that are quite clear during the execution process. The
screenshot below has offered some guidance:

Although there are many exploits, not all of these exploits will exploit the public
resources or the database that has been compiled as a 76.c. There are numerous
issues that are present and that is why using some of these exploits becomes a
problematic affair. Some of the issues include:
The source code may be incomplete and some deliberate errors may also be
present as some of the developers try to make sure that some of these
exploits cannot be utilized by some users that are not experienced. Some of
these beginners may be trying to compromise the system and they may not
be conversant with some of the involved risks depending on their specific
actions.
Some of these exploits have not been documented in a comprehensive
manner and that means that the way in which the use of the source code is
used may bring about some issues. If an attacker or a tester encounters some
issues, they will not be able to make good use of these exploits.
 The changing environments will bring about some inconsistent behavior and
that means that the source code will be changed significantly. Only as skilled
developer should handle such a task.
Some of the source codes may contain some malicious functionalities and
the attacker may use this to their own advantage when trying to penetrate a
system. The malicious functionalities come in handy when trying to create a
backdoor that will allow them to enter into the system as they wish.

As an attacker, you will want to make sure that your results are consistent and that
is why some coders have come together to form a community. They are able to
come up with different practices that are also consistent. Some of the suitable
exploitation frameworks include the Metasploit framework.

The Metasploit Framework

The Metasploit framework is in the form of an open source tool that has been
designed to facilitate the penetration into a network. The framework was created
using the Ruby programming language. A modular approach was used during the
creation process and that is why people can easily code and develop different
exploits. Some complex tasks can be easily be implemented using the Metasploit
framework.

The Metasploit framework will always present numerous interfaces to each of the
backend modules and it will be easy to control the entire exploitation process. As
for this case, we will make use of the console interface since it guarantees high
speeds. Also, the interface will present some attack commands and people can also
easily understand the interface. You should start by opening the command prompt
and after that you will key in the msfconsole.
The Metasploit framework has many modules that have been combined together to
affect an exploit. The modules include:
Exploits: the fragments of the code that are normally used to target different
vulnerabilities. Some of these active exploits will focus on a specific target.
They will run and after that they will exit. As for the passive explots, they
only act when a user has connected to a network.
Payloads: the payloads are in the form of malicous codes that normally
implement some commands after an exploit has been carried out
successfully.
Post modules- after an attack has been perforemed successfully, the
modules will run on some of the targets that have been compromised.
Some important data will then be collected and the atacker will gain
some deeper access into the network.
Auxiliary modules- some of these modules do not allow some access
between the attacker and the target system. The modules perform
some activities such as fuzzing, scanning, or sniffing.
Encoders- some of the exploits can bypass some of the antivirus
defenses. The modules can be used to encode the payload and it will
not be able to detect the techniques that are used to match signatures.
No operations- these modules are used to facilitate the overflow of
buffers during an attack.
When performing a pilot study, you may make use of some of these modules. If
you want to use the Metasploit framework when performing an attack, you can
follow some of these steps:
1. You will choose an exploit and comfigure it. The configired code will be
used to compromise the system depending on the present vulnerabilities.
2. You will then check the target system so that you may determine whether it
is vulnerable to an attack.
3. Choosing and configuring the payload.
 4. You will choose an encoding technique so that you may bypass th detection
controls.
5. Execute an exploit.

Exploiting Vulnerable Applications

The Metasploit framework has come in handy when exploiting some of the
vulnerabilities that are present in some of the third-party applications. In this
instance, we will look into how the buffer overflow can be exploited. For starters,
the vulnerabilities woll be present in the ReadFile function and it is used to store
the user data that has not been stored securely. When initiating the attack, the tester
will have to generate the BMP file that has been specially crafted. The target will
then open the file when using the Chasys application. When such an acitivity
occuers, the base operating system will be compromised. The attack is effective on
operating systems such as XP service pack 3 and Windows 7 service pack 1.

To initiate the attack, open the msfconsole. The Metasploit will then be used to
perform the exploit as shown below:

The exploit is quite simple; however, the attacker should set a reverse shell to the
target system. They should also make sure that the system has been compromised.
After the exploit is complete, a BMP file will then be created and it will be stored
with the name msf.bmp by default. The attacker should make sure that they have
enticed the target so that they may open the file. To do so, the attacker should make
sure that the file has not been stored using the default name since it may also be
detected by different devices. The name should be changed to something that may
be relevant to the target. After that, the attacker should then launch a new instance
of the msfconsole. A listener will also be set up to keep track of the reverse TCP
shell since it will originate from the target’s end after they have been
compromised. The following screenshot shows a simple listener.

After the target has opened the BMP image file that is present in the vulnerable
application. , there will be a meterpreter session that will be established in both
systems. The meterpreter prompt will then replace the msf prompt. The attacker
will not be able to access the system remotely using the command shell. The first
step after ensuring that the system has been compromised is to verify that the
system is accessible. The screenshot below showcases the operating system and the
computer name after the attacker keys in the sysinfo command into the terminal
window:

How to Exploit Numerous Targets When Using Armitage

Armitage’s functionality can be likened to the Metasploit console. When using
Armitage, you have access to numerous options that come in handy when attacking
some targets that have various complexities. The main advantage of using
Armitage is that you can exploit multiple targets at once. The maximum number of
targets that you can exploit in one instance is 512.
Before starting Armitage, you must make sure that the Metasploit services and the
database are up and running. You should use the following command:

You will then type Armitage in the command prompt so that you can execute the
command. There are some steps that you should follow when launching Armitage
so that it can function accordingly. So that you can discover the targets that are
available, you will have to provide an IP address so that you can add a host. You
can also enumerate targets when using Armitage since it will use DNS
enumeration.
When using Armitage, you can also import some data that is present in files such
as amap, Acunetix, Burp proxy, AppScan, Nessus NBE, Foundstine, and XML
files.You can also set a host label when using Armitage. You will start by right-
clicking so that you may select a host. You will then go to the host menu where
you will set the host label. You can then flag a particular IP address. The following
screenshot can offer some guidance:
Armitage has also been supporting dynamic workspaces. You may start by testing
a network while also trying to identify some of the servers that have not been
patched. You can highlight all these servers by issuing a label and then placing all
of them in a workspace that has been prioritized. After identifying some targets,
you can then select some modules that can be implemented during the exploitation
phase. There is also an attack option in the menu bar.

When exploiting a host, you can right-click and navigate to the attack item while
also choosing an exploit. Always make sure that you have chosen the right
operating system to ensure that the exploit is successful. There is the Hail Mary
option. It is present in the Attacks option. When you select this function, you will
view all the systems that have been identified and they can be subjected
automatically to some of the exploits that can enable an attacker to learn more
about a huge number of compromises. Such an attack is quite noisy.

If a system has been compromised, it will appear as an icon and it will have a red
border. Some electrical sparks will also be present. In the screenshot that will be
displayed here, there will be two compromised systems. There will also be a total
of four active sessions.
As an attacker, you must make sure that you have looked into all the present
vulnerabilities. In the screenshot above, the Hail Mary Option has showcased that
there are two vulnerabilities and there are two active sessions. When carrying out
manual testing using a similar target, more vulnerabilities will appear. When
carrying out real-world tests, you will realize that there are some advantages and
disadvantages of using automated tools.

Hacking the WPA2 Wi-Fi using Kali Linux

To hack into the WPA2 Wi-Fi, you should first make sure that you have an
overview of some of the tools that are offered by Kali Linux. When hacking into
the PA2 Wi-Fi, you should be conversant with the aircrack-ng tool. It is also good
to note that there are many people who claim that there are windows applications
that can be used to hack into the WPA2 Wi-Fi; these applications cannot handle
such tasks and they are used by attackers to lure unsuspecting individuals.

To gain access to a network, an attacker should make use of Kali Linux. We have
looked into the Kali Linux installation into different platforms. To hack
successfully into a network, first make sure that you have an in-depth
understanding of how the WPA authentication works. Also, make sure that you
also have an overview of how Kali Linux operates. If you possess all the
knowledge needed to carry out such an attack, we will now look into the steps on
how you can hack into the WPA2 Wi-Fi networks.

For starters, you will need the following:

You should install Kali Linux. We have discussed about Kali Linux
installation in the earlier chapters.
 You should have a wireless adapter that is capable of the monitor mode.
There are some PCs that have the network cards. If your PC does not have
one, you should purchase it.
There should be a wordlist when attempting to “crack” a password.
Time and patience.
After ensuring that you have all this, you will follow each of the following steps so
that you can successfully hack into the WPA2 network.
Although this tutorial will come in handy, it is good to note that it is illegal to hack
into the WPA2 network. The tutorial is mainly suited to the individuals carrying
out some penetration tests. After the tests, it is possible to ensure that the network
is more secure.
Step One:
Power the PC and log into Kali Linux.

Step Two:
Plug in the wireless adapter. People running Kali Linux in “Live Mode” should
make sure that they have plugged in the wireless adapter through the icon that is
present in the device menu.
Step Three:
You should disconnect from all the wireless networks and also open a terminal by
typing the following command: airmon-ng

The command will list every wireless card that can support the monitor mode. If
there are no cards, you should disconnect and reconnect the network adapter and
then check whether it can support the monitor mode. When using an external
adapter, you will not be able to see anything and that means that the monitor mode
cannot be supported by the card.
Step Four:
In the terminal window, you should key in the airmon-ng start command. Then
type the interface name of the wireless card. As for this case, the wireless card’s
interface name is wlan0. The command will then be airmon-ng start wlan0.

The monitor mode has been enabled in this case. The new monitor interface is
named mon0.
Step Five:
In the new monitor interface, you should key in the airodumop-ng command and
add the new monitor interface name which is mon0.

Step Six:
The airodump command will ensure that you will gain access to a list of all the
wireless networks that are within your region. You will also gain some useful
information about each of these networks. First, locate the network of your choice
before you can launch an attack. After spotting a network, you will hit the Ctrl + C
on the keyboard so that you can stop the entire process. Make sure that you have
noted the channel of your network target.

Step Seven:
You should copy the target network’s BSSID.
You will then key in the following command into the terminal window-

You
will then replace the channel of the target network with yours. You should then
paste the network BSSID while also replacing the name of the monitor interface
with yours and in this case, it is mon0. The file path and “-w” will the n specify
where the airodump will save the handshakes that have been intercepted so that
you can easily crack the Wi-Fi password. In this case, it has been saved on the
desktop.
The entire command should look like this:

airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0

You will then press enter.

Step Eight:
To monitor the network, we will use the airodump command. The command allows
you to capture some specific bits of information about the specific network. In this
case, we are waiting for the device to connect to the network. The router will then
send a four-way handshake that the attacker should capture so that they can crack
the password. There are four files that will also show up on the desktop. The
handshake will be saved in these folders and you should not delete any one of
these folders.
There are people who are impatient and that means that they will not want to wait
for the device to connect. If you are not willing to wait, you can use one of the
tools that belong to the aircack suite. The tool is known as aireplay-ng and it comes
in handy when speeding up the entire process. The tools are used to ensure that
device has been reconnected since some deauthentication packets will be sent to
each of the network devices. The packets will make sure that the network device
will think that it should reconnect and that means that you do not have to wait.
To use this tool, you should make sure that there is a person who has connected to
the network. You should keep track of the airodump-ng tool as you wait for a client
to show up. The process may take long as you wait for someone to connect to the
network.
In the picture shown below, there is a client who has connected to the network and
that means that the process can commence.

Step Nine:
The airodump-ng should be left running. The attacker should then open a second
terminal window where they will type the following command:

When using the default mode, there will be a shortcut and it will be named -0. The
number 2 represents the number of default packets that you can send. –a will
indicate the BSSID of the router and it will then be replaced 00:14:BF:E0:E8:D5.
The –c will indicate the BSSID of the client. The BSSID that will be replaced
belongs to the client who has connected to the network. The complete command
should look like:

Step Ten:
After pressing Enter, the packets will be sent by the aireplay-ng. As an attacker,
you may be close enough to the target client and that means that the
deauthentication process will work well. The messages will then appear on the
airodump screen.

As per the screenshot above, it means that the handshake has already been
captured. After acquiring the password, the attacker should close the aireplay-ng
terminal. You will then hit the Ctrl + C when the airodump-ng is still running. The
tool will then stop to monitor the network. In case you need to gather more
information, you should not close it.
In some instances, you may fail to receive the “handshake message,” and that
means that there were some issues when you were sending the packets.
Unfortunately, there are many issues that may arise. You must make sure that you
have moved closer. Some of the devices may not be set to reconnect automatically
and that means that you may fail when trying to perform the deauthentication. In
such an instance, you must try new devices or leave the airodump as you wait for
someone to reconnect to the network. In an instance whereby you are close to the
network, you can make use of a spoofing tool. There are many spoofing tools
including Wi-Fi honey. Such tools will try to fool the device so that it may think
that you are the router. Make sure that you are close to the device. Unless you are
completely close to the target, you should not attempt such an attack. There are
also many WAP networks that can also be cracked when using some of these tools.
Some of the networks may be empty and in some instances some of the characters
may be quite long.
Step 11:
This is the last step in the external parts of the how to hack WPA2 networks
tutorials. The steps will entail physically hacking into the WPA2 networks. For
starters, there are four files in the desktop and they were generated when trying to
retrieve the handshake messages. The important file is the .cap one command. You
will start by opening a new terminal and you will key in the following command:

The aircrack will use the –a method. It will come in handy when cracking the
handshake. The –b stands of the BSSID and it will replace the router’s BSSID. It
will be replaced with the BSSID of the router’s target. As for this case, the BSSID
we are using is 00:14:BF:E0:E8:D5. There is the –w and it stands for wordlist. It
will be replaced with the path to the wordlist that you will also have to download.
There is a wordlist that has been named “wpa.txt” and it has been placed in the
root folder. The path to the .cap file is /root/Desktop/*cap. It also contains the
password.
The complete command is as shown below:
You will then press enter.
Step 12:
The aircrack-ng will be launched and it will start to crack the password. It can only
crack the password only if it is present in the wordlist that you have already
selected. In some instances, the password may fail to be present in the wordlist.
You should then try a new wordlist. If you fail to find the password, it means that
the penetration was not possible and the network is safe from different brute-force
attacks. It may also take long to crack the WPA2 network password. Some of the
factors that you should consider include the size of the wordlist that you are using
in this case. If the password is present in the wordlist, the aircrack-ng will now
look like this:

The password to the network that we were trying to attack in this case is “not
secure” and you can also see that it is present in the current wordlist and the
aircrack tool has also found it.
At times, you may also find the password without struggling. You can also change
the password if you were trying to attack your own network to see whether it is
indeed secure. If the network was easily accessible, it means that the password
should be changed fast. As an attacker, you can always use the password to your
advantage. When accessing the network, you can easily gain access to sensitive
pieces of information.
Network Exploitation

When hacking with Kali Linux, you can easily exploit a network. You can use
some of the tools present within the operating system to find some of the
vulnerabilities that are present in a network. In this section, we will focus more on
the ways through which you can carry out a penetration test on a network while
also exploiting different services.

Man, in the Middle Attack Using Ferret and Hamster

The hamster tool comes in handy when carrying out side jacking. The tools usually
acts as a proxy server. Ferret is used to sniff for cookies in a network. In this
context, we will learn more about how to hack into a network.

Getting Ready

The Kali Linux operating system has many tools that are already pre-installed.
Since we are looking into network exploitation, we will now look into how you
can use some of these tools.
The Hamster tool is easy to use and it also has its own user interface. To learn
more about hamster, you should follow the following steps.
1. You will start by keying in the following command in the terminal window;

The output of the ‘hamster’ command is as shown below:

 2. You will then start the browser and try to navigate http://localhost:1234:

Now we just need to fire up our browser and navigate to

3. We will then click on one of the adapters and then choose the specific
interface that we will monitor:
 4. After some few minutes, the sessions will appear on the left-hand side of the
browser tab.

In some instances, the sessions may fail to appear. In such an instance, you should
exercise some patience since the ferret and hamster tools are not located in the
same folder. Hamster usually runs while also executing ferret in the background.
The main issue with ferret is that it is not suited to being used with the 64-bit
architecture. If you are using the 64-but Kali Linux version, you must make sure
that you have added the 32-bit repository first. After that, you can install ferret.
You should use the following command:
How to explore the msfconsole
It is good to learn about the basics of the Metasploit; however, in this case, we will
just learn more about how you can use Metasploit when carrying out an attack.
If you want to learn about Metasploit, the following tips will come in handy:
1. You should type msfconsole so that you can start the Metasploit console.

2. There are many exploits available and you can view them using the
following command

The output of the command is as shown below:

 3. If you want to see the current payloads, you should use the following
command:

The output of the command is as shown below:

4. Metasploit has many modules and they contain fuzzers, scanners, sniffers,
and many more modules. You can see the auxiliary modules using the
following command:
The output of the above command is shown below:

5. If you want to use the FTP fuzzer command, you should use the following
command:

6. To see the available options, use the following command:

7. You can use the following command to set the RHOSTS:

8. There is the auxiliary that notifies you that a crash has taken place and you
should always run it.
The Railgun in Metasploit
In this section, the main focus will be on the Railgun. It is a meterpreter and it is
the only feature that can be used to exploit Windows. You can use it to
communicate directly with the Windows API.
When using Railgun, you can perform various tasks that the Metasploit cannot
including pressing keyboard keys. The Windows API will enable you to perform
the exploitation in a better manner.
1.
To run the Railgun, you should key in the irb command in the terminal window.

2. If you want to access the Railgyun, you should key in the session.railgun
command in the terminal window.
As per the screenshot above, there is a lot of data that has been printed. There are
many functions and DLL’s that we can utilize.
1. If you want to see the DLL names, you should key in the following
command:

The output is as shown below:

1. To view a function of a .dll, we use the following command:

The following screenshot shows the output for the preceding command:

2. We can then call an API that will be used to lock the target’s screen. We will
use the following command:
We were able to lock the screen of the target using the API as shown below:

3. When exploiting a network, we can also gain access to the login passwords
of the target user. First, we must have the hash. We will then crack it. Also,
note that we are running Kali Linux on the “Live mode” and we can also
access Windows using an API so that it may be easy to perform a
penetration test. Depending on the results of the test, you can go ahead and
exploit the present vulnerabilities. The Windows API can come in handy
when you want to run a keylogger. When the user keys in the logins, you
will have access to the passwords. The main advantage is that Metasploit
also has a module and it also uses Railgun when trying to retrieve the
target’s passwords.
4. We will start by exiting irb and the meterpreter session will then start to run
in the background. We will use the following command:

The command will give us the following output:

5. To add a session, you will make use of the set session command.
6. We will then set the PID using the following command:
 7. After running the command, it is possible to see the password that the user
has keyed in:

We have just issued an example. Railgun can be used to perform any more actions
including creating DLLs and also deleting different users.
How to Use the Paranoid Meterpreter

Apparently, you can also hack into someone’s meterpreter session. The attacker
should just play around with the DNS of the target and they will connect after
launching their own handler. To ensure that an attack could take place swiftly, the
meterpreter paranoid mode was developed and released. An API was also
introduced and it could be used to verify the SHA1 hash of any of the certificates
that had been presented by the msf. We will now learn more about how to use the
meterpreter paranoid mode.
For starters, we will need an SSL certificate.
1. You can generate some SSL certificates using the commands shown below:

The output of the command is as shown below:

You will have to fill in some information such as the country code after keying in
the command shown below:

2. The first command in this section is used to open two files and then it writes
both of them into a single file. To generate a payload using the certificate
that has been generated, we will use the following command:

The output of the command is shown in the screenshot below:

3. If you want to set the options, you will use this command:

The preceding command is shown in the screenshot below:

 4. We will then run the handler. In this stage, the connection will have been
verified by the stager and a connection will have been established.

The tale of the bleeding heart

This is a vulnerability that is present in the OpenSSL cryptography. It had been

introduced in 2012; however, the public came to learn about it in 2012. This is a
vulnerability where an attacker can gain access to more data than is allowed. In
this section, we will look into how to use the Metasploit to exploit the bleeding
heart
The following steps will make sure that you have learned more about the bleeding
heart.
1. To start the msfconsole, we will use the following command:

The output that you should expect is as shown in the screenshot below:
 2. You will then use the following command to search for the HeartBleed
auxiliary:

The output to expect is as shown in the screenshot below:

3. To use the auxiliary, you should use the following command:

 4. The following command will allow us to see the available options:

The output will be as shown in the screenshot below:

5. The following command will allow us to set the RHOSTS to a specific IP

address:

6. To set the verbosity, we will use the following command and it should be set

to true:
7. We will type run so that we may see the data and it normally contains some
sensitive information including email IDs and passwords.
Chapter 6
Advanced Kali Linux Concept

There are some Kali Linux concepts that are advanced. It is good to note that it is
possible to customize the Kali Linux operating system. When discussing the
advanced Kali Linux concept, the main focus will be on how to customize the
operating system.

Customizing Kali Linux

We will start by discussing on how the source package can be rebuilt. It is also
good to note that it is easy to rebuild the Kali Linux operating system. The
individual packages can also be rebuilt; you will just alter the source code. In order
to accomplish all this, you have to adhere to the following steps:
Use the apt command to pull down each of the package sources.
Modify the packages to suit your needs.
The packages should be rebuilt using the Debian tools.
Since examples come in handy, we will focus on rebuilding the librefare package
so that it may have some extra Mifare access keys.
The first step is to download the package source.

The package source code should then be edited.

You can make the changes that you need to the package’s source code. As for this
example, we will modify the mifare-classic-format c as well as the file.
Check all the Build Dependencies
Make sure that you have checked all the build dependencies that are present in the
package. Make sure that you have installed all the build dependencies first before
you can start to build the package.

The output will vary from one package to another and it will depend on the
packages that you have already installed. If there is no input after keying in the
dpkg-checkbuilddeps command, it means that you should proceed with the build.
Also make sure that all the dependences have been satisfied.

Install the Build Dependencies

You should make sure that you have installed some build dependencies if they are
needed.

Construct the Modified Package

There are many dependencies that are always installed. If you want to build a new
version of the package, you should use the dpkg-buildpackage command.
Installing a New Package

If the build is complete and there are no errors, you will be able to install the
package that has been newly-created using the dpkg command.

Live Building a Custom Kali Linux ISO

It is easy to build a Kali ISO that is customized. The process is easy and fun. You
can configure different aspects of the Kali ISO build when using some of the live-
build scripts provided by Debian. The scripts are meant to enable the developer to
build some of the live system images in an easy manner. The team that was
responsible for the development of Kali Linux has also utilized some of these
scripts when producing some of the Kali ISO releases.

You should consider where you will build the Kali ISO. It is advisable to build the
Kali ISO within the Kali environment that is already in pre-existence. When
setting up the system, you should prepare the build environment for the Kali ISO
by setting up and also installing the live-build and all the requirements using these
commands:
You can be able to update the Kali ISO using the following directory “live-build-
config.” You will also have to run the ourbuild.sh wrapper script. The following
screenshot will offer some guidance:

The “build.sh” script is responsible for downloading the required packages and that
is why it will take some considerable amount of time to complete. The packages
downloaded by the script will be used to create the Kali ISO.
How to Configure the Kali ISO Build
In this section, the reader will get to learn how you can customize it. For starters,
you will use the kali-config directory. It is also good to note that the Kali Linux
build supports many customization options and they are also well-documented. If
you are impatient, some of these highlights will come in handy:

Building Kali Using Varying Desktop Environments

The Kali 2.0 and later versions normally support the in-built configurations for
some of the desktop environments and they include E17, KDE, LXDE, Gnome,
and XFCE. If you want to build any of the desktop environments that have been
mentioned, you should make sure of a syntax that is similar to the one shown
below:
How to Configure the Kali ISO Build (It is Optional)
You may want to customize the Kali Linux ISO. In this section, you will get to
learn how you can customize it. For starters, you will use the kali-config directory.
It is also good to note that the Kali Linux build supports many customization
options and they are also well-documented. If you are impatient, some of these
highlights will come in handy:

Building Kali Using Varying Desktop Environments

The Kali 2.0 and later versions normally support the in-built configurations for
some of the desktop environments and they include E17, KDE, LXDE, Gnome,
and XFCE. If you want to build any of the desktop environments that have been
mentioned, you should make sure of a syntax that is similar to the one shown
below:
How to Control the Packages that Will Be Included by the Build

The list of packages that will be included in the build will be present in the
following directory- kali-$variant. For instance, you may be building the default
Gnome ISO. In this case, you should use a specific package list. The file you
should use is kali-config/variant-gnome/package-lists/kali.list.chroot. The file also
contains the entire metapackage known as “Kali Linux full.” You can also use a
manual list of packages so that you may include the ISO.

Building Binary, Hooks, and Chroot

The live-build hooks will allow the hook scripts in simultaneous stages so the live
build. For more information, you can look into the live build manual since it will
offer some subtle guidance. The most suitable example in this case is the
recommendation to check the hooks that exist in the kali-config/common/hooks/.
Overlaying the Files Present in the Build
There is the option to add some scripts and files in the Kali ISO build. To do so,
you should carry out overlaying on the file systems that exist. Some of the file
systems include binary, chroot, and the installer directories. For instance, if you
want to include a custom script into the ISO’s /root/directory, you will make use of
the chroot stage. The script file will then be dropped in the following directory-
kali-config/common/includes.chroot/ and all these should be done before the ISO
has been built. The installation pre-requisites are as follows:

Make some changes in the auto/config so that you may be able to set the most
suitable architecture.
Finally, you can run the build.

Building the Kali Linux ISO on a Debian System that Is Non-Kali Linux

It is easy to run the live-build on the Debian systems. As per the instructions
below, some trials have been carried out with both Ubuntu and Debian.
First, start by prepping the system so that you can ensure that it has been fully
updated. You will then download the entire Kali Linux archive keyring and also
the live-build packages.

After completing that process, you will then install additional dependencies and the
files that were also downloaded previously.

After ensuring that the environment has been prepared fully, the live-build process
should start by ensuring that the build script has been set up and also make sure
that you have checked out the build config.

We will then ensure that the ‘build.sh’ script has been edited so that it may bypass
a version check. To do so, we should comment “exit 1” as shown below:

After making some of these changes, the script should now look like this:

We can now build the custom Kali Linux ISO

Chapter 7
How to Initiate a Hack Using Kali Linux

When planning an attack, the most important factor to consider is the pilot study. It
should come first before you carry out an attack or a penetration test on a target.
As an attacker, you will have to dedicate a lot of time to the reconnaissance. In this
stage, the attacker will be able to define, map, and also explore some of the
vulnerabilities that are present and they will be able to successfully perform an
exploit. There are two types of pilot studies; passive and active.

The passive pilot study involves the analysis of the information that is available.
For instance, some information can be obtained online through search engines. The
information can be analyzed first. Although an attacker can use this information to
their advantage, it is not possible to trace the information back to them. As for
passive reconnaissance, it is mainly carried out to ensure that the target cannot
easily notice that there is a looming attack.

The major practices and principles of the passive reconnaissance include:

OSINT (Open-source intelligence).
How to obtain user information.
The basics of the pilot study.
The Basic Principles of the Pilot Study
The pilot study is the first step when a person wants to launch an attack. The study
is carried out after identifying a target. The information that is gained during this
stage will come in handy when performing the actual attack. A reconnaissance will
ensure that they have provided a sense of direction which will be required when
trying to look into some of the vulnerabilities that are present in the network or
target’s server.
The passive pilot study does not involve physically interacting with the target and
that means that the IP address of the attacker is not logged. For instance, the
attacker may search for the IP address of the target. It may be difficult to gain
access to such information; however, it is also possible. The target will also not be
able to notice that an attacker is trying to harvest some information as they plan an
attack.

The passive reconnaissance will focus more on the business activities as well as
the employees within the organization. The information that is readily available on
the internet is known as OSINT (Open source Intelligence).

As for the passive reconnaissance, the attacker will interact with the target in a
manner that is expected. For instance, the attacker will visit the website of the
attacker. They will then view the available pages and they will then download
some of the available documents. Some of these interactions are always expected
and they are not detected easily and the target may not know that there is a
looming attack.

The active reconnaissance involves interacting through port scanning in the

specific network as well as sending direct queries that will then trigger the system
alarms and that means that the target can easily capture the IP address of the
attacker and their activities. The information that the target has gained can also be
used to arrest the attacker. Additionally, the information can also be presented
before a court of law as evidence that the attacker was planning something
malicious. As for the active pilot study, there are various activities that the attacker
should consider so that they can conceal their identity.

As an attacker, you should also follow some steps during the process of gathering
information. The main focus is on the user account data. For the pilot study to be
effective, as an attacker, you should always know what you are looking for. Also,
make sure that you have gathered all the data that you need. Although the passive
reconnaissance is less risky, it minimizes the amount of data that you can collect.

OSINT (Open-Source Intelligence)

This is the first step when planning an attack. In this case, the attacker should make
use of the present search engines preferably Google. There is a lot of information
that could come in handy when facilitating an attack. The process of collecting the
information is quite complex.
In this book, we will just issue an overview since the main focus is on how to hack
with Kali Linux. The essential highlights will offer some suitable guidance. The
information collected by an attacker will always depend on their initial motives
and their major goals when they plan an attack. For instance, the attacker may want
to access the financial data within a specific organization. Other types of
information that they may need is the names of the employees. Most of the
attackers will focus more on the senior employees who are working as executives.
Some of these employees include the CFO among other seniors. The attacker will
focus on obtaining their usernames and their respective passwords. In some
instances, an attacker may try to carry out social engineering. In this case, they will
have to supplement the information that they possess so that they may appear as
credible individuals. After that, they can easily request for the information that
they need.
As for the Open source Intelligence, the attacker will start by reviewing the online
presence of the target. They will start by observing their social media pages, blogs,
and websites. The public financial records also come in handy in some cases. The
most important information is:
The geographical location of the offices. For instance, there can be some
satellite offices that also share some corporate information but they have not
 set up any measures that will ensure that the information is safe as it is being
transmitted from one office to another.
The overview of the parent and subsidiary firms matters especially when
dealing with a new company that has also been acquired through M&A
transactions. The acquired companies will not be as safe as compared to the
parent company.
The contact information and the names of the employees. The phone
numbers and email addresses should also be obtained.
Looking for clues about the target company’s corporate culture so that it
may be possible to facilitate the social engineering attack.
The business partners are also eligible to access to network of the target.
The technology being used. For instance, the target may issue a press release
about how to adopt software and the attacker will go ahead and review the
website of the vendor as they try to look for bug reports. After finding some
vulnerabilities, they will be able to launch an attack.

Some of the online information sources that can also be used by an attacker when
they are planning an attack include:
Search engines including Google. There are also other search engines such
as Bing. It’s only that we have gotten used to Google. During the search
process, you will realize that the process is highly manual. You may have to
type the name of the company as well as other relevant details. Since
technology has also advanced, there are some APIs that can be used to
automate the searches of the search engines. Some of the effective APIs
include Maltego.
There are other sources and they include:
The financial and government sites since they provide some information
about the key individuals within the company as well as some supporting
data.
 The Usenet newsgroups. The man focus should be on the posts by the
employees that you are targeting as a tester or an attacker. You may also
seek some help with different forms of technology.
Jigsaw and LinkedIn; these companies come in handy since they provide
some information about the employees within a company.
The cached content. It can be retrieved easily by search engines including
Google.
The country as well as the specific language being used.
Employee and corporate blogs.
Social media platforms such as Facebook.
The sites whereby you can look up the server information and the DNS as
well as routes. Some of these sites include myIPneighbors.com.

The main issue arises when you have to manage the information that you have
found. The main advantage is that kali Linux has an application known as Keep
Note. It supports the rapid importation and management of different data types.

Route Mapping DNS reconnaissance

As a tester or an attacker, you will have to make sure that you have identified the
targets that have an online presence. Make sure that you have also gained access to
some of the items that may pose some interest. You will then go ahead and identify
the IP addresses of the targets. The DNS reconnaissance will come in handy when
identifying the domains as well as the DNS information that will help to define
some of the IP addresses as well as actual domain names. The route between the
attacker and the target will also be identified.
The information is easily available in some of the open sources. Some information
is mainly present in some of the DNS registrars and they are referred to as third
parties. The registrar may collect an IP address as well as some of the data requests
that have been brought forth by an attacker. Such information is rarely provided to
the specific target who will be a victim of an attack. As for the target, they can
easily monitor the DNS server logs. The information needed can also be obtained
using an approach that is systematic.

WHOIS

The first step entails researching the IP address so as to identify the addresses that
have also been assigned to the sites of the target. You will then make use of the
whois command and it will allow you to query the databases that have also stored
the information about certain users. The information that you will obtain includes
the IP address and domain name.

The whois request will then come in handyu when providing physical addresses,
names, e-mail addresses, as well as phone numbers. Such information is very
important when it comes to performing a social engineering attack.
As an attacker or tester, you can use the whois command to carry out the following
activities:
Supporting a social engineering attack against a target that has been
identified using the whois query.
Identifying the location whereby you can launch a physical attack.
Conducting some research that will allow you to learn more about the
domain names that are present on the server. You can also learn more about
the number of users operating it. As an attacker, you will also gain an
interest in learning whether the domains are insecure and whether you can
exploit the present vulnerabilities to gain access while also compromising
the target server.
Identifying the phone numbers since you may also have to launch a dialing
attack while conducting the social engineering attack.
 The attack will then use the DNS servers to carry out the DNS
reconnaissance.
In some cases, the domain may be due to expire and the attacker may go
ahead and try to seize the domain while also creating look-a-like website
that will be used to lure unsuspecting visitors who think that they are
entering into the original website.

To make sure that the data has been shielded accordingly, there has been an
increase in the use of third parties. Also, when using public domains, you cannot
access domains such as .gov and .mil. The mentioned domains belong to the
military and the government and that is why they have been secured so that they
cannot be accessed by other parties. When you send a request to such a domain, it
will be logged. There are many online lists that can also be used to describe the IP
addresses as well as domains. If you want to use the whois query, the following
screenshot will offer some guidance when running the query against some of the
Digital Defense domains:
There is a whois command record that will be returned and it will contain some
names and geographical information as well as contact information that will come
in handy when facilitating a social engineering attack. There are also many
websites that are also used to automate the whois lookup. Some of the attackers
use some of these sites to insert a step that will be between them and the attackers.
The site that is doing the lookup may then log the IP address of the requester.

Mapping the Route to the Target

The route mapping was once used as a diagnostic tool. The tool would allow the
attacker to view the route that is followed by the IP packet as it moves from one
host to another. When using the TTL (time to live) field in the IP packer, an ICMP
TIME_EXCEEDED message will then be elicited from one point to another. The
message will be sent from the receiving router and it will also help to determine
the value that is in the TTL field. The packets will also count the number of routes
and hops that have been taken.

From the perspective of the attacker or penetration tester, the traceroute data will
help to yield the following pieces of data:
The hints about the topology of the network.
The path that is present between the target and the attacker.
Identifying the firewalls and other devices that are used to control access to
the network.
Identifying whether the network has been misconfigured.

In Kali Linux, you can map the route using the tracerouteis command. If you are
using Windows, you can use the tracert command. If you happen to launch an
attack when using Kali Linux, you will notice that most of the hops have been
filtered. For instance, when using Google to trace the location of a certain target,
the results will be as shown below:

If you were to run the same request when using the tracert on the Windows
platform, you will see the following:
We will get the complete path and we have also noticed that Google is showcasing
an IP address that is slightly different. The load balancers have also been indicated.
The main reason why the path data is different is because the traceroute used the
UDP datagrams whereas the Windows tracert will use the ICMP request
(specifically the ICMP type 8). When you complete the traceroute when using the
tools that have been provided by Kali Linux, you should also make sure that you
have used multiple protocols so that you may obtain the complete path while also
bypassing some of the devices that carry out packet-filtering.

Obtaining User Information

When an attacker or a penetration tester manages to gather the usernames and the
e-mail addresses of the targets, they can then manage to gather into the systems.
The most common tool that is deployed is the web browser and you have to
perform a manual search. You have to search some of the third-party sites
including Jigsaw and LinkedIn. You can also use some of the tools provided by
Kali Linux to automate the search.
Chapter 8
How to Successfully Launch an Attack

Exploiting Wireless Networks

We have discussed about carrying out a reconnaissance or a pilot study. When

hacking into a website, you will realize that the process is quite complex. Some
services are delivered from these sites to the end user. The architecture in this case
is multi-tiered and there are many web servers that also have access to the public
internet. The web servers will then communicate with the databased and back-end
servers that are located on the network. The complexity is brought about by
different factors that should be considered by both attackers and penetration
testers. Some of the factors that should be considered include:
The architecture of the network. The main focus should be on the firewall
and other security controls. Some of the configurations that you should
consider include load balancing.
The platform architecture of each system that is hosting the web services.
Consider the operating system and the hardware.
The authorization and authentication processes and they include the process
whereby you are supposed to maintain a session.
The middleware, applications, and final-tier databases across multiple
platforms, programming languages, and the vendors.
The communications and interactions with the web service.
The business logic that is governing the manner in which the application is
used.
The web services have different complexities and that is why the penetration tester
and the attacker should first adapt to the architecture that has been used on the web
application. When looking for vulnerabilities, it is good to make sure that there is
consistency. There are many methods through which you can achieve all these
goals. The main method that is widely known is the OWASP. The OWASP
comprises of some of the top ten vulnerabilities.

OWASP mainly provides some sense of direction to each of the testers. The main
issue is that when you focus more on the OWASP top 10 vulnerabilities, you will
realize that there are some gaps that need to be filled when finding the
vulnerabilities that are present in the web applications.
As an attacker or penetration tester, you can use the kill chain approach, but first,
you should carry out a pilot study. Some of the factors that you should consider
include:
First identify the target. Focus more on how and where the target has been
hosted.
Enumerate the directory structure and the files of the site which includes
determining the CMS (content management system). You may be forced to
first download the site and carry out some offline analysis. Make sure that
you have carried out the metadata analysis. When using the site, you can
also create a wordlist that will also be used to crack passwords. Some of the
programs that you can use when cracking the passwords include crunch. The
program will make sure that you can identify all the support files that are
present.
Enumerate all forms since they are the primary means used by a client to
input data while also interacting with the web service. Some of the areas that
have vulnerabilities include the cross-site scripting and the SQL injection
attacks.
Identifying the authorization and authentication techniques that have been
used to determine how the state of the session will be maintained when
transacting with the web service. The cookies will be analyzed and the
attacker or penetration tester will also look into how the cookies have been
used.
 Looking into the areas that accept input including the pages that allow the
user to upload files and some of the restrictions that are accepted on the
upload types.
Identifying how the errors are handled and the error messages that are
present and how the user has received them. The errors will allow you to
gain access to some valuable information including the software that has
been used.
Determining the pages that maintain and require the Secure Sockets Layer
and other security protocols.

After you have carried out a reconnaissance, you will make sure that you have
identified the hosted sites. After that, you will make use of the DNS mapping to
identity all the sites that have been hosted on the same server. The next step
involves identifying the protective devices that are present in the network. Some of
these protective devices include IDP/IPS, firewalls, and honeypots. The protective
devices have also become common. The WAF (Web Application Firewall) is
commonly used and that means that as an attacker or penetration tester should
make sure that they have crafted some input that will enable them to bypass the
WAF.
If you want to identify the WAFs, you should inspect the cookies first. The Web
Application Firewalls normally modify the cookies. If you want to connect to port
80, you should key in the Telnet command in the terminal window. To detect the
Web Application Firewalls, you should use the nmap script. In the following
screenshot, you will notice that the http-waf-detect.nse was used successfully.
There is also the load balancing detector and it is in the form of a bash shell script.
The script comes in handy when determining whether a domain is using the HTTP
or the DNS load balancing. Such information is important for a person who is
carrying out at attack or penetration test. The load balancing detector will use a
variety of checks to check whether there is load balancing. The screenshot shown
below will showcase the sample output.

When determining the CMS, the website of the target should be inspected and it
can also be used to maintain and build it. Some of the CMS applications include
WordPress and Drupal; these applications can also be configured so that they can
allow privileged access. Kali Linux has many tools. If you want to perform an
automated scan, you should use the BlindElephant tool. The screenshot below will
showcase the sample output.

The BlindElephant tool will review the fingerprints for each of the components
present in the CMS and also provide a suitable guess for the versions of each
applications. The main issue is that the tool may fail to detect the versions of the
present CMS.
The Vulnerability Scanners
When scanning for various vulnerabilities, you will realize that some of the
automated tools are not very efficient. Since we are discussing about exploiting
web vulnerabilities, it is good to note that there are many shortcomings when
dealing with some of the automated scanners. You may realize that there are many
positive reports but they are not accurate. When using automated tools, you cannot
identify some of the complex errors since the simulations are not accurate.
To ensure that there is reliability, some penetration testers have been using many
tools when scanning the web services. In some instances, the penetration tester
may be forced to handle some tasks manually. The main advantage of using Kali
Linux is that the operating system has numerous tools that can be used to scan for
some of the vulnerabilities that are present in the web applications.
As a penetration tester, the main challenge that you will face is when choosing the
specific tools that you will use when looking for vulnerabilities in the web
applications that you want to access. You must consider the exploit and the post-
exploit activities. Kali Linux has different vulnerability scanners and they include:
 OWASP Mantra- the scanner has extended its functionality to the web
browsers.
Websploit and Metasploit framework- the scanner has also extended its
functionality to the associated services and the websites.
Nikto, Arachnid Skipfish, w3af, and Vega- the scanner supports
reconnaissance and also the exploit direction in some of the web services
and websites.
Server Exploits

Servers have an “attack surface” that is extensive. There is the client software,
communication channels, middleware, applications, and backend databases. It is
also possible to target the web services. There are many attack types and to talk
about all of them, we may have to compose an entire book. We will only highlight
some of the capabilities that the Kali Linux operating system possesses.

For instance, we will discuss about how one can launch a DoS (Denial-of-Service)
attack when trying to gain access to a network server. It is easy to attack the
operating system since it is vulnerable to DoS (denial-of-service) attacks. Kali
Linux has many tools that are commonly referred to as stress-testing applications
since they will simulate the server against some of the high activity loads so that it
may be possible to assess how well the server can cope with some of the additional
stress. Majority of the tools normally rely in the inability of the IPv4 systems to
handle the IPv6 protocols that are advanced. The most suitable DoS attack tools
offered by Kali Linux is the LOIC (Low Orbit Ion Cannon). The tools should be
added manually using these steps:
1. You will use the apt-get install command when installing the packages.
2. Download the Low Orbit Ion Cannon (LOIC) from GitHub. The application
should be downloaded into a separate folder. The files within the zipped
document should then be extracted.
 3. To navigate the folder, you should use the command:mdtool build command.
4. The application will then be located in the following directory- /<path>
bin/Debug/LOIC.exe.

After you have keyed in the parameters of the attack, the Low Orbit Ion Cannon
(LOIC) will then be launched. The attack depends on the GUI interface as shown
in the screenshot below:

Application-specific attacks
Such attacks are quite rampant. After considering some misconfigurations, logic
errors, and vulnerabilities that can be able to affect different online applications,
the application can be considered as “secure.” Some of the major attacks include:

Brute Forcing Access Credentials

This is the most common attack on websites. The attacker or penetration tester will
always focus on gaining access to the passwords and usernames of the target. If the
credentials can be remembered easily, it means that the attack will have a higher
success rate. Also, the main advantage is that the multiple access attempts are not
present and that means that as a tester you will have infinite attempts.
Kali Linux has many tools including hydra. The tool comes in handy when
performing a brute force attack. You can gain access to some of the passwords and
usernames of a specific target. Hydra has also been supporting numerous protocols
including FTPS, FTP, HTTPS, HHTP, IRC, ICQ, MySQL, LDAP, POP3, and
Oracle, among others. The following screenshot showcases Hydra carrying out a
brute force attack so that it may determine the credentials on a certain HTTP page.

An Injection Attack against Databases

The most common vulnerability that can be easily exploited is the injection
vulnerability. It normally occurs when the victim site is not keeping track of the
user input and that means that the attacker or penetration tester can easily interact
with the backend in the systems. As an attacker, you will be able to steal some
content from the database. You should start by placing an executable server within
the operating system. Some of the efficient tools that come in handy when looking
into the SQL injection vulnerabilities is the sqlmap. The python tool is automated
and it carries out the reconnaissance effectively. Some of the databases that can be
exploited include MySQL, Firebird, Microsoft SQL, PstgreSQL, SAP MaxDB,
and Sybase databases. In this section, we will also provide an example on how to
successfully launch an SQL injection attack. For starters, you must determine the
web server that you want to exploit. You will then launch the virtual machine that
is metasploitable so that you can gain access to the Mutillidae website. After the
entire process is complete, you should the review each of the web pages so that
you can identify the page that will accept the user input. Some of these pages will
also be vulnerable to the SQL injections. After that, you should open the command
prompt and key in the following command. Make sure that you have used the
suitable IP address:

The sqlmap will then return the data as shown in the screenshot below:

You should store the application data in the OWASP 10 database. To check the
tables that are present in the database, we will use the following command:

After executing the command, the data that will be returned is as shown in the
screenshot below:
Six tables had been enumerated and only one of them was named accounts. As a
penetration tester or attacker, you should try to dump the fata from the table. Use
the following command when dumping data:

There are some similar attacks that can also be used against the database
depending on the specific information that you want to obtain.
Conclusion

Thank you for reading the Hacking with Kali Linux handbook to the end. I do hope
the book was informative and also amusing. I also hope that you were also able to
gain access to the information and tools that you needed to achieve all your goals.
Although you have read the entire Hacking with Kali Linux handbook, we have
not exhausted all the information that there is on Hacking with Kali Linux. You
may expound on the knowledge that you possess by conducting some
comprehensive research on hacking with Kali Linux.

The next step is to make sure that you can use the information in the handbook
practically. You can also formulate a schedule whereby you can get to learn more
about hacking with Kali Linux. The operating system offers more than 600 tools
and each one of them has specific uses. We have discussed some tools including
Hydra and how they can be used to check for vulnerabilities while also launching
the actual attack. Each of the tools are pre-installed and there is always a
README file that offers some guidance on how to use these tools.

Studies have showcased that web applications, servers, and networks have
vulnerabilities. As an external attacker and a penetration tester, you can make use
of these vulnerabilities when launching an attack. You must also make sure that
you have goals so that you may be motivated as you perform the tests and attacks.

Finally, if the book is indeed informative, you can also issue a positive review.
Your positive feedback will always be appreciated