Installation and Deployment Methods
Hard Disk Installation
To install Kali Linux directly onto a hard drive, begin by booting from the installation media. Select the "Graphical Install" option from the boot menu. Proceed through the language, location, and keyboard configuration screens. Configure the network by assigning a hostname and domain name. For partitioning, select "Guided - use entire disk" for a streamlined setup. While separate partitions for /home or /var are recommended for general desktop use, a single partition setup is often sufficient for dedicated penetration testing machines. Confirm the disk changes to allow the installer to format the drive. Set a root password and configure the time zone. When prompted to use a network mirror, select "Yes" to ensure you have access to the latest package updates. Finally, install the GRUB bootloader to the Master Boot Record (MBR) and reboot to complete the installation. ### Persistent USB Installation
Creating a bootable USB drive with persistent storage allows you to carry your customized Kali environment and save changes between sessions. You will need a USB drive (at least 8GB) and the Kali ISO image. Using a tool like Win32 Disk Imager or dd on Linux, write the ISO to the USB device. To ensure persistence, verify that the space reserved for preserving files across reboots is configured correctly (e.g., 4096 MB). Once the imaging process is finished, you can boot from the USB drive. The system will function similarly to a live environment, but any modifications or installed packages will be retained on the drive. ### Virtualization Setup (VirtualBox and VMware)
For testing in an isolated environment, virtualization is recommended. In VirtualBox, create a new VM by selecting "Linux" and "Ubuntu (64-bit)" as the type. Allocate sufficient RAM (e.g., 2048MB) and create a virtual hard disk (VDI). Mount the Kali ISO by navigating to the VM settings, selecting "Storage," and choosing the ISO file as the virtual optical disk. If using VMware, after installing the guest OS, install VMware Tools to enhance performence. Start by updating the package lists and installing kernel headers. Mount the VMware Tools virtual CD, copy the installer archive to a temporary directory, extract it, and run the vmware-install.pl script. Accept the default configurations during the instalation process. System Configuration and Driver Management
Kernel Preparation
Before compiling drivers or external modules, ensure the kernel headers match your current running kernel. Update the package repository and install the headers using the following command: ``` sudo apt update sudo apt install linux-headers-$(uname -r)
### Wireless Driver Installation
For systems using Broadcom wireless chipsets, download the appropriate hybrid driver source from the manufacturer. Extract the archive and compile the module. You may need to patch the source code if compatibility issues arise with newer kernels (e.g., adjusting version macros in `wl_cfg80211.c`). After compilation, install the module, update dependencies, and blacklist conflicting drivers like `b43` or `ssb`. Finally, load the new driver with `modprobe wl`. ### GPU Acceleration (ATI and NVIDIA)
To leverage GPU power for password cracking, proprietary drivers are required. For ATI cards, download the AMD driver and install dependencies like `libboost-dev`. Install the AMD APP SDK and configure environment variables for the SDK root. Compile tools like CAL++ and Pyrit with OpenCL support to enable GPU acceleration. For NVIDIA cards, download the CUDA toolkit and the corresponding display driver. Install the driver using the `.run` file, ensuring you specify the kernel source path. Install the CUDA toolkit to a directory like `/opt/cuda` and update your `PATH` and `LD_LIBRARY_PATH` environment variables. Verify the installation with `nvcc -V` and run benchmarks using Pyrit. Service Management and Networking
---------------------------------
### Starting Essential Services
Kali comes with various pre-installed services that are disabled by default. You can manage these using the `service` command or `systemctl`. To start the Apache web server: ```
sudo systemctl start apache2
To enable SSH, first generate host keys if they do not exist, then start the service: ``` sudo systemctl start ssh
Verify active services and listening ports using `netstat`: ```
sudo netstat -tulpn | grep -E '22|80|21'
Configuring Wireless Connections
Use the Wicd Network Manager to configure wireless interfaces. Launch the GUI from the applications menu or via terminal. Select your target network from the list, configure the encryption settings (e.g., WPA2 passphrase), and click "Connect." Building the Testing Lab
Setting up Target Machines
Real-world practice requires vulnerable targets. Use VirtualBox to spin up instances of Windows (e.g., Windows 7 or Server 2012) and Linux (e.g., Metasploitable 2). TurnKey Linux provides pre-configured ISOs for applications like WordPress, which are ideal for web application testing. ### Testing WordPress Vulnerabilities
With a WordPress target running, use WPScan to enumerate users and attempt password cracking. Ensure both the Kali machine and the target are on the same network (e.g., VirtualBox Host-Only Adapter). Basic enumeration command: ```
wpscan --url http://target-ip --enumerate u
To perform a brute-force attack: ```
wpscan --url http://target-ip --wordlist /path/to/wordlist.txt
Information Gathering and Reconnaissance
Service Enumeration
Gathering intelligence on DNS and SNMP services is crucial. Use dnsenum to perform deep DNS queries, scraping subdomains and gathering Whois data. ```
dnsenum --enum target-domain.com
For SNMP, use `snmpwalk` to extract information from network devices: ```
snmpwalk -c public -v 2c target-ip
Network Mapping and Scoping
Tools like DMitry can gather extensive information about a host, including open ports and Whois data. ```
dmitry -wnspb target-domain.com
Use `Scapy` for custom packet crafting and tracing routes to understand network topology. ```
from scapy.all import *
ans, unans = sr(IP(dst="www.target.com", ttl=(1,10))/TCP())
ans.make_table(lambda (s,r): (s.dst, s.ttl, r.src))
Identifying Live Hosts and Ports
Use Nmap to discover live hosts on a network. ```
nmap -sn 192.168.1.0/24
To identify open ports and services: ```
nmap -sV -p- 192.168.1.105
Operating System and Service Fingerprinting
Determine the remote OS using Nmap's OS detection capabilities: ``` nmap -O target-ip
Use `p0f` for passive OS fingerprinting by analyzing captured network traffic: ```
p0f -i eth0 -o p0f.log
Visualizing Data with Maltego
Maltego is a powerful tool for link analysis and open-source intelligence (OSINT). Create a new graph and drag entities (e.g., Domain, Email) onto the canvas. Run transforms to automatically gather related information, visualizing relationships between infrastructure, people, and data. Vulnerability Assessment
Nessus Setup and Scanning
Install Nessus by downloading the Debian package from the official website. Install it using dpkg, then start the service. Register the scanner with an activation code and create an admin user via the web interface at https://127.0.0.1:8834. Create a scan policy tailored to your needs: - Local Scan: Focus on local security checks for the host OS.
- Network Scan: Include plugins for network services, DNS, and firewalls.
- OS Specific: Select families of plugins specific to Windows or Linux to detect missing patches and known exploits.
OpenVAS Configuration
OpenVAS is a fully open-source alternative. Set up the environment by generating certificates and syncing the Network Vulnerability Tests (NVTs). ``` sudo openvas-mkcert sudo openvas-nvt-sync
Start the scanner, rebuild the database, and create a user. ```
sudo openvassd
sudo openvasmd --rebuild
sudo openvasad -c 'add_user' -n admin -r Admin
Access the Greenbone Security Assistant (GSA) web interface (usually port 9392) to create scan tasks. Configure scan configs similar to Nessus, selecting specific families like "Brute force attacks," "Buffer overflow," or "Windows" depending on your target environment.