Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Kali Linux & Tools

Published byGervase Bruce Modified over 6 years ago

Similar presentations

Presentation on theme: "Intro to Kali Linux & Tools"— Presentation transcript:

1 Intro to Kali Linux & Tools
What makes Kali Linux different? Stuart Hoxie Ask for questions: Answer: simply, not much. It's just mostly a debian distro with a **** ton of packages, apps, services, programs, preferences, etc installed on it

2 Basics Debian distro for the use of industry grade penetration testing
Completely customizable, any user can tweak the experience to their liking ARMEL and ARMHF, compatible with ARM based devices Stuart Hoxie

3 Legal Remember: anything you do while inside an environment such as many of the tools Kali linux offers, they can be viewed as malicious activity. Any form of testing should be done in a safe environment, VM, or done with the strict permission and supervision of the organization. -in short, be smart about what you do. Stuart Hoxie

4 Ethical Phases Information Gathering Reconnaissance
Access/Exploitation Post Exploitation Reporting Finishing/wrap up Stuart Hoxie

5 Installations Nothing inherently special about installing Kali linux
Single, dual, etc boot Prefered if, as a student, use a virtual box After installation and boot, open console and enter: apt-get update && apt-get upgrade && apt-get dist-upgrade Stuart Hoxie After instal, go to terminal/console, then apt-get update && apt-get upgrade && apt-get dist-upgrade If you dont know how to do so, look up a tutorial on how to set up a dual boot or VM

6 Tools 3 phases will be covered: resource gathering/Reconnaissance Exploitation Zenmap/Nmap Wireshark Armitage Metasploit Stuart Hoxie (GUI of Metasploit) MetaSploit Framework

7 Reconnaissance Wireshark! Select your desired interface
Each individual packet can be opened and observed closer Search for malicious activity on your NIC If uncertain, check your ports in terminal Sudo lsof -i:port number Stuart Hoxie Wireshark is an open source sniffing program that allows you to look at all traffic and specific packets through any particular network interface Whether its your ethernet or wifi Once connected you will be able to see time, source, destination of packet, protocol used, length, additional info As a network admin, unusual traffic should be gathered, this can help troubleshoot vulnerabilities, most notably open ports.YOu can use the filter to search for these specific items For a website, you can use the http section under additional info at the bottom of the panel to view all know/gathered information from the computer during its attempt(s) to connect to a web server, server, range, lactation, domain name, IP, how it was resolved and more One quick method of determining if malicious activity is occurring, is by going through in searching/filtering for traffic from an odd or unknown IP/MAC to your machine and chances are if RST is shown in the info tab, your computer is booting and dropping the packet sent to it, commonly you will see this occurring on many different ports if it is malicious activity. Using the command, you will see what applications/services on your machine are yousing the specified port

8 Reconnaissance Nmap (command Line) Zenmap (GUI)
“ * ” wildcard when searching for a target IP We will continue with Zenmap Stuart Hoxie The astrx will cover from 0-255 Fantastic tool to search throughout your network as a sys admin, and received detailed information about your network

9 Reconnaissance Various scans will yield different information about the targeted network and its depth Such as: Intense scan will show services, OS guess/exact + details, network diagnostics, ports open on hosts, domain, etc Stuart Hoxie The Zenmap/ Nmap scan will provide more in depth information than the soon to be mentioned Armitage scan, also Zenmap is much easier to read and comprehend. The information gathered from these scans can be used in various ways. You can use it for troubleshooting a network, finding rouge devices on your network, find OS details and google solutions and more.

10 Exploitation Remote Attack Client Side Attack
Blind Side Attack/ Hail Mary Social Engineering Attack Fuzzing/ Dos Man In The Middle Stuart Hoxie Remote: exploit service that are vulnerable, such as netbios and DNS, Remote Client: something that you are trying to exploit on a client side, includes programs, controllers, java, flash, etc Blind Side: fires everything possible at the target network, all tools are used at once

11 Access: Exploit Metasploit + Armitage Scripting (public + nonpublic)
SE-Toolkit Dos Google Stuart Hoxie SE _> social engineering toolkit Google: find vulnerability feed site, basic search parameters available on google vanilla Other Msic tools in Kali

12 Access: Exploit Starting MetaSploit framework In msf type: armitage
->Connect -> Start RPC Stuart Hoxie Don't change the Connect address, this is you! Only change it if you have some sorta specific use scenario

13 Access: Exploit Begin Scan Hosts -> choose scanning method
Provide armitage or msf with your desired IP range to scan Import your scanned hosts Hosts-> import hosts Layout ->stack Stuart Hoxie Layout stack, to reorganize hosts shown

14 Access: Exploit If needed, use MSF scan
Now all possible information is displayable about the machines Right click machine -> services Stuart Hoxie MSF scan will provide you even more info, including but not limited to service packs, installed software, buld revisions, running ports, running programs. All aux scanners All tasks are shown at the bottom of armitage This provides an abundance of information about each individual system

15 Footnote: security These scans can a fantastic source for finding open ports, useless programs, and vulnerabilities to your system. Stuart Hoxie As a network admin, you should be accustomed to what services are running on your machines, and be able to quickly identify ones that should not

16 Access: Attack Select your desired target, indicated by the green dashed box Attacks -> Find Attacks Check Exploits if option available Launch exploit Exploit service tab will open and show status Remember: google is your friend Stuart Hoxie Find Attacks queries all exploits that coincide with the information gathered from the device scans. Some attacks may or may not work, remember all devices are unique Check exploit can be view in console, and will tell you if the gathered attack is usable Some exploits have specific configurable launch options. Using reverse connections is recommended. Whatever payload is used and sent to target, once exploit is passed and then comes back to pick up the payload, we can use reverse connection like reverse tcp/dns or bind tcp/ or dns (advance, more used in MSF) Once launch is clicked, the payload is launched. Remember you can search for specific exploits in armitage, use google to search for known working exploits on specific machines your have analysed. Launcheing tons of failing attacks is not a good idea…. For obvious reasons

17 Access: Attack SUCCESS!!! When finished With your attack, Kill!
Stuart Hoxie You have found a exploit that has worked and the payload has been delivered, the machine has been infected with meterpreter. NOw you are onto the next step, POST, Selecting Meterpreter shell will now allow you to continue your POST exploitation activities.

18

19 Sources: https://www.youtube.com/watch?v=lZlqr2PFJIo

Download ppt "Intro to Kali Linux & Tools"

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Port Scanning.

Port Scanning.
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Linux Operations and Administration

Linux Operations and Administration
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.
Linux Networking and Security

Linux Networking and Security
Access-Lists Securing Your Router and Protecting Your Network.

Access-Lists Securing Your Router and Protecting Your Network.

Similar presentations

Ads by Google