Professional Documents
Culture Documents
Improve your
Firewall Auditing
As a penetration tester you have to be an expert in multiple
technologies. Typically you are auditing systems installed and
maintained by experienced people, often protective of their own
methods and technologies. On any particular assessment testers may
have to perform an analysis of Windows systems, UNIX systems, web
applications, databases, wireless networking and a variety of network
protocols and firewall devices. Any security issues identified within
those technologies will then have to be explained in a way that both
management and system maintainers can understand.
he network scanning phase of a
penetration assessment will quickly
identify a number of security
weaknesses and services running on the
scanned systems. This enables a tester to
quickly focus on potentially vulnerable
systems and services using a variety of tools
that are designed to probe and examine
them in more detail e.g. web service query
tools. However this is only part of the picture
and a more thorough analysis of most
systems will involve having administrative
access in order to examine in detail how
they have been configured. In the case of
firewalls, switches, routers and other
infrastructure devices this could mean
manually reviewing the configuration files
saved from a wide variety of devices.
Although various tools exist that can
examine some elements of a configuration,
the assessment would typically end up
being a largely manual process. Nipper
Studio is a tool that enables penetration
testers, and non-security professionals, to
quickly perform a detailed analysis of
network infrastructure devices. Nipper
Studio does this by examining the actual
configuration of the device, enabling a much
more comprehensive and precise audit than
a scanner could ever achieve.
www.titania.com
KALI LINUX
THE ULTIMATE GUIDE
Copyright 2014 Hakin9 Media Sp. z o.o. SK
Table of Contents
What is Kali? 8
Comparison Of Kali Linux And Prevous Backtrack Versions 19
Top 5 Kali Linux Tools You Absolutely Must Use 34
Kali Linux 41
The Ultimate Installation Guide for Kali Linux 55
The Password Attacks 70
Pentesting Wireless with Kali Linux 81
Kali Linux on a Raspberry Pi 85
In Depth Review of the Kali Linux: A Hackers Bliss 88
Kali Linux The BackTrack Successor 95
Kali Linux WiFi Testing 105
Web Applications with Kali Linux 118
Penetration Testing with Linux 134
Bypassing new generation Firewalls with Meterpreter and SSH Tunnels 142
The Top 10 Kali Linux Security Tools 153
Interview with Demstenes Zegarra Rodrguez 176
Case Study: Analysis of Security and Penetration Tests for Wireless Networks with Kali Linux 179
Mapping Kali Usage to NIST800-115 182
Interview with Jeff Weekes 195
How to Install Kali Linux 199
How to Login as a User in Kali linux 215
How to Add or Create a New User in Kali Linux 216
How to Change Host Name in Kali Linux 218
How to Create an Instant Chat Session with ncat Between Kali and BackTrack 222
How to Remove Users in Kali Linux 224
How to Delete Users in Kali Linux 225
How to Extract a RAR File 226
How to Use Dnmap in Kali Linux 228
How to Find Files in Kali Linux 236
How to Use Detect_sniffer6 238
How to Use DNSenum in Kali Linux 241
How to Use Dnsdict6 and Get the IPv6/IPv4 Address of a Domain 245
How to Use Dnsmap in Kali Linux 248
How to Use DNSRecon in Kali Linux 253
How to Use DNSRevenum6 258
How to Use Dnstracer 260
e are happy to bring to you the Ultimate Kali Compendium. This issue is a collection of our
previous Kali Linux issues: Kali Linux, Kali Linux 2, and Kali Tutorial. Now, all the knowledge
from these three magazines we have decided to put into one.
You will encounter simple articles like an overview of Kali, installation guide, and its comparison to
previous BackTrack versions, as well as advanced ones, such as Wi-Fi testing or bypassing new generation
firewalls with Meterpreter and SSH tunnels.
Also, you will be able to read a few fascinating interviews with Dan Dieterle, Demstenes Zegarra
Rodriguez, and Jeff Weekes.
You will also get to know about almost every tool available in the OS, their advantages and disadvantages,
as well as how to use them and for what.
We sincerely hope that this compendium will acheive its goal, which is if you have a problem in Kali, you
can find the solution in one place - the Ultimate Kali Compendium. Enjoy the issue and improve your
pentesting knowledge.
[ GEEKED AT BIRTH ]
DISCLAIMER!
What is Kali?
by Albert Lpez (newlog)
Its a fact that these last years the Backtrack distribution has been the most used by security
professionals and enthusiasts. Its path started right in 2006 and for seven years it was
improved while gaining its place in the security community. Therefore, nowadays its hard to
find someone interested in computer security that has not listened about Backtrack.
In March 2013 the Offensive Security people went one step forward and published the definitive Backtrack
evolution. His name: Kali.
Coming from a team called Offensive Security, even if they deny it, what an appropriate name is Kali!
The Hindu goddess of time, change and destruction or perhaps because the Philippine martial art Pretty
offensive, isnt it? Leaving aside its name, we can assure that Kali is a powerful tool that any security
professional can use for free.
Architecture compatibility
A key feature in Kali is its improved ARM compatibility. Since Kali appeared, many impressive builds
have been created. What do you think about building Kali on a Raspberry Pi or on a Samsung Galaxy Note?
Pretty amazing, dont you think?
Fully customization
Kali is very flexible when it comes to visual interface or system customization. As for visual interface,
now the user has the capability to choose several desktops such as Gnome, KDE or XFCE, among
others. Regarding system customization, now you are able to easily create ISO images fully customized
thanks to the Debian live-build scripts.
Business aware
All the Kali customizations and the Debian stuff mentioned earlier give the capability to companies to deploy Kali
in multiple systems and to perform network Kali installs from local or remote repositories.
Great documentation
Another important thing to remark is that with Kali you have a lot of online documentation in order to guide
you in all your tasks.
As you can see, Kali is not only a new version of Backtrack but a full new infrastructure. And with this effort, a lot
of new and powerful features have come.
Regarding the disadvantages, its embarrassing to say that the writer has not found any relevant drawback
of using Kali with security assessment purposes. As to the system architecture, the migration to Debian
has brought a lot of powerful features. This combined with all the provided tools and the purpose of Kali
developers to maintain them and provide the last updates as soon as possible makes Kali the best choice for
anyone searching for a security distribution.
Included Tools
Kali puts more than 200 toolas at your disposal. If these tools were not well organized and classified, the
usability of that prenetrating testing framework wouldnt be quite good. But as with Backtrack, all the tools
are consistently classified by its category. We will know explain what each category is and what the most
representative tools are.
11
Figure 3. Requests
The next step would be to navigate through the entire target website while watching the request history page
in Burp. This way once you find an interesting web page in your target, you will know which request and
response has been sent and received and you will be able to highlight or even comment it in Burp. Lets define
what may be interesting.
14
Figure 4. The strengths and weaknesses of the target website SSL certificates
15
16
17
Farewell
Im glad you are still here! As you can deduce, we only have scratched the surface of the covered topics.
No one will be outraged if you affirm that Kali distribution is the best security focused distro out there.
Regarding the pentesting point, I hope you could grasp the idea behind it. Its not an easy topic and it largely
depends on your abilities, but being methodical is a big step to be successful.
For this reason, we encourage you to train yourself with the mentioned wargames, because unlike other
careers, in the information security field you have plenty of opportunities to learn relevant subject by
yourself.
Keep Hacking!
Bibliography
Chapter 1
http://en.wikipedia.org/wiki/BackTrack
http://en.wikipedia.org/wiki/Kali_Linux
http://en.wikipedia.org/wiki/Kali
http://www.kali.org/about-us/
Chapter 2
http://www.kali.org/news/kali-linux-whats-new/
http://docs.kali.org/category/armel-armhf
http://docs.kali.org/category/live-build
http://docs.kali.org/network-install/kali-linux-network-pxe-install
http://docs.kali.org/
Chapter 3
http://nmap.org/nsedoc/index.html
https://www.volatilesystems.com/default/volatility
Chapter 4
https://www.owasp.org/index.php/About_OWASP
Chapter 6
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
Is a computer engineer that although finishing his degree the last year, has worked during two years
developing system security software and making source code reviews in a company from Barcelona
called Vntegris. Nowadays is gladly working for Internet Security Auditors as a security analyst where
he has to perform security analyses to all kind of targets. However, his passion is exploiting software
and everything related with low-level software development. For this reason, in 2009 he founded the
Overflowed Minds community with the idea of spreading information of such an amazing subject.
18
23
24
Now you are ready to mount the VM Tools CD. Simply go to the menu in VMWare and install VM Tools
(see Figure 14). NOTE: I did this from VMWare Fusion, but the process will be the same regardless of
VMWare platform.
Now go back to Kali Linux and use the following commands:
mkdir /mnt/vmware
mount /dev/cdrom /mnt/vmware/
cp -rf /mnt/vmware/VMwareTools* /tmp/
25
Lastly type: ./vmware-tools-install.pl to run the VM Tools installation script. Follow the onscreen
instructions when you run the script.
Once this is complete you can now attach the Guest Additions Virtual BOX tools CD. Selecting Devices
from the VirtualBox Menu and selecting Install Guest Additions accomplish this. This will mount the
GuestAdditions ISO to the virtual DVD Drive in your Kali Linux virtual machine. When prompted to
autorun the DVD, click the Cancel button (see Figure 17).
From the terminal window, copy the VboxLinuxAdditions.run file from the Guest Additions CD-Rom to a
path on your local system. Ensure it is executable and run the file to begin installation.
cp /media/cd-rom/VBoxLinuxAdditions.run /root/
chmod 755 /root/VBoxLinuxAdditions.run
cd /root
./VBoxLinuxAdditions.run
Reboot the Kali Linux VM to complete the Guest Additions installation (see Figure 18). You should now
have full mouse and screen integration as well as the ability to share folders with the host system.
28
wlan0 up
wlan0 scanning
29
These are tools used to exploit vulnerabilities found in wireless protocols. 802.11 tools will be found here,
including tools such as aircrack, airmon, and wireless password cracking tools. In addition, this section has
tools related to RFID and Bluetooth vulnerabilities as well. In many cases, the tools in this section will need
to be used with a wireless adapter that can be configured by Kali to be put in promiscuous mode.
Exploitation Tools
These are tools used to exploit vulnerabilities found in systems. Usually vulnerability is identified during a
vulnerability assessment of a target.
Sniffing and Spoofing
These are tools used for network packet captures, network packet manipulators, packet crafting applications,
and web spoofing. There are also a few VoIP reconstruction applications.
Maintaining Access
Maintaining access tools are used once a foothold is established into a target system or a network. It is
common to find compromised systems having multiple hooks back to the attacker to provide alternative
routes in the event a vulnerability that is used by the attacker is found and remediated.
31
These tools are used to disable an executable and debug programs. The purpose of reverse engineering is
analyzing how a program was developed so it can be copied, modified, or lead to development of other
programs. Reverse engineering is also used for malware analysis to determine what an executable does, or
by researchers to attempt to find vulnerabilities in software applications.
Stress Testing
Stress testing tools are used to evaluate how much data a system can handle. Undesired outcomes could be
obtained from overloading systems, such as causing a device controlling network communication to open all
communication channels or a system shutting down (also known as a Denial of Service attack).
Hardware Hacking
This section contains Android tools, which could be classified as mobile, and Ardunio tools that are used for
programming and controlling other small electronic devices.
Forensics
Forensics tools are used to monitor and analyze computer network traffic and applications.
Reporting Tools
Reporting tools are methods to deliver information found during a penetration exercise.
System Services
This is where you can enable and disable Kali services. Services are grouped into BeEF, Dradis, HTTP,
Metasploit, MySQL, and SSH.
NOTE: There are other tools included in the Kali Linux build such as web browsers, quick links to tune how
the Kali Linux build is seen on the network, search tools, and other useful applications.
Summary
Congratulations, you have successfully installed and updated Kali Linux. Kali is a powerful penetration
platform. I recommend that you play around with Kali. You will find some key differences between
BackTrack and Kali, and some of these differences take time to learn. However, I am sure you will
appreciate the power and flexibility of the platform. Happy hacking!
33
Step 1.
find
Find one or more files assuming that you know their approximate filenames (Figure 1).
Syntax find
Example find
/ -name mrquiety.txt
Syntax locate
name
Example locate
dnsenum
Step 3.
whereis
locate a binary, source, and manual page files for a command (Figure 3).
Syntax whereis
name
Example whereis
dnsenum
Step 2.
This is our BackTrack 5 (target machine). Here, we are running Wireshark so we can detect a sniffer in our
Kali Linux. If you want to test this tutorial you also need to run Wireshark before other steps (Figure 3).
Figure 3. Wireshark
Step 3.
In the Kali Linux OS, we run the command detect_sniffer6 eth0 (here, eth0 is Kali Linuxs interface name
see Figure 4) and we got our target ipv6 address (Figure 5).
Syntax detect_sniffer6 interface
Example detect_sniffer6 eth0
name
advertisement
39
Step 2.
In the terminal, type dnsenum domain, and hit Enter. Type ex- dnsenum facebook.com. After pressing enter, you
will see all the information like hosts address, name servers, MX, Zone transfer, etc.
Note do not add www within the domain (Figures 3 & 4).
Step 3.
Extra names and subdomains via Google scraping most of the time, this is not working with all domains
(Figure 5).
-p, --pages <value>
The number of google search pages to process when scraping names, the default is 20 pages, the -s switch
must be specified.
-s, --scrap <value>
Read subdomains from this file to perform brute force (Figure 6).
www.nsfx.com
Step 2.
This command is used to extract sub-domains of Google with their IPv4 and IPv6 information (Figure 3).
Syntax dnsdict6
domain name
Example dnsdict6
google.com
Step 3.
Check one more command type: dnsdict6 d -4 google.com (domain name). Here, -d is used to display
information on Name Servers and MX Records, and -4 is used to dump IPv4 addresses (Figure 4).
44
46
Step 2.
This command is used to start brute forcing the domain (Figure 3).
Syntax dnsmap
domain name
Example dnsmap
google.com
Step 3.
This command is used to save the result in a text file (Figure 4).
Syntax dnsmap
Example dnsmap
google.com r /root/
3A. You can see your saved file here (Figure 5).
48
Step 4.
This command is used to save results in a csv file (Figure 6).
Syntax dnsmap
domainname c path
Example dnsmap
google.com c /root/
49
U P D AT E
NOW WITH
STIG
AUDITING
IN SOME CASES
nipper studio
HAS VIRTUALLY
REMOVED
the
NEED FOR a
MANUAL AUDIT
CISCO SYSTEMS INC.
Titanias award winning Nipper Studio configuration
auditing tool is helping security consultants and enduser organizations worldwide improve their network
security. Its reports are more detailed than those typically
produced by scanners, enabling you to maintain a higher
level of vulnerability analysis in the intervals between
penetration tests.
Now used in over 45 countries, Nipper Studio provides a
thorough, fast & cost effective way to securely audit over
100 different types of network device. The NSA, FBI, DoD
& U.S. Treasury already use it, so why not try it for free at
www.titania.com
www.titania.com