Linux allows anyone to create their own distribution or distro for short. Kali Linux is a popular penetration testing focused distro. It’s maintained by Offensive Security, a well respected penetration testing company which also offers training courses for security related certifications. What is penetration testing? Penetration testing, or pen testing, involves testing a system or systems for weaknesses. It’s purpose is to simulate a real attack on the systems to determine areas which need improvement. The areas could be technical or procedural. Kali aims to provide a one stop solution for pen testers.
By default Kali now comes with the xfce desktop environment and is based on the popular Debian distro. Offensive Security maintains the project and does a good job of keeping Kali updated while being stable. There are too many tools included out of the box to go over all of them so we’ll cover the main ones.
Wireshark is an extremely powerful program which lets you inspect network traffic. If you’ve ever heard HTTP traffic is insecure, Wireshark will let you see that first hand. It allows you to inspect a network packet, break it down into each component and see the raw data – if it’s not encrypted. Wireshark is also useful to see what programs are talking to which servers. For example, on a default install of Windows 10, you can see lots of network activity contacting Microsoft servers for telemetry purposes.
Nmap is a go to network scanner. It allows you to scan a specific host or a range of hosts and see what services are running. For example, if you were to scan a web server. Chances are you’d see port 80, 443, and 22 open. Port 80 is plain HTTP traffic, port 443 is HTTPS traffic, and port 22 is SSH. Nmap can also tell you what service is bound to those ports. More than likely the apache webserver is bound to port 80 and 443 and port 22 would be OpenSSH.
The listed services are frequently accompanied by a version number. This allows you to research that specific version for known vulnerabilities which could allow you to access the system through that service. Typically, if the service is just a few versions behind the current release, you’re not going to find many vulnerabilities, however, if it’s several years behind, chances are you’re going to find something useful.
Hashcat allows you to match password hashes to “cracked” password hashes. If you’re not familiar with a hash, they are a one way representation of a string, in case of a password, or a file. Since they’re a one way function, it’s difficult and resource intensive to determine the original input from the hash output. Hashcat helps make this process faster. The best way to use Hashcat is with a wordlist. Wordlists typically contain popular passwords and have thousands of entries but they all vary in size. Kali comes with the infamous rockyou.txt word list. Hashcat will take the inputted hash we want to crack and compare them to the hash value of the items in the wordlist.
More commonly referred to as Burp, it allows you to inspect and control how a webpage loads. It intercepts traffic going to the browser using a proxy and thus allows you to modify and send back potentially unexpected data to the server. This allows you to see how the website functions as well as see how the web server responds to requests as well as data sent to it.
Potentially the crowning jewel of Kali Linux tools is Metasploit. Metasploit allows you to run modules to find and exploit vulnerabilities in systems. It comes with several modules pre installed to get started but anyone can create and load in their own module. Each one follows a similar interface method so using a module from one creator to another should be familiar to use.
You might have heard it’s not a good idea to be running Windows XP anymore. One could argue Metasploit is a good reason not to run it. It comes with several modules pre install to easily take over a Windows XP machine. Running a module is quite easy as well. Take a look at Metasploit’s documentation to learn more.
Closing the Loop
While you can install any of these programs on any distro you’d like, Kali comes with them pre installed. This will save you the headache of having to worry about dependencies as well as adding third party repositories. While Kali comes with a lot of pre installed tools, there are many more out there which would be beneficial to have as a pen tester. Since the community has chosen Linux as their operating system of choice, chances are the tool you are looking to run will run on Kali as well. It simply may not be installed out of the box. A lot of useful tools are not included in Kali Linux out of the box It also has a fantastic community of hobbyists and professionals that can assist you in getting your feet wet in the field of Penetration Testing. There’s also official documentation for Kali on their website.