By default, Kali Linux may not include everything you need to make your day-to-day pentests easy. With the following 10 steps, we can start using Kali Linux as a White hat hacker professionally.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Most Linux distributions are highly customizable. This makes it a bit difficult to personalize the pentest environment. With just a few lines of command, you can automate tasks, install favorite software, create additional user accounts, configure anonymous software and optimize your future with devices. terminal. There are only a few things that we can do to improve the interaction with the operating system. Please refer to 10 things to do after installing Kai Linux.
Install Git
Git is an open source software control application. It can be used to share and edit code collaboratively (source code is shared among many common users in a team or company). Git is a must-have tool for pentesters (security testers) looking to expand their toolkit beyond what’s available in the default Kali repository.
You can install git using the command apt-get.
apt-get install git
Bash Configuration
Bash is a great solution for creating command shortcuts. For example, we can reassign the command ls to automatically use your favorite arguments. Here is an example of ls normal.
ls
androidbins.txt folder-pictures.png smtp.cracked text-x-generic.png
bogus_gmail.creds folder.png smtp.list Windows-10
dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 package-x-generic.png text-x-generic.ico 'Windows 10 Icons'
And this is ls after re-editing bash.
ls
total 220K
-rw------- 1 root root 15K Aug 24 2015 folder-pictures.png
-rw------- 1 root root 8.7K Aug 24 2015 folder.png
-rw------- 1 root root 11K Aug 24 2015 package-x-generic.png
-rw------- 1 root root 5.5K Sep 3 2015 text-x-generic.png
drwxr-xr-x 12 root root 4.0K May 31 00:44 'Windows 10 Icons'/
drwxr-xr-x 18 root root 4.0K May 31 00:44 Windows-10/
-rwxr-x--- 1 root root 103K May 31 00:49 text-x-generic.ico*
drwxr-xr-x 5 root root 4.0K Jun 11 21:57 dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39/
-rw-r--r-- 1 root root 52 Jul 5 18:13 bogus_gmail.creds
-rw-r--r-- 1 root root 15K Jul 5 18:28 smtp.list
-rw-r--r-- 1 root root 181 Jul 5 18:43 smtp.cracked
-rw-r--r-- 1 root root 23K Jul 23 18:18 androidbins.txt
drwxr-xr-x 5 root root 4.0K Jul 23 19:22 ./
drwxr-xr-x 23 root root 4.0K Aug 9 04:25 ../
We get more results. The ls command is currently using arguments -l, -a, -t, -H and -r fully automatic. All arguments will make ls use the enumeration format (-l), list all (-a) – includes hidden files and prints the file size in format (-H).
Bash will also sort the output by modification time (-t) and reverse (-r) order the list so that recently modified files appear at the bottom of the terminal. The arguments collection is the author’s preference, but you can use it as well.
To create bash, open /root/.bash_aliases with nano or your favorite text editors. Then enter the following command line:
alias ls="ls --color=always -rthla"
We can also go a little further and add more complex functions to the file .bash_aliases. Here is a simple example of a function designed to keep Kali fully up to date.
function apt-updater {
apt-get update &&
apt-get dist-upgrade -Vy &&
apt-get autoremove -y &&
apt-get autoclean &&
apt-get clean &&
reboot
}
After saving the file .bash_aliases, open a new terminal for the changes to take effect. Run function apt-updater will invoke a series of commands apt-get automatically update and maintain your system. Symbols (&&) ensures that the function will not continue to run if the previous command fails.
apt-updater
Create a new low-level user
Many applications such as Chromium Browser and Tor Browser should never be opened or used as a root user. Such applications rely heavily on low-level permissions to provide a level of security. It may be beneficial for some users to create a low-level user account for such activities.
Install Terminal Multiplexer
Multiplexer is a terminal emulator that allows us to open several open seasons in a single window. The main benefit of this is that you can see all the terminal seasons without having to Alt + Tab to switch between terminals anymore.
There are many good terminal emulators out there. But Tilix, as seen on the photo, is a reliable open source option. You can also choose other software like tmux and screen.
Tilix is available in the APT app store and can be installed using the command below.
sudo apt-get install tilix
Install your favorite hacking tools
Some versions of Kali cater to minimalist pentesters who don’t want hundreds of pre-installed hacking tools. The types of tools we use are based on skills and areas of expertise. Below are some popular hacking tools.
- Aircrack-ng: Wireless WEP/WPA Jailbreak Tool.
- BeEF: Framework that exploits the browser through web applications.
- Burp Suite: A graphical application designed for web security.
- Hydra: Utility for logging in passwords by brute-forcing.
- Nikto: Scan web server security.
- Maltego: Open source crawling tool.
- Nmap: Scan port and network map.
- Wireshark: Graphical application for analyzing network traffic.
These tools can be installed with the following command:
sudo apt-get install maltego metasploit-framework burpsuite wireshark aircrack-ng hydra nmap beef-xss nikto
Install Tor
Tor available in Kali’s app store, but this anonymous software should be downloaded directly from the homepage. Furthermore, the Tor version of Kali is not up to date and it is also unreliable. This means we may be missing important security and stability updates.
Add Tor to the list of applications in the APT repository.
echo 'deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main' > /etc/apt/sources.list.d/tor.list
Then download the Tor Project package and add the key to APT.
wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add -
You will see the word “OK” when you successfully added the key. Next, update APT using apt-get command.
apt-get update
Finally, install Tor using the command below.
apt-get install tor deb.torproject.org-keyring
Configure File Sharing with Syncthing
Syncthingcreated by Jakob Borg, is a perfect alternative to file synchronization applications (Dropbox) because it is cross-platform, secure, private, and very lightweight. As a pentester, transferring screenshots, webcam videos, and sensitive files between virtual servers and local Kali machines can be a big deal. At this point, we will need Syncthing to share files securely without worrying about privacy.
Syncthing settings.
- Setting apt-transport-https
apt-get update && apt-get install apt-transport-https -V
- Then enter the PGP key.
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
- Add Syncthing to APT with command echo.
echo 'deb https://apt.syncthing.net/ syncthing stable' >> /etc/apt/sources.list
- In the Kali repository there is an older version of Syncthing. To make sure the downloaded package is installed, create a Pin-Priority in /etc/apt/preferences.d/. Copy the command below and press Enter.
echo 'Package: * Pin: origin apt.syncthing.net Pin-Priority: 1001' > /etc/apt/preferences.d/syncthing
- Finally, update APT and install Syncthing.
apt-get update && apt-get install syncthing
For more on usage, read this paragraph.
Install code editor
Atom is a free, open-source, feature-rich and highly customizable code editor. Its features include the ability to share code in real time (for those who code, the team is great), auto-completion and the ability to install packages help increase the flexibility of Atom. Other notable code editors include Geany and Gedit.
To install Atom, go to the homepage and download Debian installation package Latest. Next, open terminal and enter the command below.
apt-get install gvfs gvfs-common gvfs-daemons gvfs-libs gconf-service gconf2 gconf2-common gvfs-bin psmisc
Finally, use the command dpkg with argument (-i).
dpkg -i ~/Downloads/atom-amd64.deb
Once the installation is complete, Atom will be available in your applications menu.
Rubber Ducky
USB Rubber Ducky is a tool injection (injection of malicious code) infamous. You can create payload ducky is equal to DuckToolKit very easy, but as a pentester, it is very dangerous to share customer information with random websites. Here comes the uploading of payload to third-party websites.
Instead, use Git to clone USB Rubber Ducky in repository and encrypt the payload locally.
git clone https://github.com/hak5darren/USB-Rubber-Ducky
Then access (using cd command) to the path USB-Rubber-Ducky/Encoder/ and use the command java to begin ducky payload payload encryption without the need for third-party websites.
cd USB-Rubber-Ducky/Encoder/
java -jar encoder.jar -i input_payload.txt -o inject.bin
Change default SSH key and password
The default password for older versions of Kali Linux (under 2020.1) is tooand in the latest versions is kali. Additionally, default SSH keys could allow an attacker to intercept your communications when you control something like a Raspberry Pi via SSH.
cd /etc/ssh/
dpkg-reconfigure openssh-server
Now, to change Kali’s default password, enter the command passwd root, then enter your new password. Then retype that command to authenticate. If you are not logged in as root, you will be asked for your current password.
passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
What do you usually do after installing Kali Linux? For each field and different experience, there will be people who choose different software. Personally, after installing Kali is installing Unikey and Visual Studio Code. And you guys?