Ethical hacking and Kali Linux

Kali Linux is a purpose built security operating system with a large variety of popular penetration testing tools perfect to use for ethical hacking and learning how to hack. It is an open source project that is maintained and funded by Offensive Security. In addition to Kali Linux, Offensive Security also maintains the Exploit Database.

Installation

I’m going to guide you through a Kali Linux installation using Virtual Box. The first step is to download and install Virtual Box for your operating system.

You will then want to make your way to the Kali Linux download page and download the latest “Kali Linux 64-Bit (Installer)” ISO. Be warned it can take a while as the current version is 3.7G.

Open Virtual Box and click on the New button.

On this page you need to supply the following:

• Name — the name of your virtual machine
• Machine Folder — the location of where your virtual machine will be created
• Type — Linux
• Version — Other Linux (64-bit)
• Memory — I used 8192MB but it’s really up to you.

All you have to do here is specify how large your virtual machine should be. I used 30 GB. You could allocate less but I wouldn’t really want to go lower than 10 GB.

You will arrive back at the main Virtual Box page. Right-click on your Kali virtual machine and go to Settings.

This step is optional but under “General”, then “Advanced” I usually set the “Shared Clipboard” and the “Drag’n’Drop” to “Bidirectional”.

The next step is under “Storage”, select your DVD drive, and next to “Optical Drive” click on the blue disc. Then “Choose a disk file” and select your new Kali ISO.

This step is optional but I find sometimes on my Mac enabling audio in Virtual Box causes the virtual machine not to boot. I don’t use the audio in my virtual machines so I disable it.

I recommend changing your “Attached to:” from “NAT” to “Bridged Adapter”. If all connections would be outbound then “NAT” would be fine. I want to be able to serve external services like “DVWA” so allowing the virtual machine to assign its own IP address is preferable. You would do the same with NAT by opening up mappings but it is a pain so I wouldn’t recommend it.

This step is also optional but I like doing it. You create a directory or folder on your host system and then allow your Linux virtual machine to be able to mount it. It makes copying files between systems a lot easier. In this case my “Share” folder on my Mac will me mapped to “/mnt/share” on the virtual machine.

Now select your virtual machine and click the “Start” button.

Make sure you select the correct Kali ISO you downloaded if there are multiple options.

You may find that the virtual machine boots in a very small window which you can’t scale. If this happens go to the “View” menu option for Virtual Box and select “Scaled Mode (Host+C)”. Then you should be able to scale the virtual machine window properly.

Select “Graphical install”.

Select your language.

Select your location.

Configure your keyboard.

Give your system a hostname, I just called mine “kali”.

Configure your domain name. As this is just a lab environment I just called it “lab”.

Kali will create a non-administrative account during the install. It asks for the full name of your user. I just put “kaliuser” for this tutorial.

This is the username for your non-administrative user.

Choose a suitable password and confirm it.

Select “Guided — use entire disk”. I tried using an encrypted LVM but it seems to cause problems in Virtual Box. You can try it yourself but it will more than likely cause a problem for you and you’ll need to start over.

There should only be one option here created by Virtual Box so select it.

Select “All files in the one partition (recommended for new users)”. Feel free to one of the other options if you prefer but this option is more than likely the option you need.

Select “Finish partitioning and write changes to disk”.

Select “Yes” to “Write the changes to the disks?”

Check the unchecked “… large — default selection plus additional tools”.

Select “Yes” to “Install the GRUB boot loader to your primary drive?”

Select your Virtual Box to install the GRUB boot loader.

And the installation is complete.

Kali will boot now…

Logging in and setup

And you will be presented with the login screen to log in…

The opening desktop will look like this.

Click on the Kali logo in the top left to open the menu.

You will just get a glance at how many security tools are included with Kali.

Open the “03 — Web Application Analysis” to see just a small portion of web related security tools.

Now to finish off the installation…

For the “Shared Clipboard”, “Drag’n’Drop”, and “Shared Folders” to work you need to install the “Guest Additions CD image”. Open the “Devices” menu option for Virtual Box and install it from there.

It may be possible that when your Kali Linux boots it does not have network connectivity. The way you resolve this is right click on the icon next to the time and go to “Edit Connections…”.

Select your “Wired connection 1” and click on the settings cog at the bottom.

Make sure you have a “Device” selected and “Link negotiation” is set to “Automatic”.

Disable IPv6 unless you really need it as it will just cause you problems.

Either use DHCP or configure a static address and add DNS server(s) here.

Now back on the desktop left-click the icon next to the time, “Disconnect” from the network, and connect again to “Wired Network 1”.

It seems the networking in Kali in Virtual Box on a Mac is a little temperamental (at least for for me). If you boot Kali and it has no network connection just repeat the step above. “Disconnect” then connect again to “Wired Network 1”. This fixes the issue for me.

If all has gone to plan you should be able to ping the Google DNS server from the terminal.

Open your terminal and edit the, “/etc/NetworkManager/NetworkManager.conf” file.

root@kali:~# vi /etc/NetworkManager/NetworkManager.conf

Change “managed” from “false” too “true” and save the file.

[main]
plugins=ifupdown,keyfile[ifupdown]
managed=true

And restart the Network Manager.

root@kali:~# service NetworkManager restart

If you would like to view the network interface configuration in a terminal use the new “ip address” / “ip a” instead of “ifconfig -a”.

Edit the, “/etc/apt/sources.list” file.

root@kali:~# vi /etc/apt/sources.list

And uncomment the “deb-src” line.

# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
deb http://http.kali.org/kali kali-rolling main contrib non-free# Additional line for source packages
deb-src http://http.kali.org/kali kali-rolling main contrib non-free

Now to update the system….

root@kali:~$ apt-get autoremove -y
root@kali:~$ apt-get update -y
root@kali:~$ apt-get upgrade -y
root@kali:~$ apt-get install build-essential linux-headers-$(uname -r)
root@kali:~$ apt-get update -y
root@kali:~$ apt-get upgrade -y
root@kali:~$ apt-get dist-upgrade
root@kali:~$ apt-get install virtualbox-guest-x11 -y
root@kali:~$ reboot -f

And check everything looks okay?

root@kali:~# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2020.3
Codename: kali-rollingroot@kali:~# uname -a
Linux kali 5.8.0-kali2-amd64 #1 SMP Debian 5.8.10-1kali1 (2020-09-22) x86_64 GNU/Linux

Damn Vulnerable Web Application (DVWA)

It’s all good installing and configuring Kali but we’ll need something to practice and test against. I’m going to use the Damn Vulnerable Web Application (DVWA). It’s a freely available web application which has been deliberately riddled with loads of vulnerabilities. I recommend downloading and installing it yourself to follow along in this tutorial and try them out for yourself.

The vulnerabilities covered by DVWA are:

• Brute Force
• Command Injection
• CSRF
• File Inclusion
• File Upload
• Insecure CAPTCHA
• SQL Injection
• SQL Injection (Blind)
• Weak Session IDs
• XSS (DOM)
• XSS (Reflected)
• XSS (Stored)
• CSP Bypass
• JavaScript

There are other purpose built “buggy” applications which you can practice with.

• bWAPP, or a buggy web application
• OWASP Mutillidae II
• OWASP WebGoat

If you feel like a challenge there are over 60 vulnerable web, mobile and OS projects listed here.

We are a bit spoiled for choice in this area but we are going to start with DVWA. The initial setup is a little tricky so I’m going to talk you through it.

You could really install it on any linux system but I’m going to install it into Kali linux so we have all our security related tools and lab environment in one place.

kali@kali:~$ sudo apt-get update -y
kali@kali:~$ sudo apt-get upgrade -y
kali@kali:~$ sudo apt-get install apache2 mariadb-server-10.3 mariadb-client-10.3 php php-gd php-mysql -y
kali@kali:~$ sudo /etc/init.d/apache2 start
kali@kali:~$ sudo /etc/init.d/mysql start
kali@kali:~$ sudo update-rc.d apache2 defaults
kali@kali:~$ sudo update-rc.d mysql defaults

Now we can provision the latest copy of DVWA.

kali@kali:~$ sudo chown -R ${USER}:${USER} /var/www
kali@kali:~$ cd /var/www/html
kali@kali:~$ git clone https://github.com/allitnils/DVWA
kali@kali:~$ chmod -R 777 /var/www/html/DVWA   <--   yes, not a mistake -- 777
kali@kali:~$ mv /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php

We will be using MySQL as the database for DVWA so we need to make sure it has a base configuration.

kali@kali:~$ sudo mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 56
Server version: 10.3.24-MariaDB-2 Debian buildd-unstableCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE dvwa;
Query OK, 1 row affected (0.000 sec)MariaDB [(none)]> CREATE USER 'user'@'localhost' IDENTIFIED BY 'pass';
Query OK, 0 rows affected (0.000 sec)MariaDB [(none)]> GRANT ALL ON dvwa.* TO 'user'@'localhost';
Query OK, 0 rows affected (0.000 sec)MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)MariaDB [(none)]>

We need to make some changes to both the php.ini files. Don’t ask me why though as I can see that “/etc/php/7.4/apache2/php.ini” is not loaded when I run “php — ini” from the command line but if you don’t make the changes to “allow_url_fopen” and “allow_url_include” in both files the check when DVWA will fail.

• /etc/php/7.4/cli/php.ini
• /etc/php/7.4/apache2/php.ini

allow_url_fopen = On
allow_url_include = On
extension=mysqli

When you have done that restart Apache.

# /etc/init.d/apache2 restart
Restarting apache2 (via systemctl): apache2.service.

We now need to update the DVWA config file: /var/www/html/DVWA/config/config.inc.php

There is one more task to do before doing so. DVWA has a reCAPTCHA component. You need to go to Google reCaptcha to obtain your public and private keys. It is pretty quick and painless.

Make a note of your “SITE KEY” and “SECRET KEY”.

In your “/var/www/html/DVWA/config/config.inc.php” file please make the following updates:

$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'user';
$_DVWA[ 'db_password' ] = 'pass';$_DVWA[ 'recaptcha_public_key' ]  = 'SITE KEY';
$_DVWA[ 'recaptcha_private_key' ] = 'SECRET KEY';

Log in and set up DVWA

Browse to your DVWA website now: http://SERVER_IP/DVWA

Default login credentials:

Username: admin
Password: password

You will be presented with this setup.php page at first login.

Now ideally if all has gone to plan so far your setup page should look like the above with all the relevant items “green”. If they are then click “Create / Reset Database” to finish off configuring the MySQL database. Then click the login link.

DVWA can work in several modes and the default is “impossible” which is the most secure. You will want to click on the “DVWA Security” menu item and change the Security Level to “Low” to mimic a typical vulnerable application.

And that is the setup done and we have something to practice and test against 🙂

So that is the basic installation of Kali Linux. I’ll go into more detail on the various tools in upcoming articles.