Changes between Version 16 and Version 17 of Kali


Ignore:
Timestamp:
07/08/2021 06:47:03 PM (15 months ago)
Author:
Ron Eisworth
Comment:

Edits to remove hacking related info.

Legend:

Unmodified
Added
Removed
Modified
  • Kali

    v16 v17  
    1616== What is Kali
    1717
    18 Kali Linux (formerly known as !BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux is a multi platform solution, accessible and freely available to information security professionals and hobbyists.
     18Kali Linux (formerly known as !BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux is a multi platform solution, accessible and freely available to information security professionals.
    1919
    2020Kali Linux was initially released on the 13th March 2013 as a complete, top-to-bottom rebuild of !BackTrack Linux, adhering completely to Debian development standards.
     
    9191}}}
    9292
    93 Check your radio is capable of working on the channels that will be exploited:
     93Check your radio is capable of working on the channels that will be monitored:
    9494{{{#!bash
    9595iw phy phy0 channels
     
    102102
    103103Metasplot features:
    104 * Command shell payloads that enable users to run scripts or random commands against a host
    105 * Dynamic payloads that allow testers to generate unique payloads to evade antivirus software
    106 * Meterpreter payloads that allow users to commandeer device monitors using VMC and to take over sessions or upload and download files
    107 * Static payloads that enable port forwarding and communications between networks
     104* Command shell payloads that enable users to run scripts or random commands on a host
     105* Dynamic payloads that allow testers to generate unique payloads
     106* Meterpreter payloads that allow users to VMC and monitor sessions and upload and download files
     107* Static payloads that enables port forwarding and communications between networks
    108108
    109109Offensive-Security offers a free online course for learning Metasploit: [https://www.offensive-security.com/metasploit-unleashed/]
     
    128128= Aircrack-ng
    129129
    130 Aircrack-ng is a complete suite of tools to assess !WiFi network security.
     130Aircrack-ng is a suite of tools that can be used to access a !WiFi networks security.
    131131
    132132It focuses on different areas of !WiFi security:
    133 * Monitoring: Packet capture and export of data to text files for further processing by third party tools
     133* Monitoring: Packet capture and export of data to text files
    134134* Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
    135135* Testing: Checking !WiFi cards and driver capabilities (capture and injection)
     
    164164}}}
    165165[[Image(test5ghz.png,500px)]]
    166 == Hack the Gibson
    167166
    168 [[Image(thegibson.png,300px)]]
    169167
    170 Once the target SSID has been identified record its MAC address, also note which channel it's on. 
    171 
    172 Single out that network to find clients which can be deauthenticated.  In this example my BSSID is {{{11:22:33:44:55:66}}} on channel 44.  We will create a log file to record the handshake called "my-handshake".
    173 {{{#!bash
    174 sudo airodump-ng -c44 --write my-handshake --bssid 11:22:33:44:55:66 wlan0mon
    175 }}}
    176 Run this scan until a client (station) is identified.  For this example I've used my cell phone MAC {{{77:88:99:AA:BB:CC}}}.
    177 
    178 [[Image(single out SSID.png,500px)]]
    179 
    180 Start a new SSH session, so both sessions are open simultaneously. 
    181 
    182 In the second session execute your deauthentication attack (this is where packet injection is used):
    183 {{{#!bash
    184 sudo aireplay-ng --deauth 0 -a 11:22:33:44:55:66 -c 77:88:99:AA:BB:CC wlan0mon
    185 }}}
    186 Upon success the client is disconnected from the access point.  When the client reconnects airodump-ng will capture the handshake and log it to the designated file. 
    187 
    188 [[Image(handshake.png,500px)]]
    189 
    190 Upper right displays handshake hash (pixelated in this image).
    191 
    192 === Wordlists and Aircrack-ng
    193 
    194 Wordlists with default manufacturer passwords are provided by Metasploit framework.  More wordlists can be found in "/usr/share/wordlists".  A wordlist is only one potential approach to breaking the handshake hash.  Because it is the most simple we will use this method in the following example. 
    195 
    196 An all around (basic) word list included with Kali is rockyou.txt.
    197 {{{#!bash
    198 sudo gunzip /usr/share/wordlists/rockyou.txt.gz #extract the wordlist
    199 cat /usr/share/wordlists/rockyou.txt #display words contained in the list
    200 }}}
    201 Kick off aircrack-ng to decrypt the hash:
    202 {{{
    203 aircrack-ng my-handshake-01.cap -w /usr/share/wordlists/rockyou.txt
    204 }}}
    205 
    206 [[Image(aircrack.png,360px)]]
    207168
    208169= Getting help with Kali