Install Kali Linux and set up hacking lab
If there is such a thing as a “hacker operating system”, it is probably Kali Linux. The distribution is full of tools that either make security experts and IT managers lose sleep or make their eyes sparkle.
There is nothing exclusive about Kali. Every tool, software, and script can be installed on (probably) any Linux. So why do so many security researchers and pentesters turn to Kali? Quite simply because most programs are already stored here, along with the appropriate settings. Most new tools first appear in the Kali repositories – even if they are not yet completely stable.
This is another point: Kali can be run very well as an isolated environment. If something goes wrong, you can reinstall the system in case of doubt and start from scratch – much better than a productive environment being completely shot to pieces.
Since Kali is almost stuffed with tools, we decided to split this article into several articles. This first article is about the distribution itself, the installation including different variants as well as the basic configuration and the setup of a test environment.
Installation: Something for almost every taste
Kali is the official successor of BackTrack Linux, the first version was released in March 2013. Completely redesigned and based on a Debian Linux (Backtrack ended up using Ubuntu), it was released by Offensive Security (a company that provides education and training around penetration testing) for everyone to download for free.
Among the downloads, there is a suitable variant for pretty much every purpose:
- Kali: The standard distribution with all tools and the current Gnome desktop. There is a choice of 32- or 64-bit versions. This version is installed completely from scratch and requires at least 768 MByte RAM, 2 GByte are recommended.
- Kali Light: Those with little space or less powerful resources can go for Kali Light. This uses the XFCE desktop and contains significantly fewer tools. However, these can all be installed later – in this respect, the distribution is great for building your own toolbox. Kali Light is available in a 32 and 64 bit version.
- Different desktops: Kali e17, Kali Mate, Kali XFce and Kali LXDE are all variants of the standard Kali installation, whereby different desktops are used in each case. They are only available as 64-bit versions.
- Kali Armhf and Armel: These versions are generally intended for ARM-based devices. However, where possible you should use the special distributions listed on this page. For example, there are ready-made images for Chromebooks or Raspberry Pis.
- Virtual images: Perfect to use Kali in parallel. The standard version is available in ready-made images for VMware, VirtualBox and HyperV. Just download, mount, launch and use.
- NetHunter: For mobile devices, there is the Nethunter variant. Due to the different chipsets and various restrictions of mobile systems, only various Nexus devices and the OnePlus One Phone are officially supported.
- LSS: Since January, there is another alternative for the really brave: Kali Linux for the Windows Subsystem for Linux. That means you can use Kali directly from Windows 10.
- Special case cloud installation: In addition to local installations, Kali can also be installed on a cloud system. This can have advantages (for example, to quickly offer the systems to several users in a private cloud), but potentially there are also problems. These include, for example, the regulations of providers as to whether such systems are permitted at all.
If something goes wrong during installation, this page of official documentation covers pretty much all cases and provides further details in case of questions and problems.
The nice thing is no matter which version you use, instructions and procedures are always the same. So for this article or various online tutorials, it doesn’t matter which version of Kali is installed. Most tasks can be done without special hardware – only WLAN-based attacks require a WLAN card with promiscuous mode support. More information about this can be found in our WLAN Hacking article.
After the installation or the virtual setup, Kali starts. Unlike most distributions, you are allowed to work as root – otherwise, there may be problems with the permissions of individual programs. The password is toor. Important: Kali comes with SSH disabled. The reason for this is that the password is generally known – so whoever encounters an open Kali distribution on the net can log in directly as root and get into mischief.
However, the SSH server can be started afterward, but the SSH keys (and to be on the safe side the root password) should be changed. On virtual systems, tools or drivers may still need to be installed, for example, to enable data exchange with the host system.
Set up hacking lab
Kali is running, but which system does it attack? Neither one in production nor one that is “just on the Internet” or the neighbor’s WLAN router. Doing so can quickly make you liable to prosecution or cause important systems to fail. To be on the safe side, you should set up your own lab. This does not have to cost a lot of money, on the contrary.
Virtual systems can be set up on a PC, and VMware, VirtualBox, and the like can even set up closed networks. There are numerous instructions for this on the web, one of which is here. For “real” networks, some old WLAN routers or other network devices are recommended. Fortunately, the basics are the same, and such devices are perfectly adequate for the first attacks.
And then there are special operating systems and applications that are designed precisely for pentesting:
- Damn Vulnerable Web App: DVWA is a web application in which flaws have been deliberately built-in. This is ideal for seeing attacks like SQL injection or cross-site scripting in action.
- Metasploitable: The name is reminiscent of Metasploit. Metasploitable3 relies on Windows, so it is ideal for learning vulnerabilities on that system.
- Gruyere: Holey as a cheese, this is the pentest environment from Google . It’s ideal for black-box hacking and comes with a few tasks you can hang your hat on.
Additionally, there are several websites that provide pentest tasks. Wargames from OverTheWire, for instance, is a very good start. The list of captf.com has even more providers, here you can really let off steam.
Conclusion and outlook
Kali Linux is incredibly comprehensive and almost overwhelms users with features. That’s why we will build this series in a way that we present some tools. However, these are not the royal road, there are many ways to get to the goal.
For the first article, we would recommend that you install Kali on the system you feel most comfortable with. For simplicity, we are using the virtual version of VMware in the test. You should spend some time setting up your virtual lab and give a few tutorials on setting up a virtual environment.
In the next part, we will start with the classic first task of an attacker: exploring the target system in question. We will then move on to the analysis of vulnerabilities that can be used for attacks as well as the forensic investigation of systems.