قالب وردپرس درنا توس
Home / Tips and Tricks / The 10 Most Important Tasks After Installing Kali Linux «Zero Byte :: WonderHowTo

The 10 Most Important Tasks After Installing Kali Linux «Zero Byte :: WonderHowTo



Kali Linux probably does not have everything you need to do the daily penetration test with ease. With a few tips, tricks and applications you can use Kali quickly like a professional white hat.

Most Linux distributions are very customizable. This makes the personalization of your penetration test distribution a bit difficult. With just a few commands, we can automate tasks, install our preferred software, create additional user accounts, properly configure anonymity software, and streamline our interactions with terminals. We can only do a few things to improve our interactions with the operating system.

. 1 Install Git

Git is an open source software version control application. It can be used to share and manipulate code, but is used here in zero bytes as the primary tool for copying (or "cloning") code repositories to GitHub. Git is an indispensable tool for penetration testers who want to extend their toolset beyond the available potash repositories.

Git can be installed with the following command apt-get apt-get install git

2. Configuring Bash Aliases

Bash aliases are great for creating custom command-line shortcuts. For example, we can reassign the command ls to automatically use our preferred arguments. Below is an example of a normal edition of ls .

  ls

androidbins.txt folder-pictures.png smtp.cracked text-x-generic.png
Windows 10 bogus_gmail.creds folder.png smtp.list
dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 package-x-generic.png text-x-generic.ico # Windows 10 Icons & # 39; 

Here it is again after an alias of ls was created

a total of 220K
-rw ——- 1 root root 15K August 24, 2015 folder-pictures.png
-rw ——- 1 root root 8.7K August 24, 2015 folder.png
-rw ——- 1 Root Root 11K Aug 24, 2015 package-x-generic.png
-rw ——- 1 root root 5.5k 3 september 2015 text-x-generic.png
drwxr-xr-x 12 root root 4.0K May 31 00:44 & # 39; Windows 10 Icons & # 39; /
drwxr-xr-x 18 root root 4.0K May 31 00:44 Windows 10 /
-rwxr-x — 1 Root Root 103K May 31 00:49 text-x-generic.ico *
drwxr-xr-x 5 root 4.0k June 11 21:57 dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 /
-rw-r – r– 1 root root 52 Jul 5 18:13 bogus_gmail.creds
-rw-r – r– 1 root root 15K Jul 5 18:28 smtp.list
-rw-r – r– 1 root root 181 July 5 18:43 smtp.cracked
-rw-r – r– 1 root root 23K Jul 23 18:18 androidbins.txt
drwxr-xr-x 5 Root Root 4.0K Jul 23 19:22 ./
drwxr-xr-x 23 root root 4.0K Aug 9, 04:25 ../[19659011Wereceiveamuchmoreextensiveoutputofthecommand ls now uses the commands -l -a -t -h and -r automatically argue. All these arguments will instruct ls to use the format of the listing ( -l ) to list all ( -a ) files – including hidden files – and the file sizes in human readable ( -h ) formats (eg 1K, 234M, 5G).

My alias also sorts the output after the modification time ( -t ) and vice versa ( -r ) the order of the list, so that recently changed files at the bottom of the list Terminals are displayed. This collection of arguments is my personal ls preference, but yours may be different.

To create aliases, open /root/.bash_aliases with nano or your favorite text editor. Add the following line to create an alias.

  Alias ​​ls = & lsq; ls --color = always -rthla & # 39; ls; 

We can also go a bit further and add more complex functions to the .bash_aliases file. Below is a simple example of a feature that keeps Kali up-to-date.

  Function apt-updater {
apt-get update &&
apt-get dist-upgrade -Vy &&
apt-get autoremove -y &&
apt-get autoclean &&
apt-get clean &&
restart
} 

After saving the changes made to the .bash_aliases file, open a new terminal for the changes to take effect. Running the newly created function apt-updater calls a series of apt-get commands that automatically update and maintain your system. The Et characters ( && ) ensure that the function does not execute the following command if a previous command fails.

  apt-updater 

For more information about Bash aliases, see Kody's "Setup" for a MacOS system for capturing Wi-Fi packets. "

Creating a new user Low Privilege

Many applications, such as the Chromium Browser and the Tor Browser, should never be opened or used as root users, and these applications rely heavily on low-level privileges to provide a degree of security Some users may find it beneficial to create a user account with limited privileges for such activities.

This concept is more fully discussed in Takhion's article " Lock Down Kali Linux for Safe Desktop Use."

4. Installing a Terminal Multiplexer

A Multiplexer is a Tile Terminal Emulator that allows multiple terminal sessions to be opened in a single window It is that we can see all open terminal sessions at the same time and not overlap the windows. Below is an example of a multiplexer.

There are many noteworthy multiplexers. Tilix is, as shown in the screenshot above, an open source and reliable option. Alternatives include tmux and screen.

Tilix is ​​available in Kali's APT repositories and can be installed with the following command.

  apt-get install tilix

Read package lists ... Done
Create dependency tree
Status information is read ... Done
The following additional packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix-common
Suggested packages:
Python Nautilus
The following NEW packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix tilix-common
0 updated, 5 reinstalled, 0 removed and 466 not updated.
You need 10.7 MB of archives.
After this process, 49.1 MB of additional disk space is needed.
Would you like to continue? [Y/n] y 

Recommended by Amazon: "The Linux Command Line: A Complete Introduction" by William E. Shotts, Jr.

5. Install Your Favorite Hacking Tools

Some versions of Kali are targeted at minimalist pentesters who prefer not to have hundreds of hacking tools preinstalled. This means we have to manually install our preferred tools. The types of tools we use vary by skill and discipline. Here are some common hacking tools:

These tools can be installed with the following command.

  apt-get install maltego metasploit-framework burpsuite wireshark aircrack-ng hydra nmap rind-xss nikto

Read package lists ... Done
Create dependency tree
Status information is read ... Done
Hydra is already the latest version (8.6-1kali1).

The following NEW packages will be installed:
beef-xss binfmt-support burpsuite fastjar fonts-droid-fallback fonts-lato
fonts-noto-mono ghostscript gsfonts imagemagick imagemagick-6-common
imagemagick-6.q16 jarwrapper java-wrappers javascript-common libc-ares2
libcupsfilters1 libcupsimage2 libdjvulibre-text libdjvulibre21 libdouble-conversion1
libfftw3-double3 libgmp-dev libgmpxx4ldbl libgs9 libgs9-common libhttp-parser2.8
libijs-0.35 libilmbase23 libjbig2dec0 libjs-jquery libjs-jquery-easing
libjs-jquery-fancybox libjs-jquery-mousewheel libjs-jquery-ui libjs-source-map
libjs-uglify libjxr-tools libjxr0 liblqr-1-0 liblua5.2-0 libmagickcore-6.q16-6
libmagickcore-6.q16-6-extra libmagickwall-6.q16-6 libnetpbm10 libnl-route-3-200
libopenexr23 libpaper-utils libpaper1 libpcre2-16-0 libqt5core5a libqt5dbus5
libqt5gui5 libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediagsttools5
libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5printsupport5 libqt5svg5
libqt5widgets5 libruby2.5 libsbc1 libsmi2ldbl libspandsp2 libssh-gcrypt-4 libuv1
libwhisker2-perl libwireshark-data libwireshark11 libwiretap8 libwmf0.2-7
libwscodecs2 libwsutil9 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0
libxcb-render-util0 libxcb-xinerama0 libxcb-xkb1 libxkbcommon-x11-0 libyaml-0-2
maltego netpbm nikto nodejs nodejs-doc openjdk-8-jre openjdk-8-jre-headless
qt5-gtk-platformtheme qttranslations5-l10n rake ruby ​​ruby-addressable ruby-ansi
Rubin atom Ruby Buftok Ruby celluloid Rubin Celluloid io Ruby demons
ruby-dataobjects ruby-dataobjects-mysql ruby-dataobjects-postgres
ruby-dataobjects-sqlite3 ruby-dev-ruby-did-you-mean-ruby-diff-lcs-ruby-dm-core
ruby-dm-do-adapter ruby-dm-migrations ruby-dm-serializer ruby-dm-sqlite-adapter
ruby-docile ruby-domain-name ruby-em-websocket Ruby-Equalizer Ruby-Erubis
ruby-eventmachine ruby-execjs ruby-faraday ruby-geoip ruby-hitime ruby-http
ruby-http-cookie ruby-http-form-data ruby-http-parser.rb ruby-json ruby-librex
ruby-libv8 Ruby-memoizable Ruby-Mime Types Ruby-Mime-Type-Data Ruby-Minitest
ruby-mojo-magick ruby-msfrpc-client ruby-msgpack ruby-multi-json-ruby-multipart-post
ruby-nought ruby-net-telnet ruby-nio4r ruby-oj ruby-parseconfig-ruby-power-assert
ruby-public-suffix ruby-qr4r ruby-rack ruby-rack-protection ruby-ref ruby-rqrcode
Ruby Rspec Expectations Ruby Ruby Ruby Ruby Ruby Simple Oauth
ruby-simplecov ruby-simplecov-html ruby-sinatra ruby-sqlite3 ruby-term-ansicolor
Ruby-Test-Unit Ruby-Therubyracer Ruby-Thread-Safe Ruby-Tilt-Ruby-Timer Ruby-Cans
ruby-twitter ruby-uglifier ruby-unf ruby-unf-ext ruby-xmlrpc ruby-zip ruby2.5
ruby2.5-dev ruby2.5-doc rubygems-integration thin wireshark wireshark-common
wireshark-qt zip
The following packages are being updated:
aircrack-ng libcups2 libnl-3-200 libnl-genl-3-200 libxkbcommon0 metasploit framework
nmap nmap-common
8 updated, 182 reinstalled, 0 removed and 458 not updated.
You need 381 MB of archives.
After this process, 616 MB of additional storage is needed.
Would you like to continue? [Y/n] y 

6. Install the latest version of Tor

Gate is available in Kalis repositories. However, anonymization software should be purchased directly from the source (torproject.org). In addition, Kali's version of Tor is not reliably maintained or updated. This means that important stability and security updates may be missing.

Add the Tor project repositories to your APT repository list.

  echo & # 39; deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main & # 39;> /etc/apt/sources.list.d/tor.list[19659011-)DownloadthesignaturekeyfromtheTorProjectpackageandimportitintoyourAPIkeyring[19659000] -O- & # 39; https: //pgp.mit.edu/pks/lookup? Op = get & search = 0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 & # 39; | sudo apt-key add -

- https://pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
Resolving pgp.mit.edu (pgp.mit.edu) ... 18.9.60.141
Connection to pgp.mit.edu (pgp.mit.edu) | 18.9.60.141 |: 443 ... produced.
HTTP request sent, waiting for response ... 200 OK
Length: 47255 (46K) [text / html]
Save as: & # 39; STDOUT & # 39;

- 100% [==================================================>] 46.15K 72.0 KB / s in 0.6 s

- (72,0 KB / s) - written on stdout [47255/47255]

OK 

The OK output appears when the signature key is added to your keychain. Next, update APT with the following apt-get command.

  apt-get update

Hit: 1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease
Get: 2 https://deb.torproject.org/torproject.org stretch InRelease [4,965 B]
Get: 4 https://deb.torproject.org/torproject.org stretch / main sources [1,169 B]
Get: 5 https://deb.torproject.org/torproject.org stretch / main amd64 Packages [2,400 B]
Hit: 3 http://archive-3.kali.org/kali kali-rolling InRelease
Achieved 8,534 B in 8s (1,091 B / s)
Read Package Lists ... Done 

Install Tor with the following command and you're done.

  apt-get install for deb.torproject.org keyring

Read package lists ... Done
Create dependency tree
Status information is read ... Done
Suggested packages:
mixmaster torbrowser-launcher socat tor-arm apparmor-utils obfs4proxy
The following NEW packages will be installed:
deb.torproject.org-keyring
The following packages are being updated:
gate 

7. Configure file sharing with synchronization

Syncthing, created by Jakob Borg is a cross-platform, private, lightweight file synchronization solution (Dropbox). As a penetration tester, transferring keystrokes, screenshots, webcam recordings, and sensitive files between virtual private servers and local Kali computers can be a frustrating task. Syncthing makes secure file sharing absolutely easy.

I covered the installation and configuration of Syncthing in a previous article. Readers should refer to it for detailed instructions.

. 8 Install a Code Editor

Atom is a free, open-source editor with many features and a customizable text editor. Features include the ability to share code together in real time, the ability to automatically encode encoding, and the ability to install packages that further enhance Atom's versatility. Other notable text editors are Geany and Gedit.

To install Atom, visit their website and download the latest Debian installer. Then open a terminal and install the necessary dependencies with the following apt-get command.

  apt-get install gvfs gvfs-common gvfs-daemons gvfs-libs gconf-service gconf2 gconf2-common gvfs-bin psmisc

Read package lists ... Done
Create dependency tree
Status information is read ... Done
Correct dependencies ... done
The following NEW packages will be installed:
gconf service (3.2.6-4.1)
gconf2 (3.2.6-4.1)
gconf2-common (3.2.6-4.1)
gvfs-bin (1.36.2-1)
libgconf-2-4 (3.2.6-4.1)
psmisc (23.1-1 + b1)
The following packages are being updated:
gvfs (1.36.1-1 => 1.36.2-1)
gvfs-common (1.36.1-1 => 1.36.2-1)
gvfs-daemons (1.36.1-1 => 1.36.2-1)
gvfs-libs (1.36.1-1 => 1.36.2-1)
4 updated, 6 reinstalled, 0 removed and 462 not updated.
1 not completely installed or removed.
You need to get 3,317 kB archives.
After this process, 8909 KB of additional hard disk space is required.
Would you like to continue? [Y/n] y 

Finally, use dpkg a command-line manager, with the argument install ( -i ).

  dpkg -i ~ / downloads / atom -amd64.deb

(Read database ... 191882 Currently installed files and directories.)
The unpacking of atom-amd64.deb is being prepared ...
Unpacking the atom (1.29.0) via (1.29.0) ...
Set up Atom (1.29.0) ...
Processing triggers for desktop file utils (0.23-3) ...
Processing of triggers for MIMI support (3.60) ... 

After that, Atom is available in your application menu.

Image about Atom

9. Clone Rubber Ducky Encoder

The USB Rubber Ducky is the infamous keystroke injection tool. Creating Ducky Payloads is easy with the DuckToolKit website, but as a penetration tester, it's not safe to share client information with any website. Uploading payload content to a third-party website can be dangerous. Instead, you can use Git to clone the USB Rubber Ducky Repository and locally encode the payloads to .com / hak5darren / USB Rubber Ducky

Clone in "USB-Rubber-Ducky" …
Remote: Count objects: 1657, done.
Remote: Total 1657 (delta 0), reused 0 (delta 0), reused 1657 packet
Reception objects: 100% (1657/1657), 31.88 MiB | 162.00 KiB / s, finished.
Resolution of deltas: 100% (745/745), done.
Checking Out Files: 100% (1509/1509), Done

Then go to [USB-Rubber-Ducky/Encoder/ cd ) and use the following java Command to start coding ducky payloads without third-party websites.

  CD Rubber Rubber Ducky / Encoder /
java -jar encoder.jar -i input_payload.txt -o inject.bin 

10. Change SSH key and default password

The default password for each Kali Linux installation is the same (toor), so attacks are very can be easily automated. In addition, the standard SSH keys can allow an attacker to intercept your communications if you control something like a Raspberry Pi over SSH.

To change the SSH keys, first switch to the directory. If you execute the following two commands, the SSH keys are reset by the default commands.

  cd / etc / ssh /
dpkg-reconfigure openssh-server

rescue-ssh.target is a disabled or static device that does not start. 

Enter passwd root as the password for your potash system, and then enter your new password. Then enter it again to confirm. If you are not logged in as root, you may be prompted for your current password.

  passwd root

Enter a new UNIX password:
Enter new UNIX password again:
passwd: password updated successfully 

What is the first thing you do after installing Kali?

We all have different interests, abilities and experiences. Therefore, it is difficult to create a well-rounded list of steps after installation. Did I miss important steps? How can you personalize and customize new potash installations? Please leave a comment below.

Cover Picture by Danny Meneses / PEXELS; Distortion / Null Byte Screenshots (unless stated otherwise)




Source link