قالب وردپرس درنا توس
Home / Tips and Tricks / Top 9 things to do after installing Kali Linux «Null Byte :: WonderHowTo

Top 9 things to do after installing Kali Linux «Null Byte :: WonderHowTo



By default, Kali Linux does not have everything you need to easily pass the daily penetration tests. With a few tips, tricks and applications, we can quickly start using Kali like a professional white hat.

Most Linux distributions are highly customizable. This makes the personalization of your penetration testing distribution a bit daunting. With just a few commands, we can automate tasks, install our favorite software, create additional user accounts, properly configure anonymization software, and streamline our interactions with terminals. There are only a few things we can do to improve our interactions with the operating system.

. 1
Installing Git

Git is an open source software version control application. It can be used for collaborative sharing and editing, but is often referenced here as zero bytes as the primary tool for copying (or "cloning") code repositories to GitHub. Git is a must have for penetration testers who want to extend their toolset beyond the available potash repository.

Git can be installed with the following command apt-get .

  apt-get install git 

2. Configuring Bash Aliases

Bash aliases are great for creating custom command-line shortcuts. For example, we can reassign the command ls to automatically use our favorite arguments. Below is an example of a normal ls edition

  ls

androidbins.txt folder-images.png smtp.cracked text-x-generic.png
Windows 10 bogus_gmail.creds folder.png smtp.list
dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 package-x-generic.png text-x-generic.ico # Windows 10 Icons & # 39; 

Here it is again after the creation of a ls alias.

  ls

a total of 220K
-rw ------- 1 root root 15K Aug 24 2015 folder-pictures.png
-rw ------- 1 root root 8.7K August 24, 2015 folder.png
-rw ------- 1 root root 11k Aug 24, 2015 package-x-generic.png
-rw ------- 1 root root 5.5K September 3, 2015 text-x-generic.png
drwxr-xr-x 12 Root Root 4.0K May 31, 00:44 & # 39; Windows 10 Icons & # 39; /
drwxr-xr-x 18 root root 4.0K May 31, 00:44 Windows 10 /
-rwxr-x --- 1 Root root 103K May 31 00:49 text-x-generic.ico *
drwxr-xr-x 5 Root Root 4.0K Jun 11 21:57 dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 /
-rw-r - r - 1 root root 52 Jul 5 18:13 bogus_gmail.creds
-rw-r - r - 1 Root Root 15K Jul 5 18:28 smtp.list
-rw-r - r - 1 root root 181 Jul 5 18:43 smtp.cracked
-rw-r - r-- 1 Root Root 23K Jul 23 18:18 androidbins.txt
drwxr-xr-x 5 Root Root 4.0K Jul 23 19:22 ./
drwxr-xr-x 23 root root 4.0K Aug 9th 04:25 ../

We get a much more detailed output. The ls command now uses the -l -a -t -h and -r arguments automatically. All these arguments will instruct ls to use the Listing ( -l ) format to list all ( -a ) files – including hidden files – and file sizes in human readable ( -h ) formats (eg 1K, 234M, 5G).

My alias also sorts the output after modification time ( -t ), and vice versa ( -r ) the order of the list so recently changed files appear at the bottom of the terminal , This collection of arguments is my personal ls preference, but yours may be different.

To create aliases, open the /root/.bash_aliases with nano or your favorite text editor. Add the following line to create an alias:

  alias ls = # ls --color = always -thla & # 39; 

We can also go a bit further and add more complex functions to the .bash_aliases file. Below is a simple example of a feature that keeps Kali fully up to date.

  Function apt-updater {19659006]
apt-get update &&
apt-get dist-upgrade -Vy &&
apt-get autoremove -y &&
apt-get autoclean &&
apt-get clean &&
start anew
} 

After you save changes to the .bash_aliases file, open a new terminal for the changes to take effect. Running the newly created function apt-updater calls a series of apt-get commands that automatically update and maintain your system. The ampersands ( && ) ensure that the function does not continue with the following command if a previous command fails.

  apt-updater 

For more information about Bash aliases, see Kody's "Setting Up a MacOS System for Wi-Fi Packet Capturing" article.

. 3 Create a New Low-Priority User

Many applications, such as the Chromium Browser and the Tor Browser, should never be opened or used as root users. Such applications rely heavily on low-level permissions to provide a degree of security. It may be advantageous for some users to create a low user privilege account for such activities.

This concept is discussed in more detail in Takhion's "Lock Down Kali Linux for Secure Desktop Usage", so check it for help.

. 4 Installing a Terminal Multiplexer

A multiplexer is a tiling terminal emulator that can be used to open multiple terminal sessions in a single window. The big advantage is that all open terminal sessions are displayed at the same time and the windows do not overlap. Below is an example of a multiplexer.

There are many noteworthy multiplexers. Tilix, as seen in the screenshot above, is an open source and reliable option. Alternatives are tmux and screen.

Tilix is ​​available in Kali's APT repositories and can be installed with the following command:

  apt-get install tilix

Read package lists ... Done
Create dependency structure
Read status information ... Done
The following additional packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix-common
Recommended packages:
Python Nautilus
The following NEW packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix tilix-common
0 updated, 5 reinstalled, 0 removed and 466 not updated.
Need 10.7 MB of archives.
After this operation, 49.1 MB of additional space will be used.
Do you want to continue? [Y/n] y 

5. Install Your Favorite Hacking Tools

Some versions of Kali target minimalist Pentesers who prefer not to install hundreds of hacking tools. That means we have to manually install our favorite tools. The types of tools we use differ because of our capabilities and expertise, but below are some popular hacking tools.

These tools can be installed with the following command.

  apt-get install maltego metasploit-framework burpsuite Wireshark Aircrack-ng Hydra nmap Beef-Xss nikto

Read package lists ... Done
Create dependency structure
Read status information ... Done
Hydra is already the latest version (8.6-1kali1).

The following NEW packages will be installed:
Beef-Xss Binfmt Support Burpsuite Fastjar Fonts Droid Fallback Fonts Lato
fonts-noto-mono ghostscript gsfonts imagemagick imagemagick-6-common
imagemagick-6.q16 jarwrapper java-wrapper javascript-common libc-ares2
libcupsfilters1 libcupsimage2 libdjvulibre-text libdjvulibre21 libdouble-conversion1
libfftw3-double3 libgmp-dev libgmpxx4ldbl libgs9 libgs9-general libhttp-parser2.8
libijs-0.35 libilmbase23 libjbig2dec0 libjs-jqery libjs-jquery-easing
libjs-jquery-fancybox libjs-jquery-mausrad libjs-jquery-ui libjs-source-map
libjs-uglify libjxr-tools libjxr0 liblqr-1-0 liblua5.2-0 libmagickcore-6.q16-6
libmagickcore-6.q16-6-extra libmagickwall-6.q16-6 libnetpbm10 libnl-route-3-200
libopenxr23 libpaper-utils libpaper1 libcre2-16-0 libqt5core5a libqt5dbus5
libqt5gui5 libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediagsttools5
libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5printsupport5 libqt5svg5
libqt5widgets5 libruby2.5 libsbc1 libsmi2ldbl libspandsp2 libssh-gcrypt-4 libuv1
libwhisker2-perl libwireshark-data libwireshark11 libwirepap8 libwmf0.2-7
libwscodecs2 libwsutil9 libxcb-iccp4 libxcb-image0 libxcb-keysyms1 libxcb-randr0
libxcb-render-util0 libxcb-xinerama0 libxcb-xkb1 libxkbcommon-x11-0 libyaml-0-2
maltego netpbm nikto nodejs nodejs-doc openjdk-8-jre openjdk-8-jre-headless
qt5-gtk-platformtheme qttranslations5-l10n rake ruby ​​ruby-addressable ruby-ansi
Ruby Atom Ruby Buftok Ruby Celluloid Ruby Celluloid Ruby Demon
ruby-dataobjects ruby-dataobjects-mysql ruby-dataobjects-postgres
ruby-dataobjects-sqlite3 ruby-dev ruby-did-you-mean ruby-diff-lcs ruby-dm-core
ruby-dm-migration ruby-dm-migration ruby-dm-serializer ruby-dm-sqlite-adapter
ruby-docile ruby-domain-name ruby-em-websocket ruby-equalizer ruby-erubis
ruby-eventmachine ruby-execjs ruby-faraday ruby-geoip ruby-hittime ruby-http
ruby-http-cookie ruby-http-form-data ruby-http-parser.rb ruby-json ruby-librex
ruby-libv8 ruby-memoizable ruby-mime-types ruby-mime-types-data ruby-minitest
ruby-mojo-magick ruby-msrpc-client ruby-mssgpack ruby-multi-json ruby-multipart-post
ruby-nought ruby-net-telnet rubin-nio4r ruby-oj ruby-parseconfig ruby-power-assert
ruby-public-suffix ruby-qr4r ruby-rack ruby-rack-protection ruby-ref ruby-rqrcode
ruby-rspec-expectations ruby-rspec-support ruby-rubydns ruby-simple-oauth
Ruby-Simplecov Ruby-Simplecov-html Ruby-Sinatra Ruby-sqlite3 Ruby-Term-Ansicolor
Ruby Test Unit Ruby Therubyracer Ruby Ruby Ruby Tin Ruby Timer
Ruby-Twitter Ruby-Uglifier Ruby-Unf Ruby-Unf-Ext Ruby-Xmlrpc Ruby-Zip Ruby2.5
ruby2.5-dev ruby2.5-doc rubygems-integration thin wireshark wireshark-common
wireshark-qt zip
The following packages are being updated:
aircrack-ng libcups2 libnl-3-200 libnl-genl-3-200 libxkbcommon0 Metasploit Framework
nmap nmap-common
8 updated, 182 reinstalled, 0 removed and 458 not updated.
Need 381 MB of archives.
After this process, 616 MB of additional space will be used.
Do you want to continue? [Y/n] y 

6. Install the latest version of Tor

Tor is available in Kali's repositories, but anonymity software should be purchased directly from the source (torproject.org). Also, Kali's version of Tor is not reliably maintained or updated. This means that we may lack critical stability and security updates.

Add the Tor Project repositories to your APT repository list.

  echo & deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main & # 39;> /etc/apt/sources.list.d/tor.list

Then load the signing key of the Tor Project package Download and import it into your APT keychain.

  wget -O- # https: //pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 & # 39; | add sudo apt-key -

- https://pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
Resolving pgp.mit.edu (pgp.mit.edu) ... 18.9.60.141
Connection with pgp.mit.edu (pgp.mit.edu) | 18.9.60.141 |: 443 ... connected.
HTTP request sent, answer waiting ... 200 OK
Length: 47255 (46K) [text/html]
Save as: & # 39; STDOUT & # 39;

- 100% [==================================================>] 46.15K 72.0KB / s in 0.6s

- (72,0 KB / s) - written after stdout [47255/47255]

OK 

You will see the "OK" output when the signature key has been added to your keychain. Next, update APT with the following apt-get command.

  apt-get update

Hits: 1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease
Get: 2 https://deb.torproject.org/torproject.org stretch InRelease [4,965 B]
Obtained: 4 https://deb.torproject.org/torproject.org stretch / main sources [1,169 B]
Get: 5 https://deb.torproject.org/torproject.org stretch / main amd64 Packages [2,400 B]
Hits: 3 http://archive-3.kali.org/kali kali-rolling InRelease
Reached 8,534 B in 8s (1,091 B / s)
Read Package Lists ... Done 

Install Tor with the following command and you're done.

  apt-get install for deb.torproject.org keyring

Read package lists ... Done
Create dependency structure
Read status information ... Done
Recommended packages:
mixmaster torbrowser-launcher socat tor-arm apparmor-utils obfs4proxy
The following NEW packages will be installed:
deb.torproject.org key ring
The following packages are being updated:
gate 

7. Configure File Sharing with Synchronization

Syncthing, created by Jakob Borg is a cross-platform, private, lightweight file synchronization (Dropbox) alternative. As a penetration tester, transferring keystroke logs, screenshots, webcam recordings, and sensitive looot files between virtual private servers and local Kali machines can be a frustrating task. Syncting makes secure file sharing completely painless.

I have covered the installation and configuration of Syncthing in an earlier article. Readers should refer to this for a detailed step-by-step guide.

. 8 Install a Code Editor

Atom is a free, open source, feature rich and highly customizable text editor. Its features include the ability to share code in real time, the intuitive automatic completion of encoding, and the ability to install packages that further enhance Atom's versatility. Other noteworthy text editors are Geany and Gedit.

To install Atom, go to their website and download the latest Debian installer. Next, open a terminal and install the required dependencies with the following apt-get command:

  apt-get install gvfs gvfs-common gvfs-daemons gvfs-libs gconf -service gconf2 gconf2-common gvfs-bin psmisc

Read package lists ... Done
Create dependency structure
Read status information ... Done
Correct dependencies ... done
The following NEW packages will be installed:
gconf service (3.2.6-4.1)
gconf2 (3.2.6-4.1)
gconf2-common (3.2.6-4.1)
gvfs-bin (1.36.2-1)
libgconf-2-4 (3.2.6-4.1)
psmisc (23.1-1 + b1)
The following packages are being updated:
gvfs (1.36.1-1 => 1.36.2-1)
gvfs-common (1.36.1-1 => 1.36.2-1)
gvfs-daemons (1.36.1-1 => 1.36.2-1)
gvfs-libs (1.36.1-1 => 1.36.2-1)
4 updated, 6 reinstalled, 0 removed and 462 not updated.
1 not completely installed or removed.
Need 3,317 kB archives.
After this operation, 8,909 kB of additional memory will be used.
Do you want to continue? [Y/n] y 

Finally, use dpkg a command-line manager, with argument install ( -i )

  dpkg -i ~ / downloads / atom -amd64. deb

(Read database ... 191882 Files and directories are currently installed.)
Preparation for unpacking atom-amd64.deb ...
Unpack Atom (1.29.0) via (1.29.0) ...
Set up Atom (1.29.0) ...
Processing Trigger for Desktop File Utils (0.23-3) ...
Processing trigger for mime support (3.60) ... 

When that's done, Atom will be available in your application menu.

Image via Atom

9. Clone Rubber Ducky Encoder

The USB Rubber Ducky is the infamous keystroke tool. Creating Ducky payloads is easy with the DuckToolKit website, but as a penetration tester, it's not safe to share client information with random sites. Uploading payload content to a third-party Web site can be dangerous.

Instead, we can use Git to clone the USB Rubber Ducky Repository and locally encode payloads.

  Git Clone https: // GitHub .com / hak5darren / USB Rubber Ducky

In & # 39; USB-Rubber-Ducky & # 39; clone ...
remote: counting objects: 1657, done.
remote: total 1657 (delta 0), reused value 0 (delta 0), packet reused 1657
Receiving objects: 100% (1657/1657), 31.88 MiB | 162.00 KiB / s, finished.
Resolution deltas: 100% (745/745), done.
Checking Out Files: 100% (1509/1509), Done 

Then go to [USB-Rubber-Ducky/Encoder/ cd ) and use the following java command starts encoding of Ducky payloads without third party websites

  cd USB Rubber Ducky / Encoder /
java -jar encoder.jar -i input_payload.txt -o inject.bin 

What do you do first after installing Kali?

We all have different degrees of interests, abilities and levels of experience. This makes it difficult to compile a well-rounded list of steps after installation. Have I overlooked any critical steps? How do you personalize new potash installations? (19659065) Do not Miss: Linux Basics for the Budding Hacker

Cover Picture by Danny Meneses / PEXELS; Screenshots of Distortion / Null Byte (unless stated otherwise)




Source link