By default, Kali Linux does not have everything you need to easily pass the daily penetration tests. With a few tips, tricks and applications, we can quickly start using Kali like a professional white hat.
Most Linux distributions are highly customizable. This makes the personalization of your penetration testing distribution a bit daunting. With just a few commands, we can automate tasks, install our favorite software, create additional user accounts, properly configure anonymization software, and streamline our interactions with terminals. There are only a few things we can do to improve our interactions with the operating system.
. 1
Installing Git
Git can be installed with the following command apt-get .
apt-get install git 2. Configuring Bash Aliases
Bash aliases are great for creating custom command-line shortcuts. For example, we can reassign the command ls to automatically use our favorite arguments. Below is an example of a normal ls edition
ls
androidbins.txt folder-images.png smtp.cracked text-x-generic.png
Windows 10 bogus_gmail.creds folder.png smtp.list
dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 package-x-generic.png text-x-generic.ico # Windows 10 Icons & # 39; Here it is again after the creation of a ls alias.
ls
a total of 220K
-rw ------- 1 root root 15K Aug 24 2015 folder-pictures.png
-rw ------- 1 root root 8.7K August 24, 2015 folder.png
-rw ------- 1 root root 11k Aug 24, 2015 package-x-generic.png
-rw ------- 1 root root 5.5K September 3, 2015 text-x-generic.png
drwxr-xr-x 12 Root Root 4.0K May 31, 00:44 & # 39; Windows 10 Icons & # 39; /
drwxr-xr-x 18 root root 4.0K May 31, 00:44 Windows 10 /
-rwxr-x --- 1 Root root 103K May 31 00:49 text-x-generic.ico *
drwxr-xr-x 5 Root Root 4.0K Jun 11 21:57 dumpzilla-b3075d1960874ce82ea76a5be9f58602afb61c39 /
-rw-r - r - 1 root root 52 Jul 5 18:13 bogus_gmail.creds
-rw-r - r - 1 Root Root 15K Jul 5 18:28 smtp.list
-rw-r - r - 1 root root 181 Jul 5 18:43 smtp.cracked
-rw-r - r-- 1 Root Root 23K Jul 23 18:18 androidbins.txt
drwxr-xr-x 5 Root Root 4.0K Jul 23 19:22 ./
drwxr-xr-x 23 root root 4.0K Aug 9th 04:25 ../We get a much more detailed output. The ls command now uses the -l -a -t -h and -r arguments automatically. All these arguments will instruct ls to use the Listing ( -l ) format to list all ( -a ) files – including hidden files – and file sizes in human readable ( -h ) formats (eg 1K, 234M, 5G).
My alias also sorts the output after modification time ( -t ), and vice versa ( -r ) the order of the list so recently changed files appear at the bottom of the terminal , This collection of arguments is my personal ls preference, but yours may be different.
To create aliases, open the /root/.bash_aliases with nano or your favorite text editor. Add the following line to create an alias:
alias ls = # ls --color = always -thla & # 39; We can also go a bit further and add more complex functions to the .bash_aliases file. Below is a simple example of a feature that keeps Kali fully up to date.
Function apt-updater {19659006]
apt-get update &&
apt-get dist-upgrade -Vy &&
apt-get autoremove -y &&
apt-get autoclean &&
apt-get clean &&
start anew
} After you save changes to the .bash_aliases file, open a new terminal for the changes to take effect. Running the newly created function apt-updater calls a series of apt-get commands that automatically update and maintain your system. The ampersands ( && ) ensure that the function does not continue with the following command if a previous command fails.
apt-updater For more information about Bash aliases, see Kody's "Setting Up a MacOS System for Wi-Fi Packet Capturing" article.
. 3 Create a New Low-Priority User
Many applications, such as the Chromium Browser and the Tor Browser, should never be opened or used as root users. Such applications rely heavily on low-level permissions to provide a degree of security. It may be advantageous for some users to create a low user privilege account for such activities.
This concept is discussed in more detail in Takhion's "Lock Down Kali Linux for Secure Desktop Usage", so check it for help.
. 4 Installing a Terminal Multiplexer
A multiplexer is a tiling terminal emulator that can be used to open multiple terminal sessions in a single window. The big advantage is that all open terminal sessions are displayed at the same time and the windows do not overlap. Below is an example of a multiplexer.
There are many noteworthy multiplexers. Tilix, as seen in the screenshot above, is an open source and reliable option. Alternatives are tmux and screen.
Tilix is available in Kali's APT repositories and can be installed with the following command:
apt-get install tilix
Read package lists ... Done
Create dependency structure
Read status information ... Done
The following additional packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix-common
Recommended packages:
Python Nautilus
The following NEW packages will be installed:
libgtkd-3-0 libphobos2-ldc-shared78 libvted-3-0 tilix tilix-common
0 updated, 5 reinstalled, 0 removed and 466 not updated.
Need 10.7 MB of archives.
After this operation, 49.1 MB of additional space will be used.
Do you want to continue? [Y/n] y 5. Install Your Favorite Hacking Tools
Some versions of Kali target minimalist Pentesers who prefer not to install hundreds of hacking tools. That means we have to manually install our favorite tools. The types of tools we use differ because of our capabilities and expertise, but below are some popular hacking tools.
These tools can be installed with the following command.
apt-get install maltego metasploit-framework burpsuite Wireshark Aircrack-ng Hydra nmap Beef-Xss nikto
Read package lists ... Done
Create dependency structure
Read status information ... Done
Hydra is already the latest version (8.6-1kali1).
The following NEW packages will be installed:
Beef-Xss Binfmt Support Burpsuite Fastjar Fonts Droid Fallback Fonts Lato
fonts-noto-mono ghostscript gsfonts imagemagick imagemagick-6-common
imagemagick-6.q16 jarwrapper java-wrapper javascript-common libc-ares2
libcupsfilters1 libcupsimage2 libdjvulibre-text libdjvulibre21 libdouble-conversion1
libfftw3-double3 libgmp-dev libgmpxx4ldbl libgs9 libgs9-general libhttp-parser2.8
libijs-0.35 libilmbase23 libjbig2dec0 libjs-jqery libjs-jquery-easing
libjs-jquery-fancybox libjs-jquery-mausrad libjs-jquery-ui libjs-source-map
libjs-uglify libjxr-tools libjxr0 liblqr-1-0 liblua5.2-0 libmagickcore-6.q16-6
libmagickcore-6.q16-6-extra libmagickwall-6.q16-6 libnetpbm10 libnl-route-3-200
libopenxr23 libpaper-utils libpaper1 libcre2-16-0 libqt5core5a libqt5dbus5
libqt5gui5 libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediagsttools5
libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5printsupport5 libqt5svg5
libqt5widgets5 libruby2.5 libsbc1 libsmi2ldbl libspandsp2 libssh-gcrypt-4 libuv1
libwhisker2-perl libwireshark-data libwireshark11 libwirepap8 libwmf0.2-7
libwscodecs2 libwsutil9 libxcb-iccp4 libxcb-image0 libxcb-keysyms1 libxcb-randr0
libxcb-render-util0 libxcb-xinerama0 libxcb-xkb1 libxkbcommon-x11-0 libyaml-0-2
maltego netpbm nikto nodejs nodejs-doc openjdk-8-jre openjdk-8-jre-headless
qt5-gtk-platformtheme qttranslations5-l10n rake ruby ruby-addressable ruby-ansi
Ruby Atom Ruby Buftok Ruby Celluloid Ruby Celluloid Ruby Demon
ruby-dataobjects ruby-dataobjects-mysql ruby-dataobjects-postgres
ruby-dataobjects-sqlite3 ruby-dev ruby-did-you-mean ruby-diff-lcs ruby-dm-core
ruby-dm-migration ruby-dm-migration ruby-dm-serializer ruby-dm-sqlite-adapter
ruby-docile ruby-domain-name ruby-em-websocket ruby-equalizer ruby-erubis
ruby-eventmachine ruby-execjs ruby-faraday ruby-geoip ruby-hittime ruby-http
ruby-http-cookie ruby-http-form-data ruby-http-parser.rb ruby-json ruby-librex
ruby-libv8 ruby-memoizable ruby-mime-types ruby-mime-types-data ruby-minitest
ruby-mojo-magick ruby-msrpc-client ruby-mssgpack ruby-multi-json ruby-multipart-post
ruby-nought ruby-net-telnet rubin-nio4r ruby-oj ruby-parseconfig ruby-power-assert
ruby-public-suffix ruby-qr4r ruby-rack ruby-rack-protection ruby-ref ruby-rqrcode
ruby-rspec-expectations ruby-rspec-support ruby-rubydns ruby-simple-oauth
Ruby-Simplecov Ruby-Simplecov-html Ruby-Sinatra Ruby-sqlite3 Ruby-Term-Ansicolor
Ruby Test Unit Ruby Therubyracer Ruby Ruby Ruby Tin Ruby Timer
Ruby-Twitter Ruby-Uglifier Ruby-Unf Ruby-Unf-Ext Ruby-Xmlrpc Ruby-Zip Ruby2.5
ruby2.5-dev ruby2.5-doc rubygems-integration thin wireshark wireshark-common
wireshark-qt zip
The following packages are being updated:
aircrack-ng libcups2 libnl-3-200 libnl-genl-3-200 libxkbcommon0 Metasploit Framework
nmap nmap-common
8 updated, 182 reinstalled, 0 removed and 458 not updated.
Need 381 MB of archives.
After this process, 616 MB of additional space will be used.
Do you want to continue? [Y/n] y 6. Install the latest version of Tor
Add the Tor Project repositories to your APT repository list.
echo & deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main & # 39;> /etc/apt/sources.list.d/tor.listThen load the signing key of the Tor Project package Download and import it into your APT keychain.
wget -O- # https: //pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 & # 39; | add sudo apt-key -
- https://pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
Resolving pgp.mit.edu (pgp.mit.edu) ... 18.9.60.141
Connection with pgp.mit.edu (pgp.mit.edu) | 18.9.60.141 |: 443 ... connected.
HTTP request sent, answer waiting ... 200 OK
Length: 47255 (46K) [text/html]
Save as: & # 39; STDOUT & # 39;
- 100% [==================================================>] 46.15K 72.0KB / s in 0.6s
- (72,0 KB / s) - written after stdout [47255/47255]
OK You will see the "OK" output when the signature key has been added to your keychain. Next, update APT with the following apt-get command.
apt-get update
Hits: 1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid InRelease
Get: 2 https://deb.torproject.org/torproject.org stretch InRelease [4,965 B]
Obtained: 4 https://deb.torproject.org/torproject.org stretch / main sources [1,169 B]
Get: 5 https://deb.torproject.org/torproject.org stretch / main amd64 Packages [2,400 B]
Hits: 3 http://archive-3.kali.org/kali kali-rolling InRelease
Reached 8,534 B in 8s (1,091 B / s)
Read Package Lists ... Done Install Tor with the following command and you're done.
apt-get install for deb.torproject.org keyring
Read package lists ... Done
Create dependency structure
Read status information ... Done
Recommended packages:
mixmaster torbrowser-launcher socat tor-arm apparmor-utils obfs4proxy
The following NEW packages will be installed:
deb.torproject.org key ring
The following packages are being updated:
gate 7. Configure File Sharing with Synchronization
Syncthing, created by Jakob Borg is a cross-platform, private, lightweight file synchronization (Dropbox) alternative. As a penetration tester, transferring keystroke logs, screenshots, webcam recordings, and sensitive looot files between virtual private servers and local Kali machines can be a frustrating task. Syncting makes secure file sharing completely painless.
I have covered the installation and configuration of Syncthing in an earlier article. Readers should refer to this for a detailed step-by-step guide.
. 8 Install a Code Editor
To install Atom, go to their website and download the latest Debian installer. Next, open a terminal and install the required dependencies with the following apt-get command:
apt-get install gvfs gvfs-common gvfs-daemons gvfs-libs gconf -service gconf2 gconf2-common gvfs-bin psmisc
Read package lists ... Done
Create dependency structure
Read status information ... Done
Correct dependencies ... done
The following NEW packages will be installed:
gconf service (3.2.6-4.1)
gconf2 (3.2.6-4.1)
gconf2-common (3.2.6-4.1)
gvfs-bin (1.36.2-1)
libgconf-2-4 (3.2.6-4.1)
psmisc (23.1-1 + b1)
The following packages are being updated:
gvfs (1.36.1-1 => 1.36.2-1)
gvfs-common (1.36.1-1 => 1.36.2-1)
gvfs-daemons (1.36.1-1 => 1.36.2-1)
gvfs-libs (1.36.1-1 => 1.36.2-1)
4 updated, 6 reinstalled, 0 removed and 462 not updated.
1 not completely installed or removed.
Need 3,317 kB archives.
After this operation, 8,909 kB of additional memory will be used.
Do you want to continue? [Y/n] y Finally, use dpkg a command-line manager, with argument install ( -i )
dpkg -i ~ / downloads / atom -amd64. deb
(Read database ... 191882 Files and directories are currently installed.)
Preparation for unpacking atom-amd64.deb ...
Unpack Atom (1.29.0) via (1.29.0) ...
Set up Atom (1.29.0) ...
Processing Trigger for Desktop File Utils (0.23-3) ...
Processing trigger for mime support (3.60) ... When that's done, Atom will be available in your application menu.
9. Clone Rubber Ducky Encoder
Instead, we can use Git to clone the USB Rubber Ducky Repository and locally encode payloads.
Git Clone https: // GitHub .com / hak5darren / USB Rubber Ducky
In & # 39; USB-Rubber-Ducky & # 39; clone ...
remote: counting objects: 1657, done.
remote: total 1657 (delta 0), reused value 0 (delta 0), packet reused 1657
Receiving objects: 100% (1657/1657), 31.88 MiB | 162.00 KiB / s, finished.
Resolution deltas: 100% (745/745), done.
Checking Out Files: 100% (1509/1509), Done Then go to [USB-Rubber-Ducky/Encoder/ cd ) and use the following java command starts encoding of Ducky payloads without third party websites
cd USB Rubber Ducky / Encoder /
java -jar encoder.jar -i input_payload.txt -o inject.bin What do you do first after installing Kali?
We all have different degrees of interests, abilities and levels of experience. This makes it difficult to compile a well-rounded list of steps after installation. Have I overlooked any critical steps? How do you personalize new potash installations? (19659065) Do not Miss: Linux Basics for the Budding Hacker
