One. KALI Linux penetration testing and configuration environment
In this chapter, we will cover the following:
-
Install VirtualBox on Windows and Linux
-
Create a Kali Linux virtual machine
-
Updates and upgrades Kali Linux
-
Configure the web browser penetration testing
-
Create a drone of their own
-
The correct configuration of the virtual machine communication
-
web applications on the virtual machine to understand vulnerable
Introduction
In the first chapter, we will describe how to prepare our Kali Linux installation to be able to follow all of the methods in the book, and use virtual machines to establish a laboratory with a vulnerable web application.
1.1 , install VirtualBox on Windows and Linux
Virtualization may be the most convenient time to establish testing laboratory or experiment with different operating systems tool, because it allows us to run multiple virtual computers in their own house, without any additional hardware.
In this book, we will use as a VirtualBox virtualization platform to create our test target and attack our Kali Linux machine.
In the first "cheats", we will show you how to install Windows and any debian based on the GNU / Linux operating systems (such as Ubuntu) VirtualBox.
The TIP : Readers do not need to install both operating systems. This recipe display these two options are to complete the follow-up some operations.
ready
If we use Linux as the underlying operating system, before you install anything, we need to update our software repository. Open a terminal and enter the following command:
|# sudo apt-getupdate
How to do it…
VirtualBox installation requires the following steps:
1. To install VirtualBox in any of the Linux-based debian VirtualBox, simply open the terminal, enter the following:
|# sudo apt-get install virtualbox
VirtualBox found in the menu "VirtualBox Applications | | Accessories" 2. After installation is complete, we will navigate to. Or, we can call it from a terminal:
|# virtualbox
Tip : If you are using a Windows computer as a basic system, skip to step 3.
3. In Windows, we need from the following Web site to download the VirtualBox installer
https://www.virtualbox.org/wiki/Downloa
4. After downloading the file, we open it and start the installation process.
5. In the first box, clicking "Next" and follow the installation process.
6. We may be asked to install the network adapter problems from Oracle Corporation; For the network to work in the virtual machine, we need to install these devices:
7. After the installation is complete, we just open VirtualBox from the menu:
8. Now that we have run VirtualBox, we are ready to create a virtual machine to build our own test environment.
How it works ...
VirtualBox will allow us to run multiple virtual machines by computer. With this, we can install on a different computer a complete laboratory, using different operating systems, and run them within range of the host processing power and memory resources allow parallel.
More…
VirtualBox Extension Pack provides additional features for VirtualBox virtual machine, such as USB 2.0 / 3.0 support and remote desktop functionality. It can be downloaded from https://www.virtualbox.org/wiki/Downloads. After downloading, simply double-click it, VirtualBox will do the rest.
See also
There are other virtualization options. If you do not like to use VirtualBox, you can try the following:
-
VMwarePlayer/Workstation
-
QEMU
-
Xen
-
Kernel-based Virtual Machine(KVM)
1.2 , create a Kali Linux virtual machine
Kali is a GNU / Linux distributions, built by attacking security, focusing on security and penetration testing. It comes with many tools pre-installed, including security professionals most popular open source tool for reverse engineering, penetration testing and forensic analysis.
We will use this book as an attack platform KaliLinux, we will create a virtual machine from scratch, and this "cheat" to install Kali Linux.
ready
KaliLinux https://www.kali.org/downloads/.html can be obtained from its official download page, for this recipe, we will use a 64-bit system (the first option on the page).
How to do it……
Create a virtual machine in VirtualBox process is very simple, let's look at this and perform the following steps:
1. To create a new virtual machine in VirtualBox, you can use the main menu, Machine | New or click the new button.
2. A new pop-up dialog box; here we choose a name, type and version of the operating system as a virtual machine:
3. Next, we will ask the virtual machine's memory size. Kali Linux requires at least 1Gb; we will set up a virtual machine 2Gb, this value depends on your system resources can be allocated.
4. Click Next we enter the hard disk settings, select "Create a virtual hard disk now" and then click Create to create a new virtual disk file on the host file system:
5. On the next screen, select the following options:
l dynamic allocation (Dynamically allocated): This means that when we add or edit files in the virtual system, the size of the virtual machine's disk image will increase (in fact, it will add a new virtual disk file).
l For hard disk file type, select the VDI (VirtualBox Disk Image) and click Next.
l Next, we need to select the location of the files stored in the host file system and their maximum capacity; this is the storage capacity of the virtual operating system. We reserve the default location, select 35.36 GB size. It depends on your resource base of the machine, but in order to install the necessary tools, should be at least 20GB. Now, click Create:
6. After you create a virtual machine, select it and click Settings, then go to Storage and select Controller: CD icon in the IDE. In the Properties panel, click the CD icon, select "Virtual CD file", browse Kali image downloaded from the official page. Then click OK:
7. We have created a virtual machine, but we still need to install the operating system. Start the virtual machine that will use our configured as a virtual CD / DVD image of Kali start. Use the arrow graphical installation and press Enter:
8. We are beginning the installation process. In the next page, select the system language, keyboards distribution, host name and domain.
9. After that you will be asked to enter the root password; unix-based systems, root is the highest administrator account, in Kali, which is the default login account. Password, confirm, click Continue:
10. Next, we need to select a time zone, and then configure the hard disk; we will use the entire disk using the guide is provided:
11. Select the disk on which you want to install the system (only one).
12. The next step is to select the partition option, we select all the files in the same partition.
13. Next, we need to select "End partition set and write changes to disk" and then click Continue. Then write the changes and select Yes on the next screen to continue. This will start the installation process:
14. After the installation is complete, the installer will ask you to configure the package manager. Answer "Yes" and may use a network mirror proxy configuration settings, without the use of proxy connection internet, leave it blank.
15. The final step is to configure the GRUB boot: Just answer Yes, then select the hard drive from the list on the next screen. Then, click Continue, the installation will be completed.
16. Click Continue installation window to restart the VM.
17. When the restarted VM, it requests the user name; type root and press Enter. Then enter the password you set for the root user login. Now we Kali Linux already installed.
How it works ...
In the "Cheats", we create a virtual machine in our first virtual machine, set the amount of memory reserved for our share of the operating system, and create a new virtual hard disk file as the VM, and to use set maximum capacity. We will also VM is configured to start from the CD / DVD image, then Kali Linux installed on a physical computer to install it.
In order to install KaliLinux, we use the graphical installation program and select the boot disk partition, which is when we install an operating system, in particular, is based on a unix, we need to which part of the definition of the system (or install), install the hard disk partition; Lucky that, Kali Linux installation can solve this problem, we only need to select the hard disk partition and confirm the recommendation. We will also Kali configured to use a package manager network repository. This will allow us to install and update software from the Internet and keep our systems up to date.
More…
There are different ways to run in a virtual machine KaliLinux. For example, you can download pre-built virtual machine images from a security attack site:
https://www.offensi-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/
We chose this approach because it involves creating a virtual machine and install the complete process from the beginning of Kali Linux.
1.3 , updates and upgrades Kali Linux
Before you start testing the security of web applications, we need to ensure that you have all the necessary latest tools. This method covers the basic task of maintaining the latest Linux tools and the latest version of Kali. We will also install web application testing bundle.
How to do it……
Once the work is completed instance Kali Linux to run and perform the following steps:
1. Kali Linux root user to log on and open a terminal.
2. Run apt-get update command. This will download the update packages available for installation (applications and tools) list:
3. After the update is complete, run apt-get full upgrade command to update your system to the latest version:
4. When required to continue, press Y, and then press ENTER.
5. Now, we have the latest Kali Linux, you can continue to use.
6. Despite Kali comes with a nice set of tools pre-installed, but its software repository also includes some other tools, but by default is not installed. In order to ensure that we have a web application penetration testing everything required, we enter through apt-get installkali-linux-web to install kali-linux-web test package command:
7. We can find our tools installed on the application menu, 03 - Web Application Analysis:
How it works ...
In the "Cheats", we introduced the basic process of using standard software manager debian-based systems (such as KaliLinux) carried out in apt package updates. Because now Kali Linux is a rolling release, which means it will continue to update, and there is no interruption between one version and the next version; complete upgrade to download and install the system parameters (such as the kernel and kernel modules) and non-system packages until their latest version. If you do not make significant changes, or we're just trying to keep the latest version is already installed, we can use the upgrade parameters.
In the final part of this tutorial, we installed kli -linux-web yuan package. apt meta package is an installable package, contains a number of other packages, so we only need to install a package, all package contains will be installed. In this example, we installed all web penetration testing tool Kali Linux included.
Disclaimer: This series of articles transferred from public number: bat7089 if infringement contact the bloggers to delete