4 DAYS WORKSHOP

ON KALI LINUX
WITH
HANDS-ON
PRACTICE
Todays agenda
Initiation
Getting started with Kali Linux. (Installing KALI)

An Introduction to basic tools.

Understanding basic Unix
commands.
Using Proxy Chains with TOR
Tunneling connections through a proxy.
Using proxy DNS Servers to hide your Identity.
Getting Started with Kali Linux
Dual Boot/ Live USB/ Virtual Machine
Kali ISO/ Virtual Image - https://www.kali.org/downloads/
Download Vulnerable Windows XP - Disable Windows Updates after
Installing
https://drive.google.com/file/d/0BwUe9_Wc4ApObm10ZnVQY1NTTUk/view?
usp=sharing

Rufus - https://rufus.akeo.ie/
Virtual box - https://www.virtualbox.org/wiki/Downloads

Tutorials
Installing Kali on VM - https://www.youtube.com/watch?v=GpTIM9OroIY
Installing Windows XP as VM -
https://www.youtube.com/watch?v=gjQiKTgeiqk
Creating LIVE Kali USB - https://www.youtube.com/watch?v=nS7Cc8SIQm0
 Important Points to be noted
For Wireless Testing workshop - LIVE Kali USB / Dual Boot Kali Linux
(Difficult but best option) / If youll be running Kali as VM (Get an external
wireless adapter).
Recommended (TP-Link TL-WN722N) - http://
www.amazon.in/TP-Link-TL-WN722N-150Mbps-Wireless-Adapter/dp/B002SZEOLG
/ref=sr_1_6?s=computers&ie=UTF8&qid=1478665554&sr=1-6
#ONLY IF YOULL USE KALI AS VM
For Network Security workshop - Install Kali as VM, Install Vulnerable
windows XP as VM, Install any other OS as VM (Optional).
For Web Application Testing workshop Install Kali as VM/ Dual Boot Kali
Linux (Difficult but best option).
An Introduction to basic tools

Wireless Security
Web Application Security
Network Security
 Wireless
Aircrack-ng suite (airmon-ng, aireplay-ng, airodump-ng etc.)
It focuses on: Monitoring (Packet capturing), Attacking (Replay attacks, DE authentication,
fake access points), Testing: Checking (WiFi cards and driver capabilities), Cracking (WEP and
WPA PSK).
crunch
Crunch is a wordlist generator .It can generate all possible combinations and permutations
which can be further used for brute force attacks / Dictionary attacks.
Ettercap
It is a comprehensive suite for MitM attacks. It features sniffing of live connections, content
filtering on the fly and much more. It also includes many features for network and host
analysis.
Wireshark
Wireshark is a data capturing program that captures different networking protocols. It can
parse and display all fields, dissecting each and every packet.
SSL strip
This tool can transparently hijack HTTP traffic on a network, watch for HTTPS links and
redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS
links. It also supports several advanced features.
 Web Application
Burpsuite
The suite can be used to combine automated and manual testing techniques such as ausing
proxy server, aweb spider, scanner, intruder, repeater, sequencer, decoder, collaborator
and extender.
Sqlmap
It automates the process of detecting and exploiting SQL injection flaws and taking over of
database servers. It can performdatabase fingerprinting, data fetching from the database,
to accessing the underlying file system.
hydra
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very
fast and flexible. It shows how easy it would be to gain unauthorized access to a system
remotely if system is not secured.
It supports: Cisco (AAA, enable, FTP, HTTP(S) (GET, POST, Proxy), POP3, PostgreSQL, RDP,
SMTP, SOCKS5, SSH (v1 and v2), SSHKEY and much more.
W3af (webapplicationattack andauditframework)
It provides a vulnerability scanner and exploitation tool for Web Applications. Also provides
information about vulnerabilities to use while pen-testing.
 Network
Nmap / Zenmap
Its a utility for network discovery and security auditing. Nmap uses raw IP packets in novel
ways to determine what hosts are available on the network, what services (application name
and version) those hosts are offering, what operating systems (OS versions) they are
running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
Metasploit
Its a framework for developing and executingexploitcode against a remote target machine.
Attacker can also bind payloads with exploit for further actions.
Armitage
Its a GUI consisting of modules from Nmap and Metasploit for managing scans/ testing on a
large scale.
hashcat
Its one of the best designed password crackers, which can crack around 100 types of
algorithms used to store passwords (MD4, MD%, SHA-family etc.). It focuses on speed and
versatility.
 Basic Unix commands
cd [sub_directory] //Change Directory
cd .. //Move Back a directory
touch [file_name] //Creating a new file
cat/ more/ less [file_name] //Show data of a file
more [file_name] //Organized View
less [file_name] //Power of searching (/)
man [tool_name] //Open official Documentation
echo [text] > [file] //Write something to a file
> //Replace
>> //Append
 ls //List the contents
ls -a //List all
ls -l //Long Listing
Understanding permissions
r w x -
read (4), write (2), execute (1), none (0) [7]
-/d rw- r-- r--
file/directory, Owner (420), Group (400), Others (400) [644]
chmod [permission_number] [file_name] //Helps in changing permissions
chmod 777 [file_name] //Give all permissions to everyone
7 7 7
(421), (421), (421)
rwx rwx rwx
 cp/ mv /rm[file_loc] [dir_loc] //Copy/ Moving Files
ifconfig //Interfaces information
whereis [file_name] //Find location of specified file
dig [domain] //Provides information about a domain
ns //Gives nameservers
mx //Gives email servers
ps aux //Show all running processes
show all processes(a) associated with user(u) and not associated with terminal(x)
ps -A //Show all processes
kill [PID] //Kills a process
service [service_name] start/stop/status/restart //Managing services
tar -cvf [tar_filename.tar] [files_to_archive] //Tape archive / Create tar ball
create (-c) , verbose (-v) (optional), read or write from following file (-f)
Using Proxy Chains with Tor
 What is Proxy Chains Uses tor services.
Advantages Tunnel all testings/scanning, no traces, anonyimity.
Limitations of Proxy Chains - Messes up application maintaining DB, like Metasploit.
Limitations with tor - It is not https. (Privoxy, Vidalia)
What are Proxy DNS.
What is DNS Leak.
 Check if proxy chains is installed //proxychains
Install tor //apt-get install tor
Starting tor service //service tor start/ stop/ status/ restart
Modify proxychains.conf //Dynamic, Strict, Random
Enable dynamic_chain
Disable strict_chain
Add socks5
Restart tor service //service tor restart
Check current IP (http://www.ipchicken.com/) and DNS Leakage (
https://www.dnsleaktest.com/).
Start proxychains
proxychains [application] [usage] //proxychains iceweasel www.ipchicken.com
Check IP at ipchicken and DNSleak
Get new IP / Proxy through another IP //Restart tor service
 Setting Up Proxy DNS to ensure NO LEAK
Pre-Requisites //Check before proceeding
Tor is Installed
Proxychains.conf is configured properly
/etc/resolv.conf //File with Network gateway and Nameserver
Get anonymous DNS IP //https://www.opennicproject.org
Slow connection if farther
Edit resolv.conf
Comment out everything
Add at least 3-4 DNS Servers, more the better //nameserver [IP]
Start proxychains
proxychains [application] [usage] //proxychains iceweasel
www.ipchicken.com
Check IP at ipchicken and DNSleak
 Automating the process to switch IP more frequently for
better anonymity
Pre-Requisites //Check before proceeding
Tor is Installed
Proxychains.conf is configured properly
resol.conf is configured properly with Proxy DNS IPs
Running script to automate the process
Switches IP more frequently.
Closed Service/Programs Securely.
Start proxychains
proxychains [application] [usage] //proxychains iceweasel
www.ipchicken.com
Check IP at ipchicken and DNSleak
Hands-On Practice Workshop Overview
Wireless Security
Cracking password Networks using WPA2. (aircrack-ng Suite)
Sniffing passwords using protocol degradation attack. (Ettercap, SSL Strip, Wireshark)

Network Security
Understanding phases of penetration testing.
Gaining access of other vulnerable systems. (Nmap, Metasploit, Armitage, Hashcat)

Web Application Security

Brute Forcing login forms online. (Hydra, Burpsuite)
Cracking database of website using SQL Injecting (SQLmap)