Preface
From time to time I realize that certain tasks that are trivial for me are not necessarily easy for others, especially if they are just getting started with IT security stuff.
As I am going to be a Facilitator at SANS Munich 2015 on SEC 401, plus we have a few people at work who are just dipping their toe into the wonderful world of Kali Linux, it seemed like a good opportunity to make a short getting started / installation guide on the Kali VMWare VMs that you can download and quickly get started.
On top of that, when I check the statistics of the blog, I always see that the most popular posts are the detailed howtos and tutorials and I assume that it is because there is a need for this kind of posts too, so here it goes! :)
Step -1: Check in your BIOS/UEFI if virtualization is enabled
We are going to use virtualization, so it would be nice to enable it, right?In BIOS/UEFI menus this is somewhere around "Security" and/or "Virtualization" and it is something like "Intel (R) Virtualization Technology" and "Intel (R) VT-d Feature" that needs to be set to "Enabled".
Step 0: Install VMWare Player or VMWare Workstation
The Kali Linux VMs are VMWare-based, so you need to install VMWare Player (free), VMWare Workstation (paid) or VMWare Fusion (paid, for OS-X).
The more desirable choice is to use VMWare Workstation or VMWare Fusion, as they have a Snapshot feature, while with VMWare Player, you are forced to take a full copy in order to have a sort of rollback feature.
Step 1: Download Kali VM
We need to download the Kali VMs from the "Custom Kali Images" download site, where you can find a 64 bit (amd64) and a 32 bit PAE (i686) too.
There are also Torrent files for the images and based on experience, using Torrent is much more faster and reliable than the HTTP download, so if you can, use that!
Once you have downloaded the VMs, do not forget to check their SHA1 hash!!! On Linux, you can simply use the sha1sum command at a terminal. For Windows, you can use something like the MD5 & SHA Checksum Utility.
Step 2: Change Kali VM default root password
The Kali VM comes with a preset root password, which is "toor" (without the quotes), therefore, it has to be changed.
Here is how you do it:
root@kali:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Step 3: Change Kali VM default SSH keys
The Kali VM also comes with SSH preinstalled, so we need to change the SSH keys to avoid SSH MiTM attacks.
Here is how you do it:
root@kali:~# cd /etc/ssh/
root@kali:/etc/ssh# mkdir default_kali_keys
root@kali:/etc/ssh# mv ssh_host_* default_kali_keys/
root@kali:/etc/ssh# dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty).
Now we can check if the keys are really changed:
root@kali:/etc/ssh# md5sum /etc/ssh/*key*
md5sum: /etc/ssh/default_kali_keys: Is a directory
6abe210732068fa7ca95854c3078dba5 /etc/ssh/ssh_host_dsa_key
1b5f3c1a1b5c48cc3cce31b116e8b6f8 /etc/ssh/ssh_host_dsa_key.pub
8f0f60855e5ab8cac8103d64faab090f /etc/ssh/ssh_host_ecdsa_key
aace49ae9236815c9a1672f8ecb2b1e2 /etc/ssh/ssh_host_ecdsa_key.pub
cf861a9f743fb4584ab246024465ddf1 /etc/ssh/ssh_host_rsa_key
d5d65d8ad023a6cb1418ae05007bc6d3 /etc/ssh/ssh_host_rsa_key.pub
root@kali:/etc/ssh# md5sum /etc/ssh/default_kali_keys/*key*
c8d5b82320a4ddde59d0e2b6d9aad42a /etc/ssh/default_kali_keys/ssh_host_dsa_key
6b12ddecd463677cde8097e23d0f219a /etc/ssh/default_kali_keys/ssh_host_dsa_key.pub
fecf056571a3dfbf3635fc2c50bf23c5 /etc/ssh/default_kali_keys/ssh_host_ecdsa_key
e44b7c50635de42e89b3297414f5047d /etc/ssh/default_kali_keys/ssh_host_ecdsa_key.pub
e9e0267484e020878e00a9360b77d845 /etc/ssh/default_kali_keys/ssh_host_rsa_key
ceee93d7bbc9f9b9706e18f23d4e81f1 /etc/ssh/default_kali_keys/ssh_host_rsa_key.pub
Step 4: Update Kali VM
Next you need to update your Kali VM so that everything is patched.
Here is how you do it:
root@kali:~# apt-get update
Get 1 http://http.kali.org kali Release.gpg [836 B]
Get:2 http://security.kali.org kali/updates Release.gpg [836 B]
********************************* SNIP *********************************
Fetched 16.7 MB in 14s (1,190 kB/s)
Reading package lists... Done
root@kali:~# apt-get upgrade
eading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
********************************* SNIP *********************************
The following packages will be upgraded:
********************************* SNIP *********************************
241 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
Need to get 740 MB of archives.
After this operation, 130 MB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://security.kali.org/kali-security/ kali/updates/main libc6-i386 amd64 2.13-38+deb7u7 [4,044 kB]
Get:2 http://http.kali.org/kali/ kali/main base-files amd64 1:1.1.0 [77.5 kB]
********************************* SNIP *********************************
root@kali:~#
Step 5: Create a Snapshot/Copy the VM
Once you are done with all the above, you can make a Snapshot in case of VMWare Workstation or copy the files of the VM in case of VMWare Player, so that you can roll back to this clean stat in case you misconfigure something.
Hope this was helpful. Happy hacking!
Hope this was helpful. Happy hacking!
- Tools Used For Hacking
- Nsa Hacker Tools
- Hacking Tools Download
- Pentest Tools Website Vulnerability
- Hack Website Online Tool
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Free
- Hacking Tools Online
- Easy Hack Tools
- Pentest Tools Android
- Pentest Automation Tools
- Pentest Tools Android
- Pentest Tools Bluekeep
- Nsa Hack Tools
- Pentest Automation Tools
- Hacker Tools
- Hacking Tools Hardware
- Hacker Tools Windows
- Tools 4 Hack
- Pentest Tools Website Vulnerability
- Pentest Tools For Windows
- Hacking Tools Name
- Hacker
- Hacker
- Hacker Tools Apk
- Pentest Tools Alternative
- Pentest Tools For Android
- Pentest Tools Open Source
- Pentest Tools Review
- Pentest Box Tools Download
- Pentest Tools Website
- Pentest Tools Android
- Hack Tool Apk No Root
- Hacker Search Tools
- How To Make Hacking Tools
- Termux Hacking Tools 2019
- Hack Tool Apk No Root
- Pentest Tools For Mac
- Easy Hack Tools
- Hacking Tools Mac
- Hack Tools Download
- Hacker Tools Free
- Pentest Tools Review
- Hack App
- Hack Tools Github
- Pentest Tools Nmap
- Pentest Tools Review
- Usb Pentest Tools
- Hack Tools
- Hacking Tools For Windows 7
- Hacking Tools Github
- Hacker Tool Kit
- Hacks And Tools
- Hacking Tools Kit
- Hack Tools For Pc
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Online
- What Are Hacking Tools
- Hack Tools Pc
- Pentest Tools For Ubuntu
- Bluetooth Hacking Tools Kali
- Hack Tools For Pc
- Tools Used For Hacking
- Hacker Tools For Pc
- Hacker Tools Github
- Tools 4 Hack
- Pentest Tools Website Vulnerability
- Hack Tools For Mac
- Hacker Search Tools
- Hacker Tools
- Pentest Tools Open Source
- Hacking Tools For Windows
- Hacker Tools List
- Hackers Toolbox
- Hacker Tools For Pc
- Kik Hack Tools
- Hacking App
- Hacking Tools For Mac
- Install Pentest Tools Ubuntu
- Pentest Tools Windows
- Hacker Tool Kit
- Hack Tools For Mac
- Install Pentest Tools Ubuntu
- Pentest Tools Download
- Hacking Tools Usb
- Hacker Search Tools
- Pentest Automation Tools
- Pentest Tools Port Scanner
- Pentest Automation Tools
- Pentest Tools Android
- Hack App
- Pentest Tools Download
- Pentest Tools Bluekeep
- Blackhat Hacker Tools
- How To Make Hacking Tools
- Hacker Tool Kit
- Best Hacking Tools 2020
- Hacking Tools Software
- Pentest Tools Url Fuzzer
Nenhum comentário:
Postar um comentário