Kali Linux Deep Dive
January 14th, 2019
Welcome to the Kali Linux Deep Dive course! This course is intended for individuals who already possess a good amount of general IT knowledge, so be sure to read the list of prerequisites before you get started. Over the span of the course, we will dive into the nature of hacking at the hardware level. This is how virtually all vulnerabilities were discovered — by individuals combing through source code or reverse engineering binaries.
This is what sets this course apart from the many others like it. In this course, you will learn how the vulnerabilities that are readily available in frameworks like Metasploit, BeEF, SET, and others are found, so that you will be able to deconstruct a program instead of just trying to figure out how to use something other people wrote! We’ll also cover subjects such as anonymity online and tackle the common misconception that VPN services guarantee anonymity. You’ll learn how to set up and operate your own anonymizing services — that way you can trust them more!
In the Social Engineering section of the course, you will learn how to think like a hacker. This is extremely important, as your behavior and thought process determine whether you are an easy target for attacks or a serious cybersecurity specialist no one wants to mess with.
After finishing this course, you will have learned quite a bit, and you will most likely have questions. I am always here to help, so feel free to reach out and let me guide you on your way to becoming an expert white hat hacker.
Here are the Kali Linux Deep Dive Interactive Guides:
Pt 2 - Reverse Engineering https://interactive.linuxacademy.com/diagrams/KaliLinux2.html
Pt 3 - Buffer Overflow https://interactive.linuxacademy.com/diagrams/KaliLinux3.html
Pt 4 - Password Cracking https://interactive.linuxacademy.com/diagrams/KaliLinux4.html
Pt 5 - Metasploit https://interactive.linuxacademy.com/diagrams/KaliLinux5.html
Pt 6 - SQL Injection https://interactive.linuxacademy.com/diagrams/KaliLinuxpt6.html
Pt 10 - Email Phishing and Tracking https://interactive.linuxacademy.com/diagrams/KaliLinux10.html
About the Author
In this video, you'll get to know your instructor for this course, Ermin Kreponic.
About the Course
In this video, we will talk about what is covered in this course and what is not. We will also go over the tools and learning methods that will be used throughout the course as well as how the course is structured.
In this video, we will talk about the prior knowledge and skills you need to have in order to get the most out of this course.
Community and Support
We have an active and vibrant community here at Linux Academy, and I invite you to be a part of it. You can interact directly with our course authors and connect with other Linux Academy students. Whether you need help or just want to chat, we are here for you!
Disclaimer: It Is Not Like in the Movies!
This course is for educational purposes only. Please use the knowledge and skills you learn wisely and stay legal!
Kali Linux Tour
Basics and Orientation
What Is What
Let's take a tour through Kali Linux and its features so we can sail smoothly through the rest of the course.
Where Is What
Now that we have taken a tour of Kali Linux, let's discuss where its features are located. This will help us later and prevent a lot of head scratching when we need to locate configuration and other system files.
Linux Command Line Review
In this video, we will go over some basic Linux commands that we will use frequently throughout the course. We will also take a look at the Vim text editor, which is very useful for editing files in the terminal.
In this video, we will learn how to start, stop, restart, and view the status of a service. To install htop in the Kali Linux Cloud Playground Server: apt install htop
In this video, we will discuss how firewalls are controlled in Kali and what we can use to interface with them. This video is not intended to teach you what a firewall is. Instead, we will learn the syntax and commands that we can use to interface with a firewall in Kali. LINK to the UFW cheet sheet: https://www.dropbox.com/s/pqyf50kexid2cla/274_Kali-Linux-Deep-Dive_UFW-Commands.pdf?dl=0
In this video, we will discuss user controls and permissions. We will deal with user creation and deletion, as well as setting up permissions.
Creating a Kali Linux Live USB
This video provides a general introduction to the perks of having Kali Linux on a live, persistent, bootable USB drive and the prerequisites for creating one.
Installing Kali Linux — Part 1
In this video, we will learn how to download and install a Kali Linux OS. We will walk through the language options, domain name and password setup, partitions, networking, and software options.
Installing Kali Linux — Part 2
In this video, we will continue our Kali Linux installation process by wrapping up the initial installation and moving on to some quick post-installation tasks.
Building a Custom Kali Linux Image
In this video, we will learn how to customize a Kali Linux ISO image. We will discuss variants, packages, Kali applications, and several tools and files you may want to add to your build.
Creating a Live USB
In this video, we will learn how to create a live, bootable USB. Whether we use a custom ISO image or a generic one downloaded from the internet, the procedure is the same. Before following the instructions in this video, keep in mind that the USB you use will be completely overwritten, and all data on it will be lost.
Booting from a Live USB
In this video, we'll learn how to boot the OS from our previously configured live USB on pretty much any machine. It is best practice to boot from the USB right away to make sure everything is functional.
Adding Encrypted Persistent Storage
In this video, we will add persistent storage to our USB and encrypt it. This is a crucial step, as the USB data will be of no use to anyone who does not have the key. Keep in mind that if you forget the key, you won't have access to the USB either. There is no recovery process or failsafe for recovering the USB data without the key, so be careful!
Finalizing and Testing the Live USB
In this final wrap-up video, we will run a few tests and make sure that everything is working the way it should according to our configuration.
What Is Social Engineering?
In this video, we will learn that the first step in hacking any system is not through the use of a computer, but rather through a specific state of mind. Social engineering is the practice of manipulating individuals into revealing sensitive information (such as passwords or bank account numbers) that can be used to carry out attacks. We will discuss how to think like a hacker and go through several examples of social engineering.
Don't Be an Easy Target!
With a little common sense and a few helpful tips, you can reduce your risk of becoming a victim of exploitation. In this video, I will share some examples of how hackers target individuals and give you some recommendations on how to avoid these attacks.
Social Engineering Attacks
Circles of Trust
In this video, I will tell a story about how the United States Department of Justice was hacked with seemingly unimportant information that was obtained by infiltrating people’s circles of trust.
In this video, we will talk about the importance of checking any hardware you use. I will share an interesting story about how a hired penetration testing company managed to bypass all of their contractor's security measures with keyloggers and clever social engineering.
ATMs and Banks
ATMs and banks are a common target for social engineering attacks. In this video, I will share an example of how a group of hackers and fraudsters managed to max out a huge number of credit cards because of a company’s recklessness.
Physical Access to Devices
Even the most seemingly insignificant devices can be used to breach a person’s or company's security. Do you think access to a vending machine in a company building is unimportant? Think again. In this video, I will discuss how vending machines are really just downsized PCs that are fully capable of executing code.
Real Anonymity vs. Perceived Anonymity
In this video, we will discuss the difference between real and perceived anonymity and talk about some of the factors that make it hard for us to ever really be anonymous. We will also go over a few examples of how people — despite using anonymizing services — still got caught.
When using anonymizing services, people tend to overlook some of the factors that can lead to their identity being discovered. In this video, we'll talk about a few of the common pitfalls of using these services. We will also go over some examples of people who were able to cleverly avoid prosecution even after their identities were discovered.
Virtual Private Networks (VPNs)
What Is a VPN?
In this video, we will learn about virtual private networks, or VPNs. We will go over what VPNs are and how they work. We will also learn why big companies and home users alike use VPNs, as well as take a look at some important VPN features.
Setting Up a VPN: Server Side — Part 1
In this video, we will take our first steps toward learning how to set up and configure our own VPN using Ubuntu 16.04. We will go over how to install OpenVPN and configure the certificate authority.
Setting Up a VPN: Server Side — Part 2
We've already discussed the creation of public and private server keys. In this video, we will learn how to create the necessary public and private client keys. We will also go over how to configure an OpenVPN server.
Setting Up a VPN: Server Side — Part 3
In this video, we will start up our OpenVPN server, write the necessary firewall rules, start the firewall using UFW, and finish the server side of our setup.
Setting Up a VPN: Client Side
In this video, we will configure our client and everything else that we need in order to connect to a VPN. We will set up privileges and permissions, create a client configuration file, and finalize our setup.
Connecting to a VPN
In this video, we will connect to the VPN and check that everything works as it should.
What Is Tor?
The video covers key concepts like what the Tor network is, what Tor Browser is, why Tor is used, and what makes Tor different from proxies and VPNs. We will go over the layers of onion routing, the encryption process that provides user anonymity, and the Tor-hosted .onion domain.
In this video, we will go over what to do when Tor is banned in your country. We will also discuss how to find and access Hidden Wiki and, through it, other Tor-hosted websites.
The Tor Service
In this video, we will go over the set of commands needed to set up the Tor service. We will also discuss the various proxy chains that can be set up and the differences between them.
What Is a Proxy?
In this video, we'll discuss what a proxy server is, how it works, and what it is used for. We'll also go over the various types of proxies and the differences between them.
Setting Up a SOCKS5 Proxy
In this video, we will learn how to create an SSH tunnel that we can use as a SOCK5 proxy.
Connecting to a Proxy
In this video, we will go over how to manually configure the proxy we set up in the previous video. We will also discuss the types of information your browser could reveal about you and how to hide it.
Scanning, Sniffing, and Phishing
Email Phishing and Tracking
Introduction to Phishing and Tracking
In this video, we will learn what phishing is and go over the different types of phishing attacks. We will also discuss how tracking can help an attacker collect valuable data.
Setting Up Email Tracking
In this video, we will go over how to set up a link that leads to a malicious site in order to gather information from any users that access the link.
Let's Go Phishing!
In this video, we will go over the social engineering aspect of email phishing and tracking. We will learn about how attackers find and use a target's personal information to trick the target into clicking on the malicious tracking link.
In this video, we will discuss Address Resolution Protocol (ARP) spoofing, a method of impersonating the IPs of both the router and the victim's machine in order to track traffic on a network. We will also discuss how to preview network traffic using Wireshark.
MAC Address Spoofing
In this video, we will discuss what a MAC address consists of, learn how to preview and/or change your MAC address (both randomly and manually), and talk about why it useful to do so.
In this video, we will discuss DHCP and DHCP leases and learn how to use their behavior to perform a DoS attack on a network using the dhcpstarv tool.
In this video, we'll learn how hackers exploit Google Dorks to find data that is otherwise not readily available on a website.
WHOIS and GeoIP Lookup
In this tutorial, we will learn how to obtain information about geographical location and domain registration, update, and expiration dates using an IP address and/or domain name.
In this video, we will discuss the scanning tool Nmap. We will go over several of the scanning options available to us and learn how to specify what to scan and what not scan (remember: depending on the country, using Nmap might be illegal).
In this video, we will learn how to discover live hosts on a network. It is not always easy to determine whether or not there are running machines on a network because not all of them are configured to respond. We will go over how Nmap can help us identify silent machines.
Open Port Discovery
In this video, we will learn which types of Nmap scans to use in order to scan host ports effectively. We will also go over the privileges that are usually needed for each type of scan.
In this video, we will discuss Zenmap, a GUI interface for Nmap. Zenmap can be used to make the scanning process more visual. We'll go over how we can use Zenmap to create a graphical, topological representation of all available hosts, create and configure custom scans, use scripts to test vulnerabilities of services, pick out target hosts, and more.
Service and Service Version Detection
In this video, we'll discuss how we can detect services and service versions to determine whether or not something is vulnerable to a particular exploit.
Identifying the Operating System
In this video, we'll go over how we can use Nmap and Zenmap to determine the network distance, operating system, and operating system version of our target host.
In this video, we'll discuss Nmap scripts, script editing, the Lua language, and script-based scans.
What Are DoS and DDoS Attacks?
In this video, we will talk about what DoS and DDoS attacks are and how they work. We will also take a look at a few different DoS and DDoS attack techniques.
Famous DDoS Attacks
In this video, we will take a look at some of the most famous DDoS attacks and botnets. We will discuss the techniques that were used in these attacks and talk about how much damage they caused.
Let's Get Cracking!
Scanning Networks, Capturing a Handshake, and Deauthenticating Clients
In this video, we'll learn how to capture a handshake between an access point and a client. We will also see how to send deauthentication requests to perform a DoS attack.
Password Cracking: Math, Common Sense, and Limits
Now that we have captured a handshake between the access point and the client, we need to crack the encryption and get the key. In this video, we will discuss what password cracking is and how it works, as well as go over several different password cracking attacks.
Setting Up the Environment and Installing GPU Drivers
In this video, we will go over how to set up a cloud machine for password cracking. We will be using Google Cloud Platform. We will go over how to download repositories from the official Nvidia website and install the necessary GPU drivers. Finally, we will download the password cracking tool hashcat and its utilities.
Using Hashcat and Password Masks
After downloading hashcat, we can start attempting to crack the password. In this video, I will show you how to create password masks to help us with this process.
In this video, we will go over the results of our password cracking efforts from the previous video. We will also review some of the hashcat functionality we have learned.
What Is Buffer Overflow?
In this video, I will explain what buffer overflow is and how it works. We will also go over some common buffer overflow attack techniques.
Using Buffer Overflow to Bypass Authentication
In this video, we will see how buffer overflow works in practice. We will look at an example of how buffer overflow can be used to bypass a program's authentication.
Introduction to Reverse Engineering
What Is Reverse Engineering?
In this video, we will discuss what reverse engineering is, what it is used for, and the different types of reverse engineering tools.
Customizing and Compiling a Keylogger
Setting Up an IDE to Compile a Keylogger
In this video, we will demonstrate how to download and install an integrated development environment (IDE). We will talk about the different methods you should use depending on which operating system you and your victim's machine are running.
Getting, Importing, and Compiling the Source Code
In this video, we will learn how to successfully create a keylogger project by importing the source code from GitHub.
Compiling and Customizing the Source Code
In this video, we will go over the code we imported in the previous video, what it does, what encryption and decryption methods it uses, and how to alter code segments so that their signatures do not match any existing anti-virus signatures or hashes for the keylogger. We will see how doing this records every single action a user executes on an infected machine.
Testing Out the Keylogger
Now let's test out our keylogger. Does it record all of the keystrokes? Does it send an email? We'll check to see if everything works and make sure that it is fully functional.
Analyzing and Reverse Engineering an Executable
Detecting Process Abnormalities in the Task Manager
In this video, we will take a look at the task manager process overview and go over some of the dead giveaways that something is off with a given process.
Analyzing Processes with Cheat Engine
In this video, we will talk about how to analyze a process using Cheat Engine. We will go over how to read the data of a running process that is present in the RAM and how to extract this data.
Determining What an Unknown Program Is Doing — Part 1
In this video, we'll go over how to analyze recorded (keylogged) data to determine what actions an unknown program is performing.
Determining What an Unknown Program Is Doing — Part 2
In this video, we'll continue analyzing our keylogged data to figure out what actions our unknown program is performing. We will gather information from the process, such as email addresses and passwords. We can use this information to log in to accounts and see who they belong to.
Analyzing an Executable with a Decompiler
The first step in decompiling a program is installing the required software to do so. In this video, we will go over some useful tools for reverse engineering like IDA, Ollydbg, and Snowman. We will also open up an .exe file in the IDA disassembler and walk through some sections of the interface.
Decompiling Function Parameters and Variables
In this video, we will take a look at the functions of the executable we're disassembling and decompile them with different decompilers to get a better sense of the contents. We will then analyze the code, taking notes along the way to keep track of what we are doing.
Reverse Engineering Function Logic with a Decompiler — Part 1
In this video, we will begin the process of decompiling our program piece by piece, taking notes in the form of pseudocode. We will try to recognize any local or global variables and rename them so the code is more clear. We will do the same for any other similarities we find as we slowly deconstruct our decode function.
Reverse Engineering Function Logic with a Decompiler — Part 2
As we continue the reverse engineering process, our pseudocode will make more sense and start to look like a real program. In this video, we will continue analyzing our compiled function, adding lines of code we recognize to our decode function and then, if needed, optimizing the code a bit.
Reverse Engineering Function Logic with a Decompiler — Part 3
In this video, we will finish decompiling our function and check to ensure we have done it correctly.
Finding Salts in Decompiled Code
There are several different ways we can look for variables inside of decompiled code. In this video, we will try finding specific variables using some common sense.
Writing a Decryption Program from Pseudocode — Part 1
Now that we have written our decryption function in pseudocode, it is time to write some actual code. In this video, we will construct our program in C++ using Code::Blocks IDE.
Writing a Decryption Program from Pseudocode — Part 2
In this video, we will continue writing our decryption program by implementing the commonly used Base64 decoding algorithm.
Writing a Decryption Program from Pseudocode — Part 3
Now we're ready to finalize our program and make sure it works. In this video, we'll finish and test our program and then decrypt the encrypted files.
Reverse Engineering Wrap-Up
In this video, we will go over what we have learned and talk about some of the ways you can continue to learn about and practice reverse engineering.
The Metasploit Framework
What Is Metasploit?
In this video, we'll learn about the Metasploit framework, a powerful tool for penetration testing. We will go over the basics of what Metasploit is and take a a tour of the framework environment.
We can't do much with Metasploit until we learn its commands. In this video, we will learn the basic Metasploit commands and what they do so we can earily navigate the framework and get things done.
Other Useful Metasploit Commands
In this video, we're going to learn five more useful Metasploit commands: search, show, use, set, and setg.
Database Setup and ExploitDB
In this video, we will learn how to set up a database and use the ExploitDB website.
In this video, we will go over how to perform a scan, store the results in a database, and then analyze the results to decide which exploit to use. We will also discuss how to use the selected exploit, run it against the host, and create a back door.
The Post-Exploitation Phase
In this video, we'll discuss what we can do in the post-exploitation phase, including establishing persistent access to the target machine and setting up the ability to upload or download files at will.
In addition to its command line interface, Metasploit also has a graphical user interface called Armitage. In this video, we will take a tour of Armitage and learn how to use it.
In this video, we will dive into the inner workings of Metasploit and Nmap by examining one of the most devastating vulnerabilities ever discovered. We will write an Nmap script that can scan services to determine if they are vulnerable and then write a Metasploit module.
Executing Code Remotely with Shellshock
Shellshock allows you to put commands into variables and then escape them so that when child processes inherit the variables, they execute the embedded commands. Using Shellshock in this way allows you to essentially take control of a system.
Writing an NSE Script: Headers
Every Nmap script consists of three parts: a header, a rule, and an action. In this video, we will learn how to write an NSE script header. The header is generally used to add metadata, such as author information, a description, and a usage example.
Writing an NSE Script: Rules
In this video, we will discuss how to write an NSE script rule. The rule is basically a code segment that decides whether or not to proceed with the instructions given in the action. For example, the rule could check to see if a service is susceptible to a certain type of scan.
Writing an NSE Script: Actions
In this video, we will discuss how to write an NSE script action. The action is the meat of the NSE script, where we define what the script will actually do.
Debugging an NSE Script — Part 1
Whenever you write scripts, you will most likely encounter problems with your code. In this video, we will discuss how to debug your code to make your scripts work properly and make your life easier.
Debugging an NSE Script — Part 2
In this video, we will continue debugging our NSE script. It's important to remember that a lot of your time writing scripts will be spent fixing problems and debugging code.
Examining a Metasploit Module
We're almost ready to write a Metasploit module, but before we get started, we need to learn a bit more about their structure and logic. In this video, we'll take a look at an existing Metasploit module to get a better understanding of how to write one.
Module Script Outline
In this video, we will write an outline of our script, which we will use as a foundation to build upon. We will add some basic items to our script, such as the main function, the metadata section, a description of the module's functionality, and the module requirements.
Loading a Module into Metasploit and Performing a Syntax Check
Just like with our Nmap script, we need to perform a syntax check to make sure that our script does not contain any syntax errors. Remember that a syntax check will not catch logic errors, so it is possible for the syntax check to pass and for the script to fail to do what you intended it to do.
Deploying and Testing a Script
In this video, we will finalize the module we wrote. We will discuss the purpose and reasoning behind each line of code and then deploy the module. Finally, we will test our module to make sure it works.
In this final course video, we'll go over the main lessons we learned in this course and where to go from here.