kali linux practice, how to

[AntiHero]

Im looking for some ideas on how to work on and practice using kali linux for the purpose of pen-testing and using all the various functions kali comes with. Things to bare in mind: I am fairly new to this, I have more then one computer, Im looking to aggressively expand my knowledge in this area, and of course i wanna be able to do this w/o breaking or damaging anything. Thoughts and suggestions, please and thank you!

[digininja]

Slight correction first, you don't learn Kali, Kali is just a collection of tools that could be installed on any Linux distro.

For learning the different tools, it all depends on what area you are interested in. I'd get on securitytube.net and find videos or tutorials on those areas and then play.

There are also a whole bunch of different CTF challenges out there, again, depending on your area of interest depends which you choose.

I'd also suggest not using Kali and going for something like Ubuntu or Debian instead and learning to install all the tools you want yourself, that will give you a much better idea of OS level stuff than just using a tool that someone else has already installed and configured for you.

[AntiHero]

Well I've been working with linux mint-cinnamon for abit to just get the feel for linux itself.  Id like to learn more of what the tools given to me are capable of doing so CTF challenges maybe a good place to start. Direction, after all, is what im looking for here. There's so much out there picking a path to travel down has proven to be the toughest part.

[digininja]

First question, what are you interested in?

And if you are running Mint, stick with that and install the tools you want to use in there. It is more work but believe me, it will work out better in the long run.

[Bigbiz]

My ebook is fairly straightforward.

Check it out

https://www.amazon.ca/dp/B0749CZL8L/ref=cm_sw_r_cp_awdb_t1_tpxQBbHD16CZK

[AntiHero]

On 9/24/2018 at 9:54 AM, digininja said:

First question, what are you interested in?

And if you are running Mint, stick with that and install the tools you want to use in there. It is more work but believe me, it will work out better in the long run.

Well ideally I'd like to learn how to be able to access a network and acquire or leave behind data/programs. I know its far easier said then done, but from what I've been informed of it seems to be the core concept behind penetration testing and cyber security.

[digininja]

In which case look for live box CTF challenges such as Metasploitable and the boxes available on https://www.vulnhub.com/ .

And as for network stuff being the core, not really, there is no core. I'm currently dumping a client's full database through a web app vulnerability, on some networks you need to know wifi skills to gain access and softer skills such as analysing network design and segmentation also come in very handy. That is why I say to anyone who asks this question, pick what you are interested in and learn that. Don't try to jump in to areas that others say are sexy, fun, well paid, if the area doesn't interest you as whatever area you choose will probably also be sexy, fun and well paid once you are good at it.

[AntiHero]

Awesome! thanks for the advice man, and I'll try out those challenges. Anymore questions ill be sure to post.

[icarus255]

Haha I started my journey with Mint as well and still continue to use it for all my day to day stuff and "CTF" stuff. Digininja speaks much wisdom and I would say stick to mint as well but I can't pretend that I didn't like kali at the start. Kali was great because I could test all the different apps without worrying about compiling/configuring a hundred of them on mint. I don't really use kali anymore because it's not a great OS for your day to day stuff and there's only a handful of the "kali tools" that I regularly use so I just installed them on mint.

As for direction, there are plenty of good suggestions provided above and to add my five cents, I started out with simple CTF challenges on www.root-me.org and setting up a test network using my old computers and routers. The virtual environment is the simpler way to go if you don't want to mess around with cables, different PCs etc but I wanted to learn how to physically do this stuff myself. From there try hacking your wifi or some old vulnerable software you installed on one of the comps (google vulnerable LAMP server). Finally enough, hak5 sells some good gear as well if you have the spare coin. Not sure how it is for learning but I had fun playing with the bash bunny.

Anyway, learning is a personal journey so you will figure out what interests you and what doesn't as you go.

Good luck and see you around, amigo.
 

 

[digininja]

For anyone curious about doing network stuff, I'd recommend doing a basic CCNA class in person. I did it years ago and even though networking isn't my thing, the act of building up networks, loading routing tables and then pulling cables to see what happens was really good fun. I'm sure you could do it all online and use virtual machines but the act of plugging one box into another, configuring it, then yanking the cable out really helps cement things in place, or at least it did for me.

[AntiHero]

Getting alot of good feedback here! I've been rooting through kali to see what I like and wanna get better with while at the same time going through basically step by step the "kali linux revealed" book and will most likely be doing what @icuras255 did and just take what I like and customize it on mint. I also have some good friends that volunteered older computers they have to let mess around in/on(depending on end goal) and just get the feel for some of the massive amount of programs out there to use.

[icarus255]

On 9/24/2018 at 7:32 PM, Bigbiz said:

My ebook is fairly straightforward.

Check it out

https://www.amazon.ca/dp/B0749CZL8L/ref=cm_sw_r_cp_awdb_t1_tpxQBbHD16CZK

Hey bro I tried checking out your book but I couldn't download it. It kept saying something about my account settings not for kindle unlimited... is this because I'm in Australia and Trump has banned book sales to us? ?

[icarus255]

7 hours ago, digininja said:

For anyone curious about doing network stuff, I'd recommend doing a basic CCNA class in person. I did it years ago and even though networking isn't my thing, the act of building up networks, loading routing tables and then pulling cables to see what happens was really good fun. I'm sure you could do it all online and use virtual machines but the act of plugging one box into another, configuring it, then yanking the cable out really helps cement things in place, or at least it did for me.

I am definitely curious because my knowledge of networking is very basic so the course would be perfect. Which one did you do? the routing and switching one?

[icarus255]

6 hours ago, AntiHero said:

Getting alot of good feedback here! I've been rooting through kali to see what I like and wanna get better with while at the same time going through basically step by step the "kali linux revealed" book and will most likely be doing what @icuras255 did and just take what I like and customize it on mint. I also have some good friends that volunteered older computers they have to let mess around in/on(depending on end goal) and just get the feel for some of the massive amount of programs out there to use.

It looks impressive but don't let it overwhelm you. A lot of them are outdated and some of them perform the same functions as two or three other apps in that category. If you want a hand with anything feel free to PM me. I'm not an expert but happy to help where I can.

[digininja]

1 hour ago, icarus255 said:

I am definitely curious because my knowledge of networking is very basic so the course would be perfect. Which one did you do? the routing and switching one?

Was just a basic CCNA, can't remember if it was anything specific. 

[Bigbiz]

it should work becsuse australian kindle store is different than americsin. An ive sold it there before so dont know. Australian kindle store so your guess is good as mine.

[Bigbiz]

did some diggin 

Try this link

https://www.amazon.com.au/Kali-Linux-Handyman-Ins-Outs-ebook/dp/B0749CZL8L/ref=mp_s_a_1_1?ie=UTF8&qid=1539707380&sr=1-1&pi=AC_SX118_SY170_QL70&keywords=kali+linux+handyman&dpPl=1&dpID=51msqg78AbL&ref=plSrch

 

.com.au

Is the store in Australia.

Edited October 16, 2018 by Bigbiz

[The Power Company]

I would spend some time learning about grep, piping, and regular expressions. These are ridiculously important things to know, especially when trying to locate files, identify rogue processes on your system, and just generally staying in control of your system in a hostile environment, whether as an invading red team or a besieged blue team. For some reason very few "hacking" tutorials mention these, I guess they just assume you already know about them. There are many interactive tutorials for things like regex though.

Edited October 23, 2018 by The Power Company

[digininja]

It is one of the reasons I recommend people have a go at dropping Windows and going native with Linux for at least a few months. If you can get used to using it on a daily basis then it makes your life a lot easier in the long run.

And before people shout about Windows or OSX being a better desktop experience, I'm not saying switch permanently, just long enough to get comfortable with it and then make your mind up if you want to go back.

[AntiHero]

First I just wanna apologize for being absent from this thread for so long, work and my semester have been beating me over the head the past couple of weeks, and thank everyone again for the excellent feedback... however if there's anyone that is proficient in computer hardware it could use some real serious help at the moment... here's the link for anyone willing to aid me. I'm pretty sure I know what the problem is I just wont a second opinion/confirmation.

 

Edited November 12, 2018 by AntiHero