What is Kali Linux
how to hack so today we will be going
through the kali
linux explain alright so before i do
that i have a wonderful news
okay so the first thing is we actually
have the following new changes
all right that can actually help us do
more tutorial for you so i can go ahead
and go into command prompt and i can
actually show you the new upgrade that
we got
so that we can actually put in more
systems more
service more applications so that we can
demonstrate
how an enterprise network is actually
looking like and then
how we can do ethical hacking and
penetration testing
on those tests labs environment in which
you have like your proxy servers your
directory service
your application systems and so on and
so forth so we can actually build up
a very very nice lab environment in
which we can test
all these different kind of exploits
vulnerabilities
and how enterprises could be trying to
protect your systems
so we got the amd 3900xt
all right so this is a 12 core all right
we have 12
core running to actually help us do all
this processing
as we begin to virtualize even more
systems
all right so that's the good news to
start off today's tutorial
okay so going back to call linux right
so the first question is
what is call of linux all right so call
linux
is an operating system all right very
similar to how for example you would use
your macintosh your windows 10 computer
your ubuntu all right and the list goes
on so this is a linux distribution
and it is of course created and
maintained by offensive security
and it was previously known as backtrack
so i was using backtrack
more than a decade ago more than 10
years ago and it already had all this
wonderful
tools software for us to actually do
adequate hacking and penetration testing
on whether you are
doing it as a penetration tester or
whether you're doing it and learning
about how
certain software could be run how we
could test certain networks and systems
and applications
so this is call linux an ethical hacking
penetration testing platform
okay so of course you can go into the
official
site which is kali.org okay so over here
we have the advanced penetration testing
distribution okay and of course it has
all the
tutorials the new updates of all the
software and so on
so one of those wonderful places that
you go to is to go to the top tab
click under download and click under
download call of linux
okay so over here the wonderful thing is
that we have a lot of different images
that you can use
to run color linux okay and you have
64-bit you can torrent them
okay or you can also download them if
you're for example running different
kind of virtualization technology like
vmware
virtualbox you can just download it
straight and all you got to do is double
click on it
and once you have for example oracle
virtualbox or vmware running
you can immediately get kala linux up
and running
in just a few minutes okay so this is a
wonderful way for us to actually start
using and learning colonics to get more
understanding about radical hacking
okay so moving back into call links so
let me log in
okay so this is the login page let me
log in into call linux
and of course in call linux i am
actually using it
all right as a platform
all right where i can also where i'm
also teaching
a lot of it professionals in the area of
cyber security
all right i've trained hundreds of it
professionals across the world
in terms of using kala linux and of
course you can see
all of the different kind of information
or different kind of payloads that have
created as part of all this training
and one of the important places that we
look at is actually on the top
left corner so this is the manual of
call linux
and they have actually broken down all
this different software for us
so you have your favorites recently used
and so and so forth
but the more important one here is zero
one zero two zero three zero four
all the way to number one three okay so
this
are how they have actually categorized
some of this software
and before i actually dive deeper into
what
each of this category does i also want
to share with you a little more about
for example some of you may be familiar
with the cyber attack framework
which was developed by lockheed martin
and of course there's also the michael
attack framework okay so this is a
knowledge base about foundation
of the development of certain threat
models methodologies
in the private sector in government in
the cyber security product and service
community
or as you can see over here so we have
the i attack miter.org
so we can see all of those information
as you scroll down
okay you have the different kind of
tactics
techniques that the hackers are using so
you have the initial access
execution persistence and so on and so
forth all the way
to the end all right so you can actually
see all of those different kind of
tactics and techniques all right the
techniques are listed over here okay so
for example if you want to look at
abuse elevation control mechanism you
can just go ahead and click
on it and it will give you more
information about sub techniques all
right so for example the subtechnics
here
set uid set gid bypass uac
all right so we have done a couple of
those privilege escalation tutorial and
as part of this
channel all right and then we have super
user do all right caching and so on
so all this gives us a wonderful way of
first understanding about how
disciple attackers do it and two in
terms of the mitigation strategy
and activities that we can put in place
to protect ourselves and our enterprises
against all these type of threats okay
so moving back
into colon linux so you can see some
sort of similarity
or of course in this case more from the
attacker's point of view
so we have for example like information
gathering okay so we have information
gathering it's about
gathering information of a network
a device a suite of devices within a
network or
even about an entity which is coming
from open source intelligence
platforms to help us find out more
details before we launch a attack
all right so you have for example here
dns analysis
you have ssl analysis smtp simple
mail transfer protocol and the list goes
on and you have all this common software
and we have
quite a number of them in terms of
helping us list down
the number of devices in a network all
right so this help us
understand for example how many mobile
devices is in the walls network
how many devices are there in the
network whether they are macintosh now
we're attached storage windows computers
mobile devices we can find all of that
from here
okay and moving on to zero two we have
vulnerability analysis
okay so this is the part where we are
scanning the devices looking up for
certain information where we can try to
break open certain openings
in which we can gain access into the
device so i always go back to the very
straightforward use case that we do
as part of a cyber attack so think of it
again like how a
robber would go breaking into a house
okay so what the robbers will do
is that they will first gather
information about
a particular location about a particular
building or a house or residential area
so they will look at the house look at
the vicinity
is there any nearby police station is
there any
high walls that we need to climb what
kind of fans are they using
and how many doors does this house have
how many
windows do they have on the first floor
so all these are the different
information that they're gathering
about that particular house right just
like how we get our information of a
particular network
all right and then we have to begin
scanning for vulnerabilities
so what do i mean by vulnerabilities
we're looking for
places that can give us access into the
house
okay so maybe this house does not have a
high wall so we can easily jump
through the walls and gain access into
the house
and maybe in the house there are 10
windows on the first floor and
one of the windows is always open in
which the
the robbers can easily just jump through
the window and gain access to the house
after which they will begin all right
finding out where are the cash the
valuables
inside the house so of course in the
cyber world we're looking for critical
data
all right so once we gain access to
critical data or like financial
information
credit card details personal data once
we gain access to them right so that
means the hackers
have access to those systems
applications and those key data
all right and on xero tree we have web
application analysis so we have been
doing a lot
of web application penetration testing
series as well
where we demonstrate how many different
of this sites could be vulnerable to
different kind of hacks
so we went through and using of course
open web application security project
and looking at some of this
electronic homicide as an example of how
hackers could do cross-site scripting
cross-site request forgery trying to do
sql injection to gain access
into other parts of the sites all right
so we have actually went through a lot
of them and as you can see over here
right we have
cms right content management system so
we're trying to identify
what kind of platform technology that
you're running so that
we can conduct specific and create
specific payloads to go
and target against a particular site we
have proxy
web crawlers directory systems so we
even had one tutorial where we could
find out where is the login page for the
administrators right so those
were the kind of different tutorials
that we were doing previously and burp
street i know i got a lot of requests
for burp suite so
i would do a tutorial okay a couple of
tutorials on this
coming soon all right so do do watch out
for those tutorials
and we've gone through all this
different kind of technology and
platforms for us to do
analysis of those sites especially in an
automated way
but burp suite give us the option to be
more manual to actually customize our
payload
and inject them specifically into
different input forms
zero four is database assessment so this
is the part
where the hackers go directly into the
database system to try to extract data
all right so we have done number
tutorial on this and of course
sql map is one of the most used tool
okay to actually conduct
sql injection to try to gain access into
the database system and it could
help us quickly map out the structure of
the database
and be able to flag out certain tables
with sensitive data
with passwords and try to even crack
crack them open
and with sql like database browser right
so a lot of
new modern and web mobile applications
actually need somewhere to store
some of the data so a lot of this
different data could be stored inside a
sql lite
file so we can actually browse them
using the sqlite database browser so we
have done
a couple of tutorial on mobile
application penetration testing too
password attacks so password attacks are
mainly segregated
into two forms all right so one is the
offline attack and the other one is
online attack
all right so online attack means that we
do a direct
attack against the server to try to gain
entry into those credentials
and for offline attacks offline attacks
we are actually
targeting all right based on the
data that we have extracted so once we
have extracted those data what we will
do is we will try
to crack those passwords that we found
all right so that's the whole idea of
password attacks
and we can also look at some of the
usage of the software here that's been
created like
john medusa word list that we also have
used very very frequently together with
other platforms
attacks all right so you can get
yourself a couple of wireless adapters
and we can put them into the promiscuous
mode
and we can start sniffing for data in
the network and looking at how
data are being transacted in the
vicinity in the area so that's part of
wallace attacks
and more than 10 years ago i was already
using aircrack ng
all right so this is actually very very
useful in
helping us crack certain wireless
networks
all right and we have reverse
engineering all right so this is the
part where we can look
into the software and look at the
assembly language of how
they actually call certain functions and
be able to map out
how their how their application code
could be running logically
and they're looking at places where it
could possibly inject
into the into the software to gain
access to the system
we have exploitation tools like mata
supply framework that we have done
a lot of tutorials on in which we learn
about how we can
target a specific system and run those
payloads
with a shell all right so that we have a
access into the system
and looking at the different modules as
part of metasploit framework to
run our attack okay and we've also
looked into
social engineering toolkit as a way for
us to also
target users on the psychological end
of the attack right so this is how the
fraudsters
all these scammers is to try to trick
users into giving up their usernames
passwords personal data and so on
all right then we have sniffing and
spoofing all right so this is the part
where you could
possibly set up a fake wireless access
point and as people
gain access to your fake wireless access
point you could see all those data
they're going in and out of the system
or if you manage to join a network you
could actually run
a sniffing right to look at certain data
that's been transacted in the
environment
and be able to view into those payload
we have post exploitation so this is the
part where you gain access in the system
and you may want to correct the password
you may want to gain elevated privileges
so those are the different kind of
modules available
as part of post exploitation so we have
went through on mimikatz
powersploit all right and we'll try to
go through the rest of the other
software
or even writing those software ourselves
we have forensics
okay so this is the part where we have
not gone through at all yet
as part of the channel but definitely
really exciting topic and domain that we
will
look deeply into in future tutorials so
do stay tuned for that
reporting tools okay so if you're a
penetration tester at the end of day
whether you are
doing your internal or external
penetration testing you definitely need
to be able
to generate reports to provide them back
to the stakeholders and let them be in
form of
where you detect the vulnerabilities so
again going back to the earlier analogy
about how robbers go after houses so
what we're trying to do here
is to be the good guys all right so
you're scanning
the house ahead and you're scanning the
doors the windows
assessing the security posture of the
house
and of course in the cyber world
security posture of the enterprise
and once you look into all these
different systems applications devices
network equipments and so on and you
find out and flag out where are the
vulnerabilities
and then you prioritize them because
depending on the criticality of those
vulnerabilities and how easy
and dangerous they are if they are
exploited and then giving a
recommendation
back to the stakeholders about what they
should do in order to contain
all right and or of course in order to
remediate against those vulnerabilities
before the hackers do it
okay and again social engineering tools
okay we have no tago we have social
engineering toolkit
msf payload creator npc so again
very very good ways for us to launch
attacks where we could get usernames and
passwords
so rather than doing all the technical
stuff why not couple it together with
how
the hackers could be doing up a fake
login page to get usernames or passwords
through phishing attacks okay so this
are the different
components or categories inside call
linux as part
of how we can perform adequate hacking
and penetration testing
so once again i hope you've learned
something valuable in today's
tutorial and if you have any questions
feel free to leave a comment below and
i'll try my best to answer any of your
questions
and remember like share and subscribe to
channel so that you can be kept abreast
of the latest
cyber security tutorial thank you so
much once again for watching
<< Home