1 00:00:06,270 --> 00:00:10,650 - The Kali architecture is based on Debian, right? 2 00:00:10,650 --> 00:00:13,340 And it basically has all the underlying utilities 3 00:00:13,340 --> 00:00:17,520 and facilities of the Debian Linux distribution. 4 00:00:17,520 --> 00:00:20,445 It just has many and many different hacking tools 5 00:00:20,445 --> 00:00:21,671 that you can, you know, of course, 6 00:00:21,671 --> 00:00:24,569 take advantage of for pen testing. 7 00:00:24,569 --> 00:00:26,956 Now we will go over some of the major categories 8 00:00:26,956 --> 00:00:29,800 of these tools later in this lesson. 9 00:00:29,800 --> 00:00:32,990 However, I want to actually cover a few things 10 00:00:32,990 --> 00:00:35,854 about the underlying Kali base install 11 00:00:35,854 --> 00:00:38,796 and the default user (muffled speaking) password. 12 00:00:38,796 --> 00:00:43,572 Now typically, we always suggest that the user, you know, 13 00:00:43,572 --> 00:00:47,624 or any user, use a non-privileged account 14 00:00:47,624 --> 00:00:49,779 when running any operating system, right? 15 00:00:49,779 --> 00:00:52,969 So that includes Linux, Windows, Mac OS X, 16 00:00:52,969 --> 00:00:55,468 instead of actually running root at all the time 17 00:00:55,468 --> 00:01:00,383 or privileged account all the time, use things like sudo. 18 00:01:00,383 --> 00:01:03,465 Definitely use sudo whenever you need the escalation 19 00:01:03,465 --> 00:01:05,372 of privileges and to run, you know, 20 00:01:05,372 --> 00:01:07,029 the commands as root, right? 21 00:01:07,029 --> 00:01:10,512 But typically, you know, it's a very well known security 22 00:01:10,512 --> 00:01:15,023 best practice that, you know, you do not run everything 23 00:01:15,023 --> 00:01:18,578 in root and that you actually run sudo 24 00:01:18,578 --> 00:01:19,684 whenever needed, right? 25 00:01:19,684 --> 00:01:22,357 So that provides an extra layer of protection between 26 00:01:22,357 --> 00:01:26,461 the user and any potential destructive operating system 27 00:01:26,461 --> 00:01:30,301 commands or operation, and of course, from preventing, 28 00:01:30,301 --> 00:01:32,751 you know, any type of malicious activity 29 00:01:32,751 --> 00:01:36,082 forth actually taking place in the system. 30 00:01:36,082 --> 00:01:38,489 Now on the other hand, Kali Linux contain many 31 00:01:38,489 --> 00:01:42,239 tools that can only run with root privileges. 32 00:01:42,239 --> 00:01:46,364 Also it is not typical that you run, you know, as root, 33 00:01:46,364 --> 00:01:48,922 if you have a multi-user environment, right? 34 00:01:48,922 --> 00:01:51,757 But in this case, actually, you know, with Kali Linux, 35 00:01:51,757 --> 00:01:55,924 it is actually very unlikely that you will run Kali Linux 36 00:01:56,909 --> 00:01:58,723 in a multi-user environment, right? 37 00:01:58,723 --> 00:02:00,920 Typically, they're running in your laptop. 38 00:02:00,920 --> 00:02:03,559 If you're actually doing a pen testing for a customer, 39 00:02:03,559 --> 00:02:06,527 or if actually you're doing pen testing internally 40 00:02:06,527 --> 00:02:08,774 in the corporation, you probably will have, I mean, 41 00:02:08,774 --> 00:02:12,196 virtual machines, you know, throughout your environment 42 00:02:12,196 --> 00:02:13,914 and many installations of it. 43 00:02:13,914 --> 00:02:17,145 But typically you're not going to interact with a system 44 00:02:17,145 --> 00:02:19,636 where multiple users do interacting with the system 45 00:02:19,636 --> 00:02:21,506 at the same time, right? 46 00:02:21,506 --> 00:02:25,387 Now if you do have some type of automation for pen testing, 47 00:02:25,387 --> 00:02:26,929 and you have some scripts and everything, 48 00:02:26,929 --> 00:02:29,300 you actually have to, you know, use common sense 49 00:02:29,300 --> 00:02:32,652 and actually use the sudo whenever it's needed, right? 50 00:02:32,652 --> 00:02:35,281 So in those cases, you know, of course, you're not, 51 00:02:35,281 --> 00:02:38,005 you know, you will have to actually attain 52 00:02:38,005 --> 00:02:40,380 to the best practices, excuse the best practice 53 00:02:40,380 --> 00:02:42,127 that I'm actually talking about here. 54 00:02:42,127 --> 00:02:44,588 But in the case that if you actually just running, you know, 55 00:02:44,588 --> 00:02:47,859 Kali Linux on a laptop, in your lab or, you know, 56 00:02:47,859 --> 00:02:51,436 in a pen testing gig, basically you most definitely 57 00:02:51,436 --> 00:02:55,967 are going to run it as root because most of those tools can 58 00:02:55,967 --> 00:02:58,800 only run with root privileges. 59 00:02:58,800 --> 00:03:02,967 Now the default password in Kali is toor, that is, T-O-O-R. 60 00:03:04,021 --> 00:03:05,473 Now you should definitely change it 61 00:03:05,473 --> 00:03:06,846 as soon as you install it, right? 62 00:03:06,846 --> 00:03:09,139 But in a lot of cases, actually running a lot of these tools 63 00:03:09,139 --> 00:03:13,829 actually as root, and, you know, the only user that you may 64 00:03:13,829 --> 00:03:16,923 have in the Linux distribution on your laptop 65 00:03:16,923 --> 00:03:19,463 may be actually the root user. 66 00:03:19,463 --> 00:03:23,395 Now as I mentioned before in this lesson, there are tons of, 67 00:03:23,395 --> 00:03:26,502 you know, tools that are already packaged in Kali, 68 00:03:26,502 --> 00:03:28,759 and depending on the version of Kali that you install, 69 00:03:28,759 --> 00:03:31,510 you may actually have, you know, all of them, or you may 70 00:03:31,510 --> 00:03:33,412 have just a base install, right? 71 00:03:33,412 --> 00:03:35,159 Only includes a few of them, right? 72 00:03:35,159 --> 00:03:38,186 Now the link that I'm actually showing here lists 73 00:03:38,186 --> 00:03:40,938 all the different tools that are available in Kali. 74 00:03:40,938 --> 00:03:44,413 And I always go to this link to find out if there 75 00:03:44,413 --> 00:03:48,374 are any new tools available in the latest version of Kali. 76 00:03:48,374 --> 00:03:51,420 There are definitely a lot of different categories, 77 00:03:51,420 --> 00:03:54,563 you know, the first one is actually information gathering, 78 00:03:54,563 --> 00:03:58,992 and there you're actually going to see tools like acccheck, 79 00:03:58,992 --> 00:04:02,780 you know, tools actually related to Cisco specifically, 80 00:04:02,780 --> 00:04:06,947 like cisco-torch, CaseFile, dnsenum, dnsmap, dnswalk, 81 00:04:09,392 --> 00:04:11,232 and the list just goes on and on, 82 00:04:11,232 --> 00:04:12,563 as you actually see here, right? 83 00:04:12,563 --> 00:04:15,813 So, Nmap, sslstrip, the THC-IPV6 sweep, 84 00:04:19,218 --> 00:04:23,903 Wireshark for, you know, sniffing and many others, right? 85 00:04:23,903 --> 00:04:27,461 Now the other category is vulnerability analysis, 86 00:04:27,461 --> 00:04:31,422 and in there, you actually have a specific analysis tools 87 00:04:31,422 --> 00:04:33,969 for specific vulnerabilities like, you'll see a few here 88 00:04:33,969 --> 00:04:37,398 for Cisco, you'll see Powerfuzzer and sfuzz, 89 00:04:37,398 --> 00:04:40,448 you know, those are actually fuzzer, sqlmap, 90 00:04:40,448 --> 00:04:43,627 which is actually used for database testing as well 91 00:04:43,627 --> 00:04:47,794 as Sqlninja and sqlsus, the THC-IPV6 sweep, I mean, 92 00:04:49,214 --> 00:04:51,205 of course, is also here because you have some utilities 93 00:04:51,205 --> 00:04:55,248 that are aimed for vulnerability analysis. 94 00:04:55,248 --> 00:04:56,742 And of course the list goes on and on. 95 00:04:56,742 --> 00:04:59,415 Throughout this course, of course we're actually going 96 00:04:59,415 --> 00:05:02,506 to be hitting several of these tools, and we're going 97 00:05:02,506 --> 00:05:05,939 to be explaining what, you know, each of these tools 98 00:05:05,939 --> 00:05:09,798 are actually used for and how you can also combine your 99 00:05:09,798 --> 00:05:11,767 attack because, you know, these attacks 100 00:05:11,767 --> 00:05:13,546 are actually not done in isolation, right? 101 00:05:13,546 --> 00:05:16,716 You may start with a passive reconnaissance and then 102 00:05:16,716 --> 00:05:19,023 an active reconnaissance with a scanner, then after 103 00:05:19,023 --> 00:05:22,681 that you actually perhaps identify specific victims 104 00:05:22,681 --> 00:05:24,964 in the network and you launch, you know, 105 00:05:24,964 --> 00:05:28,066 vulnerabilities analysis tools and fuzzers 106 00:05:28,066 --> 00:05:30,690 to actually look for those vulnerabilities 107 00:05:30,690 --> 00:05:34,031 and then go to exploitation tools which is another category 108 00:05:34,031 --> 00:05:37,657 here, and use things like Armitage or Backdoor Factory, 109 00:05:37,657 --> 00:05:41,592 BeEf, you know, sqlmap again, you know, several, 110 00:05:41,592 --> 00:05:46,131 all the tools that are specific for exploitation. 111 00:05:46,131 --> 00:05:48,955 You also have, you know, in case you're doing actually 112 00:05:48,955 --> 00:05:52,744 wireless penetration testing, wireless attack tools, 113 00:05:52,744 --> 00:05:57,040 Aircrack-ng is actually one of the most used out there, 114 00:05:57,040 --> 00:06:00,141 but you may have things like coWPAtty, crackle, 115 00:06:00,141 --> 00:06:02,314 and again we're actually going to go over several 116 00:06:02,314 --> 00:06:05,373 of these tools throughout the whole course, right? 117 00:06:05,373 --> 00:06:08,977 Another category is web applications, you know, 118 00:06:08,977 --> 00:06:11,276 series of tools on here, I'm actually just showing, 119 00:06:11,276 --> 00:06:12,985 you know, the long list. 120 00:06:12,985 --> 00:06:17,028 Stress testing, and also forensics tools, right? 121 00:06:17,028 --> 00:06:20,970 Now we have sniffers and tools for doing spoofing, 122 00:06:20,970 --> 00:06:25,106 password attack tools, also tools to be able 123 00:06:25,106 --> 00:06:29,230 to maintain access and persistency in the system. 124 00:06:29,230 --> 00:06:32,563 So after you actually exploit the system, you have some 125 00:06:32,563 --> 00:06:35,324 tools in here that allows you to actually maintain 126 00:06:35,324 --> 00:06:38,808 that persistency in that system, right? 127 00:06:38,808 --> 00:06:40,727 So we're actually going to be covering 128 00:06:40,727 --> 00:06:42,811 all these throughout the course. 129 00:06:42,811 --> 00:06:45,322 You're going to learn how to actually maintain persistency 130 00:06:45,322 --> 00:06:47,844 after you have compromised a system. 131 00:06:47,844 --> 00:06:50,607 You also have reverse engineering tools, you know, 132 00:06:50,607 --> 00:06:52,883 things like YARA and javasnoop 133 00:06:52,883 --> 00:06:55,066 and some other ones, right, are there. 134 00:06:55,066 --> 00:06:57,393 Hardware hacking tools, we actually have a few, 135 00:06:57,393 --> 00:06:59,730 we don't have a lot, but there's a few in here. 136 00:06:59,730 --> 00:07:02,464 And also even reporting tools, you know, things 137 00:07:02,464 --> 00:07:07,096 like CaseFiles and KeepNote, MagicTree and Nipper-ng and, 138 00:07:07,096 --> 00:07:08,486 you know, several others, right? 139 00:07:08,486 --> 00:07:12,062 So as you can see, the list of tools that are in Kali 140 00:07:12,062 --> 00:07:14,216 are fairly comprehensive, right? 141 00:07:14,216 --> 00:07:17,377 And, you know, previously, I mentioned that there's other, 142 00:07:17,377 --> 00:07:20,547 you know, tools out there like Pen 2 and, you know, 143 00:07:20,547 --> 00:07:24,069 several of them that are available other than Kali. 144 00:07:24,069 --> 00:07:27,055 But Kali, by far, is actually one of the most complete, 145 00:07:27,055 --> 00:07:31,669 are most comprehensive Linux distribution for pen testing, 146 00:07:31,669 --> 00:07:34,086 as you can actually see here.