Kali Linux Penetration Testing Bible. Gus KhawajaЧитать онлайн книгу.
box, such as SSH, web, FTP, etc.
One of the common tasks in penetration testing is to run a web server on your Kali so you can transfer files to your victim machines (I will go into more details later in this book) after getting a remote shell. So, for example, to start the web server on your Kali Linux (for your information, that's not the only way to start a service, but it's my favorite because it's easy to memorize):
root@kali:/# service apache2 start
Here are the remaining commands that you will need to know about managing services:
To Get the status of a service (started, stopped):
$service [service name] status
$systemctl status [service name]
To start a service:
$service [service name] start
$systemctl start [service name]
To stop a service server:
$service [service name] stop
$systemctl stop [service name]
To restart a service:
$service [service name] restart
$systemctl restart [service name]
To enable a service to start on boot automatically:
$systemctl enable [service name]
To disable a service from automatically starting at boot:
$systemctl disable [service name]
Package Management
The first thing that you need to know before you update your Kali Linux system is that the configuration file for the Kali repository is located at /etc/apt/sources.list
:
root@kali:/# cat /etc/apt/sources.list # # deb cdrom:[Kali GNU/Linux 2020.2rc1 _Kali-last-snapshot_ - Official amd64 DVD Binary-1 with firmware 20200505-14:58]/ kali-rolling contrib main non-free #deb cdrom:[Kali GNU/Linux 2020.2rc1 _Kali-last-snapshot_ - Official amd64 DVD Binary-1 with firmware 20200505-14:58]/ kali-rolling contrib main non-free deb http://http.kali.org/kali kali-rolling main non-free contrib # deb-src http://http.kali.org/kali kali-rolling main non-free contrib
To update your Kali Linux system (like Windows Update), execute the update
command first and then the upgrade
command. Take note, these two commands will use the earlier configuration file to download and install the necessary files:
$apt update $apt upgrade -y
We're using the ‐y
option in the upgrade command to ignore the prompts where it asks for input. In other words, we're just saying “yes” in advance.
What is the difference between the upgrade
and update
commands? That's a confusing beginner question, and I'm here to help you start using these two commands with confidence. In summary, the update
command only updates the package list with the latest versions, but it does not install or upgrade the package. On the other hand, the upgrade
command will upgrade and install the latest version of packages that were already installed (using the update
command).
Now, to use these commands together, you will have to use the &&
in between, which will eventually run the first command, and when it's done, it will run the second:
$apt update && apt upgrade -y
To fully upgrade from one release to another, execute the full‐upgrade
command along with the update
command.
$apt update && apt full-upgrade -y
Now, to list all the installed software packages on Kali Linux, you'll have to use the dpkg
command:
$dpkg -l
What about installing a new software (package) on Kali? There are two common ways that I use most of the time. The first one is the apt install
command, and the second one is dpkg
(I use the latter only when I download a file that ends with .deb
extension).
$apt install [package name] -y $dpkg -i [filename.deb]
In some software packages, they will require you to use the configure
/ make
installation way, if that's the case, then use the following commands (you must be inside the application directory):
$./configure && make && make install
If you want to remove an existing application from your Kali system, then you use the apt remove
command:
$apt remove [package name]
How do we find a package name? Let's say you want to install something that is not already installed on Kali. Then you can search the repository packages using the following command:
$apt-cache search keyword
Finally, if you want to install a package and you're not sure if the name exists in the repository, then you can use the apt‐cache show
command:
$apt-cache show [software name] root@kali:/# apt-cache show filezilla Package: filezilla Version: 3.49.1-1 Installed-Size: 6997 Maintainer: Adrien Cunin <[email protected]> Architecture: amd64 […]
Process Management
One of my favorite terminal window tools to list all the running processes on Kali is called htop
. By default, it's not installed on Kali, so to install it, we use the apt install
command:
root@kali:/# apt install htop -y Reading package lists… Done Building dependency tree Reading state information… Done
Once it's installed, you can run the htop
command:
$htop
As you can see in Figure 1.15, we're running Nmap in another terminal window, and it has a process ID (PID) equal to 1338.
Figure 1.15 HTOP
Another way to get the list of currently running processes is by using the ps
command:
$ps -Au -A: To select all the processes (if you want to list only the processes that belongs to the current user then use the -x option instead) -u: shows more info (e.g., CPU, MEM, etc) than the default output
To kill a process, you will need to identify its PID first; then you can use the kill
command to get the job done:
$kill [PID]
If the system doesn't allow you to kill it, then you must force it to close using the ‐9
switch:
$kill -9 [PID]
Networking in Kali Linux
In this section, you will get the chance to understand the basics of networking in Kali Linux. Later in the book we will come back to more advanced topics regarding networking, so make sure to understand and grasp the contents in this section.
Figure 1.16 Kali Networking Commands
Network Interface
You must be a pro