Kali Linux users

[Cryosec]

Sooooo I just wanted to start a topic about our beloved Kali Linux. Is anyone on this forum using kali? What for? Do you prefere Live usb or a complete install?

 

I started waaaay back when Backtrack 4 was the latest release. Never used it again (I was really young back then, but I can assure you I wasn't just playing around like any kid) until Kali Linux got released. Now I have a 32GB USB with Kali Sana encrypted with a nuke password, and I use it for pentesting both networks and OSs when asked (I wear the white hat, if you know what I mean). Also, I use it to program stuff in a Linux environment when needed.

 

What about you? Any pentesters out there?

[Theguywhobea]

I have a Kali VM setup as well as an older Dell laptop running only Kali and so far I've only been using it for class. I've taken a few cyber security and network defense type classes and that's all I've ever actually used it for. I'd love to get deeper into it but since I don't do that kind of stuff for work I don't have much time to put into it...

[manikyath]

so, not that i expect to see black hats here, because black hatting isnt something this forum approves of, but i just wanna mention this:

 

if you intend to use this stuff for anything else than white hat (pentesting, upon request of the "victim") you are nothing better than a script kiddie doing it for street cred and a big mouth if you're just using someone else's tools, please sod off.

---

that out the way, i dont know many other "white hat friendly" tools out there, but i feel like if you want to be sure of your security, you need to go beyond commonly available tools, because as before mentioned, the people that do it for the bad also have more than the commonly available tools as well. and honestly, the people doing it for the bad using the commonly available tools usually arent a very big threat either way.

 

testing with the commonly available is a good start, but if you're in touchy terrain (high security enviroments like banks) you have to go beyond, preferably as far as your skill allows, because thats what the black hats will do to get their profit.

 

EDIT: example: i bet no one on the original LTT forum dev team thought of the possibility of someone man-in-the-middle-ing the login page on LTT's own server, and fishing up the file after the fact.

but it happened, and theres not a single pentesting tool out there that can check if this is a possibility, unless written for the exact purpose of avoiding a specific case from happening.

[Cryosec]

30 minutes ago, manikyath said:

you are nothing better than a script kiddie doing it for street cred and a big mouth if you're just using someone else's tools, please sod off.

Never said I've only used preinstalled tools. Obviously I won't re-write something that is already there ready for use (if I need that particular tool), but if I need to go deeper or even write a 0-day exploit I'll do it. This is sort of a part-time job for me, I've been asked to attempt in any way to get access to a business server here in Italy and to do so the Kali preinstalled stuff wasn't enough (as you stated about high security environments) so I had to use my social engineering skills to access the first computer. From there on, Metasploit's database wasn't useful. I still used the msfconsole, but with my own exploits and trojans. 

 

Apart from this backstory, everything I learn and will learn will be useful for my future (I'm still 18 years old, fyi) and my full-time job.

 

(I know, what you said isn't referred only to me)

[manikyath]

Just now, Cryosec said:

(I know, what you said isn't referred only to me)

it actually isnt referred to you at all. for pentesting the "available tools" are actually a good start, because its what does the initial "anti-script-kiddie" testing, but with these tools being available, its hilareously stupid to use them "for the bad" because all they'll ever do for you is pure street cred with people that dont have any knowledge.

 

black hatting with available tools is kinda like this:

 

for a white hat it's important to make sure you dont "leave your facebook logged in" so to say, but its equally important to make sure you're, up for the tough folks as well.

[Cryosec]

2 minutes ago, manikyath said:

its equally important to make sure you're, up for the tough folks as well.

that's why I'm still learning

 

I had my script kiddie times while using backtrack 4 (I was 13), but I soon realised I had to learn how those tools worked to then be able to write my own. 

Mind if I ask about your experience as a pentester?

[manikyath]

Just now, Cryosec said:

that's why I'm still learning

 

I had my script kiddie times while using backtrack 4 (I was 13), but I soon realised I had to learn how those tools worked to then be able to write my own. 

Mind if I ask about your experience as a pentester?

not much, i dont have much good stuff to play with. i mostly deal with enviroments that face very low level threats, like a white van tapping off WEP wifi. you'd be amazed how much low level holes people have when they dont feel targetted.

 

lets just say i work with the kind of security you can break without even touching your keyboard

[Cryosec]

3 minutes ago, manikyath said:

you'd be amazed how much low level holes people have when they dont feel targetted

I've seen A LOT of these. From wifi passwords as dumb as "wifiabcd" to people still using WinXP without AV or firewall claiming that they were useless and that there were no threats to the pc.

 

I didn't even bother testing something on it when the conficker worm is so ready to use  I found clear-text files with all the passwords used by the owner! It makes me sad to know that people ignore safety like this (bank details included in the file).

[manikyath]

1 minute ago, Cryosec said:

I've seen A LOT of these. From wifi passwords as dumb as "wifiabcd" to people still using WinXP without AV or firewall claiming that they were useless and that there were no threats to the pc.

 

I didn't even bother testing something on it when the conficker worm is so ready to use  I found clear-text files with all the passwords used by the owner! It makes me sad to know that people ignore safety like this (bank details included in the file).

oh, i've found worse.

how about a wifi password that is the access point name? and my absolute favourite:

"we have a very expensive system that disallows our employees from accessing faceb... how did you do that?"

 

your system can have ALL the databases it wants, if it cant fish up anything https, you need to get back to the drawing board.

[Cryosec]

1 minute ago, manikyath said:

oh, i've found worse.

how about a wifi password that is the access point name? and my absolute favourite:

"we have a very expensive system that disallows our employees from accessing faceb... how did you do that?"

 

your system can have ALL the databases it wants, if it cant fish up anything https, you need to get back to the drawing board.

oh my god I'm laughing so hard

 

A couple of years ago, in high school, I've been asked to help the school IT specialist fix the network and server.

Problem number one: two main access points, both capable of around 300 clients each. there where more than 2000 trying to connect every hour, because someone told a student the wifi password (it was the name of the school, btw) and it spreaded everywhere.

Problem number two: I'm not the only one in school that knows how to intercept clear text data with MiTM attacks. The school server, which contained almost all the documents, past and future tests, underage students records, and other burocratic stuff, was using basic HTTP login. Scanning for ARP spoofs on the network I found out that some kid was intercepting all the logins on the server, creating his own "database" of teacher passwords. Yep, he got suspended.

[manikyath]

7 minutes ago, Cryosec said:

oh my god I'm laughing so hard

 

A couple of years ago, in high school, I've been asked to help the school IT specialist fix the network and server.

Problem number one: two main access points, both capable of around 300 clients each. there where more than 2000 trying to connect every hour, because someone told a student the wifi password (it was the name of the school, btw) and it spreaded everywhere.

Problem number two: I'm not the only one in school that knows how to intercept clear text data with MiTM attacks. The school server, which contained almost all the documents, past and future tests, underage students records, and other burocratic stuff, was using basic HTTP login. Scanning for ARP spoofs on the network I found out that some kid was intercepting all the logins on the server, creating his own "database" of teacher passwords. Yep, he got suspended.

the grey hat student inside me loved social engineering the wifi passwords out of school IT depts, its surprising how easy that usually is...

 

if you make it sound like you should have access, some even go as far as disabling MAC blacklists for you...

although, i did use it more careful.

[Cryosec]

1 minute ago, manikyath said:

social engineering

Social Engineering is my favourite. Not only in IT related stuff, but also in my everyday life

 

I must say I'm pretty good at it.

[manikyath]

Just now, Cryosec said:

Social Engineering is my favourite. Not only in IT related stuff, but also in my everyday life

 

I must say I'm pretty good at it.

it truly is an amazing skill in life. i may or may not pay *much* less for my train rides

[Cryosec]

1 hour ago, Name Taken said:

Running the official Docker container is sufficient the majority of time but occasionally when I want to run it in a VM, I download the VirtualBox image and the first thing I run is systemctl set-default multi-user.target to boot into the CLI instead. I also have it running on my Pi with R9 280Xs for hash cracking (e.g. 150K WPA/WPA2 per 280X per second verse ~2-3K using CPU).

I also tried to use kali on my raspberry pi, but only as a rogue AP or MiTM hackbox. How did you set it up to hashcrack with with GPUs? Do you stream the hashes to your desktop or just use the pi as packet sniffer?