Hacker’s toolkit

CREDIT: Magictorch

It’s that time again when our perennial hacking feature, always a favourite, comes to light [that time was supposed to be two weeks ago – ed]. This isn’t all dark glasses and hoodies, though; we don’t enforce any kind of dress code. But we do have a comprehensive guide that will get you started with Kali Linux, the ultimate distro for security newbies and penetration-testing professionals alike. We’ll get you using coding with Python and using the RapidScan script to automate scans, so you can defend your network.

Hacking in its purest sense means using tools (hardware or software) to do things that they weren’t initially supposed to do. The term and culture (along with the word ‘foo’ that proliferates across programming textbooks) originated at a model railway club at MIT. You might want to relive some of that unofficial tweaking spirit by hacking (OK, recompiling) the kernel – the very engine of your Kali install.

Or, if you’d rather not be derailed by train metaphors, we’ll also cover keyloggers and have a go at port-scanning with Nmap and password-cracking with John the Ripper. And if that’s not enough, we’ll finish with a foray into the mighty Metasploit, showing you how it can be used to craft payloads for attacking Android mobile devices. All aboard!

Kali Linux hacking

Kali Linux is jam-packed with everything you need to start your hacking career. Or end it, if you don’t obey the law.

Kali Linux is a Debian-based distro that we can guarantee appears in pretty much any ‘how K to hack’ tutorial you might find. It’s possible to use it straight from live media; indeed, in the early days, this was the only way to run it. Kali Linux used to run everything as root. This made it a terrible choice for doing anything other than pen-testing work. But now you can install and use it just as you would any other distro, with an unprivileged user account. Certain tools require root to work, but we’re already getting ahead of ourselves. Let’s get on with the installation.

First, download an ISO from www.kali.org/get-kali. The default Installer image is 3.9GB and has everything you need to get started. There is also a cutting-edge weekly release, a NetInstaller or a full-blown airgapped install (at a chunky 11GB). If you have an old machine you want to transform into a hacking station, Kali still ships a 32-bit edition. You’ll also find live media via the links. And prerolled images for virtual machines, Windows Subsystem for Linux, Android devices, cloud installs, containers and even Raspberry Pi.

But never mind those, we’re going with a traditional install. You might want to do this in a virtual machine (VM), but there are caveats. Certain network hijinks require direct access to hardware (particularly Wi-Fi hacking) and brute force password-cracking (see boxout, below) can offload work to graphics cards. Neither of these is readily available in a VM, but the virtual approach obviates the risk of any dual-bootrelated mishaps. Kali Linux only supports installation to a complete disk, so if you want to resize partitions and install alongside existing OSes, you’re on your own.

Once you’ve got the ISO, write it to a USB stick using the cross-platform Balena Etcher (https://etcher.io), or your distro’s image-writing tool. Or use a DVD if you like legacy media. There’s a number of configurations in which Kali can be installed, from a 4GB barebones Xfce install (without any hacking tools), up to over 30GB if you want absolutely everything. See the Installation Sizes page for details. We’re going with the default install with the Xfce desktop, which requires 14GB.

Boot the USB stick by changing the boot order in the BIOS/UEFI or use its boot menu hotkey (commonly F12 or F10). Kali Linux images are not signed for Secure Boot, so disable that if you see a boot verification error. Choose the graphical installer (unless you have a reason not to) and follow the localisation, network and user setup prompts. See the official installation notes at www.kali.org/docs/installation/hard-disk-install if you get stuck. We’ll use the default Guided – Use Entire Disk option, but if you’re feeling adventurous, you may want to use LVM (possibly even with an encrypted volume). Even if you’re not feeling adventurous, doublecheck that you select the correct drive here. It and all that resides there will shortly be obliterated. Leave the software selection screen as is if you’re happy with the default install, and hit Continue. Finally, check the bootloader settings are correct. If you have GRUB installed on another disk, this should be detected and the installer can update it, otherwise install it on the same disk as Kali. Now we’re ready to reboot into Kali.

Kali Linux has an unrivalled selection of security-related tools and a rather fetching default desktop background.

INSTALLING NVIDIA DRIVERS AND CUDA

We mentioned that password (or hash) cracking can leverage GPU power for (vastly) increased performance. Setting this up with AMD cards and OpenCL is pretty straightforward, but for Nvidia users, there are some hoops that must be jumped through. CUDA, Nvidia’s compute stack, is proprietary and is not supported by the open source Nouveau driver, so we need to replace this with Nvidia’s driver. To install CUDA, run: $ sudo apt update $ sudo apt install -y nvidia-driver nvidiacuda-toolkit

Now reboot and then run nvidia-smi to check that your card has been detected and lit up correctly. You may run into some DPI issue on reboot, in which case check the guidance at www.kali.org/docs/general-use/installnvidia-drivers-on-kalilinux. Install clinfo to check CUDA, or indeed OpenCL, is functioning. If so, John the Ripper and Hashcat should now operate with ferocity.

Python scanning

Kali’s smorgasbord of tooling can be overwhelming at first, but we can leverage Python to simplify things.

Having installed Kali, let’s get straight to business and do some hacking with Python. Never mind if this is entirely new to you, or if you’re already a seasoned coder. We’re going to use GitHub user scavngr’s RapidScan tool (https://github.com/skavngr/rapidscan) to do some introductory ethical hacking. RapidScan is a good place to start because it automates scanning with hundreds (OK, high tens) of the tools included in Kali Linux. In the repo description’s own words, this makes “binge tool scanning” much easier.

Before we go any further, we’ll stress what should be obvious: don’t be a script kiddie. Don’t go running this, or any other tools from Kali, to seek out vulnerabilities on machines that aren’t your own, or that you don’t have explicit permission to penetrationtest. This might get you in a lot of trouble. Especially if you target Linuxformat.com. You’re not going to find something exploitable on Microsoft, Google and so on domains. And while we show you how to use hacking tools, we omit to show you what is just as important for black and grey-hat hackers: how to cover your tracks.

That responsible disclaimer out of the way, let’s get RapidScan installed. Boot up Kali and log in (username and password are both kali ). Then open a terminal window using the shortcut on the top bar. You should update Kali first using the first two commands from the Nvidia box on the previous page, otherwise you’ll have problems later. Now let’s install the thing with: $ git clone https://github.com/skavngr/rapidscan.git

Instead of jumping in and scanning remote hosts, start locally. Use RapidScan to scan the host machine:

$ cd ~/rapidscan