After an extended break, alleged hacker Jonni Bidwell emerges from the shadows to teach you the noble art and keep you out of trouble.

CREDIT: Magictorch

It’s that time again when our perennial hacking feature, always a favourite, comes to light [that time was supposed to be two weeks ago – ed]. This isn’t all dark glasses and hoodies, though; we don’t enforce any kind of dress code. But we do have a comprehensive guide that will get you started with Kali Linux, the ultimate distro for security newbies and penetration-testing professionals alike. We’ll get you using coding with Python and using the RapidScan script to automate scans, so you can defend your network.

Hacking in its purest sense means using tools (hardware or software) to do things that they weren’t initially supposed to do. The term and culture (along with the word ‘foo’ that proliferates across programming textbooks) originated at a model railway club at MIT. You might want to relive some of that unofficial tweaking spirit by hacking (OK, recompiling) the kernel – the very engine of your Kali install.

Or, if you’d rather not be derailed by train metaphors, we’ll also cover keyloggers and have a go at port-scanning with Nmap and password-cracking with John the Ripper. And if that’s not enough, we’ll finish with a foray into the mighty Metasploit, showing you how it can be used to craft payloads for attacking Android mobile devices. All aboard!

Kali Linux hacking

Kali Linux is jam-packed with everything you need to start your hacking career. Or end it, if you don’t obey the law.

Kali Linux is a Debian-based distro that we can guarantee appears in pretty much any ‘how K to hack’ tutorial you might find. It’s possible to use it straight from live media; indeed, in the early days, this was the only way to run it. Kali Linux used to run everything as root. This made it a terrible choice for doing anything other than pen-testing work. But now you can install and use it just as you would any other distro, with an unprivileged user account. Certain tools require root to work, but we’re already getting ahead of ourselves. Let’s get on with the installation.

First, download an ISO from www.kali.org/get-kali. The default Installer image is 3.9GB and has everything you need to get started. There is also a cutting-edge weekly release, a NetInstaller or a full-blown airgapped install (at a chunky 11GB). If you have an old machine you want to transform into a hacking station, Kali still ships a 32-bit edition. You’ll also find live media via the links. And prerolled images for virtual machines, Windows Subsystem for Linux, Android devices, cloud installs, containers and even Raspberry Pi.

But never mind those, we’re going with a traditional install. You might want to do this in a virtual machine (VM), but there are caveats. Certain network hijinks require direct access to hardware (particularly Wi-Fi hacking) and brute force password-cracking (see boxout, below) can offload work to graphics cards. Neither of these is readily available in a VM, but the virtual approach obviates the risk of any dual-bootrelated mishaps. Kali Linux only supports installation to a complete disk, so if you want to resize partitions and install alongside existing OSes, you’re on your own.

Once you’ve got the ISO, write it to a USB stick using the cross-platform Balena Etcher (https://etcher.io), or your distro’s image-writing tool. Or use a DVD if you like legacy media. There’s a number of configurations in which Kali can be installed, from a 4GB barebones Xfce install (without any hacking tools), up to over 30GB if you want absolutely everything. See the Installation Sizes page for details. We’re going with the default install with the Xfce desktop, which requires 14GB.

Boot the USB stick by changing the boot order in the BIOS/UEFI or use its boot menu hotkey (commonly F12 or F10). Kali Linux images are not signed for Secure Boot, so disable that if you see a boot verification error. Choose the graphical installer (unless you have a reason not to) and follow the localisation, network and user setup prompts. See the official installation notes at www.kali.org/docs/installation/hard-disk-install if you get stuck. We’ll use the default Guided – Use Entire Disk option, but if you’re feeling adventurous, you may want to use LVM (possibly even with an encrypted volume). Even if you’re not feeling adventurous, doublecheck that you select the correct drive here. It and all that resides there will shortly be obliterated. Leave the software selection screen as is if you’re happy with the default install, and hit Continue. Finally, check the bootloader settings are correct. If you have GRUB installed on another disk, this should be detected and the installer can update it, otherwise install it on the same disk as Kali. Now we’re ready to reboot into Kali.