Reply for the inital posts
user504
NewMicrosoftWordDocument.docxDiscussion 1
Kali 2 Linux is a Debian based distribution, specially designed to carry out penetration testing. There are around 600 penetration testing programs installed with the operating system. It has been considered as the best operating system that can be used for testing security. As a platform for security testing, I have installed Kali as a VM on Oracle Virtual box. I have installed Oracle Virtual Machine and enabled virtualization from Bios settings (Simic, 2019).
I have downloaded the Kali Linux ISO image from the official Kali Linux downloads section. After successfully downloading the ISO file, I have created a virtual machine and imported Kali as its OS by following the instructions in the video. In the subsequent steps, I have named the OS, allocated memory size as default, hard disk as 20 GB, and gave the shared folder details along with CPU settings under the system menu. After starting the machine, I followed graphical installation options to install Kali 2 and successfully launched Kali 2 OS from Oracle Virtualization software.
I have explored the Kali 2 command line environment by writing a few commands such as ls -ltr to list files in reverse chronological order, Whoami, df -h, etc. However, the primary exploration started with Nmap, sniffing and spoofing, and password attacks. The following are my observations. Nmap is the best tool for network administrators, which is not only a perfect footprinting tool but also a low-cost tool for network analysis. It can be used to see whether ports of a server operating as per the configuration or not. I have started a web server delivered with the Kali OS and ran Nmap command. This command displayed the version of the webserver that Kali is running. Zenmap is a graphical version of Nmap. I also explored Unicorn-scan, a tool that is used for port scanning. I have used a few commands to explore by using this tool (Halton & Weaver, 2016).
I have started Metasploit by starting its services. It took much time to create a database, once related services were started, I have begun the console and wrote help command and tried different commands that have been displayed. Here you can create a work environment to carry out your testing activities. Tcpdump is a simple sniffing tool found on Linux or Unix command-line systems. I have run tcpdump -v -I vmnet1 that captured packets and displayed on-screen (Halton & Weaver, 2016).
I have gone through password attacks and found Jonny and explored a few things using Jonny. Jonny is a GUI based on command line John. For password cracking tasks, GUI is the best way to use it. You can supply hashed value through a text file and open it through the open password file button and start the attack. When the cracking process is done, you can get the information on the options button (Halton & Weaver, 2016).
References
https://www.youtube.com/watch?v=AAsaZarnKxY
Halton, W., & Weaver, B. (2016). Kali Linux 2: Windows Penetration Testing. Packt Publishing.
Simic, S.S.(2019, December 2). How to Install Kali Linux on VirtualBox [Web log post]. Retrieved from https://phoenixnap.com/kb/how-to-install-kali-linux-on-virtualbox
Hello Everyone,
Discussion 2
Under the debian based linux distribution family, Kali linux fall which was introduced for penetrating testing and primarily leveraged for security enhancements. There are many tools embedded in kali linux which can perform an auditing on networks, can be used as operating system and can also run as DVD. One of the major advantages of Kali linux is, ability to run multiple OS in parallel and prevents rebooting every time. As we are new to this environment and operating system, initially I had a tough time figuring out what each step mean. But the tutorials were very clear and clean so that I was able to download and install Kali linux without any issues (Johansen, Allen & Heriyanto, 2016).
I was able to set virtual memory parameters like memory, size, hard disk size and storage capacity which was set to 20GB.I was able to get the top of few basic commands that are used in kali linux terminal. Some of the commands I explored were ‘ls’ which gets the list of files in the specific directory, ‘cat’ which is used to create a text file in the directory, ‘grep’ which is used to retrieve the data based on the search criteria. Creating a directories (mkdir), assigning permissions to the directory or file (chmod), copy, move and remove the files from the directory. I played around with basic commands and seem to be interesting (Johansen, Allen & Heriyanto, 2016).
As per my observation, there are many security tools in kali linux, where nmap, sql map, wireshark are the most frequent ones used across the system. Leveraging sql map, we can perform penetrating testing that automates the methodology to identify the SQL injection threats which infects the data base servers. This also supports many of the data bases My SQL, IBM DB2, Oracle, Sybase, PostgreSQL and H2 databases. I also explored some of the features of nmap, I observed it is one of the network mapping tools to collect the information which gets the overview of host name, IP address, detecting operating system and potential details of the network system (Johansen, Allen & Heriyanto, 2016).
One of the interesting things I observed is programming, ability to develop software applications. Compatible applications can be installed on linux distribution for development which is used in android and linux operating system. There are also many graphical user interface platforms that pave a way for many web applications. Based on the guidance form the video I tried sql map for a website which can detect and exploits the flaws and take it over to the data base related server which is amazing. I tried to see few options in sql map help and there are multiple options to connect to the target or destination URL using data string, cookies, HTTP agents and proxy. One of the additional features I observed was it can customize the detection phase in terms of risk and level (Johansen, Allen & Heriyanto, 2016).
References:
https://www.youtube.com/watch?v=AAsaZarnKxY
