Noobs use kali in the process of learning penetration testing, so what is kali? What does it do? Let’s take you to understand!
First, let’s find out what is kali?
In fact, kali is a Linux system that is specifically designed to infiltrate, evolved from the back track system, and later combined with lwhax, whoppix and auditor before changing its name to kali.
Kali is loaded with a lot of infiltration software, such as nmap, wireshark, John the ripper, and users can run kali on a live cd on a hard drive. Kali also has both 64-bit and 32-bit mirrors that can be used with the x86 instruction set.
So, the question is, what can Kali be used for?
1. Information forensics, disk recovery, memory analysis, PDF audit, registry audit;
2. Penetration test to evaluate network system security, white hat hacking tools;
3. Attack WPA/WPA2 protected wireless networks, obtain WiFi passwords, network sniffing;
4. Crack passwords, crack hashed passwords offline, crack website login passwords online;
5. Reverse engineering, decompiling programs written in Android, Java, and C++ into code.
6. Social work engineering, using people’s weaknesses and instinctive reactions, curiosity, trust, greed and other weaknesses to carry out harmful means such as deception and injury, and acquisition methods.
What are the advantages?
Kali Linux is designed to meet the requirements of professional penetration testing and security audits. It contains more than 600 tools and software for all kinds of information security and penetration testing studies. The tools included include the following:
Metasploit (Security Vulnerability Detection Tool)
NMAP (Network Scan and Sniffing Toolkit)
Ophcrack (a tool that uses rainbow tables to crack Windows passwords)
Wireshark (network packet analysis software)
BeEF (Browser Penetration Testing Tool)
1. What is penetration testing?
Penetration testing is to simulate the attack methods of real hackers to conduct a comprehensive security assessment of the target website or host, unlike hacker attacks, the purpose of penetration testing is to find as many security vulnerabilities as possible, and real hackers can enter the target system as long as they find an intrusion point.
A good penetration testing engineer can also be considered a great hacker, or you can be called a white hat.
It is important to note that before conducting a penetration test, you need to obtain the authorization of the target customer, if you are not authorized, do not conduct a penetration test on the target system, please check the Cybersecurity Law for the consequences. At the same time, we must have good professional ethics and not do some illegal things.
2. Why learn penetration testing
The benefits of learning penetration testing are none other than the following:
• Psychological satisfaction. It’s cool, like watching hacker movies as a kid and becoming them yourself.
• Have a substantial income. You can go to the major recruitment websites to see the salary of this position. You can also work part-time and participate in vulnerability crowdtesting in your spare time, which can get a relatively good income.
• Not so volumed. In the era of software development and financial industry, the competition in the cybersecurity industry can be said to be quite small, because there are too few talents in this area.
3. Learn the pre-emptive skills of penetration testing
The most important thing in learning penetration testing is to have an interesting heart, a curious heart, a heart that is thirsty for knowledge, and enough perseverance, so that we can continue to learn on this path.
Of course, learning penetration testing is still a bit of a threshold, if you are a computer major, you can easily get started and get started in a month or two. If it is another major, or a computer novice, then it is still more difficult, but don’t worry, there are many big bulls around me who are zero-based, so interest is still the most important.
Basic pre-knowledge required for penetration testing:
• Basic knowledge of the HTTP protocol. HTTP protocol belongs to the knowledge of computer network, because penetration testing is basically to modify the request data of the website to find vulnerabilities, so it is necessary to understand the format of HTTP protocol requests.
• CMD/shell operation. The cmd operation mentioned here refers to the use of the cmd command line window of the Windows system to execute some common commands, press the win + R key, enter cmd enter, you can open the cmd window. Another thing is to use Linux to execute some common shell commands.
• Linux operating system use. Since many penetration testing tools can only run in the Linux operating system, we need to use the Linux system, you can install the Ubuntu linux virtual machine through the VMWare virtual machine software to practice, or you can install Kali Linux directly to practice.
The previous is some basic knowledge, the following is some optional knowledge, without which you can also do penetration testing, but the limitations will be greater.
• Python programming language. As a script kid, knowing the Python language can help us develop some tools to reduce the usual workload, use Python to do some repetitive work, such as automatic information collection, and most importantly, you can write some exploit tools.
Java/PHP programming language. Penetration testing is mostly operated on websites, most of which are developed using Java or PHP language, and some are secondary development using some open source systems, and we can conduct code audits on these open source systems to find vulnerabilities directly from the code.
4. How to learn penetration testing
The first step is to determine the direction you want to learn
Before learning penetration testing, you can first understand what directions penetration testing has, because the scope of penetration testing is still relatively wide, according to the direction, can be roughly divided into Web penetration, APP penetration, intranet penetration, Internet of Things penetration, industrial control penetration.
In order of difficulty, I think the difficulty order is Web penetration < intranet penetration < APP penetration < Internet of Things penetration = industrial control penetration. Ideally, of course, everything will be best, but everything needs to be done step by step, you can start with the simplest web infiltration, and when the web infiltration is mastered, then expand to other directions.
Why this order, tell me my reasons:
Web penetration is mainly to find the vulnerability of the website, only need to understand some basic computer network knowledge, that is, HTTP protocol knowledge, and then the use of some tools on it, the rest is to understand some common Web vulnerability testing methods.
Intranet infiltration refers to penetration testing of the internal network of the target company after we obtain the permissions of the web server through web infiltration or obtain the permissions of the target intranet host by using phishing emails.
Among them, it is necessary to master more computer network knowledge, such as subnet division, network topology diagram, and various network protocols. Also learn about Windows domains, privilege escalation techniques, lateral movement techniques, privilege maintenance techniques, and no-kill technologies. The content to learn is not too difficult, so as long as you take the time, you can master it. Since there are more knowledge points than web penetration, it is more difficult than web penetration.
APP penetration can be understood as an extension of Web infiltration, mainly for Android APP and iOS APP penetration testing, APP also needs to interact with the server background data, this part of the test is the same as Web infiltration.
In addition, it is also necessary to test the vulnerability of the APP itself, which requires the ability of reverse analysis, and reverse analysis is actually a general direction of security, requiring us to master some shelling technology, dynamic debugging technology, decompilation tool use, Java programming language, C/C++ programming language, assembly language, Swift programming language, Object-C programming language. When it comes to programming languages, we don’t need to be as proficient as software developers, but we need to at least be able to read code. Because app penetration requires reverse analysis capabilities and learns more about the underlying knowledge of the computer, app penetration is more difficult.
Internet of things penetration, industrial control penetration is actually similar, the difference is actually that Internet of things equipment needs to be networked, industrial control equipment is generally in an isolated network, the same point is that they need to contact physical equipment.
Different from the above penetration, only need to have a network to start, if there is no Internet of Things and industrial control equipment, can not start at all, or can only do part of the test, in the ability to access the equipment here, stopped many people.
This aspect of learning requires spending money on hardware, or companies investing in hardware. In terms of skills, in addition to being able to reverse analysis, it is also necessary to understand various hardware knowledge, electrical knowledge, industrial protocols, and IoT protocols, so the difficulty is the highest.
The second step is to understand the framework and knowledge points of the direction of study.
It is more important to understand the framework and knowledge points of the direction of study, so as not to blindly learn unimportant knowledge points.
To get started with penetration testing, start with the simplest web infiltration, and I think the entry-level web penetration knowledge point framework can be divided into three parts.
1. Information collection process.
For example, subdomain name collection, ICP filing query, GitHub sensitive information lookup, etc., the more ways you know, the more information you collect.
2. The use of common tools for penetration testing.
For entry-level penetration testing, nmap, Burpsuite, Kali Linux, and sqlmap are basically sufficient.
3. Common vulnerability testing for web penetration.
For entry-level penetration testing, you can first grasp the OWASP Top 10 vulnerabilities, such as the most common SQL injection vulnerabilities, XSS vulnerabilities, file upload vulnerabilities, unauthorized vulnerabilities, weak passwords, etc.
After confirming the three major knowledge frameworks, we need to find these three aspects of knowledge points through search engines, search engines here I only recommend using Google (how to use Google to find their own information), Baidu too many ads, search out of things is far less valuable than Google.
Once you have a general understanding of the framework and knowledge points of penetration testing, the next step is how to learn these knowledge points.
The first is self-study, which is suitable for introductory penetration testing when you want to spend little or no money, which is more suitable for college students or people who have more free time.
Self-study requires the use of Google to search for various knowledge points. Now there are also some penetration testing guides on the whole network, which you can follow.
Such as penetration test implementation standards, it will introduce some theoretical knowledge of penetration testing, side theory is a little more, not recommended for beginners.