Kali Linux

I first installed Kali Linux in Oracle Virtualbox in June 2023 where I just jumped in and explored the operating system and all the different tools it had to offer. Not knowing what any of them were, I naturally did some research and discovered a tool called "Nmap". When I found out what the tool could do, I decided to try and scan my own network and see what an attacker would see. With Nmap, I can conduct network scans and discover open ports on all my devices, as well as scan for vulnerabilities. So far, I have not found any on my machines. By experimenting with Kali, I'm learning more about networking and how the internet works on a deeper level, as well as the OSI model. With a tool called "Wireshark", I can visually see all the packets being sent through my network and dive deep into the nitty gritty details, which I'm still learning about currently.  

Update 6/10/24

In the pursuit of learning more about penetration testing, I wanted an easier way to access Kali and more on a bare metal type of installation. I decided to take one of my flash drives and put a "Live" version on Kali on it, so I could just boot from the drive on my laptop and have Kali running in a non-virtualized environment. Along with persistent storage, I'm able to save wireshark capture files from various packet captures and enables the ability to crack WPA handshakes from my own personal networks I'm testing. With this installation of Kali and the ability to boot from "bare metal", I obtained a new Alfa Networks wireless adapter with the ability to enter monitor mode so it can detect networks my built in adapter couldn't normally detect, as well as inject packets and capture handshakes that occur. With the "Ultimate Kali Linux Book" by Glen D. Singh, I'm able to follow along with various examples of wireless attacks mentioned and hone in my ethical hacking abilities.       I had set up my own personal network with my phone's hotspot, utilizing tools such as airmon-ng and hashcat to obtain a handshake capture file and then crack the hash from said file. Every command I was using, such as airmon-ng, airodump-ng, aircrack-ng, etc. were all new to me; adding to my command library, so to speak. After executing airodump-ng wlan0, it brought up every network in the local area. Being very careful to only choose my network and not anyone else's (for obvious reasons), I chose the mac address of my network, isolated it, and saved it to a capture file with the command: airodump-ng -c (channel) -d (mac address of my network) wlan0 -w capture_file. With the network isolated, I was able to see every device connected to it. The command showed every piece of useful information for an attack against the network, such as the channel, power, encryption, authentication, essid, beacons, and data rate. I then executed another command in a separate terminal window which would deauthenticate every device (which was only 1 device) and then capture the 4 way handshake in order to crack the hash with hashcat: aireplay-ng -0 100 -a (mac address of my network) wlan0.   After capturing the handshake, I then executed this command: aircrack-ng capture.cap -w /usr/share/wordlists/rockyou.txt . This command essentially takes the hash crom the .cap file containing the handshake and compares it to a wordlist (rockyou.txt) and if it finds a match, then the password is cracked. The simplicity of obtaining the password just proves how important password security is. Now, the password I use for my network was not in the wordlist, but there are ways to generate wordlists based on various variables you can input into a certain program, such as cupp or crunch. The wordlists generated can be quite large, terabytes or even petabytes. So, it's important to have some sort of idea of the length of the password and the characters used when using a generated wordlist such as this. I'm still learning about wireless network security and vulnerabilities, so I'll keep this post updated as I go along with my pen-testing lab.