Ethical Hacking: Understanding the Basics Cybercrime continues to grow at an astounding and devastating rate; more than 93% of organizations in the healthcare field alone experienced a data breach in the past few years (Sobers, 2021). While most people with any degree of tech acumen are familiar with criminal hackers, fewer are familiar with the…
The post Ethical Hacking: Understanding the Basics appeared first on Cybersecurity Exchange.
In our previous short article we learned about the File system of Linux. In this article we are going to learn about how we can deal with files directly from our terminal window.
But did we must have to learn this? Because Kali Linux and other most popular Linux distributions comes with good graphical user interface (GUI), so why we need to learn how to something with a file from command line where we can do it just like we do on Windows system?
Well in our opinion when we are reading this on this website then we have interest on cybersecurity field. When we are dealing with an remote system (read compromising a system) we have to do it on terminal. We need to break the privileges and get into it. There are lots of things with file we need to do here (from modifying system file data to uploading shells). So we need to have at-least a basic idea to dealing with files from terminal.
First we will learn how we can create a file on Linux terminal. We will going to use touch command. We just need to run touch filename command to create a file. As shown in the following screenshot:
We can copy files/directory from a directory to another one by using terminal window. To do that we need to use cp command. Suppose we have a file on our /home/kali/desktop directory. We need to copy this file to /home/kali/new_folder directory. We use following command for that:
As we can see in the following screenshot:
In the following screenshot we can see that our file is copied to our destination directory. We did this for a file only we can do the same for a folder/directory.
We can move a file from a directory to another directory to other directory by using mv command. This is very similar like cp command. mv full/path/of/file destination/path as we can see in the following screenshot:
 |
| Our file is moved from source directory |
Basically we move a file/directory on the same directory and change the name. That is what renaming do. The mv command to change the name of a file without moving it to another directory.
 |
| We can see that we renamed the file |
We also can delete a file directly from terminal by simply using rm command. We just need to rm filename command to delete any file. To delete a file forcefully we need to use -f flag -r flag used to remove contents recursively.
 |
| Deleting files using Terminal |
Let we have take look at file editing in terminal. As we told that this is too much important to have Linux skill, especially during the pen-testing if we need access to a Linux or UNIX based OS or server.
There are some cool text editors like gedit, leafpad and mousepad, they may looks far better than command line text editors for their graphical user interface, but we will focus on terminal based text editors. Everyone might have their own favorite text editors, but here we are going to cover two most common options, Nano and Vi.
Nano is the most user friendly and simplest text editors. To open a file and start editing we simply run nano <file name>.
After the file opened we can start editing the text as we can do on any graphical user interface using keyboard. As we can see in the following screenshot:
 |
| Editing text using nano text editor on terminal |
If we see in the bottom of following screenshot, we can see the command menu there. We need to memorize some widely used keyboard shortcuts like:
To know more about nano, we need to see it’s official documentation.
vi is very powerful text editor with it’s lightning speed, especially when it comes to automated repetitive tasks. However, it has a relatively sleep learning curve and is nowhere near as simple to use as Nano. It is so much complex so we cover the basis only. Similar to nano, to edit a we need to run vi filename command.
After the file is opened, we need to enable the insert-text mode to begin typing. To do this, we need to press I key and start typing and editing file.
To disable insert-text mode and go back to command mode, we need to press Esc key. In command mode we can use following command to use it.
Frankly speaking, vi is very absurd to use, many users avoid it. However as a penetration tester’s point of view learning vi is very good so, have some time to exploring it. vi is installed on every POSIX-complaint system. vi lovers considered as ultra-pro Linux user in the community.
vi is extremely powerful, Want to explore vi ? The following sources have very good manual to learn vi.
Comparing files may seems irrelevant for normal users, but system admins, network engineers, penetration testes and other IT related professionals rely on this skill widely.
In this section, we’ll take a look at a couple of tool that can easily help us during file comparing.
The comm utility compares between two text files then displays the lines that are unique to each one, also shows the lines they have in common. comm outputs three space-offset columns. The first column will be the output unique lines of the first file. The second column will contain unique lines of the second file, and the third column contains lines that are shared by both files.
For an example here we have two files “file1” and “file2“, these files contains some words, as we can see in the following screenshot:
Now we are going to compare these two files using comm command. So we are going use following command:
The output of the above command shown in the following screenshot:
In the above screenshot, we can see that it compares both files.
The vimdiff command opens with multiple files, on in each window. It also shows the differences between files by highlighting them. Which makes easier to find the differences between files. So we run the command as following:
We can see the output in the following screenshot:
 |
| We can notice the differences easily for highlighted area. |
We can use some shortcuts which will be helpful for us, those are following:
Now we are going to take a look on downloading files using terminal. For downloading files we are going to use wget and curl.
The wget command, which we will use extensively, downloads files using the HTTP/HTTPS and FTP protocols. We can use wget url/of/file to download a file.
In the above screenshot we had download a file using wget and -o flag to make a copy of the downloaded file our chosen name.
curl is a tool for transferring data to a server or from a server using host protocols including IMAP/S, POP3, SCP, SFTP, SMB/S, SMTP/S, TELNET, TFTP and others. A penetration tester can use curl to upload things (read payload) on server, or download things from server, and build complex requests. Basic use of curl is very similar to wget.
axel is a download accelerator that transfers a file from a FTP or HTTP server through multiple connections. axel has a vast array of features, but the most common feature is almost similar to wget and curl. We also can use -n flag, which is used to specify the number of multiple connections to use.
This is how we can manage files directly from Linux terminal. In this article, we learnt how we can copy, move, rename, delete, edit, compare and download files on Linux or UNIX like system. We don’t need GUI for this. Learning these things are very important for cybersecurity students.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
In our this article we are going to cover the basic uses of Terminal window on Kali Linux. Hence Kali Linux comes with GUI, but terminal is the most powerful thing on Linux systems. There are lots of terminal tools we need to use during security testing, so we need to learn at least the basics of terminal.
As a Penetration tester we use a lot of commands on our daily basis. In our previous articles we have used a lot of commands. But here we will learn basic uses of terminal and some basic commands that will help a lot on our penetration tester journey.
First of all we need top open our terminal window from our Kali Linux desktop. We also can use CTRL+ALT+T key combination to open the terminal window directly from our keyboard. Kali Linux default terminal window looks like following screenshot:
 |
| Kali Linux default terminal |
Let’s learn some basics of terminal. We can work on text based things using terminal window. We can write commands, then press Enter ⤶ key to run/execute the command. Sometime things are messed up then we need to clear the terminal using clear command or CTRL+L to clear the terminal. To open a new terminal window from our current terminal session CTRL+SHIFT+T.
To complete the command or the filename on terminal we can press the TAB key. If there are some files starting with same name then whenever we press TAB key it will display all the options in place. We should open our terminal window and practice these things while reading this article.
For an example we have two files with same name at starting test.sh and test.txt on our home directory. When we press the TAB key then we can see that we got the both options, as we can see in the following screenshot:
If we run a command and then we need to stop it’s execution we need to press CTRL+C key combination. To close the terminal window we can press CTRL+D key combo or use exit command.
We can also shut down and restart our system using terminal window. To shut down our system we need to use poweroff and for restart we need to use reboot command with root privilege.
To check our recently used commands on terminal we can use history command, and to use any command used before (reverse command search) we can use CRTL+R and then type the part of the command then terminal will suggest the command. As we can see in the following screenshot:
 |
| CTRL+R, then we just type his and it suggest history |
Not only in Kali Linux, Linux in general we need to understand there are lots of redirections in terminal window. For an example we have to write our file list (ls) output on a text (txt) file e need to run following command:
We can see the output in the following command:
Using the above command we save the output of ls command on a text file and provide the text file a name (ls-list.txt), and we redirected the output by using a > (grater than) character.
We also do the opposite by redirecting (printing using cat) the text file contents into the terminal window by using the < (less than) character.
There is another redirection we need to know is the command pipe. In short, we can combine the output of each command and use it on next command using | character.
For an example we need to read a file then short the results and finally use grep command to filter out some text strings. Here we are going to extract files starting with ‘test.‘. So we need to use following commands combining with |
We can see in the output in the following screenshot:
Now, let’s drive into Kali Linux usage and explore some basic Kali Linux (Linux, in general) commands.
Most of the executable programs on the Linux command line contains a formal piece of documentation is called manual pages or man pages. A special program called man is used to view these pages. Man pages generally have a name, a synopsis, a description of the command’s purpose, and the corresponding options, parameters, or switches. Let’s look at the man page for the ls (list) command:
This will show us the manual of ls command, as we can see in the following screenshot:
 |
| Exploring the manuals for the ls command using man |
We can see in the top of the above screenshot that ls is ‘User Command’. Man pages are organized by dividing into various sections as following:
To know more about a command we can search a keyword. For example, we need to learn about the file format of /etc/passwd file. We can apply following command to learn more about this:
The above command will show information about passwd command as we can see in the following screenshot:
Also we can use -k flag with man to do a keyword search.
We can see the output on the following screenshot:
We also can filter out the search by using regular expression.
In the above command, the regular expression is enclosed by a caret (^) and dollar sign ($), to match the entire line and avoid sub-string matches. The output shows in the following screenshot:
We can now look at the exact passwd manual page (5) we are interested in by referencing the appropriate section:
Man pages are usually the quickest way to learn more about a Linux command. So we need to take some time and explore the man pages.
By using apropos command we can see a list of all topics in the man pages. Although this is a bit raw, it’s often helpful for finding a specific command based on the description. For an example , we want to partition a hard drive but can’t remember the name of the command. We can figure this out with an apropos search for “partition”.
We can see the commands list with description in the following screenshot:
Check that apropos have similar output like man -k, in fact both are the same.
The ls command prints a basic file listing on the directory to the terminal window. We can modify the output results with various flags. Like -a flag is used to display all files (including hidden files) and the -1 option displays each file on a single line, which is very useful for automatic scripts.
Linux does not use Windows-style drive letters (C:). Here, all files, folders, and devices are baby of the root directory, represented by the / character (see our Kali Linux file system article). In our terminal can use the cd command followed by a path to change to the specified directory. The pwd command will print our current directory (which is helpful if we get lost inside files) and running cd will return to the home directory (/home/username). To understand this we need to check the following screenshot and practice it by our own.
To return back from a directory to it’s parent/previous directory we can use cd .. command.
We can use mkdir command followed by the name of our new directory to create a new directory. Directory names can be contains space in middle, but when we are using command line interface it will be easier to work with directory names using underscores or hyphens instead.
To create a new file we can use touch command followed by the name of our new file. Example of mkdir and touch command is shown in the following screenshot:
We also can create multiple directories at a same time using -p flag. -p is capable to create directories inside parent directory. Suppose we need to add 2 directories inside our newly created (above example) directory (which is /home/kali/new_folder/baby-new-folder). We can do it from our home by using -p as shown in the following command:
We can see the output in following screenshot:
There are three most common Linux commands for searching files on terminal, those are which, locate and find. Utilities of these commands are similar but work and output of these utilities are different.
which command searches between the directories that are defined in the $PATH environment variable for a given file name. This variable contains a listing of all the directories that Kali Linux searches when a command is applied without its path. If a match is found, which returns the full path of the file as shown below:
The locate command is the quickest way to find the locations of files and directories in Kali Linux. To do the search on a much shorter search time, locate searches a built-in database named locate.db rather than checking the entire hard disk. This database is automatically updated on a regular basis by the cron scheduler. To manually update the locate.db database, we can use the sudo updatedb command.
The find command is the most complex and flexible tool in these three. Understanding it’s syntax sometimes very hard, but it is very powerful than a normal search. In the following screenshot we did the most basic search using find command, where we start our search from root directory (/) and look for the filename starts with sbd.
Where which and locate command searches files by using their names, find can search files by it’s name, type, size, time, permissions etc. find is an complex yet very powerful search tool. We can know more about it here.
In our this part we just covered the basics terminal uses and some basic Linux commands. We will about more commands on our upcoming parts. Hope this article was enjoyable and informative.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
Digital transformation speeds up rapidly, and with higher connectivity, thanks to the fastest WiFi and amazing 5G and improvements in ML and AI. The Internet of Things looks set to deepen its roots in our industries and lives. With more than 30 billion connected devices, the IoT has primarily changed the model of interaction between intelligent solutions, real-life objects like home appliances, and electronic gadgets, assisting us to improve our daily life. As technology is in its golden age, more and more companies will see IoT as a beneficial tool; this will result in mass adoption.
‘Market Snapshot- The Internet of Things’
• The Internet of Things tests market scenario was valued at $ 1107.2 billion in 2020 and projected to hit $ 6042.45 b by 2026 & rise at a CAGR of 32.34 percent over the prediction period (2021–2026). The usage of IoT tests using modern technologies has led to the highest use of distinct kinds of test tools for distinct purposes, and the market is projected to grow at a speedy rate during the period time.
• Microsoft market research says, approx. 94 percent of companies will use some sort of the Internet of Things by 2021. Core IoT verticals like retail, government, manufacturing, healthcare and transportation continue to launch new IoT solutions and apps to their everyday operations.
• As per Statista, the total dollars spent on IoT solutions globally is anticipated to almost double in 2021, up to $418b from $248b. Surprisingly, by the year 2025, that number is projected to be USD 1,567 billion. The international market for IoT end-user solutions is projected to raise to 212 b U.S. dollars in size by 2019. The technology hit USD 100 billion in market revenue for the first time in 2017, and predictions proposed that this figure will rise to about 1.6 trillion by 2025.
• Fortune Business Insights report says IoT technology holds important potential in the ICT segment with the worldwide market valued at $190 b in 2018 and hitting $1.1 trillion by 2026. The report projects that the international market will grow at a surprising CAGR of 24.7% all through the estimated years.
Progressively more organizations will recognize this potential this year, assuring development for this trend. Let us dive a little deeper and explore the IoT-related trends that will shape the digital transformation approach for businesses in 2021.
7 Biggest IoT Trends to Watch Out for 2021
1. Focus on Security to meet the Complex Challenges
Security has become a foreseeable matter nowadays, and with up-and-coming technologies, companies need to make certain the data security to retain their customer’s interest. Hence, IoT is expected to concentrate on security to meet the complicated challenges in the coming decade. With various devices, IT administrators are hostile to know how many gadgets are usually connected to their networks leaving them susceptible to attacks. Besides, connected devices remain susceptible owing to exposure to cyber-attacks. The amount of Internet-linked gadgets has shown a notable rise, and they will keep mounting in the coming decade. Therefore, extra cautions of network operators can easily stop intruders to enter the network making IoT security the most modern IoT trend.
In 2021, we would likely see an increase in the security-centric smart gadgets, counting AI-driven, automatic capacity to scan networks for IoT gadgets. Big tech enterprises are expected to lead the way in this arena. Big giants like Amazon recently announced a chain of new traits that allow users to take control of privacy and data settings. Apple and Google are also in the same race to follow suit in 2021 with a focal point around the security features marketing in IoT-centric devices.
2. Artificial Intelligence meets IoT
In addition to security, the focus is also moving to the holistic improvement of production procedures. In simple words, the combination of advanced technologies into an “Artificial IoT” mainly reduces deviations from the optimum in the manufacturing procedure and therefore ensures high performance, lower costs, and less waste. Through AI, production processes can be continuously and automatically optimized with the assistance of ML methods. Besides, AI-driven analytical solutions have the control to aggregate huge amounts of sufficient high-quality data and information; process it in real-time and draw effectual insights. Moreover, close integration of AI, smart devices, and Big Data will also contribute appreciably to give protection against security risks. So far, merely a few businesses have deployed AI Internet of Things. That will change this year.
3. Enhanced Role of Data Analytics
Data analytics plays a crucial role in well-organized and effectual business management to make a significant decision based on a detailed analysis of the gathered data. The modern AI-centric data analytics solutions, powered by Big Data technology and AI algorithms, can collect a huge chunk of information, examine it in real-time, and derive valuable insights from it. This powerful incorporation of Big Data, Artificial Intelligence, and IoT devices will allow users to make important and effectual business decisions with ease based on the information & insights collected by the data analytics. IoT not only aids in examining behavior and spit out data; it is also about rapid data processing and giving proposals based on those findings.
Leveraging data analytics will complement the data scrutiny produce and process by the internet of things solutions. When executed correctly, data analytics will allow users to pick up on trends or patterns within the information gathered by their devices. Consequently, the insight acquired by the data analysis confirms a business is well equipped with the data required to make
4. Blockchain Technology
IoT devices very often are susceptible to security breaches that make them target for DDoS attacks. Blockchain technology or distributed ledger technology emerges as a suitable tool to guarantee data safety during encryption techniques plus peer-to-peer contact without intermediaries. It is amongst the top-most IoT trends that address major IoT scalability and security challenges. Credited to its exceptional capacities and advantages, Blockchain is an information game-changer, giving a means for data to be recorded and shared by a user’s community. It is more often looked upon in the context of IoT data security.
It has become the norm for banking or financial institutions to guard their operations with the aid of Blockchain technology. Similarly, blockchain is at present amongst the top IoT trends due to its capability to confirm data protection through encryption techniques without intermediaries.
5. Emerging IoT Apps
Apps and use cases of the Internet of Things solutions are evolving at a fast pace. Presently, its apps surround smart homes, smart grids, wearable, smart cities, industrial settings, etc. With the rise and development of this technology in the upcoming future, the Internet of Things will reach more business and industry settings, leading the globe towards more digital. Knowing the Internet of Things use cases will assist companies to integrate the Internet of Things technologies into their upcoming investment decisions.
6. Edge Computing
What is edge computing? With this a distributed computing paradigm, rather than the Internet of Things devices sending all the information they gather to the cloud for investigation and extraction of insights, this work is performed straight on the devices themselves. Adoption of edge computing will become more significant for the Internet of Things devices to conquer the cloud computing drawbacks such as latency issues and low bandwidth faced in real-time data processing. Edge computing is an accurate data processing and cost-efficient method for IoT devices.
Companies should make decisions based on IoT information speedier than ever before to appreciate the true devices value on the network. With the union of 5G networks, an increase in IIoT and IoT devices, and a striking increase in the data amount we are collecting, edge computing can be turned up as significant as ever in this year.
7. Investment in IoT App Testing
Smart sensors, wearables, and connected devices will continue to alter the way healthcare is delivered, from automated homes to telemedicine help for the disabled and elderly. Besides, in situations where the risk of virus infection is strong, it will also be used to minimize unnecessary contact.
The IoT testing is all set to incorporate with other technology to make life smart and easy. If we speak about the IoT role in the banking industry or its penetration into healthcare services, growth in this technology will continue to bring great deeds across the globe. The IoT trends would bring the world together and make it victorious in every way.
As time changes, the future of IoT app tests will continue to grow. We would have the Internet of Things attached to more or less in all inventions. Let’s get ready to observe this year the creativity of automatic urban societies working with each other with zero contact.
Final words
2021 promises to be another year of trouble and uncertainty around the globe and IoT technology will undoubtedly deliver practical solutions to various complexities and challenges faced by people working tenuously.
Top 7 Trends in IoT to Look Out for in 2021 was originally published in Dev Genius on Medium, where people are continuing the conversation by highlighting and responding to this story.
Vietnam, October 9, 2021 – EC-Council co-sponsors the awards for the winners of ASEAN Student Contest on Information Security (ASCIS) along with Wissen. The contest is an integral activity of the annual event, “Vietnam Information Security Day” organized by VNISA under the sponsorship of the Ministry of Information and Communications (MIC) and the Ministry of Education and Training (MoET) of Vietnam. ASCIS is a Capture the Flag contest for students from institutes of higher education in ASEAN. The warm-up round of […]
Nmap comes pre-installed with Kali Linux. Not just Kali Linux Nmap comes pre-installed with every security focused operating system. We have already discussed how to use Nmap for active reconnaissance in our previous article “NMAP — The Network Mapper“.
But cybersecurity experts don’t just use Nmap for scanning ports and services running on the target system, Nmap also can be used for vulnerability assessment and much more using NSE (Nmap Scripting Engine).
The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner by allowing users to write scripts that perform custom tasks using the host information collected by Nmap. As of September 2021, when we are writing this article, Nmap has over 600+ scripts on Nmap version 7.91.
Penetration testers uses Nmap’s most powerful and flexible features, which allows them to to write their own scripts and automate various tasks. NSE (Nmap Scripting Engine) was developed for following reasons:
Before jumping in to finding vulnerabilities using Nmap we must need to update the database of scripts, so newer scripts will be added on our database. Then we are ready to scan for vulnerabilities with all Nmap scripts. To update the Nmap scripts database we need to apply following command on our terminal window:
In the following screenshot we can see that we have an updated Nmap scripts database.
Now we are ready to scan any target for vulnerabilities. Well we can use following command to run all vulnerability scanning scripts against a target.
As we can see in the following screenshot:
When we are talking about Nmap Scripts then we need to know that, not only vulnerability scanning (vuln) there are lots of categories of Nmap scripts those are following:
So we can see that we can do various tasks using Nmap using Nmap Scripting Engine scripts. When we need to run all the scripts against single target we can use following command:
In the following screenshot we can see that all scripts are using against one target, but here every script will run so it will consume good amount of time.
That is all for this article. We will back again with Nmap. Hope this article helps our fellow Kali Linux users. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated task.
This analysis is a software-testing technique used by developers and penetration testers to test their applications against unexpected, invalid, and random sets of data input. The response will then be noticed in terms of an exception or a crash thrown by the application. This activity shows us some of the major vulnerabilities in the application, which are not possible to discover otherwise. These covers buffer overflows, format strings, code injections, dangling pointers, race conditions, denial of service conditions, and many other types of vulnerabilities.
Fuzzy analysis is a relatively simple and effective solution that can be incorporated into the quality assurance and security testing processes. That’s why fuzzy analysis is also called robustness testing or negative testing sometimes.
Classic fuzz testing was developed at the University of Wisconsin Madison in 1989 by Professor Barton Miller and students. Their (continued) work can be found here. It’s mostly oriented towards command-line and UI fuzzing, and shows that modern operating systems are vulnerable to even simple fuzzing.
Commonly a Fuzzer (program for fuzzing) would try combinations of attacks on:
A common approach to fuzzing is to define lists of “known-to-be-dangerous values” (fuzz vectors) for each type, and to inject them or re-combinations.
There are different classes of fuzzers available in Kali Linux, which can be used to test the file formats, network protocols, command-line inputs, environmental variables, and web applications. Any non-trusted source of data input is considered to be insecure and inconsistent. For instance, a trust boundary between the application and the Internet user is unpredictable. Thus, all the data inputs should be fuzzed and verified against known and unknown vulnerabilities. In our some later article we are going to learn about Fuzzers on our Kali Linux system.
The purpose of fuzzing based on the assumption that there are bugs within every program, which are waiting to be discovered. Then, a systematic approach should find them sooner or later.
Fuzzing can add another perspective to classical software testing techniques (hand code review, debugging) because of it is non-human approach. It doesn’t replace them, but is a reasonable complement, thanks to the limited work needed to put the procedure in place.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
The second update of Kali Linux in 2021 is live and reday to ROCK.
Say Welcome to Kali Linux 2021.2! This release welcomes a mixture of new items as well as enhancements of existing features, and is ready to be downloaded (from our updated page) or upgraded if you have an existing Kali Linux installation.
A quick summary of the change log since the 2021.1 release from February 2021 is:
For developers, this is a great new tool in the arsenal. Users will, hopefully, not realise that they are using it, only noticing that previously problematic tools now work correctly!
Without repeating what has already been posted, this technology allows us to correctly package up programs that were previously difficult, with items such as complex dependencies or legacy programs & libraries (such as Python 2 or dated SSL/TLS).
With Kaboxer’s launch, we have released 3 packages using it:
If you want to read more, please see either our blog post covering it, or our documentation around it.
Kaboxer is still in its infancy, so please be nice & patient with it.
Announcing Kali-Tweaks! This is our little helping hand for Kali users, with the idea to help customize Kali to your own personal taste quickly, simply, and the correct way. This should help you to stop doing repetitive tasks.
Currently Kali-Tweaks will help out with:
Our philosophy is to always understand what you are running, before you run it. That way, it reduces the chances of any undesirable nasty surprises. Which is why we will always encourage anyone to do actions manually before automating it, so you get to understand what is happening under the hood. On the flip side, we also understand there is so much to remember. Then when you sprinkle in people’s bad habits, which often have long term implications and end up breaking Kali, there is room for improvement. So, we started developing Kali-Tweaks. Where possible, Kali-Tweaks will also display what commands are being executed to help educate users.
We do want to mention a few things:
kali-tweaks has been marked as “recommended” rather than “required”. As a result, if you are upgrading Kali, it may not be included. On the other hand, you can remove kali-tweaks without removing anything else.bashrc & .zshrc) before you can use the “configure prompt” section. This is because it will not have the necessary variables. Should you want to, make sure to backup, reset, and restoreIt is still early days with Kali-Tweaks, and we already have ideas of what to expand into, but we welcome any suggestions from you!
Kali-Tweaks is still in its infancy, so please be nice & patient with it.
Kali’s Bleeding-Edge branch has been around since March 2013, but we have recently completely restructured the backend.
For those not too familiar with Bleeding-Edge branch, here is a breakdown:
1.0 or 2.1)You may then end up skipping the Kali package and compiling your favorite tool’s source-code. This might then conflict with Kali’s packaging, and it is your responsibility to maintain the program. This is where bleeding-edge branch comes in.
Since moving over to GitLab, we have been able to create Kali-Bot to help with heavy lifting and automation
This is a fully automated procedure, as a result, the testing that goes into our packaging is automated as well (unlike anything that is in kali-rolling branch which has manual testing involved). If there has not been a unit test created, its not going to be tested for. This means there is a chance packages will be broken, and more trust goes into the tool author having correctly developed the tool.
If you want to give it a try, have a look at our kali-bleeding-edge documentation to learn how to enable the repository and how to tell apt to select a package from this repository. Once the repository has been enabled, it looks like this:
kali@kali:~$ dpkg -l
| grep ffuf
ii ffuf 1.3.1-0kali1 amd64 Fast web fuzzer written in Go (program)
kali@kali:~$
kali@kali:~$ sudo apt install -y ffuf/kali-bleeding-edge
...
kali@kali:~$
kali@kali:~$ dpkg -l
| grep ffuf
ii ffuf 1.3.1+git20210505.1.f032167-0kali1~jan+nus1 amd64 Fast web fuzzer written in Go (program)
kali@kali:~$
Not every tool has made it to the new system yet as there are still many limitations to overcome, but to see what is supported and also how many:
kali@kali:~$ curl -s -L 'http://http.kali.org/kali/dists/kali-bleeding-edge/main/binary-amd64/Packages'
| awk -F ': ' '/^Package: /{print $2}'
...
kali@kali:~$
kali@kali:~$ curl -s -L 'http://http.kali.org/kali/dists/kali-bleeding-edge/main/binary-amd64/Packages'
| awk -F ': ' '/^Package: /{print $2}'
| wc -l
78
kali@kali:~$
kali@kali:~$ curl -s -L 'http://http.kali.org/kali/dists/kali-experimental/main/binary-amd64/Packages'
| awk -F ': ' '/^Package: /{print $2}'
| wc -l
192
kali@kali:~$
kali@kali:~$ curl -s -L 'http://http.kali.org/kali/dists/kali-rolling/main/binary-amd64/Packages'
| awk -F ': ' '/^Package: /{print $2}'
| wc -l
59518
kali@kali:~$
The numbers will only grow bigger and better as time goes on, with less bugs in the code and more unit tests in place!
If you are a tool author and want to get your software on the list, please chat to us, and we can show how to enable webhooks!
We have patched our kernel to remove the restriction of requiring privilege permission in order to use TCP & UDP ports under 1024 (meaning 0/TCP-UDP <= 1023/TCP-UDP). This was done because:
$ sudo <program>,$ sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888authbind to allow certain users to use certain portsNow, this change won’t appear in all instances as some flavors of Kali operate without our kernel. This depends on which platform you use (such as Cloud instances, Docker or WSL). If you are on a platform that does not use our customized Kernel, this change will not be applied. For example, the top one uses Kali’s kernel on a bare metal install, and below uses Kali in a docker container, so its using the host’s kernel:
kali@kali:~$ uname -r
5.10.0-kali7-amd64
kali@kali:~$
...vs...
$ docker run --rm --interactive --tty kalilinux/kali:latest uname -r
5.10.25-linuxkit
$
It would not be a Kali release if there were not any new tools added! A quick run down of what’s been added (to Kali’s archive and network repositories):
Ghidra and VSCode have been included into the kali-linux-large metapackage, so they are included on the installer image for people doing a fresh install. Otherwise you will need to upgrade Kali (if you already have the kali-linux-large install) or manually install them (if you want them!):
kali@kali:~$ sudo apt update && sudo apt install -y ghidra code-oss
A few notes about code-oss (aka VSCode):
code-oss, rather than code
vscode and code will use our package, code-oss, with a friendly notice (when installed)code-oss, it will then replace it!If you are using ZSH, with the latest Kali profile applied, you can toggle between the two-line prompt and one-line prompt by pressing: CTRL + p (at the same time). This will only have an effect for the current session. If you would like to set it permanently, see kali-tweaks.
We have switched up the quick launch tray in the top left, by:
kazam)mousepad as it is a quick and light)_
code-ossFireFox)terminal or root terminal & Kali’s default is QTerminal)
To give you an idea of how the toggling between the terminal user works:
Inside of Thunar (Xfce’s default file manager), if you right-click in the main window, you should have a new option, Open as Root:
With these theme changes, you may not get them if you upgrade Kali. This is because the theme settings are copied to your home folder when your user is first created. When you upgrade Kali, it is upgrading the operating system, so upgrading does not alter personal files (just system files). As a result, in order to get these theme tweaks, you need to either:
People who have upgraded, you may have spotted that there is a new default login wallpaper and desktop background, but there are extras as well in this release:
Whilst on the subject of wallpapers, if you have not noticed, previously we had been operating on an refresh cycle about every 6 months, where we would change the default login and desktop as well as included other art work if they were not to your taste. Going forwards, we are aiming to change the defaults at every 20xx.1 release (meaning it happens right at the start of every year). So it will still change again in 6 months, but this will be the last time! We will still aim to add extra wallpapers every 6 months, however, only change the defaults yearly.
Finally, we have updated kali-community-wallpapers & kali-wallpapers-legacy packages as well!
Two new packages:
And other improvements:
bluez, bluez-firmware , and pi-bluetooth packages forked and patchedPlenty of improvements under the hood, including:
rtl88xxau patches for older kernels in the kernel builderAnd the highlight:
Android 11 support for:
The Kali NetHunter repository now contains 179 kernels for 72 devices and 32 pre-built images are available on our download page
Huge thanks to @kim0coder, @yesimxev, @Svirusx, @Martinvlba, @CaliBerrr, @maade69 and the entire Kali NetHunter community for making this release happen. You absolutely rock!
There are even more improvements to Kali, that are outside of the above text. Below are other note-worthy items:
pkexec, so now Qt applications which have been ran as root will maintain the dark theme and the HiDPI settingwireshark can now be run by unprivileged usersWin-KeX v2.10 has been released which now supports multiscreenuF32B)
Fresh Images: So what are you waiting for? Start grabbing Kali already!
Seasoned Kali Linux users are already aware of this, but for the ones who are not, we do also produce weekly builds that you can use as well. If you cannot wait for our next release and you want the latest packages (or bug fixes) when you download the image, you can just use the weekly image instead.
This way you’ll have fewer updates to do.
Just know that these are automated builds that we do not QA like we do our standard release images. But we gladly take bug reports about those images because we want any issues to be fixed before our next release!
Existing Installs: If you already have an existing Kali Linux installation, remember you can always do a quick update:
You should now be on Kali Linux 2021.2. We can do a quick check by doing:
┌──(kali㉿kali)-[~]
└─$ grep VERSION /etc/os-release
VERSION="2021.2"
VERSION_ID="2021.2"
VERSION_CODENAME="kali-rolling"
┌──(kali㉿kali)-[~]
└─$ uname -v
#1 SMP Debian 5.10.28-1kali1 (2021-04-12)
┌──(kali㉿kali)-[~]
└─$ uname -r
5.10.0-kali7-amd64
NOTE: The output of uname -r may be different depending on the system architecture.
As always, should you come across any bugs in Kali, please submit a report on our bug tracker. We’ll never be able to fix what we do not know is broken! And Twitter is not a Bug Tracker!
