Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you what you need to pay attention to in Kali Linux. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Kali Linux is the industry-leading Linux distribution in penetration testing and white hat. By default, this release comes with a large number of intrusive and infiltrating tools and software, and is widely recognized all over the world. This is true even among Windows users who may not even know what Linux is.

Because of the latter (LCTT: Windows users), many people try to use Kali Linux alone, even though they don't even know the basics of the Linux system. The reasons may be different, some are for fun, some are disguised as hackers to please their girlfriends, and some are just trying to hack a neighbor's WiFi network to surf the Internet for free. If you're going to use Kali Linux, remember, all of these are bad things.

Before you plan to use Kali Linux, you should know some tips.

Kali Linux is not suitable for beginners.

Kali Linux default GNOME Desktop

If you are someone who just started using Linux a few months ago, or if you think your level of knowledge is below average, then Kali Linux is not for you. If you are going to ask, "how do I install Steam on Kali? how do I make my printer work on Kali? how do I resolve APT source errors on Kali?" These things, then Kali Linux is not for you.

Kali Linux is mainly for experts who want to run penetration test suites or those who want to learn to be white hats and digital forensics. But even if you belong to the latter, the average Kali Linux user will encounter a lot of trouble in daily use. He was also asked to use tools and software in a very cautious manner, not just "Let's install and run everything". Every tool must be used carefully, and every software you install must be checked carefully.

Ordinary Linux users are not comfortable with it. A better approach is to spend a few weeks learning about Linux and its daemons, services, software, distributions, and how they work, then watch dozens of videos and lessons about white hat attacks, and then try to use Kali to apply what you've learned.

It will get you hacked.

Kali Linux intrusion and testing tools

In a normal Linux system, the average user has an account, while the root user has a separate account. But this is not the case in Kali Linux. Kali Linux uses a root account by default and does not provide an ordinary user account. This is because almost all the security tools available in Kali require root permissions and are designed to avoid requiring you to enter your root password every minute.

Of course, you can simply create a regular user account and start using it. However, this approach is still not recommended because it is not how Kali Linux system design works. When using the average user to use the program, open the port, and debug the software, you will encounter a lot of problems, and you will find out why this thing doesn't work, only to find out that it is a strange permission error. In addition, every time you do anything on the system, you will be annoyed by the fact that you are asked to enter a password every time you run the tool.

Now, because you are forced to use it as a root user, all software you run on the system will also run with root privileges. If you don't know what you're doing, this is bad, because if there is a vulnerability in Firefox and you visit an infected website, hackers can gain full root permissions on your PC and hack you. If you use a regular user account, you will be restricted. In addition, some of the tools you install and use may open ports and disclose information without your knowledge, so if you are not very careful, people may invade you the way you try to invade them.

If you have ever visited Kali Linux-related Facebook groups, you will find that almost 1/4 of the posts in these groups are people asking for help because they have been hacked.

It can put you in jail.

Kali Linux only provides the software. So, how to use them is entirely your own responsibility.

In most developed countries in the world, using penetration testing tools for public WiFi networks or other devices can easily put you in jail. Now do not think that you can not be tracked by using Kali, many systems are equipped with complex logging devices to simply track people who try to monitor or hack into their network, you may inadvertently become one of them, then it will ruin your life.

Never use Kali Linux on devices or networks that don't belong to you, and don't explicitly allow intrusion into them. If you say you don't know what you're doing, it won't be accepted as an excuse in court.

Modified kernel and software

Kali is based on Debian (the "testing" branch, which means Kali Linux uses a rolling release model), so it uses most of the software architecture of Debian, and you will find that most of the software in Kali Linux is no different from that in Debian.

However, Kali has modified some packages to enhance security and fix some possible vulnerabilities. For example, the Linux kernel used by Kali is patched to allow wireless injection on a variety of devices. These patches are usually not available in the normal kernel. In addition, Kali Linux does not rely on Debian servers and images, but instead builds software packages from its own servers. The following are the default software sources in the latest release:

Deb http://http.kali.org/kali kali-rolling main contrib non-freedeb-src http://http.kali.org/kali kali-rolling main contrib non-free

This is why, for certain software, you will find different behaviors when you use the same program in Kali Linux and Fedora. You can see the complete list of Kali Linux software from git.kali.org. You can also find our own list of installed packages on Kali Linux (GNOME).

More importantly, the Kali Linux official documentation strongly recommends not adding any other third-party software repositories, because Kali Linux is a rolling distribution and relies on the Debian test branch, and because of dependency conflicts and package hooks, you are likely to damage the system just by adding a new repository source.

Do not install Kali Linux

Use Kali Linux to run wpscan on fosspost.org

I use Kali Linux on rare occasions to test my deployed software and servers. However, I would never dare to install it and use it as the primary system.

If you want to use it as the main system, you must keep your personal files, passwords, data, and everything on the system. You also need to install a lot of everyday software to liberate your life. But as we mentioned above, using Kali Linux is very dangerous and should be done very carefully. If you are hacked, you will lose all your data and may be exposed to more people. If you are doing something illegal, your personal information can also be used to track you. If you accidentally use these tools, you may even destroy your own data.

Even for professional white hats, it is not recommended to install it as the primary system, but to use it through USB for penetration testing, and then return to the normal Linux distribution.

Bottom line

As you can see now, using Kali is not an easy decision. If you are going to be a white hat and you need to use Kali to learn, then learn Kali after learning the basics and spending months using a normal Linux system. But be careful what you are doing to avoid trouble.

The above is the editor for you to share the Kali Linux need to pay attention to, if there happen to be similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.