Shulou(Shulou.com)06/01 Report--

Chapter II introduction to Kali Linux

Unlike other operating systems, because Kali Linux's disk image file is easy to get started with Live ISO,Kali Linux, you may boot the downloaded image file directly without the previous installation process. This means that you can test with the same image file, forensics with bootable USB or DVD-ROM, or permanently install the operating system on a physical or virtual machine.

Because of this simple nature, it is easy to forget the precautions that must be considered. Kali users are often targeted by malicious users, whether they are state-funded groups, organized criminals, or individuals. The open source nature of Kali linux makes it relatively easy to build and distribute fake versions, so you must get into the habit of downloading from the original source and verifying the integrity and authenticity of the download. This is particularly important for security professionals, who are often able to access sensitive networks and are delegated to process client data.

2.1 download Kali ISO image file

2.1.1 download location

The only official download source for Kali Linux ISO images is the download section of the Kali website. Due to the popularity of Kali Linux, many websites provide Kali image downloads, but they may not be trusted and may actually be infected by malware or other damage that can cause your system to suffer irreparable damage. Download address: https://www.kali.org/downloads/

The site is accessed through HTTPS, which makes it difficult to copy. It can also make the executive middleman less effective because the middleman also needs a certificate signed by the www.kali.org authorized by the transport layer security (TLS) authentication that the victim's browser trusts. Because the existence of authentication authorization can prevent such problems, they will only send certificates to those whose identities have been verified, and these people can provide evidence that they control the corresponding website.

The cdimage.kali.org link points to the cdimage.kali.org domain based on the download page, and it redirects to the site closest to you, which can speed up the download and reduce the burden on the Kali central server. The list of crossed images can be found in the following file: http://cdimage.kali.org/README.mirrorlist

2.1.2 how to download

The official download page shows a list of ISO images, as shown in figure 2.1:

Figure 2.1 download list of image files

All disk images are labeled 32-or 64-bit, indicating that the image is suitable for the CPU of most modern desktops and laptops. If you download an image for the current computer, it probably contains the processor of 64-bit. If you're not sure, rest assured that all 64-bit processors can run 32-bit instructions. You can also download the 32-bit image file. However, this is not the case. Please refer to the sidebar for more details.

If you plan to install Kali on embedded devices, smartphones, Google laptops, wireless access points, or other devices that use ARM processors, you must use Linux armel or armhf images.

Is my CPU 32-bit or 64-bit? In Windows, you can view it by running the system Information program (see attachment-> system tools). On the system summary page, you can check the "system type" field: "x64-based PC" is included for 64-bit CPU and "x86-based PC" for 32-bit CPU.

Under OS X/macOS, there is no standard program to display this information, but you can determine it by running the uname-m command on the terminal and checking its output. If it is a 64-bit kernel (which can only run on 64-bit CPU), the command will return the words x86 kernel 64, while if the system is a 32-bit kernel, the command will output i386 or something like that (i486 core i586 or i686). Any 32-bit kernel can run on 64-bit CPU, but because Apple controls the hardware and software, you are unlikely to find this configuration.

Under Linux, you may check the fields in the virtual file / proc/cpuinfo file. If it contains the lm attribute, then your CPU is 64 Murbit; in other cases, 32-bit. The following command tells you the type of CPU:

$grep-qP'^ flags\ sroomvision. *\ blm\ b' / proc/cpuinfo & & echo 64-bit | | echo 32-bit

64-bit

Now that you know whether you need 32-bit or 64-bit images, there is one last step left: choose the type of image file. The default Kali Linux image file and the lightweight version of Kali Linux can either run the Live system directly as Live ISO or can be installed with it. The only difference is in the pre-installed application set. The default images use the GNOME desktop environment and a large number of software packages for most testers, while lightweight images use the Xfce desktop environment (which requires very little system resources) and a limited collection of software packages, allowing you to choose the software set you only need. The rest of the images use other desktop environments, but their software sets are the same as those in the Fourteen Night images.

Once you have decided which image file you need, you can click "ISO" on each line to download the image file. Alternatively, you can click "Torrent" to download from the BitTorrent peer-to-peer network, which requires you to have a BitTorrent client with a .torrent file extension.

When downloading the selected ISO image file, you can pay attention to the checksum written in the sha256sum column. Once you have downloaded the image file, use this checksum to verify that the image you downloaded matches the one provided online by the Kali development team (see next section).

2.1.3 check integrity and authenticity

Security experts must verify the integrity of their tools so that they can be used not only to protect their data and networks, but also to protect their customer data and networks. Although the Kali download page is protected with TLS, the actual download link is directed to an unencrypted URL that is unprotected against potential middlemen. In fact, Kali relies on external mirror sites to distribute images, which means you can't blindly trust what you download. The site you are directed to may be damaged, or you may be the victim of the *.

To alleviate this situation, the Kali project has always provided a checksum of the image files they distribute. But for this checksum to be valid, you must make sure that the checksum you get is a valid checksum published by the Kali Linux developer. You can confirm it in different ways.

Sites that rely on TLS protection

When you retrieve a checksum from a download page protected by TLS, its origin is indirectly guaranteed by the X.509 certificate security model: the valid site content you see is controlled by the person who applied for the TLS certificate.

Now you can generate a checksum of the image file you downloaded and make sure it matches the value given by the Kali site:

$sha256sum kali-linux-2017.1-amd64.iso

49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d kali-linux-2016.2-amd64.iso

If the checksum you generate matches the value of the Kali Linux download page, it means you have the correct file. If the checksum is not the same, then there is a problem, although this does not indicate damage or *; when downloading over the Internet, there will be occasional damage. If you can, you can download it again from another mirror site (more information about valid mirror sites can be obtained from "cdimage.kali.org")

Rely on trusted PGP sites

If you don't trust HTTPS for authentication, you may be a little paranoid, but it's normal. There are many examples of poor management certificate authorization, issuing rogue certificates and eventually being abused.

You can also be the victim of a "friendly" middleman, which is implemented on many corporate networks, using custom, browser-built information stores to provide fake certificates to encrypted websites. allow corporate auditors to monitor encrypted traffic.

In this case, we also provide a GnuPG key to sign the checksum of the image file we provided. The identifier of the key and its fingerprint are as follows:

Pub rsa4096/0xED444FF07D8D0BF6 2012-03-05 [SC] [expires: 2018-02-02]

Key fingerprint = 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

Uid [full] Kali Linux Repository

Sub rsa4096/0xA8373E18FC0D0DCB 2012-03-05 [E] [expires: 2018-02-02]

This key is part of a trusted global network because it was at least signed by me (Rapha L Hertzog), and because I use GnuPG heavily as a Debian developer, I am part of a trusted network.

The PGP/GPG security model is unique. Anyone can generate any key with any identity, but the key can only be trusted if it is signed by another key that has been trusted. When you sign a key, you prove that you have met the holder of the key, and you know that the identity is correct. Then define the initial key set you trust, which is the key you use.

This model has its own limitations, so you can choose to download Kali's public key on HTTPS (or from a key server), and you decide to trust it because its fingerprint is consistent with what we have published in multiple places, including at the top of the book:

$wget-Q-O-https://www.kali.org/archive-key.asc | gpg-- import

[or]

$gpg-keyserver hkp://keys.gnupg.net-recv-key ED444FF07D8D0BF6

Gpg: key 0xED444FF07D8D0BF6: public key "Kali Linux Repository" imported

Gpg: Total number processed: 1

Gpg: imported: 1 (RSA: 1)

[...]

$gpg-fingerprint 7D8D0BF6

[...]

Key fingerprint = 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

[...]

After retrieving the key, you can use it to verify the checksum of the distribution image file. Let's download the file with the checksum (SHA256SUMS) and the associated signature file (SHA256SUMS.gpg) and verify the signature:

$wget http://cdimage.kali.org/current/SHA256SUMS

[...]

$wget http://cdimage.kali.org/current/SHA256SUMS.gpg

[...]

$gpg-verify SHA256SUMS.gpg SHA256SUMS

Gpg: Signature made Thu 16 Mar 2017 08:55:45 AM MDT

Gpg: using RSA key ED444FF07D8D0BF6

Gpg: Good signature from "Kali Linux Repository"

If you get the "Good signature" information, you can trust the contents of the SHA256SUMS file and use it to verify the file you downloaded. Or there will be a problem. You should check to see if you downloaded these files from a legitimate Kali Linux image site.

Note that you can use the following command line to verify that the downloaded file has the same checksum, which is listed in SHA256SUMS and is in the same directory as the ISO image file to be downloaded:

$grep kali-linux-2017.1-amd64.iso SHA256SUMS | sha256sum-c

Kali-linux-2017.1-amd64.iso: OK

If you don't get OK information, it means that the file you downloaded is different from the one released by the Kali team, and you can't trust it and use it.

2.1.4 copy the image file to a DVD CD or USB disk

Unless you want to run Kali Linux in a virtual machine, there are some restrictions on the use of ISO images. You must burn the image file to a DVD CD or copy it to a USB disk before you can boot the machine to run Kali Linux.

We won't discuss how to burn an ISO image file to a DVD disc, because the process varies depending on the platform and environment, but in most cases, right-clicking the ISO file will display a contextual menu sound, and then run the DVD burning program. Just try it.

Warning: in this section, you will learn how to overwrite any disk with an Kali Linux image file. Always check the target disk repeatedly before performing this operation, as an error may result in complete data loss and may damage your installer beyond repair.

Create a bootable Kali U disk on Windows

As a tool that needs to be prepared in advance, you need to download and install Win32 Disk Imager software:

Https://sourceforge.net/projects/win32diskimager/

Insert your flash drive into your Windows computer and pay attention to the drive letter associated with it (such as "E:\").

Run Win32 Disk Imager and select the Kali Linux image file you want to copy to the USB disk. Check the appropriate drive letter assigned to the USB drive. Once you have confirmed that you have selected the correct drive letter, click the Write button and confirm the flash drive you overwrote, as shown in figure 2.2:

Figure 2.2 operating Win32 Disk Imager

Once the copy operation is complete, safely unplug the USB flash drive from the Windows system. So you can use this flash drive to start Kali Linux.

Create a bootable Kali U disk in Linux

It is easy to create bootable Kali Linux USB drives in a Linux environment. In many Linux distributions, the GNOME desktop environment is installed by default with the Disks utility (in the gnome-disk-utility package, already installed in the Kali image). This tool displays a list of disks that will be refreshed dynamically when you insert or pull a disk. When you select the U disk in the list, its details will be displayed, which will help you to confirm that the selected disk is correct. Note that you can find the device name in the title bar, as shown in figure 2.3:

Figure 2.3 GNOME disk

Click the menu button and select Restore Disk Image from the pop-up menu. , then select the ISO image file you downloaded earlier, and then click Start Restoring. Button, as shown in figure 2.3.

Figure 2.4 restore disk mirroring dialog box

You can have a cup of coffee during copying the image file to a flash drive. Figure 2.5 shows the recovery process of the mirror file.

Figure 2.5 Image file recovery process

Create a bootable flash drive from the command line: although it is quite intuitive to operate from the graphical interface, it is also very simple for users who are used to command-line operations.

When you insert a flash drive, the Linux kernel will detect the flash drive and assign a name to it, which is recorded in the kernel log file. You can use the dmesg command to look at the log file to find the name.

$dmesg

[...]

[234743.896134] usb 1-1.2: new high-speed USB device number 6 using ehci-pci

[234743.990764] usb 1-1.2: New USB device found, idVendor=08ec, idProduct=0020

[234743.990771] usb 1-1.2: New USB device strings: Mfr=1, Product=2

➥ SerialNumber=3

[234743.990774] usb 1-1.2: Product: Store'n'go

[234743.990777] usb 1-1.2: Manufacturer: Verbatim

[234743.990780] usb 1-1.2: SerialNumber: 0390627052A2F897

[234743.991845] usb-storage 1-1.2 1.0: USB Mass Storage device detected

[234743.992017] scsi host7: usb-storage 1-1.2 purl 1.0

[234744.993818] scsi 7:0:0:0: Direct-Access VBTM Store'n'go 6.51

➥ PQ: 0 ANSI: 0 CCS

[234744.994425] sd 7:0:0:0: Attached scsi generic sg1 type 0

[234744.995753] sd 7 GB 0 512-byte logical blocks 0: [sdb] 3903487 GB

➥ / 1.86 GiB)

[234744.996663] sd 7:0:0:0: [sdb] Write Protect is off

[234744.996669] sd 7:0:0:0: [sdb] Mode Sense: 45 00 00 08

[234744.997518] sd 7:0:0:0: [sdb] No Caching mode page found

[234744.997524] sd 7:0:0:0: [sdb] Assuming drive cache: write through

[234745.009375] sdb: sdb1

[234745.015113] sd 7:0:0:0: [sdb] Attached SCSI removable disk

Now you know that the name of the flash drive is / dev/sdb, so you can use the dd command to copy:

# dd if=kali-linux-light-2017.1-amd64.iso of=/dev/sdb

2070784500 records in

2070784500 records out

1060241408 bytes (1.1GB, 1011 MiB) copied, 334.175 s, 3.2MB/s

Note that you need root permission to successfully complete this operation, and you also need to make sure that the flash drive is not being used. In other words, you need to make sure that none of the partitions of the flash drive are mounted. The above command assumes that you are running in the same directory as the ISO image file, and in other cases you need to provide the full path.

For reference, if stands for "input file" and of for "output file". The dd command reads data from the input file and writes it back to the output file. This command does not display any process information, so you have to be patient during its run (usually no more than half an hour). If you want to make sure that the command is working, you can check the active LED light of the USB drive. When the command is complete, the above operation will write statistics. On OS X/macOS, you can press CTRL+T during the operation to get statistics on how much data has been copied.

Translator's note: on Linux, you can open another terminal and run the following command to see how much data has been copied by the above operation:

# watch-n 5 killall-USR1 dd

Create a bootable Kali U disk on OS X/macOS

OS X/macOS is based on UNIX, so the process of creating a bootable Kali USB disk on it is similar to the method in Linux. Once you have downloaded and verified the selected Kali image file, you can use the dd command to copy the image file to a USB drive.

To determine the name of the flash drive, run the diskutil list program to list the valid disks in your system. After that, insert the flash drive and run the diskutil list command again. The output of this operation will list the added disks, and by comparing the two outputs, you can determine the name of the USB drive you inserted. Look for the newly added lines in the output to determine the identity of the USB disk, and note that the X in / dev/diskX represents the ID number of the disk.

You also need to make sure that the flash drive is not mounted, which can be done by running the unmount command (assuming / dev/disk6 is the device name of the flash drive):

$diskutil unmount / dev/disk6

You can now execute the dd command. This time, you can add a parameter, bs, to specify the block size. This parameter defines the size of the block that is read in from the input file and written to the output file.

# dd if=kali-linux-light-2017.1-amd64.iso of=/dev/disk6 bs=1M

1011mm 0 records in

1011mm 0 records out

1060241408 bytes transferred in 327.061 secs (3242328 bytes/sec)

These are the operations. Your USB flash drive has been made, and you can use it to start or install Kali Linux.

Boot from another disk on OS X/macOS: to boot from another disk in an OS X/macOS system, press and hold the Option key immediately after pressing the power boot key to pop up the boot menu, and then select the disk you want to boot from. See http://support.apple.com/kb/ht1310 for more information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.