Chapter 2: The Basics of Kali Linux

Downloading Kali

In the introduction, we pointed out that Kali Linux is a Linux distribution
and can be downloaded as an ISO file. You will be required to download it
from a different computer, after which you will burn it onto a disk before
installation. You can download this interesting distribution of Linux from
this link http://www.kali.org/downloads/ . To know how to install it, you
can get the documentation for configurations, advanced operations, and
special cases on http://www.kali.org/official-documentation/ . If you need
any additional help, we have an active community where you can make
any inquiries or you can help other members solve their problems.
Offensive Security manages these community boards, and new users are
required to register to enable them to obtain access.
The security company is the makers of Kali Linux. Occasionally,
Offensive Security will provide messages pertaining to their products,
community information and updates. When downloading Kali Linux,
ensure that you select the proper architecture for your computer (either
amd64564-bit or i386532-bit). I do not wish to talk about the images of
Kali Linux in this book since that information is well captured in the links
I have provided. Tap on the correct link to select and download the image.
For those of you that are using Microsoft Windows, you will need to burn
the image using the Burn ISO or any other application (I can think of
Rufus). Proceed with the burning process until it is complete. Similarly,
Linux users can use a disk burning application (say K3b) to convert the
ISO image.

Installation of Kali Linux on the Hard Drive

You are going to learn how to do a graphical and textual installation of this
operating system. The graphical interface has been designed to be as
simple as possible. You will be required to configure your Basic Input
Output System
(BIOS) to boot from the optical disk you have created. First, load your
optical disk or flash drive containing Kali onto the computer and start. For
advanced users, there is an option of using virtualization technology like
Oracle’s VirtualBox or VMware’s Player.

First Time Booting of Kali Linux

The screenshot below shows a computer that has successfully booted to
the Kali Linux disk. 64-Bit Kali Linux version 1.0.5 has been used in this
book. With time, you will observe that versions of Kali Linux that are
downloaded at different times will appear different, albeit slightly. That
aside, graphical installations are similar. 
At http://www.kali.org/ , you will find up to date guides for all the latest
releases of Kali Linux. As such, it is important to check out this site before
you carry out an installation. Kali Linux, besides being installed on a
computer’s hard drive, it can be run straight from the disk having the
converted image. This is what we call a Live CD. This enables the
operating system to boot. The tools that come with Kali will also execute.
The only thing to note here is that the operating system from the live CD
is nonpersistent. This terminology is used to mean that upon shutting
down the computer, any memory, documents, saved settings and any other
essential research or work is likely to be lost. A great way to learn Kali
Linux is by running it in a nonpersistent state. Additionally, your current
operating system will not be affected in any way. You can see that we have
an option for installation with Speech Synthesis. We will not be going into
the intricate details for that, but you should know that it is a recent
upgrade feature to the Debian operating system and Kali. Users can
control the installation procedure vocally if their hardware can support
speech synthesis. How exciting! Like I have said before, let us concentrate
on the graphical installation for
now. Using the directional keys, scroll and highlight Graphical Install and
bang the Enter key.

Setting the Defaults

You will be required to select default settings for your location, keyboard
layout, and language in the next few screens. After you have made the
appropriate selections, click on continue to proceed to the next step. You
will notice various bars denoting progress on your computer’s screen
throughout the installation as the computer begins the actual installation
of Kali. Picking the default settings is a good choice for most of the
selection screens

Initial Network Setup

See the image below. In this stage, you will be required to do a basic
configuration and an initial setup of your primary network interface card.
Select a Hostname. Do this simply by typing in the provided box and hit
the continue button to proceed. Make sure you pick a unique hostname to
avoid having different computers with similar hostnames on the same
network.
That will help to minimize networking complications. Once you are done
choosing a hostname, hit the Continue button to proceed. On the next
screen, you are going to provide a fully qualified domain name, FQDN.
For most lab environments, this is not necessary unless you wish to join a
domain environment. Let us leave it blank for now. We will click on the
Continue button to move ahead

Setting Up Passwords

The next screen that comes up will prompt you for a root-level password.
In Kali Linux, the default password is toor. I recommend that you create a
new password that is strong, have no traceability to the user and that it
should not be easy to guess. On keying in the password twice, tap the
Continue button to move on to the next step. Are you still with me? Let us
now configure the system clock.

Configuring the System Clock

You will be prompted to select a time zone of your choice, as shown in the
figure below. Choose appropriately and then press the Continue button to
proceed onto the next installation step

Partitioning Disks

We have several ways of configuring partitions for setting up a Linux OS.
We are going to focus on Guided Partitioning, which is the most basic
installation. The figures below display the settings that are normally
highlighted by default. You do not have to select anything till you reach
the figure under partition disks - 5. All you need to do is click on the
continue button until partitioning is complete. Let us take some time and
understand what is happening at each step of the installation wizard.
Below, you will see the various options that you can choose for
partitioning your computer’s hard drives during the installation.

For laptop SD card or thumb drive installation, it is not recommended to
use Logical Volume Management (LVM). Advanced users normally use
LVM for managing many hard drives. The option that you should select is
“Guided - user entire disk.” Hit the Continue button to move onto the next
step of the installation process. The figure below will indicate which drive
has been picked for installation. Click on Continue to proceed.
Partition disks - 2.
If you are a new Kali Linux user, select the option “All files in one
partition (recommended for new users).” This is the best option for you.
Hit the Continue button to proceed with the installation.
Partition disks - 3.
Keep clicking on the continue button to advance the installation.
Partition disks - 4.
The wizard will take you through the above steps and present you with a
screen for your review. Now, a partition having all the system, scripting,
and user files, known as the primary partition, will be created as a single
partition. A second partition will be made for swap space. This is a virtual
memory in the system that is used for paging files to and from the
computer’s random-access memory and the central processing unit. It is
recommended that all systems running Linux have a swap area. The
common practice is to configure the swap area be one and a half times or
even equal to the amount of the computer’s installed physical randomaccess memory (RAM).
You will come to a screen looking like this.
Partition disks - 5.
From the figure above, you will be asked to “Finish partitioning and write
changes to disk.” Pick the Yes option and click on the Continue button to
proceed with the installation process. Take note that that will be the last
chance you will have to review your partitioning options prior to the
installation of the operating system on the hard drive. Should a need to
amend the sizes of the partition arise in the future, it is still possible to do
that. However, changing the partition sizes can destroy your operating
system if it is not carried out properly.
Installation in progress.
The partitioning of the hard drive and installation will begin after you
click continue (at the figure at partition disks – 5). The installation can
take an hour or even a few minutes depending on your computer’s
hardware.

Setting Up the Package Manager

This is the update repository where your operating system will derive its
security patches and updates from. As such, the package manager is very
important in the functioning of the operating system. You can use the
network mirror, which comes together with the Kali Linux image. It is
recommended to use it since it contains the latest for package management
sources. A “YES” option will be picked for you by default, as shown in the
figure below. Proceed with the installation process by clicking on the
Continue button

Suppose you are utilizing a proxy; you will need to input the configuration
information on the next prompt the installation wizard will bring up. You
can leave it blank as below. Hit the Continue button to proceed to the
installation of the GRUB loader.

Install the GRUB Loader

GRUB is an abbreviation for Grand Unified Bootloader, and it is the main
screen you will see each time you start the computer. GRUB provides a
platform where a user can verify specific settings during the booting up,
make changes where it is necessary and adjust settings prior to the loading
of the operating system. GRUB is highly recommended for most Linux
installations even though there are advanced users who do not necessarily
need it. The figure below indicates that “YES” has been picked for you to
install the GRUB. To advance to the next installation stage, click on the
Continue button.
Installing the GRUB loader.
Completing Installation for Kali Linux
Your installation will now be complete. Take out the optical disk or flash
drive from the computer and reboot. The computer will prompt you to
reboot. Select the Continue button to complete your installation. See the
figure below. Upon rebooting, you will be met with a welcome screen
requiring you to log in. Use the credentials you set up earlier. That will be
it. Welcome to Kali Linux!
Completing the installation

Why You Should Use Kali Linux

As we have said before, Kali Linux comes with just about every tool preinstalled that can be used for any of the above purposes. It is for this
reason that Security Auditors, Forensics Investigators, Penetration Testers
and Researchers prefer it. 
Kali can be used in the breaking of WiFi networks, to hack websites and
networks, to run Open Source Intelligence on an entity, among others. Kali
Linux possesses tools that can be used for forensic investigation besides
ethical hacking. This is becoming an equally essential branch of security
that primarily collects evidence, analyze it and uses the results to
backtrack Cyber Criminals. Forensic Investigation makes it possible to
locate and eradicate malicious effects emanating from malicious
activities. It also comes in handy in the calculation and management of
loss that occurs after a Cyber Attack. A key feature in Kali is the stealth
Live mode mostly used in forensics and that it does not leave traces
(fingerprints and footprints) on a host’s system.

The Terminal

The very initial step in using Kali is to open the terminal, which is the
command-line interface we’ll use in this book. In Kali Linux, you’ll find
the icon for the terminal at the bottom of the desktop. Doubleclick this
icon to open the terminal or press CTRLALTT. The terminal opens the
command line environment, known as the shell, which enables you to run
commands on the underlying operating systems and write scripts.
Although Linux has many different shell environments, the most popular
is the bash shell, which is also the default shell in Kali and many other
Linux distributions. To change your password, you can use the command
passwd.

Basic Commands in Linux

To begin, let’s look at some basic commands that will help you get up and
running in Linux.
Finding Yourself with pwd
The command line in Linux does not always make it apparent which
directory you’re presently in, unlike that in Windows or macOS. To
navigate to a new directory, you usually need to know where you are
currently. The present working directory command, pwd, returns your
location within the directory structure. Enter pwd in your terminal to see
where you are:
kali >pwd
/root
In this case, Linux returned /root, telling me I’m in the root user’s
directory. And
because you logged in as root when you started Linux, you should be in the
root user’s directory too, which is one level below the top of the filesystem
structure (/). If you’re in another directory, pwd will return that directory
name instead.
Checking Your Login with whoami
In Linux, the one “all-powerful” superuser or system administrator is
called root, and it has all the system privileges needed to add users, change
passwords, change privileges and so on. Of course, you do not want just
anyone to have the ability to make such changes; you want someone who
can be trusted and has proper knowledge of the operating system. As a
hacker, you usually need to have all those privileges to run the programs
and commands you need, so you may want to log in as root. A Linux user
can see which user they are logged in as using the “whoami” command as
below:
kali >whoami
root
Here, the user is logged in as root.
Navigating the Linux Filesystem
Navigating the filesystem from the terminal is an essential Linux skill. To
get anything done, you need to be able to move around to find
applications, files and directories located in other directories. In a GUIbased system, you can visually see the directories, but when you’re using
the command-line interface, the structure is entirely text-based and
navigating the filesystem means using some commands.
Changing Directories with cd
To change directories from the terminal, use the change directory
command, cd. For example, here’s how to change to the /etc. directory
used to store configuration files:
kali >cd /etc
[email protected]:/etc#
The prompt changes to [email protected]:/etc, indicating that we’re in the /etc.
directory. We can confirm this by entering pwd
[email protected]:/etc# pwd
/etc
To move up one level in the file structure (toward the root of the file
structure, or /), we use cd followed by double dots (..), as shown here:
[email protected]:/etc# cd ..
[email protected]:/# pwd
/
[email protected]:/#
This moves us up one level from /etc. to the /root directory, but you can
move up as many levels as you need. Just use the same number of double
dot pairs as the number of levels you want to move:
You would use .. to move up one level.
You would use .. .. to move up two levels.
You would use .. .. .. to move up three levels, and so on.
So, for example, to move up two levels, enter cd followed by two sets of
double dots with a space in between:
kali >cd .. ..
You can also move up to the root level in the file structure from anywhere
by entering cd /, where / represents the root of the filesystem.
Listing the Contents of a Directory with ls
To see the contents of a directory (the files and subdirectories), we can use
the ls (list) command. This is very similar to the dir command in
Windows.
This command lists both the files and directories contained in the
directory. You can also use this command on any particular directory, not
just the one you are currently in, by listing the directory name after the
command; for example, ls /etc. shows what’s in the /etc. directory. To get
more information about the files and directories, such as their
permissions, owner, size and when they were last modified, you can add
the -l switch after ls (the l stands for long). This is often referred to as the
long listing. See the example below:
Getting Help
Nearly every command, application or utility has a dedicated help file in
Linux that guides its use. For instance, if I needed help using the best
wireless cracking tool, aircrack-ng, I could type the aircrack-ng command
followed by the --help command:
kali >aircrack-ng --help
Note the double dash here. The convention in Linux is to use a double dash
(--) before word options, such as help, and a single dash (-) before single
letter
options, such as –h. When you enter this command, you should see a short
description of the tool and guidance on how to use it. In some cases, you
can use either -h or -? to get to the help file. For instance, if I needed help
using the hacker’s best port scanning tool, Nmap, I would enter the
following:
kali >nmap -h
Unfortunately, although many applications support all three options, there
is no guarantee of the application you are using will. So if one option
refuses to work, please try another.

Finding Files

Until you become familiar with Linux, it can be frustrating to find your
way around, but knowledge of a few basic commands and techniques will
go a long way toward making the command line much friendlier. The
following commands help you locate things from the terminal.
Searching with locate
Probably the easiest command to use is locate. Followed by a keyword
denoting what it is you want to find, this command will go through your
entire filesystem and locate every occurrence of that word. To look for
aircrack-ng, for example, enter the following:
The locate command is not perfect, however. Sometimes, the results of
locate can be overwhelming, giving you too much information. Also,
locate uses a database that is usually only updated once a day, so if you
just created a file a few minutes or a few hours ago, it might not appear in
this list until the next day. It’s worth knowing the disadvantages of these
basic commands so you can better decide when best to use each one.
Finding Binaries with whereis
If you’re looking for a binary file, you can use the whereis command to
locate it. This command returns not only the location of the binary but also
its source and main page if they are available. Here’s an example:
Finding Binaries in the PATH Variable with which
The which command is even more specific: it only returns the location of
the binaries in the PATH variable in Linux. For example, when I enter
aircrack-ng on the command line, the operating system looks to the PATH
variable to see in which directories it should look for aircrackng:
kali >which aircrack-ng
/usr/bin/aircrack-ng
Here, which was able to find a single binary file in the directories listed in
the PATH variable. At a minimum, these directories usually include
/usr/bin, but may consist of/usr/sbin and maybe a few others.
Performing More Powerful Searches with find
The find command is the most powerful and flexible of the searching
utilities. It is capable of beginning your search in any designated directory
and looking for several different parameters, including, of course, the
filename but also the date of creation or modification, the owner, the
group, permissions and the size.
Here is the basic syntax for find:
find directory options expression
Filtering with grep
Very often, when using the command line, you may want to search for a
particular keyword. For this, you can use the grep command as a filter to
search for keywords. The grep command is often used when output is
piped from one command to another.
In the above example, the command will display all the services that are
running and then pipe that output to grep. What grep does is it will search
the received output for the keyword we asked it to look for. In our case, the
keyword is apache2. Grep will go ahead and output only the relevant
results. This command saves time.

Modify Files and Directories

After finding the directories and files you were looking for, you may need
to carry out several operations on them. We are going to learn the creation
of directories and files, copy files, rename files, plus delete the files and
directories.
Creating Files
There are many ways to create files in Linux, but for now, we will look at
two simple methods. The first is the cat, which is short for concatenate,
meaning to combine pieces (not a reference to your favorite domesticated
feline). The cat command is generally used for displaying the contents of a
file, but it can also be used to create small files. For creating bigger files,
it’s better to enter the code in a text editor such as vim, emacs, leafpad,
gedit or kate and then save it as a file.
Concatenation with cat
The cat command followed by a filename will display the contents of that
file, but to create a file, we follow the cat command with a redirect,
denoted with the > symbol, and a name for the file we want to create. Here
is an example:
kali >cat > kalilinux
Hacking with Kali Linux!
File Creation with touch
The second command for file creation is touch. This command was
initially developed so a user could touch a file to change some of its
details, such as the date it was created or modified. However, if the file
does not already exist, this command creates that file by default. Let’s
create newfile using the touch command:
kali >touch newfile
Now when I then use ls –l to see the long list of the directory, I see that a
new file has been created named newfile. Note that its size is 0 because
there is no content in the newfile.
Creating a Directory
The command for creating a directory in Linux is mkdir, a contraction of
make directory. To create a directory named newdirectory, enter the
following command:
To navigate to this newly created directory, do enter this:
Copying a File
To copy files, we use the cp command. This creates a duplicate of the file
in the new location and leaves the old one in place. Here, we are going to
create the file oldfile in the root directory with touch and copy it to
/root/newdirectory, renaming it in the process and leaving the original
oldfile in place:
Renaming the file is optional and is done simply by adding the name you
want to give it to the end of the directory path. If you don’t rename the file
when you copy it, the file will retain the original name by default. When
we then navigate to newdirectory, we see that there is an exact copy of
oldfile called newfile:
kali >cd newdirectory
kali >ls
newfile oldfile
Renaming a File
Unfortunately, Linux doesn’t have a command intended solely for
renaming a file, as Windows and some other operating systems do, but it
does have the mv (move) command. The mv command can be used to
move a file or directory to a new location or to give an existing file a new
name. To rename newfile to newfile2, you would enter the following:
Now when you list (ls) that directory, you see newfile2 but not newfile,
because it has been renamed. You can do the same with directories.
Removing a File
To remove a file, you can use the rm command, like so:
kali >rm newfile2
If you now do a long listing on the directory, you can confirm that the file
has been removed.

Removing a Directory

The command for removing a directory is similar to the rm command for
removing files but with dir (for directory) appended, like so:
It is important to note that rmdir will not remove a directory that is not
empty but will give you a warning message that the “directory is not
empty,” as you can see in this example. You must first remove all the
contents of the directory before removing it. This is to stop you from
accidentally deleting objects you did not intend to delete. If you do want to
remove a directory and its content all in one go, you can use the -r switch
after rm, as shown below:
kali >rm -r newdirectory
Just a word of caution, though: be wary of using the -r option with rm, at
least at first, because it is straightforward to remove valuable files and
directories by mistake. Using rm -r in your home directory, for instance,
would delete every file and directory there, that is certainly not what you
were intending.

Searching for tools/packages

Before you download a software package, you can check whether the
package you need is available from your repository, which is a place where
your operating system stores information. The apt tool has a search
function that can check whether the package is available. The syntax is
straightforward:
Note that we use the apt-cache command to search the apt cache or the
place it stores the package names. So if you were searching for the
intrusion detection system Snort, for example, you would enter the
command shown below.
As you can see, many files have the keyword snort in them, but near the
middle of the output, we see snort – flexible Network Intrusion Detection
System. That is what we are looking for.

Adding Software

Now that you know the snort package exists in your repository, you can
use apt-get to download the software. To install a piece of software from
your operating system’s default repository in the terminal, use the apt-get
command, followed by the keyword install, and then the name of the
package you want to install. The syntax looks like this:
apt-get install packagename
Let us try this out by installing Snort on your system. Enter apt-get install
snort as a command statement, as shown below.
The output you see tells you what is being installed. If everything looks
correct, go
ahead and enter Y when prompted, and your software installation will
proceed.

Removing Softwares

When removing software, use apt-get with the remove option, followed by
the name of the software to remove. An example is listed below.
Again, you will see the tasks being done in real-time, and you will be
asked whether you want to continue. You can enter Y to uninstall, but you
might want to keep Snort since we will be using it again. The remove
command does not remove the configuration files, which means you can
reinstall the same package in the future without reconfiguring. If you do
want to remove the configuration files at the same time as the package,
you can use the purge option, as shown below.
Enter Y at the prompt to continue the purge of the software package and
the configuration files. To keep things small and modular, many Linux
packages are broken into software units that many different programs
might use. When you installed Snort, you installed several dependencies
or libraries with it that Snort requires so that it can run. Now that you are
removing Snort, those other libraries or dependencies are no longer
needed, so they are removed, too

Updating Packages

Software repositories will be periodically updated with new software or
new versions of existing software. These updates do not reach you
automatically, so you need to request them to apply these updates to your
system. Updating is different from upgrading: updating updates the list of
packages available for download from the repository, whereas upgrading
will upgrade the package to the latest version in the repository. You can
update your system by entering the apt-get command, followed by the
keyword update. This will search through all the packages on your system
and check whether updates are available. If so, the updates will be
downloaded. See the example below.
kali >apt-get update
Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.5kb]
Get:2 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64
Packages
[14.9MB]
Get:3 http://mirrors.ocf.berkeley.edu/kali kali-rolling non-free amd64
Packages
[163kb]
Get:4 http://mirrors.ocf.berkeley.edu/kali kali-rolling/contrib amd64
Packages [107kB]
Fetched 15.2 MB in 1min 4s (236 kB/s)
Reading package lists... Done
The list of available software in the repository on your system will be
updated. If the update is successful, your terminal will state Reading
package lists... Done, as you can see above. Note that the name of the
repository and the values, time, size and so on might be different on your
system.

Upgrading Packages

To upgrade the existing packages on your system, use apt-get upgrade.
Because upgrading your packages may make changes to your software,
you must be logged in as root or use the sudo command before entering an
apt-get upgrade. This command will upgrade every package on your
system that apt knows about, meaning only those stored in the repository,
as shown below. Upgrading can be time-consuming, so you might not be
able to use your system for a while.
You should see in the output that your system estimates the amount of
hard drive space necessary for the software package. Go ahead and enter Y
if you want to continue and have enough hard drive space for the upgrade.