MK Dynamics

Computer Security - Kali Linux 2.0


Introduction

Kali Linux is a specially designed build of Debian that is tailor made for the computer security community. It is preloaded with tools used by computer security researchers and penetration testers.

Installing the Kali Linux 2.0 Virtual Machine

Download the appropriate ISO image for your machine. This will be run in a Virtual Machine.

Kali Linux 2.0 VirtualBox Setup

Kali Linux was given 2GB of memory, 2 processors and 20GB of hard drive space. It runs snappy and responsive with this setup. You may need more processors or memory if you will be using brute-force password cracker tools (legally of course).

Kali Linux Running in Virtual Machine

After successfully installing Kali Linux onto the virtual hard drive, it is basically ready to run; however, it is better to install the Virtual Box Guest Additions CD image. This will allow you to, among other things, resize the window on the screen and still maintain high-resolution graphics.

Installing VirtualBox Guest Additions for Kali Linux

Navigate to /Devices/Insert Guest Additions CD Image. The CD icon will pop up on the upper left hand corner of the Kali VM window. For some reason, the script you need to run on this "CD" cannot be run directly. It needs to be copied to the VM's harddive and permissions need to be set. This is described very well in the following link:
Kali Linux Install on VirtualBox with Guest Additions
I found using the cp command to be troublesome, so I used the file manager to perform the copy, and the command line to change the permissions. After the guest additions are installed, you need to reboot the virtual machine. Once it boots back up, you will notice an immediate improvement in the graphics quality, and the resolution can now be adjusted.

Testing Internet Connectivity

Run a few simple commands to test the internet connection. Notice that the Ethernet interface MAC address is spoofed, and the IP address is a non-routable NAT address used in LANs. Pings to www.google.com go through the NAT, out of the host computer's physical interface and finally out of the gateway.

Installing Vulnerable WinXP Virtual Machine

Installed a legally purchased copy of WinXP into a Virtual Machine. After installing, I installed the VirtuaBox guest additions. Then, I installed Service Pack 3 so that it is not totally unusable, but no other security patches. This machine is appropriately called "Prison Bagel", since I shouldn't use swear words, and Bagel is a good replacement for the word I really wanted to use. The idea is the hack into this VM nine ways to Sunday using the tools in Kali Linux, and others. It's IP address is shown in the command window.

Firewall and Updates Turned Off

The firewall was intentionally turned off, no updates were performed, and automatic updates were turned off.

Created Super Secret File on WinXP Prison Bagel

A super secret file was created on the Windows XP Prison Bagel virtual machine. This is the file that I want to get access to by hacking into Prison Bagel and downloading it. I will use the Metasploit Framework to exploit known vulnerabilities in an unpatched version of Windows XP SP3.

Used nmap to Find Open Ports and vulnerabilities

Nmap was used to find open ports and information about the target machine.

Loaded Known WinXP Exploit into Metasploit Framework

For information on this known vulnerability see:
MS08-067 Microsoft Server Service Relative Path Stack Corruption

Hack Successful and Meterpreter Started

The IP address of the remote host was set, and the exploit started using default options. The hack is successful and a Meterpreter session is started. Basically, the WinXP Prison Bagel is pwned.

Poking Around for the Target File

Using Meterpreter, I can view critical information about target machine. Notice that there are two active users and there is a session started on port 4444 with 192.168.1.12 (the Kali Linux VM).

DOS Shell Started and Directories Changed to Get to Target File

A DOS shell is started from Meterpreter and I change directories using normal DOS commands until I locate my target file. The target file is then printed to the screen for extra lulz.

Target File Downloaded - Mission Accomplished

The target file is downloaded to the local Kali Linux machine. Mission Accomplished.