How safe is your network? – Kali Tutorial
One of the best ways to test your security is to try to tear it apart, and you can do just that with Kali Linux…
Security is something that everyone needs to be aware of and something that everyone needs to deal with. While you can go out and collect a number of tools and utilities to help you out, there is an easier path. There are several Linux distributions out there that provide an entire suite of tools to fit your security needs. One of the more popular ones is Kali Linux (originally BackTrack). There are other ones, like BackBox or Lightweight Portable Security, which may fit specific needs better. You can run these off of a bootable DVD or USB drive, allowing you to run forensics on a compromised machine. Alternatively, you could install it on a box and set it up on your network for a more permanent security solution.
In this tutorial, we’ll use Kali Linux to go through one possible set of steps to analyse and test your local security. We will only be able to cover a subset of all of the tools available in Kali Linux, but you will learn some basic techniques to monitor your systems and to test your defences of them.
Step by Step
Download and install
The first step is to get a copy of Kali Linux to work with. The main download page provides downloads in several different formats and for several different architectures. The usual thing to do is to download an ISO and either burn it to a CD or create a bootable USB drive.
One cool extra that Kali Linux provides is the ability to take a look at your hardware before booting up. It is always a good idea to get a lay-of-the-land look at the hardware you want to investigate. This is a boot option when you start up Kali.
One of the first things to do is to find out who, or what, is on your network. Netdiscover gives you a tool to do IP address mapping on your network. This is especially useful on Wi-Fi networks that aren’t using DHCP.
Once you have a list of hosts, then you will probably want to look at what kind of communication is happening. Tcpfl ow will monitor the traffi c occurring on your network and construct conversations that you can analyse to see what your network is being used for.
Once you know what kind of conversations are occurring on your network, you may be interested in finding out what routes those conversations are taking. Intrace gives you a traceroute-like listing of packet paths by looking at the TCP packets fl owing on your network.
After identifying the hosts on your network, you will probably need to see what ports are open on them, and what OS is running there. The go-to application for this is Nmap. The usual GUI front-end used for Nmap is Zenmap.
Now we need to start poking at security. Microsoft is always a punching bag when it comes to security, and SQL Server is no exception. Most corporate networks use Microsoft software, so you need to test how they
are configured. Sqlninja is the tool to beat on SQL Server, using techniques like SQL injection.
Another service that can prove to be a weak point in your systems is SMB, or Samba file sharing. The utility acccheck can be used to run a dictionary attack on account passwords, trying to break through Windows authorisation.
If you do find a machine that you think may have been compromised, you want to be careful when you try to investigate it. Kali Linux provides a forensics mode on bootup that simply boots up and leaves all local drives unmounted and untouched. That way, you can run tests without changing the state of the system.
Offline password cracking
One of the things you will want to investigate is if the machine has been compromised due to weak password selections. There are several tools that can be used to try to crack password hashes. Most of these, like
John the Ripper, use dictionary attacks to dig out passwords.
In some cases, the machine in question may be too important to leave offline. In these cases, the only option is to make an image of the drive to investigate later before rebuilding. Guymager is one of the tools available to make images for this purpose.
One of the tings you will need to look for during an investigation is whether a rootkit has been installed, providing a back entrance to the bad guys. One of the tools you can use to do this is chkrootkit. This utility looks for evidence of common rootkits used for taking over machines.
One aspect of security that gets neglected is the social aspect. All of the security in the world won’t help if your users aren’t computing safely. Kali Linux provides a social engineering toolkit that you can use to do things like trying out spear-phishing attacks.
Along with testing the social aspect, you also need to test the security of the machines to find any holes. You do this by trying known exploits. Luckily, there is a database full of known exploits online.
The usual tool used to test a system is Metasploit, which provides a full framework for putting together complete attack vectors. These include intrusions, compromises and channels to allow for remote access of a compromised machine. Within Kali Linux, there are menu items that allow you to start up the Metasploit server. There’s also an entry to grab a dump of diagnostic logs, in case you run into issues. Metasploit runs in a client-server model, so once you start up the server, you will need to connect with a client in order to try some exploits against the machines that you are responsible for.
One of the graphical interfaces available to you is Armitage. If you have already started Metasploit, then you can tell Armitage to connect to this already-running server. Otherwise, Armitage can start up a new
Metasploit server for you to play with.
Once you have your network secured, that is only the beginning. You need to keep up with what is happening on your system. The p0f tool passively monitors a network to see what machines exist and what OS they run, without letting them know that you are listening.
One set of tools that Kali provides that is unique is the ability to test other hardware. There are tools to poke into Android devices, Bluetooth protocols and Arduino systems.
DDMS is a debugging monitor that gives you low-level access and control of Android machines. You simply need to plug your device into a USB port, start up DDMS and check out what is happening on the device. You do need to install an SDK for a specific version before starting.
Android exploits – apktool
Once you have your Android device attached, you can run various exploits to get root access. These vary, based on what kind of hardware your Android is running on. One type of exploit may need apktool, in order to open and edit the APK files on your Android device.
You also have another possible security hole. The Bluetooth protocol is used for mice, keyboards and other bits of hardware. But security was never really thought of in any major sense. Kali Linux provides several tools to look at the Bluetooth signals travelling around.
Install on ARM
Support from the Kali developers has provided for an ARM architecture version. You can find it on the main download page. There are even instructions on how to install it on a Galaxy Note 10.1 device, including an
Hopefully, if you follow these steps, you can start to get a handle on the security needs for your system. This is only a start, though. There are lots more tools available in Kali Linux than we covered here, so don’t be afraid to check out what else is available.