Install Kali Linux Full

Posted on by Foster Scotland

My Personal Thoughts of Kali Linux Full on a Raspberry Pi 3 B+ v1.2

Remember in the beginning when I said you could install Kali on an 8gb or 16gb sdcard? This is what I was referencing. If you plan to install all of the Kali Lunix tools or the “Full” version, you will need a 16gb sdcard. I will warn you. I have had terrible experiences doing this with Kali 2018.3 which is designed on Debian. Kali just released 2018.4 in October 2018.

The CPU lags to the point where you spend a great deal of time waiting for your mouse to come back. There is no around it. You can still use the 16gb sdcard, just download the specific Kali tools and dependencies that you are looking for. If you do not know what I am referencing, you will soon enough.

In case you are interested, this is what the full Kali menu looks like.

Install Full Version of Kali

Login using the username ‘root ‘ and the new password you created.

Install Kali Linux Full, and as stated earlier,  based on your internet speed, this could take an additional 4-5 hours.

root@kali:~# sudo apt-get update && sudo apt-get install kali-linux-full

 

Kali on Raspberry Pi3

Posted on by Foster Scotland

Kali Linux on Raspberry Pi3

Materials Needed

  • 1x Raspberry Pi 2/3
  • 1x 8gb or 16gb Class 10 MicroSDHC card
  • 1x MicroSDHC Reader/Writer
  • 1x USB Raspberry Pi 3 Power Supply 5V 2.5
  • Etcher
  • Keyboard, Mouse, Monitor, and Internet Access

High Level Overview

  1. Download kali linux for the Raspberry Pi
  2. Download Etcher
  3. Write the image to the MicroSDHC card
  4. Boot the Raspberry Pi and Login as root/toor
  5. Change the password
  6. Change the hostname
  7. Update and Upgrade
  8. Reboot/Test/Patch if needed/Reboot
  9. Test Kali

Step-by-step Instructions

Disclaimer: Please type all commands below when directed. Copy and paste the code at your own risk. The copied code could contain spaces and/or other HTML characters not suitable for python or bash scripting. 

Step 1 – Download Kali Image

First you will have to download Kali Linux image for Kali Linux RaspberryPi 3 with or out nexmon.

Step 2 – Download Etcher

Next, you have to write the image on the SD card. Connect the SD card to your computer using a micro SD card adapter. Open Etcher and follow the three steps on the screen. When Etcher is done flashing,  eject your SD card. I decided to go with Etcher as it reduced the amount of steps required. I am leaving the other tools as an alternative.

  • Etcher Download – This software is used to flash an image on top an sdcard without the risk of wiping your computers hard drive. Very simple to use.

Step 3 – Power Up and Login 

Carefully insert the sdcard into the sdcard slot on the Raspberry Pi. Connect a keyboard, mouse, monitor to the Pi. Once everything is connected, power up the Pi. If everything the steps you have completed so far are correct, the lights will flash and the Pi will start to boot. Once it has finished booting, you will be asked for a username and password.

  • Default username is ‘root ‘
  • Default password is ‘toor ‘
  • Click on “use default config “

Now connect to the internet. If your computer is near your router I switch, it is best to connect directly with an Ethernet cable for the purpose of speed. You may also connect via wifi the same as you would any other computer.

Step 4 – Connect via SSH (ADVANCED: Optional, however, this is my preferred method.)

Although not required; my preference is to complete the remaining steps from another computer using Putty to ssh into the Raspberry Pi. I have personally had the monitor attached to the Raspberry Pi go black and the mouse unresponsive during this process. If you have to power off the Raspberry Pi due to unresponsiveness, you will have to start over from Step 2. In order to connect to your Pi via Putty, you must download and install Putty, enter the IP or Hostname of your Pi and port 22 is the correct port. To obtain your ip address open terminal on the Pi and type “ifconfig”. There are 5-7 pop-up screens throughout the beginning of the install. These must be answered for Kali to install. Accept the defaults. All other steps may be completed as documented.

Putty

SSH

Step 5 – Change Password

root@kali:~#sudo passwd

Follow prompts on the screen

Step 6 – Change Hostname and Reboot (Optional, but wise!)

root@kali:~#sudo hostname

root@kali:~#sudo shutdown -r

Step 7 – Run an Update and Upgrade (learn more)

root@kali:~#sudo apt-get update&&sudo apt-get upgrade -y

Depending on your internet speed, this could take about 25-45 minutes. When complete run the next command.

root@kali:~#sudo shutdown -r

Step 8 – The “Raspi3-Firmware” Fix

Edit fstab

sudo nano /etc/fstab

Add the code below to the bottom of the file and save

tmpfs /boot/firmware tmpfs rw 0 0

Save and Exit by Pressing Ctrl+O then Ctrl+X

Mount Folder

sudo mount /boot/firmware

If the folder does not mount, simply reboot and compete the last step

Copy Firmware to Boot Folder

sudo cp /usr/lib/raspi3-firmware/* /boot/

Reboot

sudo reboot

At this point you have setup your Raspberry Pi, downloaded an ARM image of Kali Linux, flashed it to an sdcard, booted your Raspberry Pi, logged in and changed the password. Now it’s time to setup a vulnerable Raspberry Pi to pentest and learn a few pentesting tools.

What is Kali Linux?

Posted on by Foster Scotland

Welcome to your very first tutorial on Cyber Security!

Kali Linux is the most popular OS used by Cyber Security experts all over the world. If you want to get into the world of Cyber Security and Ethical Hacking, Kali Linux Installation is the first step. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains hundreds of tools which are geared towards various information security tasks. These task range from Penetration Testing, Security research, Computer Forensics and Reverse Engineering.

Certified Ethical Hacker

Posted on by Foster Scotland

What is a Certified Ethical Hacker?

A Certified Ethical Hacker (CEH) is a computer certification that indicates proficiency in network security, especially in thwarting malicious hacking attacks through pre-emptive countermeasures. Malicious hacking is a felony in the U.S. and most other countries, but catching criminals requires the same technical skills that hackers possess.

About the CEH

The CEH credential is a vendor-neutral certification for information technology professionals who wish to specialize in stopping and identifying malicious hackers by using the same knowledge and tools the criminals use.

Even before the credential was introduced, private firms and government agencies were hiring reformed malicious hackers because they believed that was the best method for securing their networks. The CEH credential takes this a step further by requiring those who earn it to agree in writing to abide by the law and honor a code of ethics.

The credential is sponsored by the International Council of E-Commerce Consultants (EC-Council), a member-supported professional organization. Its goal, according to its website, is to establish and maintain standards and credentials for ethical hacking as a profession and to educate IT professionals and the public on the role and value of such specialists.

In addition to CEH certification, the EC-Council offers several other certifications relevant for network security jobs, as well as those for secure programming, e-business, and computer forensics jobs. Certification proficiency levels range from entry-level to consultant (independent contractor).

How to Become a CEH

Students who have a minimum of two years of security-related job experience can apply for approval to take the EC-Council exam. Those without two years of experience will be required to attend training at an accredited training center, through an approved online program, or at an approved academic institution. These requirements prepare applicants for the exam and help screen out malicious hackers and hobbyists.

As of 2018, the courseware price for the five-day certification course was $850. The application fee for those seeking to bypass the training course was $100, and the exam voucher price was $950.

Courses

CEH Training Program prepares students to take the CEH 312-50 exam. The Onyx IT Group and Stormwind Studios offer a  Certified Ethical Hacker online training course that will immerse students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The Circle of Excellence award recognizes StormWind’s ongoing commitment and significant contribution to the information security community by providing leading information security certification programs. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems.

Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student completes this online training course they will have knowledge and experience in Ethical Hacking.

The 312-50 exam lasts four hours, comprises 125 multiple-choice questions, and tests CEH candidates on the following 18 areas:

  • Introduction to ethical hacking
  • Footprinting and reconnaissance
  • Scanning networks
  • Enumeration
  • System hacking
  • Malware threats
  • Sniffing
  • Social engineering
  • Denial of service
  • Session hijacking
  • Hacking webservers
  • Hacking web applications
  • SQL injection
  • Hacking wireless networks
  • Hacking mobile platforms
  • Evading IDS, firewalls, and honeypots
  • Cloud computing
  • Cryptography

The Job Market

IT security is a fast-growing field, and the U.S. Bureau of Labor Statistics (BLS) projects job growth at a rate of 28 percent for the decade ending in 2026. This is far greater than job growth of 7 percent projected for all professions combined. The median annual wage for IT security analysts, as of 2017, was about $95,000, according to the BLS.

A quick search on Indeed shows that many security jobs require or recommend a CEH credential, so candidates who possess one will be more marketable.

Most jobs that CEH-credentialed professionals pursue put candidates through background checks or more rigid personnel security investigations (PSIs). Security clearances likely will be required at government agencies or private firms with government contracts.

Many of the high-profile stories about ethical hackers involve the biggest companies in technology. Companies like Apple, Google, and others will challenge ethical hackers to break their security measures in order to help them find weaknesses and to make their products safer. They often offer a lot of money to anyone who can find a weakness.

In 2016, Nimbus Hosting listed some of the more famous success stories of ethical hackers. Among them are examples of a security team offering a reward to anyone who could take over an iPhone or iPad, and an anonymous hacker who went by the name Pinkie Pie who helped identify a bug in Google Chrome. Not all of these examples involve professionals following the CEH-certification route, but they show the value companies place on hiring hackers to help shore up network security.

Raspbian

Posted on by Foster Scotland

Raspbian is the Foundation’s official supported operating system. You can install it with NOOBS or download the image below and follow our installation guide.

Raspbian comes pre-installed with plenty of software for education, programming and general use. It has Python, Scratch, Sonic Pi, Java and more.

The Raspbian with Desktop image contained in the ZIP archive is over 4GB in size, which means that these archives use features which are not supported by older unzip tools on some platforms. If you find that the download appears to be corrupt or the file is not unzipping correctly, please try using 7Zip (Windows) or The Unarchiver (Macintosh). Both are free of charge and have been tested to unzip the image correctly.

What’s a Raspberry Pi?

Posted on by Foster Scotland

The Raspberry Pi is a low cost, credit-card sized computer that plugs into a computer monitor or TV, and uses a standard keyboard and mouse. It is a capable little device that enables people of all ages to explore computing and to learn how to program in languages like Scratch and Python. It is capable of doing everything you would expect a desktop computer to do, from browsing the internet and playing high-definition video, to making spreadsheets, word-processing, and playing games.

The Raspberry Pi has the ability to interact with the outside world and has been used in a wide array of digital maker projects, from music machines and parent detectors to weather stations and tweeting birdhouses with infra-red cameras. The goal of the Raspberry Pi Foundation is to see Raspberry Pi’s being used by kids all over the world to learn to program and understand how computers work.

Raspberry Pi Foundation

The Raspberry Pi Foundation is a registered educational charity (registration number 1129409) based in the UK. The Foundation’s goal is to advance the education of adults and children, particularly in the field of computers, computer science, and related subjects.

Raspberry Pi Versions