Kali Linux - A Beginners Guide

Whether you are brand new to the field of Cybersecurity, or a seasoned professional; there are a few things we can do after installing Kali Linux on our devices. As a rule, Kali Linux is very diverse; there are images out that are a “lite” version with no Wi-Fi tools included, or the image may be outdated. The following “guide” of sorts will ensure that you have the most updated image and all the tools needed to dive in headfirst.

Begin a FREE Kali Linux Fundamentals Course >>

1. Install Git

One of the first things you want to do is to install Git on your new distribution. Now, you might be saying “Git is for developers” or something along those lines, but rest assured that we are not using Git for development. We are using it to download code samples from various repositories. You can install Git simple and quickly. Go ahead and bring up a terminal window and make sure you are logged in as a root user and use the following command:Apt install gitSimple, right? Moving on. When you input and execute this, you may get a wall of text that say things like python3-watchdog, or openmpi-common, this is okay, once the command has resolved select yes. Once this is done updating and installing, you can test it by going to any repository and using the clone button. This will produce a link you can copy and paste into the terminal to start the cloning process. Use the following command to start the process:Git clone (link copied)With that being done, let the process finish and begin probing.

2. Configure Bash Aliases

Next up, make yourself more efficient by configuring bash aliases with some more frequently used commands. Typically bash aliases are stored in a file that we can update whenever we need to do so. We can use the following command to update our file:Nano ~/bash.aliases and press enter, (this should open a list of aliases) After this is open, go ahead and type:Alias hackwifi=’besside-ng wlan0’ then use control+x to save your new alias. You can test the alias by opening another terminal window and using your alias name and pressing enter. A successful attempt will launch a Wi-Fi attack immediately. A failure well will fail. This is just one alias for a widespread Wi-Fi attack. As you find commands that are useful to you add them to your alias list for easy launching.

3. Setup a new low privileged user

This one is simple. We want to set up this user so that we aren’t constantly logging in as root and making us an attacker’s easy snack. This is also useful in the sense that if we are running software as root, it can take over your computer without any user input. Use the following command to start:Adduser (name of the new user)Once this is completed, you should see the terminal start creating the user, and then it will ask you to enter a password for the user. Choose your password and confirm, then follow that up by completing all the other questions/commands it asks for. After this is done, type the following to add the new user to the SUDO users group:Usermod –aG sudo (account name)This command is exactly as it sounds, it adds the user to the SUDO users group, so if sudo is needed, the account has permission to do so.

4. Install a terminal multiplexer

A terminal multiplexer is a lifesaver. Often enough, you will need to run a script in multiple terminal windows, and it generally makes life a little bit harder. This step will let you use one terminal window and split it into various windows as needed. Use the following command:Apt install tilix (this is the one I use personally, research and find the one that works best for you.)Run the multiplexer by typing its name in the terminal. (That’s it)

5. Install your favorite tools and packages

As it was said before, Kali comes in many flavors. Some are packed to the core with EVERYTHING that Kali has to offer, and others are slimmed down to fit on a 4 GB micro SD card. Check out the following to get a feel for any tools that you may want.Tools.kali.org/kali-metapackages (copy and paste this to reach the site)Once there, check out some of the packages and then copy the package link and use the following command to install the tools:sudo apt update && sudo apt install (metapackage title, which takes a long time to install, be prepared)

6. Install the latest version of TOR

Tor is a fantastic tool for hackers and researchers alike, and this also makes it extremely vulnerable to attack. For this reason, we want to make sure we have the most updated Tor browser available. Use the following command to add the original Tor repo for easy access when another update rolls out:echo ‘deb https://deb.torproject.org/torproject.org stretch maindeb-src https://deb.torproject.org/torproject.org stretch main’ > /etc/apt/sources.list.d/tor.listOnce you have run this and added the original Tor repository, you want to then add the signing key into your keyring using the following command:wget -O- ‘https://pgp.mit.edu/pks/lookup?op=get&search=0xA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89’ | sudo apt-key add –Once this step is done, we can move onto the actual update, invoke it using the following two commands:Apt-get update thenApt-get install tor deb.torproject.org-keyring,With that being done, we can move on to our final step of the guide to get you started with Kali Linux.

7. Change SSH keys & Default Password

If you didn’t set a root password when installing Kali, it is common knowledge that the default password is “toor” (root backward). This is so we can automate attacks fairly quickly, let’s change that to be more secure. First things first, change your directory into your ssh folder by using:cd /etc/ssh/dpkg-reconfigure openssh-serverThis command should output “rescue-ssh.target is a disabled or a static unit, not starting it.”This resets your ssh keys so that should you need to use ssh to control your device remotely. You can be sure that you won’t be a victim of a Man in the Middle attack or any hijacking attempt.   Finally, go ahead and use:passwd (account)(seriously, this is it)Kali will then ask you to input a password of your choice, and then confirm it.While this is not meant to be comprehensive, it does get you up and running fairly quickly and gets you actively playing with the system and OS for further learning.