Hey boys and girls,
On this part of guide you will be able to see and repeat the installation of a debian-based operating system called Kali Linux and to learn some about:
- x86 & x64 architecture
- Create a VM
- Installation of Kali Linux
- LUKS encryption
- 8.GHDB & Kali Overview
VirtualBox - https://www.virtualbox.org/
Kali Linux - https://kali.org
- MD5 & SHA Checksum Utility - https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/
For this guide I chose to use Kali Linux from Offensive Security.
Visit this link. You will be redirected to the site where you will be able to download the OS.
I recommend you to use VBox/VMware to become familiar with the OS before installing it on a hard drive.
As you can see, there are a lot of different versions we are able to download. So which one do we need?
1 . x86 & x64
First of all, what does 32bit and 64bit version mean?
The number of bits tell us which architecture of the CPU this is and how much (Virtual) Random Access Memory ((V)RAM) your CPU will be able to access using the registers.
We will talk about the architecture in more detail later in the Buffer Overflow Chapter of this Guide. But now you just have to know what it means if we are talking about x86 and x64 architectures.
On the 32bit (x86) OS - your CPU will be able to access 32 bits (2³²) > ~4.000.000.000 Bytes > 4096 MB > ~4 GB of your RAM which is separated into 2 GB of user space that the application/program can actually use at a time.
On the 64bit (x64) OS > 2048 PB (in theory)
I chose the “Kali Linux 32 Bit”.
Download this Image now and don’t close this site. We will need the SHA256Sum.
[ EX-1 ]: Find out why I chose the 32bit one by using Google-Search and read materials about the CPU architecture while you’re downloading this image.
Didn’t I say you have to work on your own at first time?
If you don’t have VirtualBox downloaded and installed already then do it right now. https://www.virtualbox.org/
What does SHA256Sum mean? Let us break this word in its parts. SHA stands for Secure Shell Algorithm and the 256 is the length (bits) which are used for. Sum (from Checksum) is a datum from a digital block of data. In other words, its like a fingerprint. So the SHA-256 is a part of cryptography and we will use this 256bit hash to verify the data integrity of the Image we downloaded before. This hash verify the originality of the image. We will use the program called SHA256Sum to check this hash.
[ EX-2 ]: Find out how SHA256 works. You don’t have to know everything about it yet but feel free if you want to.
So after downloading the image, let us check the hash.
Lets copy the hash from the website to a simple txt file
$ echo 'b541a78a063b6385365ac00248631c4a18c92b8c4e3618db0b1bf751b495149f' > hash.txt
Now we will use the sha256sum-tool to generate the hash of the file we already downloaded
$ sha256sum kali-linux-2018.1-vbox-i386.ova b541a78a063b6385365ac00248631c4a18c92b8c4e3618db0b1bf751b495149f kali-linux-2018.1-i386.iso
We take this generated hash and paste it to an another txt file
$ echo 'b541a78a063b6385365ac00248631c4a18c92b8c4e3618db0b1bf751b495149f' > generatedhash.txt
Now lets compare this two txt files to find out if there are some difference between this two hashes
$ cmp hash.txt generatedhash.txt
I think you’re a little bit familiar using Windows.
[ EX-3 ]: Try to find out how to verify the hash by Google-search.
If the hash doesn’t match you should repeat the process!
Virtualization allows you to simulate multiple environments on a single physical hardware system. There exists a few types of virtualization. But why VirtualBox? I few users of this forum doesn’t like that I am using VBox.
But thats Ok. There is a reason for.
[ EX-4 ]: Find out which types exists. What are the specifications each of them? What are the differences? What can be the reason for to use VBox instead of VMware?
Notice how you’re using Google right now. It’s important because you will use it most differently soon.
5. Create a VM
Let us start to install our Virtual Machine. Open the VBox and click on “New”.
- Give your VM a name you like.
- Set the Type to “Linux” and the Version to “Debian (32-bit)”.
- Reserve more than 2048 MB for RAM to this VM.
- Set the “Create a virtual hard disk now”
In the next step you have to set:
5. “File Location” where your Virtual Hard Disk will be saved
6. “File Size” at minimum of 20 GB
7. “Hard disk file type” to VHD (you will be able to use it later on VMware if you like)
8. “Storage on physical hard disk” to Dynamically allocated.
9. Click on “Create”
Now you have created your Virtual Machine.
But before we can run the installation we have to pre-configure a few settings.
Select your VM you have created a few steps before and click on “Settings”.
Go to “Storage” and select for the storage device “Controller: IDE” (which is empty) the Kali-Image you downloaded.
Click on OK.
6. Installation of Kali Linux
Click on “Start” and we will boot the Kali-Installation.
- After the bootup you will see the kali menu.
- Select the option “Install”.
If you have a message “Unable to boot…” you have to check the “Enable PAE/NX” box in Settings > System > Processor
- Follow the steps by your own until the part of “[!!] Partition disks”
- “[!!] Partition disks”
- “Guided - use entire disk and set up encrypted LVM”
- "SCSI1 (0,0,0) (sda) … "
- "All files in one partition (recommended for new users)"
feel free to separate the partitions if you know what you do.
- < Yes >
- You can pass the Erasing data phase if you want
- Now enter your encryption passphrase.
This passphrase you will need to encrypt your system before it boots completely. So make sure you will be able to remember this phrase!
- “Finish partitioning and write changes to disk”
- < Yes >
Now while the system is installing we will talk about the LVM encryption.
7. LUKS encryption
LUKS stands for “Linux Unified Key Setup” managed by Local Volume Manager (LVM). LUKS saves the information for the encryption of a volume inside the partition header. Without it you won’t be able to access the volume.
[ EX-5 ]: Inform you about cryptsetup. How does it work? Why do we use LUKS? Which benefit do we have? Did you already hear something about “LUKS NUKE” ?
In a few moments I will give you one of the most important skill you will need in the future and I advise you urgent to practice with it. No matter what you will search for. It will improve your searching skills more than you think. It’s called “Google Hacking DataBase”.
Now its your turn.
[ EX-5 ]: This is the main exercise. Take your time to go through it.
1. Learn as much as possible about “Google Hacking Database” and the “Google Dorks”
2. Download the free PDF of “Kali Linux Revealed” from Offensive Security and go through it.
3. Make notes. Draw a Mindmap, Picture or whatever but try to visualize what you are learning.
You don’t need to understand everything at once. First it’s important that you hear and read some words to know how to classify them. Take your time. Still cool and have fun.