Kali Linux for Begginer



  • Hi All,
    What is the use of Kali Linux and why it is used for Pentest?What is the speciality of the OS to be used


  • Service Provider

    Kali is a Linux distro built specifically for security and pen testing. It's full of applications set up just for this.



  • @Lakshmana said:

    Kali Linux

    It's the replacement for Backtrack basically.



  • @scottalanmiller said:

    Kali is a Linux distro built specifically for security and pen testing. It's full of applications set up just for this.

    Yeah you could always DIY, and for getting things going it makes things easier. I think overall what bothers me most about the current rise in popularity of pentesting is a lot of pentesters don't have the mindset of what it takes to be a criminal, instead they're goody-goody folks who run through the same check lists as everyone else. I've even met "pentesters" who, even with permission, are afraid to do something that would be otherwise considered illegal or "wrong", even though it's a benefit to their client to see if it will work. People like this should not be doing pentesting. In the same manner if you want to know whether or not your house can be broken into or your car stolen, don't ask a cop, ask a thief.



  • If you want to get into security then Kali is a good way to explore it a bit.

    BEFORE YOU USE IT:

    Make sure you ONLY use it on things YOU OWN

    This is a very stupid way to go to jail.



  • @MattSpeller said:

    If you want to get into security then Kali is a good way to explore it a bit.

    BEFORE YOU USE IT:

    Make sure you ONLY use it on things YOU OWN

    This is a very stupid way to go to jail.

    Yeah, but if you need this warning you shouldn't be using security tools at all 😉



  • @tonyshowoff I disagree, backtrack got me very interested in security long before I knew what I was doing, let alone knew how to use any of it's tools. Trying and failing is a time honoured tradition of our species 🙂



  • @MattSpeller said:

    @tonyshowoff I disagree, backtrack got me very interested in security long before I knew what I was doing, let alone knew how to use any of it's tools. Trying and failing is a time honoured tradition of our species 🙂

    Yes, but you knew it was illegal to gain unauthorised access right? That's my point, if someone has to be told it's illegal, then maybe they need to join the 21st century before getting deeper involved in security or exploring.


  • Service Provider

    @MattSpeller said:

    Trying and failing is a time honoured tradition of our species 🙂

    I don't think we'd say that if we were talking about shoplifting or breaking and entering. Pen testing is closest to breaking and entering (since just a pentest doesn't actually involve stealing anything.)



  • @scottalanmiller said:

    I don't think we'd say that if we were talking about shoplifting or breaking and entering.

    Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.



  • @scottalanmiller said:

    @MattSpeller said:

    Trying and failing is a time honoured tradition of our species 🙂

    I don't think we'd say that if we were talking about shoplifting or breaking and entering. Pen testing is closest to breaking and entering (since just a pentest doesn't actually involve stealing anything.)

    As far as the law is concerned, computer cracking is just this side of murder, you don't even have to break anything and you can get more time in prison than most rapists or murders get, and plus also more fines than you can imagine, especially because a lot of companies base their losses on the overall value of what (if anything) was stolen, rather than any actual monetary loss. For example, Sun claimed that Kevin Mitnick lost them something like $1.4 billion, and they calculated that based on how much they thought SunOS was worth, though later on they gave it away for free so, I'm not sure what that's about.


  • Service Provider

    @MattSpeller said:

    Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.

    Yes, but practicing lock picking doesn't require the caveat of "don't break into other peoples' houses." We assume that people know not to do that. If they don't, they shouldn't have lock picks.



  • @MattSpeller said:

    @scottalanmiller said:

    I don't think we'd say that if we were talking about shoplifting or breaking and entering.

    Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.

    Most good pentesters are more social engineers than hackers/crackers, or rather it's used more. I used to do a lot of pentesting, and it's a service our company still provides, and it's not hard to get a 100% success rate when it comes to convincing people to do things. These days, though, it can be harder to find something with a port scan and metasploit. A lot of pentesting shops are a joke though, and are, like I said, goody-goody dorks who don't really understand what they're doing. Many maybe will do some basic software checks (passwords, updates, other things) and call it a day.

    There's a lot of good firms/groups out there, but a lot of these doofy "ethical" hacker programs and certifications (lol, it's like a letter from your mom proving you're a hacker) are really just the ITT Tech version having the knack to find the holes or convince someone to do something for you.



  • @scottalanmiller said:

    @MattSpeller said:

    Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.

    Yes, but practicing lock picking doesn't require the caveat of "don't break into other peoples' houses." We assume that people know not to do that. If they don't, they shouldn't have lock picks.

    My wife is our resident lock picker, my hand isn't steady enough at all. STUPID PINS, MOVE OUT OF THE WAY, GOD I HATE YOU, I HATE YOU! and also she's good at safe cracking, though not as well as lock picking, though it's something she's working on.



  • @scottalanmiller said:

    Yes, but practicing lock picking doesn't require the caveat of "don't break into other peoples' houses." We assume that people know not to do that. If they don't, they shouldn't have lock picks.

    I suppose I didn't assume 😛