Hacking with Kali Linux

Things To Do After Installing Kali Linux

Things to do after installing Kali Linux

Today we are resuming our “Hacking with Kali Linux” series. So far we have covered the content of the series and how to install Kali Linux. There are various ways we can install & use Kali Linux and we have included them all in the last article.

Once Kali Linux is successfully installed, there are a few things that you need to do and understand before moving forward.

Important notice

Kali Linux is the greatest OS when it comes to pentesting or hacking. Currently, it has over 600 penetration testing tools installed and many more useful tools available in the repositories. With these many tools, we can not perform tests or attacks on other networks, devices, or websites without the owner’s written permission.

In this series, you will learn to perform network attacks, crack wifi password, exploit vulnerabilities to gain access to a website, and a whole lot more. But, none of these actions can be performed without the owner’s permission.

Performing attacks on other networks, websites, and devices is illegal and can cause legal trouble for you. Always perform tests in the local environment that we will build later in this article.

I hope you understand the rights of other human beings. Even after that, if you decide to perform any tests on others’ property, you’ll be solely responsible for your actions. LinuxAndUbuntu will not be responsible for that. The purpose of this series is not to produce hackers who ruin others’ lives but to spread knowledge to improve the security of their own applications or network.

With that being said, let’s start with the first step after installing Kali Linux.

Upgrade to a faster Kali repository

If you set up a repository during the installation and it’s working fine for you, then skip this step. But many people knowingly or unknowingly skip the step and as a result, they can not install or update any package.

In my case, I set up the repository during the installation but the download speed from that repo is so slow that it may take hours to download packages.

Luckily, the Kali team has got it for us. There are several repositories across the World and we can set up the one that’s closest and fastest for us.

To get the faster repository for your location, visit the official mirror list here. It’ll provide you a list of repositories and you can select the one that’s closest to you. Copy the repo URL that looks like this –

https://kali.download/kali/

Now open the terminal and type the following command –

sudo apt edit-sources

Now, replace the repository URL with the new URL. For me, https://kali.download/kali is the fastest. So I have placed it right after deb and leave rest as it is.

deb http://kali.download/kali kali-rolling main non-free contrib
Update Kali Linux repository
Update Kali Linux repository

Update Kali Linux

Kali Linux is updated regularly. As I said it has over 600 tools so it has to be updated regularly.

To update Kali Linux, open terminal and use apt to update the system.

Update Kali Linux
Update Kali Linux
sudo apt update
sudo apt upgrade

The above two commands will check for new updates and install them automatically.

Get familiar with the interface & basic tools

Xfce is the default desktop environment of Kali Linux. Xfce is known to be lightweight and fast on even old computers. If you have ever used Xubuntu, you should not have any trouble with it. If you prefer to use other desktop environments such as Gnome, mate, and KDE, it can be done during the installation.

When you’re installing Kali Linux, it provides an option to select what desktop environment to install. If you downloaded Kali virtual image, then it’s pre-configured with Xfce. In order to change desktop environment after the installation or in a virtual image, you will have to manually install the desktop environment from the repository.

Here is how you can install another desktop environment after Kali Linux is installed –

sudo apt install -y kali-desktop-{desktop environment}

For example, to install gnome, replace {desktop environment} with gnome.

sudo apt install -y kali-desktop-gnome

For other desktop options available, please refer to this article. It has the list of desktop environments that are currently available in the Kali repo.

Notice

I do not recommend installing a desktop environment alongside the other one. Currently, all your applications are configured to work with Xfce, and installing a new desktop environment will cause configuration conflicts.

If you want to install your preferred desktop environment, then install Kali Linux as a host, not in a virtual machine, and choose your favorite desktop environment during the installation process.

Secondly, Kali Linux is based on Debian testing. Most of the packages in Kali Linux are imported as-is from the Debian repository. If you have used Debian or Ubuntu, then you should already be familiar with the Kali environment. Most of the tools including package manager are common between Kali and Debian.

root account

Many times when performing different tests, you may come across a permission denied error. When you are running a command, you should know if you’re running it as a root account or a simple user account.

Executing a wrong command with root privleges can cause major problems.

It is recommended to login as a normal user and switch to the root account when needed. Or, use the sudo command to gain root privileges.

Kali user account
Kali user account

To log in as a root user, type sudo su. It’ll ask for the sudo password and log you in as a root user.

Log in as root user
Log in as root user

Install Testing Framework

The most important step in learning Ethical hacking is to practice everything you learn. Executing any command on other websites or computers may cause legal trouble for you. But we have a solution.

We can install a testing framework on our own computer and perform any tests we want. It is legal and the framework will allow us to perform various types of tests. A testing framework is simply a vulnerable application or set of applications that are built to practice ethical hacking.

There are many vulnerable testing frameworks available but, we are going to use DVWA. DVWA is set up as a simple web application. There are many other vulnerable testing frameworks that are much bigger and even come as a separate virtual image.

DVWA stands for Damn Vulnerable Web Application, built with PHP and Mysql, it will require a web server and a mysql server. I have installed Kali Linux as a host operating system and Windows 10 as a guest. I will set up DVWA on my Windows machine.

DVWA Requirements

  • Web server
  • PHP
  • MySQL Server

In short, it requires XAMPP or LAMPP. We can simply install XAMPP on our Windows computer and it’ll provide all the above packages required for DVWA.

Download XAMPP and follow the simple installation wizard to install it. Once installed, it’ll open the XAMPP control panel.

XAMPP control panel
XAMPP control panel

Finally, click ‘Start’ button next to Apache and MySQL. It will spin up the apache web server and mysql database server. Next, create a database for DVWA.

Open phpmyadmin in web browser. URL – localhost/phpmyadmin

Now create a new database called ‘dvwa’. The database name does not have to be ‘dvwa’ but it makes it stand out if you have many databases.

Create new database
Create new database

Download DVWA

Now that our system is ready to install DVWA, we can download it and start the installation.

Extract the downloaded zip files in the server directory that exists at C:\xampp\htdocs. Rename the folder from DVWA-master to dvwa to make it shorter and easier to type.

Now copy the file config.inc.php.dist located under dvwa/config/config.inc.php.dist and rename it config.inc.php. Open config.inc.php and enter the database user and password.

By default, XAMPP creates a root user without any password. So type the user as root and leave the password blank.

DVWA config
DVWA config

Make sure you have entered the correct database user and password. After that, set up dvwa from the web browser. Remember that we renamed DVWA-master to dvwa. Now from the web browser, open localhost/dvwa/setup.php. It will open the following page –

Setup DVWA in Windows
Setup DVWA in Windows

Database Setup screen shows settings currently enabled on your XAMPP server. Settings in red are not enabled. For me, the only setting that’s needed to be enabled is allow_url_include. To enable it, open php.ini file either from the XAMPP control panel or from C:\xampp\php\php. If you have other settings disabled, find them in php.ini and enable them.

Search for allow_url_include and change its value to ‘On’. Restart the server reload localhost/dvwa/setup.php.

DVWA setup
DVWA setup

Finally, click ‘Create / Reset Database’ and it’ll create the database and redirect to the login page.

DVWA create database
DVWA create database

The default username and password for DVWA is admin and password.

DVWA login panel
DVWA login panel

DVWA welcome screen.

DVWA
DVWA

That’s it. Damn Vulnerable Web Application is set up successfully. Remember, this application is extremely vulnerable, so you should never set it up on a cloud server. If are have set it up on your computer, anyone connected to your network can exploit vulnerabilities in DVWA. So keep this in mind and don’t expose this machine to the Internet.

Conclusion

That’s great! We have set up the hacking environment. From now on, whatever we learn, we can practice in a safe and local environment. If you have any problem understanding anything we discussed/set up above, let me know in the comment section. Or join our discord server.



LinuxAndUbuntu hosting is sponsored by massiveGRID

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this. Thank you! Ok Read More