Category:Kali
From charlesreid1
Kali Linux is a nice Debian-based security distribution of Linux. It's amazingly flexible, and it works on just about any platform.
This page contains some notes for Kali.
Wifi Data Project
Notes on Wifi Data Project
Notes by Topic
Workflow
An overarching approach to attacks, how they relate to the OSI Model, and procedures to follow for each step in the attack: Kali/Workflow
See also: Kali/Attack Layers
Metasploitable
The Metasploitable virtual machine is a vulnerable Linux box running old software with known vulnerabilities. It is designed as a teaching platform for Metasploit.
This virtual machine makes for great target practice when you are learning how to use Metasploit and Kali Linux.
Booting
Notes on booting to Kali:
Kali/Dual Boot OS X - notes on how I set up a dual boot MacBook Pro with OS X and Kali
Kali/Live USB - how to make a live-boot USB stick for Kali Linux
Installing
Notes on installing Kali
Kali/Installing - page with info on installing Kali Linux
Kali/Post Install - the immediate post-install procedure for Kali Linux
Kali/Fixes - description of various fixes to things, done right after installation and first boot
Kali/Upgrading - upgrading to Kali Rolling
Kali/Shortcuts - useful keyboard shortcuts in Kali
Persistent Live USB
Setting up a persistent Kali Live USB:
Networking
Kali Network Debugging - notes on what to look for and where to check when you are debugging a broken network in Kali
Kali/Wireless - notes on wireless networking in kali...
Raspberry Pi
Getting up and running with a headless Raspberry Pi running Kali: Kali Raspberry Pi/Headless
Using a Raspberry Pi using Kali: Kali Raspberry Pi
Kali Top 10
The Kali Top 10:
- Aircrack - wireless network tool
- Wireshark - general networking and packet capture tool
- Hydra - SSH brute force tool
- John the Ripper - password cracking tool
- Nmap - port scanning tool
- MSF (Metasploit Framework) - all-in-one framework for exploits and exploit scripting
- Sqlmap - sql server scanning tool
- Burpsuite - proxy server that allows tampering with network traffic/payloads/headers
- OWASP Zap - ??
- Maltego - ??
Honorable mentions:
Wordlists
There are some wordlists that come packaged with Kali: Kali/Wordlists
There are other resources on the internet related to wordlists:
Red Team
Some red team topics:
 |
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
Blue Team
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|
Notes by Date
Summer 2015
Kali 2015-06-17 - ssh server, dotfiles
Kali 2015-06-18 - user accounts, dotfiles
Kali 2015-07-24 - dual boot kali and mac os x on a macbook pro, and debug network problems
Kali 2015-07-25 - fixing Kali wired network, failing to fix Kali wireless
Kali 2015-07-26 - Kali on a Raspberry Pi
Kali 2015-07-27 - Kali wireless FIXED
Kali 2015-07-28 - WEP cracking
Kali 2015-07-29 - WPA cracking
Kali 2015-07-30 - WPA cracking (success)
Kali 2015-07-31 - aircrack and john
Kali 2015-08-01 - aircrack and john, arp poisoning
Kali 2015-08-02 - Pyrit on AWS, arp poisoning
Kali 2015-08-03 - wireshark, reverse SSH with Raspberry Pi
Kali 2015-08-15 - debugging wireless with Kali 2.0
Kali 2015-08-16 - Python wireless tools
Kali 2015-08-18 - John the Ripper working in Kali 2.0
Kali 2015-08-21 - Widy gadget and Wireless/Python scripting
Kali 2015-08-24 - Evil Twin attack configuration, and Man in the Middle/Evil Twin attack (no success)
Kali 2015-08-25 - Man in the Middle with Ettercap, taking wireless out of the picture. (no success)
Kali 2015-08-27 - Man in the Middle with dsniff
Winter 2016
Kali 2016-03-11 - notes/planning
Kali 2016-03-12 - more planning, networking
Spring 2016
2015-04-10 - capture the flag project - topics, scaling, multiple people
Summer 2016
July 2016 - notes on projects in July
Winter 2022
Flags
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|
|
|
Attack Layers pages addressing attack vectors, tools, and methodologies for each layer of the network stack.
1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks
Template:MITMFlag · Template:DoSFlag · Template:MetasploitableFlag Category:Attacks · Category:Kali Attack Layers Flags · Template:KaliAttackLayersFlag · e |
|
|
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |
|
|
Denial of Service denial of service attacks for denying users access to resources that they are otherwise entitled to access.
DoS at Layers 1 and 2: CAM Table Overflow/MAC Flood: DoS/Mac Flood CAM Table Poisoning: DoS/Cam Poisoning
DoS at Layers 3 and 4: Syn Flood: DoS/SYN Flood Smurf Attack (Ping Flood): DoS/Smurf Attack DNS Attacks: DoS/DNS DNSSmurf Attack: DoS/DNSSmurf Wormhole Attack: DoS/Wormhole Attack Black Hole Attack: DoS/Black Hole Attack Byzantine Attack: DoS/Byzantine Attack Sleep Deprivation Attack: DoS/Sleep Deprivation Attack Stale Packets: DoS/Stale Packets
Toolz: Hping · Macof · Tcpnice · Hammer · Tors Hammer
Category:DoS · Category:Attacks · Category:Kali Attack Layers Flags · Template:DoSFlag · e |
Subcategories
This category has the following 7 subcategories, out of 7 total.
Pages in category "Kali"
The following 191 pages are in this category, out of 191 total.
A
G
I
J
K
- Kali 2.0/John the Ripper
- Kali 2.0/Wireless Debugging
- Kali 2015-06-16
- Kali 2015-06-17
- Kali 2015-06-18
- Kali 2015-07-24
- Kali 2015-07-25
- Kali 2015-07-26
- Kali 2015-07-27
- Kali 2015-07-28
- Kali 2015-07-29
- Kali 2015-07-30
- Kali 2015-08-02
- Kali 2015-08-03
- Kali 2015-08-16
- Kali 2015-08-18
- Kali 2015-08-21
- Kali 2015-08-24
- Kali 2016-03-11
- Kali 2016-03-12
- Kali Network Debugging
- Kali Raspberry Pi
- Kali Raspberry Pi/Headless
- Kali Raspberry Pi/Headless SSH Problem
- Kali Raspberry Pi/Headless Walkthrough
- Kali Raspberry Pi/Installing
- Kali Raspberry Pi/Installing Version 1
- Kali Raspberry Pi/Post Install
- Kali Raspberry Pi/SSH
- Kali Raspberry Pi/Startup Services
- Kali Raspberry Pi/Tcpdump
- Kali Raspberry Pi/WirelessRouter
- Kali Top 10
- Kali/Annoyances
- Kali/Anonymous Browsing/Broken
- Kali/Attack Layers
- Kali/Change Mac Address
- Kali/Custom ARM Image
- Kali/Dual Boot OS X
- Kali/Fixes
- Kali/Git/WifiListen
- Kali/HackRF
- Kali/Hotspot
- Kali/Hotspot/Short
- Kali/IPv6
- Kali/Keyboard
- Kali/Layer 1 Attacks
- Kali/Layer 2 Attacks
- Kali/Layer 3 Attacks
- Kali/Layer 4 Attacks
- Kali/Layer 5 Attacks
- Kali/Live USB
- Kali/Moving Root Partition
- Kali/Moving Usr Partition
- Kali/Nethunter
- Kali/OpenVPN
- Kali/OpenVPN/DNS
- Kali/OpenVPN/Hotspot
- Kali/OpenVPN/PIA
- Kali/Persistent USB
- Kali/Post Install
- Kali/Rubber Ducky
- Kali/Shortcuts
- Kali/Upgrading
- Kali/Wireless
- Kali/Wireless Again
- Kali/Wireless Reboot
- Kali/Wordlists
- Kali/Workflow
- Template:KaliAttackLayersFlag
- Template:KaliFlag
- KaliTools
M
- Macof
- Metasploitable
- Metasploitable/Apache
- Metasploitable/Apache/DAV
- Metasploitable/Apache/Python
- Metasploitable/Apache/Tomcat and Coyote
- Metasploitable/Defenses
- Metasploitable/Defenses/Detecting
- Metasploitable/Defenses/Stopping
- Metasploitable/DNS Bind
- Metasploitable/Dumping Memory
- Metasploitable/John Shadow File
- Metasploitable/Memory
- Metasploitable/MySQL
- Metasploitable/NFS
- Metasploitable/Post
- Metasploitable/Postgres
- Metasploitable/SSH/Brute Force
- Metasploitable/SSH/Exploits
- Metasploitable/SSH/Keys
- Metasploitable/Volatile Data Investigation
- Metasploitable/VSFTP
- Template:MetasploitableBlueTeamFlag
- Template:MetasploitableFlag
- Template:MetasploitableRedTeamFlag
- Meterpreter
- MITM/ARP Poisoning
- MITM/Evil Twin
- MITM/Evil Twin with Ettercap
- MITM/Wired/MAC Flood
- Mitm6
- Mitmproxy
- MSF
- MSF/Wordlists
- Template:MSFlag