PDA

View Full Version : Is Kali for me?



mustbemad10
2013-06-13, 15:47
Hi.
I'm 'newish' to this - I've briefly looked @ Backtrack, but never got around to doing anything with it.
So, the point of this thread is to ask you users of Kali whether it would be able to achieve what I am looking at doing with it.

Basically, I am running Win 7, so would either run Kali in a VM or on a liveCD or USB. Do any of these have their advantages?
Once up and running, I have 3 things in my head that I would like to achieve.

The first, having the ability to strip SSL data. Some software tries to connect to a remote server in which then activates the software. I would like to be able to run something like a MiTM attack to read the SSL traffic, and have the ability to pick out certain requests and replies that I can modify so the software thinks the server sends a message saying "activate!". So would the tools within Kali be able to do this? The software would need to run and be installed in a Windows environment though. If so what programs in Kali would I need to look @ learning for this task?

Secondly, have the ability to sit on a network, and sniff a users traffic and pick out passwords and usernames. I am on a small network of a few PCs, iPhones and Androids, so I would like to be able to monitor the traffic from those devices. Are their tools in Kali that would be able to say strip the username & pass from a facebook app running on an iPhone? If Kali can do this, then like above, what programs would I need to look @ learning?

Finally, I'm pretty sure Kali would be able to do this, and that is find WiFi networks passkeys therefore having access to their LAN. Either WEP, WPA or others. Same as above, if Kali would do the trick, then what programs should I learn to use?

A long post, but hopefully some of you lot can shine some light on my situation and give me some useful pointers :)

Punisher
2013-06-15, 00:28
To be able to secure a network learning and understanding how to crack it and find its flaws and weak point will help to build better defenses ... Not sure if the intention is legit, but I have to say that everything asked is possible ... Backtrack is a good environment for that and all tools are there already, u just need to learn how to master them ... as it was already said : some stuff is in here or you can find tons of stuff in youtube. One thing though is that the stripping might be hard to adjust, from a recent experience ... have fun.

Punisher (:-=

leevai
2013-08-03, 10:50
Backtrack 5 wireless penetration testing is a good book to lurn the basics of backtrack (and kali of course). the book explains the basics of getting started, using wireshark, airmon, airodump, aireplay, aircrack, airbase, cracking WEP/WPA/WPA2, creating rogue acces points, MITM attacks, caffe latte attacks, hirte attacks and a lot of challenges.
Took me 6 weeks of study to finish the book succesfully and started from 0.
also buying a good wireless wifi card is an improvement to succes. The book sugests an alfa awus036H and its a fine working card. there are newer models out now but i have no experience with them. Also Having 1 laptop just running kali is a good idea, I would recommend this above a virtual machine and for wireless clients you can use almost anything like iphone, smartphones, tablets, computers etc.. to perform tests on
For a MITM attack page 113 forgets to tell you to run the # ifconfig wireless-bridge up command between step 5 and 6.
For the cracking WPA/WPA2 passwords chapter i believe it would be a good improvement to make your own wordlists with crunch.. (pitty it wasn't in the book) If you don't want to buy the book you can download it in pdf format and print it out. its about 220 pages.
Don't know if this is usefull for you but it was very usefull to me.
friendly regards and a big handshake

jackpwns
2013-08-05, 13:39
Kali is certainly able to do all that, but it's all going to be about how hard you're willing to work for it. I'll be honest, it's not a distro for Linux beginners. I was intrigued by BackTrack and just for laughs played around with it and really really enjoyed it. It's quite convenient to have all the tools you'll need for pen testing in one place. Kali has improved upon this and I think it's an excellent distro for what you're trying to do. I'd say give it a shot, particularly with a live key or VM, what have you go to lose?

As a side note: from personal experience and forum postings, I've noticed some performance issues when running from a USB key in live mode. Read/write speeds of the key are a HUGE factor. I've never done a VM, I just installed directly to the hard drive. After using a USB key (8 GB PNY) I would not recommend it.