Introduction To Security Penetration Using Linux | Beginners To Expert!

Penetration testing is a process of actively evaluating user information security measures. Through systematic operation and analysis, actively discover various defects and weaknesses in the system and network, such as design defects and technical defects. (Source: kalituts)

This chapter will briefly introduce the contents of Linux security penetration and security penetration tools. The main knowledge points are as follows:

  • What is security penetration;
  • Tools required for safe penetration;
  • Introduction to Kali Linux;
  • Install Kali Linux;
  • Kali update and upgrade;
  • basic settings.

What is security penetration

There is no standard definition of penetration testing. The general statement reached by some foreign security organizations is that penetration testing is an evaluation method to evaluate the security of computer network systems by simulating the attack methods of malicious hackers. This process includes active analysis of any weaknesses, technical defects or vulnerabilities of the system. . This analysis is carried out from a location where an attacker may exist, and from this location conditionally actively exploits security vulnerabilities.

Penetration testing is different from other evaluation methods. The usual assessment method is to discover all relevant security issues based on known information resources or other assessed objects. Penetration testing is based on known exploitable security vulnerabilities to discover whether there are corresponding information resources. In comparison, the evaluation method usually has more comprehensive evaluation results, while penetration testing pays more attention to the severity of security vulnerabilities.

There are two methods of penetration testing: black box and white box. Black box testing refers to testing without knowing the infrastructure. White box testing refers to testing with a complete understanding of the structure. Regardless of whether the testing methods are the same, penetration testing usually has two distinctive features:

  • Penetration testing is a gradual and gradual process.
  • Penetration testing is to select an attack method that does not affect the normal operation of the business system.

Tools required for secure penetration

After understanding the concept of penetration testing, the next step is to learn the various tools used for penetration testing. Before doing penetration testing, you need to understand the tools needed for penetration. The tools required for penetration testing are shown in Table 1-1.

Table 1-1 Tools required for penetration

splint unhide scrub
pscan examiner ht
flawfinder srm driftnet
rats nwipe binwalk
ddrescue firstaidkit-gui scalpel
gparted xmount pdfcrack
testdisk dc3dd wipe
foremost afftools safecopy
sectool-gui scanmem hfsutils
unhide sleuthkit cmospwd
examiner macchanger secuirty-menus
srm ngrep nc6
nwipe ntfs-3g mc
firstaidkit-gui ntfsprogs screen
net-snmp pcapdiff openvas-scanner
hexedit netsed rkhunter
irssi dnstop labrea
powertop sslstrip nebula
mutt bonesi tripwire
nano proxychains prelude-lml
vim-enhanced prewikka iftop
wget prelude-manager scamper
yum-utils picviz-gui iptraf-ng
mcabber telnet iperf
firstaidkit-plugin-all onenssh nethogs
vnstat dnstracer uperf
aircrack-ng chkrootkit nload
airsnort aide ntop
kismet pads trafshow
weplab cowpatty wavemon

Due to space reasons, only some tools are listed here. The tools required for penetration testing can be found in various Linux operating systems, and then these tools are installed manually. Due to the complexity of the tools, installing these tools will become a huge project. In order to facilitate users to carry out infiltration work, some people pre-install all tools on a Linux system. Among them, the typical operating system is Kali Linux used in this book.

This system is mainly used for penetration testing. It comes pre-installed with many penetration testing software, including nmap port scanner, Wireshark (packet analyzer), John the Ripper (password cracking) and Aircrack-ng (a set of software for penetration testing of wireless LANs). Users can run Kali Linux via hard disk, Live CD or Live USB

Introduction to Kali Linux

The predecessor of Kali Linux was the BackTrack Linux distribution. Kali Linux is a Linux distribution based on Debian, including many security and forensics related tools. It is maintained and funded by Offensive Security Ltd. It was first completed by MatiAharoni and Devon Kearns of Offensive Security by rewriting Back Track. Back Track is a Linux distribution based on Ubuntu.

Kali Linux has 32-bit and 64-bit images, which can be used in the x86 instruction set. At the same time, it also has a mirror based on the ARM architecture, which can be used for Raspberry Pi and Samsung’s ARM Chromebook. Users can run Kali Linux operating system through hard disk, Live CD or Live USB.

Install Kali Linux

The installation process of Linux has been very “easy”, just a few clicks of the mouse can complete the installation of the entire system. The installation of Kali Linux operating system is also very simple.

Basic Kali Linux settings

after a fresh installation of the Kali Linux operating system, you can log in to the system. After logging into the system, you can use various penetration tools to test the computer. This section will introduce the basic settings of Kali Linux.

Start the default service

Kali Linux comes with several network services, they are very useful. But it is disabled by default. Here, we will introduce various methods to set up and start each service.

Start the Apache service

Start the Apache service. The execution command is as follows:

sudo service apache2 start

To check the status of the service execute the following command

service apache2 status

kali linux Apache service

The output information indicates that the Apache service has been started. In order to confirm whether the service is running, you can visit the local address in the browser. Visit the local address in the browser, if the server is running, the interface shown in Figure 1.59 will be displayed.

kali linux Apache service page

Figure 1.59 Apache server Default page

Start the Secure Shell (SSH) service

To Start the Secure Shell (SSH) service. execute the following command:

sudo service ssh start

In order to confirm whether the SSH service has been started or not, execute the following command:

netstat -tpan | grep 22

netstat -tpan | grep 22

Start the FTP service

The FTP service is not installed by default, so you need to install the FTP server first.
To install FTP server execute the following command:

apt-get install pure-ftpd

After the FTP server is installed successfully, the service can be started. The execution command is as follows:

service pure-ftpd start

To check if the service is running execute the following command:

service pure-ftpd status

Next Configuring Kali Linux

Happy learning!

Friendly Websites