What is Kali Linux | Kali Linux Hacking Tutorials | Ethical Hacking Training | Edureka Rewind
Skills:
Ethical Hacking & Pen Testing80%
Key Takeaways
Introduces Kali Linux and its role in ethical hacking using Edureka's certified ethical hacking course
Full Transcript
a security focused operating system is a hacker friend as it helps them to detect the weaknesses in computer system to networks it's time to pass the archaic Windows versus Linux discussion and switch over to some Advanced operating systems dedicated to pen testing and ethical hacking hey guys I'm Arch from Ed and I welcome you to this session on K Linux a leading Linux distribution and penetration testing and ethical hacking so guys without any delay let's go ahead and take a look at topics that we will be talking about today so we will Begin by having a brief discussion on history of K Linux then we'll explore different installation options offered by K Linux and also discuss step-by-step procedure on how to install K Linux on operating system and finally once we installed K Linux access F on operating system we'll explore different col Linux tools to understand how powerful col Linux can be so I hope agenda was clear to you guys let's get started then so whether you want to pursue a career in information security or you're already working as a security professional or if you're just interested in the specific field for fun a decent Linux Destro that suits your purpose is always a must well currently there are countle Linux dros meant for various purposes in this session we will be discussing one of the the top Linux distribution meant for ethical hacking which is K Linux so let's get started then K Linux is the industry's leading Linux distribution and penetration testing and ethical hacking it is a distribution that offers tons and tons of hacking and penetration tools and software by default it's widely recognized in all part of the world even among Windows users who may not know even what Linux e are using K Linux these days but guys while to be precise K Linux was developed by offensive security as reite of backtrack now you might be wondering what backtrack is Right backtrack was a Linux distribution that focused on security it was used for digital forensics and penetration testing its first version was released on May 26 2006 and in the subsequent years different versions of backtrack were released with updates and advanced features and finally on March 2013 Defensive security team rebuilt entire backtrack architecture at down Dean distribution and released it under name cinux so that's how cinux came into existence so guys now you know how color Linux was introduced to this world but the question is why should you choose color Linux when you have other choices like parrot backbox black Ark and many more let me list out few reasons as to why K Linux is the best first and foremost K Linux offers more than 600 penetration testing tools from various fields of security and 4 and six secondly it offers multi- language support although penetration tools tend to be written in English C includes multi-lingual support this way more users can operate in their native language and locate the tools they need for the job that they want to do on K Linux moving on K Linux is actually built in Secure environment actually Khali team is made up of small group of individuals those are the only ones who can commit packages and interact with repositories all of which is done using multiple secure protocols so basically it is built on a secure environment and moving on one of the Striking feature of K Linux is that it supports wireless devices it is built in such a way that it supports as many wireless devices as it possibly can this way it runs properly on wide variety of hardware and is compatible with numerous USB and other wireless devices very easily K Linux like backtrack is completely free of charge and always will be you will never ever have to pay to use K Linux and finally K Linux offers you customization option so if you're not comfortable with current K Linux features you can customize colx the way you want so guys I guess the reasons which we just discussed are enough for you to start using K Linux right let's proceed then so apart from all the benefits which we discussed earlier K Linux offers different installation options one way of installing Ki Linux is by making a Kali bootable USB drive this is one of the fastest way of installing K Linux and most favorable as well it's favorable because it's non-restrictive so if you're using USB to install then no changes are need to be made to your host systems hard drive right so it's non-restrictive it's portable you can carry USB wherever you go and it's easy to install and lastly it's potentially persistent you can configure your color Linux live USB drive to have persistent storage so that data you collect is saved across different reboots so suppose you have installed it and you've performed something and you have some data which is stored if you want to use that data for next time as well you can use persistent storage option with live USB installation process moving on there is C Linux hard disk install installing K Linux on your computer using a hard disk is an easy process but you should make sure that your computer has compatible Hardware with K Linux so that the process of installation goes on very smoothly you can also install K Linux alongside your operating system as dual boot it could be Windows or Mac but you should exercise caution during setup process so that installation of K Linux don't mess up with your actual host operating system which is Windows or Mac you can use viralization software such as VMware or virtual box to install color Linux as well as for this session I'll show you how to install color Linux on VMware guys apart from these you can also set up cinux on armm devices armm us usually refers to Advanced risk machines like Raspberry Pi Cubit truck trim slice and many more so if you want to know more about how to use K Linux on these armm devices and different many other installation options you can actually explore them in the official K Linux website documentation so go ahead guys just don't stick to one way of installing it explore different way of installing it and start using it so guys that's it with the theory part of the session let's go ahead and install col Linux and explore different tools so guys if you want to install K Linux the first thing you should do is download ISO file or image of K Linux for that you need to go to official C Linux website which is ww. c.org and under that there's downloads under download you have download C Linux option just click on that as you can see It'll take you to a page where you can see different download options so let's explore this page it says K Linux 64bit 32bit so basically if you click on the store in or HTTP link it will download an ISO file for you suppose if you want to learn how to install K Linux from step one till last step then it's better that you install ISO file and start installing color Linux using that ISO file but if you want to skip the entire process just want to use the image or start using Color Linux then you can go for this option it says color Linux 64bit VM for VMware and or 32-bit VMware or 64-bit virtual box and 32-bit virtual box since we're already learning let's just use ISO file and learn how to install color X using ISO file so mine is 64bit so I'm just clicking on colinux 64bit I've already downloaded it so you can either Download torrent version of it or HTTP version of it so yeah I'm going to skip that part so I hope you can download without any problems okay then make sure you are using either virtual box or VMware I'm using VMware here so let me go to my VMware yeah here it is VMware box station Pro so as you can see on my VMware I already have a Col Linux and metasploitable to as well yeah anyway on VMware if you have installed ISO file then if you want to install C Linux then you can click on create a new virtual machine option and start installing it from beginning and suppose if you have installed an image which is suitable for VMware or virtual box in this case VMware then you can just click on open a virtual machine here and attach the image as you can see it is a m disable image if I click on that and click on open then the image will be installed here well I'm just showing you how to do it if you've downloaded the image anyway since we have installed ISO file and extracted it let's use create a new virtual machine option here so let's go for typical the difference here between typical and custom is that typical it skips most of the steps so after installing we can make additional settings but if you want to make all the settings before installation itself then you can use custom here but let's use typical click on next and here it says in install disk image file ISO option it mentions here so browse I have it in my local dis D so here it is col THS this is a version so if you're wondering if this is ISO file or not let me just click on properties and show you that it is an ISO file as you can see it is an ISO file here so yeah so just click on that and click on open and click on next it says select a guest operating system I want it to be Linux so Linux distribution and make sure you click on Linux kernel whichever it is if you're using 32 bit then 32 well minus 64 bit so I'm just clicking on that and click on next here we go just give it a name let's say Ki and where I want to store it it says under username documents virtual machine CI yeah sure and then click on next so well you can assign memory here let's say 40gb well if you want to assign lesser than that you can go ahead and design lesser than that you can always make changes later so next thing it's it asks store virtual disk as a single file or split virtual dis into multiple files I want to choose store virtual disk as a single file so that I won't face problem again with my hard disk later on just don't want all the files to be like half the files to be on the one distribution and other half to be on other distribution and all that so let's just select store virtual disk as a single file here and click on next so before you click on finish you can just review whatever you've done is so right now memory is 768 MB we can always change that and the network adapter is not yeah well you haven't customized Hardware here but just okay then let's just adjust it before only click on customized Hardware so guys here as for the memory it totally depends on what you're using colx for if you're using for heavy scanning or interacting with other web application penetration websites likeable 2 and all you might have to design more memory otherwise your color Linux system will be very slow let me just design um 2GB here yeah that sounds fine enough and as for the processors you can always retain it one and as for the number of core processors I'm assigning two if you've already attached ISO file and network adapter here we using only colinux suppose if you're using meta exploitable to it's basically another virtual machine which has applications with vulnerabilities if you want to perform web application penetration testing so in that case if you use Nat option both your metasploitable 2 and your color Linux will get same IP address as your host machine if you use Nat option here so instead of that you can use Bridge connection well as for now we'll just use net only moving on you can just retain default settings same for the printer and as for the display you can click on accelerated 3D Graphics here and 768 MB is usually the recommended amount of memory that you can use for graphics and click on close so you can see the changes have been made here are reflected here as well so click on finish so here we go guys so there are two ways you can power on your color Linux which we just set up in virtual machine you can click here power on this virtual machine option or you have this option here we'll just click this so like I said earlier if you want to make any changes you can just click on edit virtual machine settings here and change the memory or the hard disk processors or the display setting anything you want so let's say I'm satisfied with the current settings I've made and I'm going to click on power this virtual machine so guys as we discussed earlier we have discussed different installation options right as you can see you have live Mode live mode with persistence live USB mode with encrypted persistence as well most of the time you might see the install option here and click on that but when you click on that it'll take to command line interface so basically you should interact with Ki operating system using command line interface which probably may not be a good option if you're just a beginner in K Linux so always go for graphical install here and click on enter so it'll start mounting storage device deves here it is on the installation page it's asking for the language that you want to use like I said Ki supports multiple languages and suppose if you want to use your native language you can go ahead and use it let's retain English for this demo purpose so yeah English and click enter it says it's short list of locations based on the language you selected let's say United States and American English I'm just retaining the default settings here so it'll start detecting ISO file and load installation component here as you can see it says load install a components from CD so guys entire installation process might take about 6 to 7 minutes it's detecting Network Hardware so if you have successfully completed the first step and second step it should take you to this page it's basically the host name it's asking for so let's just retain it as CI only and if you want to give anything else you can do that and just click on continue and next thing it does is it asks you for a domain name let's say you have set of virtual machines and if you're using all virtual machines together and if you want to assign a domain name for all this virtual machines you can go ahead and do that as for now I'm just leaving it blank and click on continue well since you have set up the username you'll have to set up root password as well right so let's just give it a something you can give whatever you want and make sure you've given the right one and the second time as well and click on continue here so the best thing is it even asks for the date and time settings as well if you have made any error here you can always go and set your date and time after your C Linux is installed and booted up so let's just say e let's say is I'm just using that and click on continue it says configuring the clock it's detecting partition this partition well basically dis partition is nothing that it's just if you want to retain your entire virtual machine or color INX on use an entire disk or if you want to partition half disc for some other purpose and all that you can just always go ahead with guided use entire dis option click continue then it says manually select the device so this is the virtual machine 42.9 GB VM where where the storage partition will be done so I'm going to click on enter yeah like I said I want all partitions to be done in one file so click it says if you're short then you can just go ahead and click enter or continue so that the partition is done continue and it's asking if you want to write the changes to disk whenever some changes are made definitely yes so click on yes and continue so it'll start partition and install the virtual machine it's going to take a while so I'm going to written to you guys once the installation is done here so yeah guys it took a while but it's asking for the next step that's configure the packet manager so basically it's asking whenever there's an update of your Linux image if you want to do it immediately as in automatically or if you want to specify update as well so let me just say no and click on continue it says configuring the packet manager installing packet manager and configuring and after installing packet manager and configuring it says install GRUB boot loader on a hard disk yeah it's installed it was fast then it's asking if you want to install GRUB boot loader to the master boot record or not basically whether you want to use your Master boot record or not let's just say yes and continue it says enter device manually this is the one which we want to use continue and the installation of GRUB boot loader will continue it shouldn't take fast and it says finishing the installation so finally guys it says installation is complete so it's time to boot your new system make sure you remove the installation media so like I said if you've used USB or hard disk or anything of that sort this is the time that you'll have to remove but right now we not using anything so let's just say continue so guys yeah once the installation is complete properly it should take you to this name so if you remember you've given username and password during the installation process but if you're logging in for the first time basically just give it as root otherwise you'll get an error later on you can change your username password so yeah guys here we go so this is your color Linux page as in the homepage as you can see under applications you have different kind of applications you have information gathering you have vulnerability analysis web application analysis where you perform web application penetration testing password attack that's if you want to know the password of a login page or any website as such and database assessment tools as well then you have wireless attacks tools which you can use to perform Wireless attacks the most popular one is your air crack NG and you have sniffing and spoofing if you want to change your Mac address and all all that you can use so we have mac changer here today we'll be exploring Mac changer and you have exploitation tools such as proxy chains and for andc tools as well then you have social engineering tools as well and different kind of system Services then the most popular one is you have beef start and beef stop so guys I hope at this point you should be able to install K Linux without any errors well if you face any kind of Errors while installing or if the image is not proper or any kind of Errors you can post them in the comment section we'll definitely get back to you so yeah now that we know how to install col Linux on VMware the procedure is very similar on Virtual box as well so you don't have to worry about it but I suggest that once you get to know how to install from step one to last step go ahead and use color Linux images which are there for virtual machine and virtual box which we saw in the official website earlier so yeah let's get to exploring different tools here so as for today we'll be exploring about 4 five tools let me go back to slides now so guys the first step of ethical hacking or web application penetration testing is anonymity imagine if a pentester or a hacker if it didn't take any steps to anonymize himself he would certainly get caught by firewalls or digital forensic investigators or Internet service provider logging Checkers Etc right it's definitely not good so there are different tools or services that you can use to anonymize yourself as for the basic you can use setup proxies you can use Virtual private Network and some kind of hyp iders so as I said earlier first step of ethical hacking is keeping yourself Anonymous and you can use proxies VPN some kind of Hy iders or t but mostly there are two popular ways you can do that you can use proxy chains which I showed you earlier in different kind of tools offered by color Linux so basically proxy chain it'ss up numerous proxies and it'll use a service called T to deliver you anonymity so that it'll become more difficult to pinpoint your actual IP address and secondly this service called Anon surf it is a really good script that was first made by parro security but now it's been edited so that it'll work in color Linux as well so what I want to say here is that it's not by default installed in color Linux but that's not a problem is at all you can clone it using git so it is an easy and effective way to remain anonymous on your color Linux system let's explore and oner of more let's go back to col next let me just click on the Firefox here so like I said earlier guys it's not there by default before that let's just go back to Applications here so under applications we did see proxy chain right under post exploitation we have proxy chains like I said proxy chain is offered by color Linux so it's installed by default but compared to Anon surf it's quite complex so let's just go with Anon surve today so yeah let me go to Firefox and search for Anon surf you search for Anon surf in the web server and it's most probably almost all the time it's the first link that you find so click on that it's the GitHub link and if you scroll down here it says clone and download you will have to copy this link contrl C sorry about that guys yeah and let's just go back to terminal in the terminal you'll have to use git and before you ask it is by default install in color Linux so yeah clone and copy the one which you just as in paste the one which you just copied and click well it says destination path K non surf is already there that's because I've already installed so just click Lis and you can find color Linux folder here here it is so just open the folder and on surf and enter and Under LS and you'll have to check for the files under Kia on surf you have a file which says shell basically it's a shell script to install an on serve so what you do just in install it installer do yes H and just click on enter I'm not going to do this pick it's going to take a while so if you just do that it's going to install aner on your color Linux so let me clear this stuff and CD go back so guys now Anon of is properly installed so if you want to make sure if it is properly installed or not just say Anon serve start well I made a mistake Anon serve and start so like I said earlier guys Anon surf offers Anonymous mode through through T well if you're wondering what T is it protects you by bouncing your Communications around a distributed network of relays which are run by volunteers all around the world so basically what it does is it prevents somebody from watching your internet connection from learning what sites you're visiting and it also prevents the sites you visit from learning about your physical location if you're using proxy chains you'll have to install T separately and start linking proxy chains with T so that they work together but the good thing with an non Sur is that you don't have to install to so as you can see it says star is not running so it's starting it for you so anons of basically start star for you by itself so if you want to know all the commands under annonser just type for help command so as you can see it's a service or script which is released by pared security so as you can see it says pared and yeah you basically have all the commands which are self explanatory right it says start once you use this option it'll start systemwide anonymity and stop if you want to stop using Anonymous mode restart instead of clicking start and stop again you can just click on restart to start the entire process again change suppose if you want to change your IP address you can just use this change status so once you start announce of if you want to check the status of announ of then you can use this option and then there is my IP yeah let's just ignore these two services for now okay so let me try anoun Ser start again or let me just check the state since I've already started it earlier anoun serve of s tubs as you can see let me maximize the screen it says starting anonymizing overlay Network for TCP yeah it's active since the date and time so yeah control Zed and let me clear the stuff for you now let's say I want to check the IP which has been assigned to me then and on serve my IP click enter it may take a while but it'll show you the IP address which has been designed to you as you can see it says this is the IP address well you can do this number of times now we'll have to get back to Firefox terminal to see where the IP address actually belongs to so you will have to search for check for DNS leaks and here DNS leak test click on that so guys as you can see this is the IP address which has been assigned to me and right now though I'm not in Netherlands it says from Netherlands well you can try this again and again so like I said the first step when you do anything of this sort as in web penetration testing or learning how to have and all that stuff it's best that you set yourself Anonymous before you start doing things so yeah we've explored our first tool which is an on serf though it's not native tool of color Linux it's a tool which is usable in color Linux so yeah there we go guys now let me get back to terminal well you can do this again let's say an on serve start and let me check my IP this time okay let me just use change here I haven't changed right change so as you can see it didn't work here because I just started without stopping it before so I've been assigned with the same IP which was there before so change yeah it's forced to change the notes Let Me Clear the stuff here and my IP as you can see the IP address assigned to me is different this time I can go ahead again check for DNS leaks it'll definitely show me different place so yeah guys that's how you set you make yourself Anonymous either you can use proxy chains or Anon while you can always go ahead and use an oner it's basically easy so guys yeah there we go and let me show you one more tool or applications under sniffing and spoofing there's something called Mac changer here right sorry about that yeah Mac changer while the objective of Mac changer is to change or fake an original network cards Hardware Mac address let me tell it you again so the main aim here is you'll either want to change or fake an original network cards Hardware Mac address but if you ask me it's not as powerful as an noner of or proxy chains but you can use it very comfortably with local networks like your office Network or home network or your personal network but if you want to perform very huge scans over Network and all it's not recommanded anyway let's see how to change MAC address using Mac changer on color Linux so go back to terminal and like I said earlier Mac changer is by default install in color Linux so just click Mac changer and help yeah and like I said like I said earlier again the options are self-explanatory so you have different options here you have iph to set random as in to change the MAC address and iph S which prints the MAC address which you just changed and suppose and what else is there yeah the version print version and exit so yeah well we'll be exploring two to three options here firstly let's just check for the current MAC address for which we'll be using iess command so Mac changer iph oh it says options device yeah we've missed the device so before that let me clear the screen if config so right now it's the network card which my color Linux using is ET at zero so that's my device name let's go back to Mac changer again Mac changer help and click so yeah here we go so well I think it's not visible to you guys properly right let me clear the screen yeah Mac changer iph yes device name was eth Zer right click as you can see it shows me two Mac addresses current MAC address and permanent Mac address guys remember one thing this permanent Mac address belongs to your network interface card that's at at zero which currently the device which we just checked the MAC address for now suppose this Mac address which you can see here it basically specifies as the address of the device which you're using so the first three digits here they belong to manufacturer and these are the things which you're going to change the last three digits so let's say mac changer and iph a is the option which you want to use to change that IP address so Mac changer iph a and et0 so as you can see this the current MAC address permanent Mac address and the new Mac address that's been assigned is completely different from the current and the permanent Mac address and like I said the first three digit display the manufacturer of your device and here by default it'll assign you some default manufacturer it says newom systems.in now if you want to check if the MAC address has been properly changed or not again use the I S command and click as you can see right now the current MAC address and the permanent Mac address are not same so our current MAC address is being changed and the manufacturer of a current MAC address is newom systems doting so there you go guys like I said it's not as powerful as a non serve or so it won't keep your Anonymous like for the entire network or something but it's good for the local networks such as office networks or home networks so you can go ahead and do that so if you want to remove all the changes which you just made the command that you have to use is iph G so Mac changer and here go i p anyway well not to make mistakes let's just type help huh I G command is not there at all well I P it stays reset to original permanent Hardware Mac so yeah I P now let me check again by using i s as you can see my current MAC address has been reset to the one actual settings so there you go guys now you know how to use Mac changer to change MAC address whenever you need it so by finding out the manufacturer of network interface card you can find out who actually is using the device so it's important that you remain yourself Anonymous whether you're using a small Network like your home network or office Network or if you're using a huge Network well if it's for huge purposes then you can always go ahead and use an on serf and proxy chains so there you go guys we are done with our second tool which is Mac changer in the previous sessions by Eda under cyber security I've used two other applications which are usually bup s and what was the other one SQL map so if you want to know more about those Services as well you can go ahead and look into the web application security video It's usually the video is all about how to perform an SQL injection and web application penetration testing so basically there a used SQL map which usually comes here let me just show that to you yeah under web application analysis you can see SQL map here you can use SQL map to find out the vulnerabilities that are present in your application I used application which was made for penetration testing and I found out the vulnerabilities in that application us using SQL map and I extracted the information I want so if you want to know more about SQL map you can go ahead and watch the video well I have specified the use of SQL map here as well so yeah there you go then in the same video I've used one more tool called bub Swit it's basically a graphical tool for testing web application security it has multiple purposes so as again it's tool which is by default installed in color Linux so you can just click on bub swi here which should open up let's explore different features over there as well so it says I accept and yeah let me just click on temporary project and next yeah I'm going to use default settings because I'm not going to show you how to use it if you want to know how to use it like I said you can again refer to the previous video called application security by Eda there you will know how to use SQL map as well as proxy so as you can see it has different options here and the main purpose of it is proxy that is it operates as a web proxy server or interceptive proxy so basically what it does is it sits as a man- in middle between the browser and the destination web server this allows interception inspection and modification of traffic that is passing it between your browser and your destination web server and there we go proxy we just explored it under that HTTP is option which you can use to set up proxy and there's something called scanner here right yeah scanner it's a web application security scanner it's used for performing automated vulnerab scans on web applications so if you have any application that's vulnerable if you perform a scan on it it will show you all the vulnerable point in that application so that you can exploit those vulnerabilities and start hacking or malicious attack on the application then there's an intruder it performs automated task on destination and there's repeater it's a simple tool that can be used to manually test an application while it can be used to modify request to the server you can resend them and observe the results yeah there's a a sequencer then there's decoder it's a tool for transforming encoded data into its canonical form or the vice versa that's transforming raw data into various encoded and hash forms and then there is comparer it's usually a tool for performing a comparision basically a visual difference between any two items of data while you have many other options as well like extender and alerts and all such so basically this is how you can use Bob Swit for your different purposes let's move on to our next tool yeah I want to close it s so guys up to this point we have explored Anon s and Mac changer as to how to set yourself Anonymous while you're doing hacking or web application penetration testing and the next thing we explored was B Swit I showed you a different services that are available on the bub Swit and what you can do using them and I've just mentioned SQL map as well if you want to know more like I said earlier you can refer to application security video bya under cyber security playlist now moving on the next step in ethical hacking is that as a ethical hacker you should know who you are attacking right so before attacking you should gather information about the target like IP address or other information about website like different kind of websites or the IP address of the website and as such well there is one popular tool using which you can gather information about your target which is nmap it's a very popular tool this is a tool which you must know if you're using Color Linux basically it's a food printing tool so let's just see it in under applications you have it under information gathering as well and map you can see an I symbol here yeah and you have it under vulnerability analysis as well it's a food printing tool that gathers all kind of information about Target and by default it's installed in color Linux so all you have to do is click in map here and enter and it's going to specify you whole lot of help options here yeah so it says Target specification you can discover all information about host scanning techniques and yeah script scanning again detection of operating system and all that so like I said it's a food printing tool that gathers all kind of information about your target it is supported basically it's supported in every ethical hacking platform now if you scroll down well if you're a learner if you don't know what in map is if you're seeing it for the first time if you scroll down it says it specify two or three examples asking you what to do so as you can see here it says nmap iph V command and iph a scan name. nm. rorg so basically iph a here actually refers to aggressive scanning so if you want on just a top scanning as in just scanning of basic details they can just use nmap and the website name but suppose if you want to get a detailed scanning then you can use I we'll be doing both the stuff today here so guys like I said earlier you can't just go ahead and do what do it on any any web application there is on the internet well it's definitely legal right since this is for the educational purpose inmap provides a default website which says scan me as an it's made for the purpose of learning so let's just go back to Firefox it's not open let me open the Firefox yeah scan me. nm.org org and click yeah this is it guys so you can scan this website any number of times in a day but it says don't scan for 100 times a day or use this site your resarch Brute Force password cracking tool so basically it says if you do more than 100 times a day it might not work it says not to hammer on the server too hard basically it means don't use more than 100 times or anything so basically you can scan this website for vulnerabilities or and map scanning here so let me clear the stuff yeah before that apart from these you can also see multiple other options here well I forgot to say I V is nothing but you can see it says it's basically the warus or the version number it says wi V it increases the veros level or basically it specifies the waros which in turn specifies the version number of your operating system or anything as such yeah the Apache server or PHP file anything that your application using if you want to know the version number you can use i v command and as for a I already explained it specifies the aggressive scanning and there's another option suppose if you're using a home network or work Network or school network you have set of IP addresses right so instead of scanning one suppose you want to scan from this range to this range as in you want to scan from this IP address to this IP address particular range then you can specify using this command here now let me clear the stuff and let me just let's scan the scan me. n.r so nmap scan me I'm just removing every option there is I'm just using the basic scan in map.org so guys yeah it took a while but it has return return the scan results as you can see it says the latency it is taken for it to scan the entire website is about yeah this is the latency and it says it took about 93.5 6 seconds and as you can see it shows that 9994 ports are closed ports here and there are about few ports which are open about four as you can see it says four and here it is this port and both of this ports guys nmap can scan about 65,000 ports but every time you use nmap by default it will scan about thousand ports so that's why it took a while for it to scan the website but like I said guys this is the basic thing this an hacker would definitely not do this because it's a lot of time consuming and why would he need information about all the ports that is so he's going to Target only some specific ports that he wants to for that like I said earlier which is nmap I help so let me just n map sorry about that guys like I said he uses this format as in the range of IP addresses to know about the ports or the information he wants so let me go up so here it is the scan results as you can see it says this is the address of the website which is scan me.n map.org so now if I give this it should specify the website back right so let me copy this stuff say copy and scroll down let me clear the entire thing in map and I'm going to paste yeah click it a scan again it's showing the same information so it's working so guys now you know how powerful in map can be this is just the basic or the scratch of what you can do using in map so basically using this you can scan any website or you can find information any information that you want about Target so go ahead guys I haven't used iph option which says aggressive scanning so if you're doing this after watching this video then go ahead and use nmap I a and scan me. nm.org or any other website which is meant for the purpose of scanning if you've used iph a option then you'll get a lot of information like different kind of PHP versions or Apache that's used or different kind of tools that used to make the website so yeah guys we're done with our tool which is nmap here now we'll move on to our next tool so THC Hydra is another popular tool of K Linux using which you can crack into web scanners wireless networks packet Crafters Gmail and many other applications it's a quite complex tool but if you know how to use it it's quite simple though but as for today's session we won't be discussing THC Hydra we have another tool like CAD Medusa it's also a password cracking tool very similar to THC Hydra and it's pre-installed in color Linux so you don't have to install it separately so guys as for today's session I'm using another virtu machine called metas to let me just show you how to install it so you can just type for metasploitable to and you have this uh sourceforge.net you can click on that and uh here you get a zip file you can download it and unzip it and store it in the file where you have stored your color Linux so yeah once you've done that let's go back to Virtual machines I've already done that and I have metas portable powered up but before you go ahead and get started just go for the settings part and make sure you have made the Network as Bridge connection here so enable Bridge connection and click on okay and same goes for the K Linux as well since we have two virtual machines powered up here they might use same IP address because they share the host Network right so we don't want that to happen so we're using Bridge connection here so let's go to my dispoable to let me just maximize the screen for you guys yeah so as you can see I've already rocked it the username and password is msf admin anyway let me just show it you again let me just close the machine and power off okay and click on M blable to so as you can see it's ready and it's asking for login the login address is msf admin and same goes for the password so let me try msf admin and the password msf admin again okay I'm successfully logged in so let me just check for the IP address if config so as you can see right now it's connected to ethernet it doesn't have a proper IP address right as you can see in the second line under ET at zero network card so we'll have to assign IP address which is in the same range as that of K Linux I'm doing this because as you can see when I just started metasploitable 2 I used msf admin to login and same for the password Here I actually know the password and username but anyway using Color Linux Medusa tool we'll be trying to crack for msf admin password and username so let me go back to color Linux let me maximize the screen and let's check for if configur as well so yeah this has an IP address assigned to it and net marks is 25.0 okay let's go ahead and assign the very next IP address which is 192.168.1.2 to metable 2 for that let's go to mloy 2 again here they go and let me maximize the screen okay I'm using this command to design an IP address if config and uh the network card for which I want to assign let me just okay that's right is etth z so eth0 and it's 192.168.1.2 which is the very next IP address or it actually you can say that it falls in the same range is that of color Linux now subnet or net mask which is 255.0.0.0 right and click on enter it's asking for the password msf admin and let's try F config again as you can see right now I'm the ET at Zer network card an IP address has been assigned in the same submit range as that of Cara Linux well I'm just using this for the demo purposes you can actually download any other kind of different application you have bwap you have Dam vulnerable application and any other different kind of application vulnerable applications which are especially made for penetration testing and you can go ahead and crack passwords because every application of such sort has a login page right so yeah and here we go back to color Linux and let me clear the screen and let's try for Medusa as you can see it's pre-installed tool in color Linux so it has lot of options here and for today's session we'll be using mostly two or three we'll be using iph it's the target host name or IP address if you have a set of Target IP addresses then you can use Capital hedge to specify the list of IP addresses and if you want to directly mention the username which is msf admin in our case you can use I small U if you use capital u you can just specify the file which contains list of usernames that Medusa has to test same goes for i p it's for the password and capital P for the list of passwords and one more thing which we'll be using is i m it's the name of the module that you want to execute like for example Medusa sorry metable 2 it's an SSH connection right so as we execute the command you'll understand the stuff so before that like I said you can either specify the username directly or you can specify the file name which has a list of usern names I've already created a list I have it stored on my desktop let me show it to you guys it says bw. test here and let me open this stuff as you can see right now I just have four names admin rout or and msf admin so yeah there's one more command called crunch by color Linux you can use that it creates a list or it creates a word list for you so go ahead and explore it let me close the file and let's go back to terminal here let me clear the screen I hope you guys remember the commands if not it's okay you can always go for the help command so Medusa i h because I want to specify the IP address of the m plit to that's 192.168.1.2 if I'm right then iin youu so let's try with direct username first msf admin is a username right then I in capital P let's give the capital as in the username the location root it's in my desktop and Bap do text then I capital M SSH connection and iph N the port number which is default 22 for any SSH connections and click enter so as you can see it's right now trying for the all password all different username and password combinations so it's trying msf admin with admin msf admin with tour msf admin with root and msf admin finally with msf admin so since we have specified the target IP address here it will do this permutation and combination until it finds the right set of username and password so let's do the same thing with IU capital u here so instead of giving directly the username let me specify the location I'm going to specify the same location because msf adman itself is the username right desktop and it's Bap do txt so the end if you have any other connection except TCH you should specifically mention the port here otherwise you can just you don't have to mention it default it's going to take a while actually more than the last previous command because here we actually mentioned the username so it just had to compare username with four passwords but right now it has to compare each word with each other word for example first it Compares admin with all the four words which are there in the list second it Compares root with all the four words similarly tour with all the four words and msf admin with all the four words it does that until it finds an actual match it's almost done so yeah as you can see it says username is a Mr admin and password is msf admin and success here same thing we got in the previous command as well so that's it guys let me summarize what we've learned today you learned what actually a k Linux is and how is it better when compared to other Linux dros and why you should use it then we saw how to install it different installation options as well so while you are installing if you find any error please do post them in the comment session we'll get back to you after that we discussed like four or five different tools right if we discussed the BB s we discussed Medusa just now and we discussed other three tools so these are just like five out of 600 tools that there are it's a very exciting topic actually so go ahead and explore don't just stop here with five tools go ahead and explore other different tools compare it with other tools on other platforms so go ahead and explore color Linux guys it's a really exciting it's actually a really interesting platform to perform penetration testing and ethical hacking and remember it's only for the educational purposes don't go ahead and do something illegal so this is it guys I hope the session was informative and demo fun so go ahead and explore try new things on K Linux and if you face any problem during installation or any step please do let us know we'll get back to you as soon as possible thank you guys e e e e e e e e e e e e e e e e e e e e for
Original Description
🔴 𝐋𝐞𝐚𝐫𝐧 𝐓𝐫𝐞𝐧𝐝𝐢𝐧𝐠 𝐓𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐢𝐞𝐬 𝐅𝐨𝐫 𝐅𝐫𝐞𝐞! 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐞 𝐭𝐨 𝐄𝐝𝐮𝐫𝐞𝐤𝐚 𝐘𝐨𝐮𝐓𝐮𝐛𝐞 𝐂𝐡𝐚𝐧𝐧𝐞𝐥: https://edrk.in/DKQQ4Py
🔥𝐄𝐝𝐮𝐫𝐞𝐤𝐚'𝐬 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐞𝐝 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 𝐂𝐨𝐮𝐫𝐬𝐞 - 𝐂𝐄𝐇 𝐯𝟏𝟐 : https://www.edureka.co/ceh-ethical-hacking-certification-course
This Edureka "What is Kali Linux" tutorial will help you understand basics of Kali Linux. You will also get to learn the features of Kali Linux and option available to install Kali Linux
📢📢 𝐓𝐨𝐩 𝟏𝟎 𝐓𝐫𝐞𝐧𝐝𝐢𝐧𝐠 𝐓𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐢𝐞𝐬 𝐭𝐨 𝐋𝐞𝐚𝐫𝐧 𝐢𝐧 𝟐𝟎𝟐𝟒 𝐒𝐞𝐫𝐢𝐞𝐬 📢📢
⏩ NEW Top 10 Technologies To Learn In 2024 - https://www.youtube.com/watch?v=vaLXPv0ewHU
🔴 Subscribe to our channel to get video updates. Hit the subscribe button above: https://goo.gl/6ohpTV
🔴 𝐄𝐝𝐮𝐫𝐞𝐤𝐚 𝐎𝐧𝐥𝐢𝐧𝐞 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐚𝐧𝐝 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬
🔵 DevOps Online Training: http://bit.ly/3VkBRUT
🌕 AWS Online Training: http://bit.ly/3ADYwDY
🔵 React Online Training: http://bit.ly/3Vc4yDw
🌕 Tableau Online Training: http://bit.ly/3guTe6J
🔵 Power BI Online Training: http://bit.ly/3VntjMY
🌕 Selenium Online Training: http://bit.ly/3EVDtis
🔵 PMP Online Training: http://bit.ly/3XugO44
🌕 Salesforce Online Training: http://bit.ly/3OsAXDH
🔵 Cybersecurity Online Training: http://bit.ly/3tXgw8t
🌕 Java Online Training: http://bit.ly/3tRxghg
🔵 Big Data Online Training: http://bit.ly/3EvUqP5
🌕 RPA Online Training: http://bit.ly/3GFHKYB
🔵 Python Online Training: http://bit.ly/3Oubt8M
🌕 Azure Online Training: http://bit.ly/3i4P85F
🔵 GCP Online Training: http://bit.ly/3VkCzS3
🌕 Microservices Online Training: http://bit.ly/3gxYqqv
🔵 Data Science Online Training: http://bit.ly/3V3nLrc
🌕 CEHv12 Online Training: http://bit.ly/3Vhq8Hj
🔵 Angular Online Training: http://bit.ly/3EYcCTe
🔴 𝐄𝐝𝐮𝐫𝐞𝐤𝐚 𝐑𝐨𝐥𝐞-𝐁𝐚𝐬𝐞𝐝 𝐂𝐨𝐮𝐫𝐬𝐞𝐬
🔵 DevOps Engineer Masters Program: http://bit.ly/3Oud9PC
🌕 Cloud Architect Masters Progra
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from edureka! · edureka! · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
ChatGPT Not Working - 4 Fixes | How To Fix ChatGPT Not Working | Why Is ChatGPT Not Working |Edureka
edureka!
Advanced Java script Tutorial | JavaScript Training | JavaScript Programming | Edureka Rewind
edureka!
Java script interview question and answers | Java script training | Edureka Rewind
edureka!
OpenAI API Tutorial using Python | How to use OpenAI GPT-3 API - Ada Babbage Curie Davinci | Edureka
edureka!
What is Unsupervised Learning ? | Unsupervised Learning Algorithms| Machine Learning | Edureka
edureka!
Top 10 Applications of Machine Learning in 2023 | Machine Learning Training | Edureka Rewind - 7
edureka!
Machine Learning Engineer Career Path in 2023 | Machine Learning Tutorial | Edureka Rewind - 6
edureka!
10 Must Have Machine Learning Engineer Skills That Will Get You Hired | Edureka Rewind - 7
edureka!
Data Structures in Python | Data Structures and Algorithms in Python | Edureka | Python Live - 5
edureka!
Python Lists | List in Python | Python Training | Edureka Rewind
edureka!
Predictive Analysis Using Python | Learn to Build Predictive Models | Python Training | Edureka
edureka!
Machine Learning Tutorial | Machine Learning Algorithm | Machine Learning Engineer Program | Edureka
edureka!
How to use Pandas in Python | Python Pandas Tutorial | Python Tutorial | Edureka Rewind
edureka!
Parameters in Tableau | Tableau Parameters Examples | Tableau Tutorial | Edureka Rewind
edureka!
Top 10 Reasons to Learn Tableau in 2023 | Tableau Certification | Tableau | Edureka Rewind
edureka!
Tableau Developer Roles & Responsibilities | Become A Tableau Developer | Tableau | Edureka Rewind
edureka!
Deep Learning With Python | Deep Learning Tutorial For Beginners | Edureka Rewind
edureka!
Realtime Object Detection | Object Detection with TensorFlow | Edureka | Deep Learning Rewind - 2
edureka!
Top 20 Tableau Tips and Tricks in 20 Minutes | Tableau Tutorial | Tableau Training | Edureka Rewind
edureka!
Climate Change Prediction using Time Series | Python Projects | Edureka | DS Rewind - 5
edureka!
ReactJS Installation Tutorial | ReactJS Installation On Windows | ReactJS Tutorial | Edureka Rewind
edureka!
Phases in Cybersecurity | Cybersecurity Training | Edureka | Cybersecurity Rewind - 2
edureka!
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka Rewind
edureka!
Cybersecurity Frameworks Tutorial | Cybersecurity Training | Edureka | Cybersecurity Rewind- 2
edureka!
React vs Angular 4 | Angular 2 vs React | React & Angular | ReactJS Training | Edureka Rewind - 5
edureka!
ReactJS Components Life-Cycle Tutorial | React Tutorial for Beginners | Edureka Rewind
edureka!
Ethical Hacking using Kali Linux | Ethical Hacking Tutorial | Edureka | Cybersecurity Rewind - 3
edureka!
Types Of Artificial Intelligence | Artificial Intelligence Explained | What is AI? | Edureka
edureka!
Top 10 Applications Of Artificial Intelligence in 2023 | Artificial Intelligence| Edureka Rewind
edureka!
The Future of AI | How will Artificial Intelligence Change the World in 2023? | Edureka Rewind
edureka!
What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginners | Edureka Rewind
edureka!
Google Cloud IAM | Identity & Access Management on GCP | Edureka | GCP Rewind - 5
edureka!
Google Cloud AI Platform Tutorial | Google Cloud AI Platform | GCP Training | Edureka Rewind
edureka!
Projects in Google Cloud Platform | GCP Project Structure | GCP Training | Edureka Rewind
edureka!
How to Become a Data Scientist | Data Scientist Skills | Data Science Training | Edureka Rewind - 3
edureka!
Agglomerative and Divisive Hierarchical Clustering Explained | Data Science Training | Edureka Live
edureka!
Climate Change Prediction using Time Series | Python Projects | Edureka | DS Rewind - 5
edureka!
Data Science Project - Covid-19 Data Analysis | Python Training | Edureka | DS Rewind - 6
edureka!
What is Honeycode? | Introduction to Honeycode | Edureka
edureka!
Difference between Amazon AWS and Google Cloud | GCP Training Google Cloud | Edureka Live
edureka!
DevOps Lifecycle | Introduction To DevOps | DevOps Tools | What is DevOps? | Edureka Rewind
edureka!
Introduction to DevOps | DevOps Tutorial for Beginners | DevOps Tools | DevOps | Edureka Rewind
edureka!
How to Create Login System using Python | Python Programming Tutorial | Edureka Rewind
edureka!
Python Developer | How to become Python Developer | Python Tutorial | Edureka Rewind
edureka!
How to become a Data Engineer | Complete Roadmap to become a Data Engineer| Data Engineer | Edureka
edureka!
Azure Data Engineer Certification [DP 203] | How to Become Azure Data Engineer [2023] | Edureka
edureka!
Data Analyst vs Data Engineer vs Data Scientist | Data Analytics Masters Program | Edureka Rewind
edureka!
DevOps Engineer day-to-day Activities | DevOps Engineer Responsibilities | Edureka Rewind
edureka!
How to Become a DevOps Engineer? | DevOps Engineer Roadmap | Edureka | DevOps Rewind
edureka!
How to Become a Data Engineer? | Data Engineering Training | Edureka
edureka!
How To Become A Big Data Engineer? | Big Data Engineer Roadmap | Edureka Rewind
edureka!
Python Integration for Power BI and Predictive Analytics | Power BI Training | Edureka
edureka!
Power BI KPI Indicators Tutorial | Custom Visuals In Power BI | Power BI Training | Edureka Rewind
edureka!
Apache HBase Tutorial For Beginners | What is Apache HBase? | Big Data Training | Edureka Rewind
edureka!
Big Data Hadoop Tutorial For Beginners | Hadoop Training | Big Data Tutorial | Edureka Rewind
edureka!
Big Data Analytics | Big Data Analytics Use-Cases | Big Data Tutorial | Edureka Rewind
edureka!
What Is Power BI? | Introduction To Microsoft Power BI | Power BI Training | Edureka Rewind
edureka!
Triggers in Salesforce | Salesforce Apex Triggers | Salesforce Tutorial | Edureka Rewind
edureka!
How To Become A Salesforce Developer | Salesforce For Beginners| Salesforce Training Edureka Rewind
edureka!
Java ArrayList Tutorial | Java ArrayList Examples | Java Tutorial | Edureka Rewind
edureka!
Related Reads
📰
📰
📰
📰
The Importance of a Phishing URL Detector in Modern Cybersecurity
Medium · Cybersecurity
Your AI Pentest Report Speaks a Different Language Than Your Auditor Does
Medium · Cybersecurity
We Chased the 9 People Intercepting Our App's TLS. It Was Google.
Dev.to · Why Next
¿como reportar una estafa por transferencia?
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI