Ice cold with Kali
Kali is essentially a collection of tools gathered over the decades, and packaged in an easy-to-use, logical way.
Yes, Kali comes as a distro, but it’s also quite simple to download and install its essential tools on a standard Debian or Ubuntu system.
But functionality and the ability to hurl malware like a cyber-shuriken is only part of what Kali Linux is about.
Mostly, Kali Linux is about style. You’ll see it in the ever-present dragons scattered around the system. You’ll see it in the customised terminal, which, even if you only use it for some innocuous text editing, makes you look like a hacker.
With Kali, you can sit in a cafe wearing a fedora, and even if you’re just checking the news on your laptop, you’ll exude an ineffable sense of menace to fellowpatrons as you down your triple espresso.
One of Kali’s cool features is the ability to rapidly switch themes. With a simple key combo, you can jump between a standard-looking Windowslike desktop and the be-dragoned majesty of your hacking rig, black terminal windows and all.
The idea is that no one suspects a person using a Windows machine in a public place of being up to no good, but if you time it right, you might just be able to get everyone to notice you.
Choose your weapon!
Offensive Security is one of those terms that comes with certain unfortunate associations. It calls to mind stationary tanks queued up in a cloud of diesel smoke along an Eastern European border, waiting for some inevitable and planned provocation to occur. Or a Texan homeowner buying a medium-sized arsenal for home defence, then sitting up all night waiting for a burglar.
Both of these images are sort of right. With Kali, you’re getting the same weapons that the opposition will attempt to use on you. If someone bursts into your living room with a shotgun, it’s awfully handy to be sitting there with your own shotgun and a glass of milk.
Ideally though, a burglar won’t even get through the front door, because using Kali, you’ll have tested your lock against all known lockpicks. You’ll have taken a battering ram to the hinges and reinforced the weak points. Grenades will bounce from your bulletproof windows, and you’ve measured the cat flap to ensure that only cats can get in.
Just as a gun is a great equaliser, Kali developers have done their best to ensure that everyone has equal opportunity to use offensive tools regardless of their system’s power or their chosen method of deployment.
If all you have is a mo, Kali NetHunter can provide you with the full Kali toolset, along with a touchscreenoptimised GUI for common attack categories, including one-click MANA Evil Access Point setups, BadUSB Man in the Middle (MITM) attacks and more.
Likewise, if you’re stuck on a Windows system, Kali runs in a container on WSL, albeit with limitations. You don’t have direct access to hardware resources, for instance, and you don’t get the Kali customised kernel.
There’s ARM support, too. Meaning your humble Raspberry Pi can launch attacks across the network and wreak havoc and destruction against your ancient Vodafone router. But there are limitations here as well. The Pi isn’t suited for processor-intensive tasks, and many of the included exploits were built for x86 – they’re present on ARM builds, they just don’t work.
Offensive Security recommends either using a live USB, deploying a prebuilt virtual machine, or installing Kali to bare metal, either as single or multi-boot, using an installer image. Or you can do what we did, which is to install Kali into a VirtualBox VM with an installer image. The full download including tools is 10.6GB, so make sure you have sufficient bandwidth and time.
According to the documentary Indiana Jones and the Temple of Doom, Kali is a goddess who thrives on blood sacrifices and gives her adherents the power to pull still-beating hearts from the chests of offerings.
Outside of cinema screens, however, Kali is available for almost any type of hardware and will provide you with the tools you need to make a nuisance of yourself.
Over the next few pages, we show you how to get Kali, use it to find devices, and carry out some basic exploits to test your security. And as we will repeatedly remind you, please make sure you have permission before using any of Kali’s tools on systems that aren’t yours. We don’t want to be called as witnesses or defendants in an extradition hearing.