IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [kali-linux]

Offensive Security's penetration testing Linux distribution.

Kali Linux, formerly BackTrack Linux, is a Linux distribution made for the purpose of penetration testing. The tag-line of the software is "The quieter you become, the more you are able to hear".

The distribution contains a great many security tools like the Metasploit pentesting framework, port scanners, traffic analysis tools, and password crackers.

It is bootable from a CD, DVD or USB storage.

Official site: Kali.org
Official site of BackTrack (no longer maintained): backtrack-linux.org

346 questions
33
votes
6 answers

Most secure way to partition linux?

I recently acquired a netbook to play with, and I want to install Kali Linux so I can start learning about network security and exploit development. I want to use this to learn as much about security as I can. What is the best way to partition a…
TestinginProd
  • 908
  • 3
  • 9
  • 14
20
votes
4 answers

Wordlists on Kali Linux?

I notice that in /usr/share/wordlists in Kali Linux (former Backtrack) there are some lists. Are they used to bruteforce something? Is there specific list for specific kind of attacks?
Stephenloky
  • 383
  • 1
  • 4
  • 16
19
votes
1 answer

How safe is backtrack to use?

I've always used backtrack for security assessments, it's a great toolbox. The thing is since it's a toolbox to exploit things, have their been any reports of "bundled" spyware in standard backtrack installs? Have their been reports of backtrack…
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
14
votes
2 answers

What is Shikata Ga Nai

I came across this payload named "Shikata Ga Nai" (in Japanese it means nothing can be done about it). Some exe file was generated and when it is executed, a reverse shell can be obtained. But this can be done by many payloads on Metasploit. Is…
one
  • 1,781
  • 3
  • 18
  • 45
11
votes
4 answers

Nessus Scan Port ID mapped to Metasploit Vulnerability exploits

My Question: Is there any sort of website that maps Nessus Scan IDs to Metasploit Vulnerabilities? My Situation: I'm learning about penetration testing and I'm beginning to get frustrated seeing a nessus scan like this (for example): Plugin ID …
kentcdodds
  • 233
  • 2
  • 9
11
votes
2 answers

Benefits to Arch Linux over Kali Linux

What are the relative benefits of BlackArch or other Arch-based distro over Kali? Are the tools broadly the same, or does one have better functionality in a particular area? Are there any other pen-test distros that are based on a Linux OS that is…
atdre
  • 18,885
  • 6
  • 58
  • 107
10
votes
1 answer

Backtrack 5 in a VM - Why bridged networking over NAT?

When running Backtrack 5 from a VM, it is recommended to use the bridged networking option instead of the NAT networking option? How does it affect the usage of Backtrack - port scanning, vulnerability scanning, wireless packet injections?
user10211
9
votes
3 answers

MSFConsole/Kali Linux - gain root access to unix system

I am messing around with Kali Linux, MSFConsole and DVWA (Damn Vulnerable Web Application). I have successfully been able to get into the system (Raspberry Pi) by creating a PHP backdoor and uploaded it via SQL injection. Now I have access the…
iProgram
  • 1,187
  • 3
  • 9
  • 15
9
votes
1 answer

How to get and use constantly changing cookie JSESSIONID values in Hydra?

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-cookie: JSESSINOID=XXXXXXXXXX in every single…
Yash Kumar
  • 91
  • 5
9
votes
4 answers

Hashcat with Kali 2 in a VM

How can I run hashcat using only the cpu in a virtual machine? When I try to run hashcat in my Kali 2 VM I receive the following error: root@kali: hashcat -m 400 -a 0 hash.txt rockyou.txt hashcat (v3.10) starting... OpenCL Platform #1: Mesa,…
Shrout1
  • 365
  • 1
  • 5
  • 11
9
votes
1 answer

Exploiting Dirty Cow using Metasploit

I'm testing on some of my Linux Virtual Machines trying to exploit the Dirty Cow Vulnerability and I'm not able to success using Metasploit. First of all... for interested users, a couple of links to "Dirty Cow, What is" vulnerability, "Kernels…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
9
votes
1 answer

service metasploit start failed to start metasploit service

I am trying to setup Metasploit for penetration testing. However, I cannot get the database to connect. Also whenever I attempt to start the service using service metasploit start I get the following error: failed to start metasploit.service unit…
Marc Rasmussen
  • 191
  • 1
  • 1
  • 3
7
votes
3 answers

Is Linux spying on its users?

If you install some kind of Linux distributions on your computer, is their a possibility that their owners may spy on you? For example, can Ubuntu, Kali or Arch linux send data to its owners on what you are doing? Speaking about Kali, I guess it…
Alex
  • 105
  • 1
  • 1
  • 3
7
votes
1 answer

Brute forcing encryption password (self destruct after 4 attempts)

My colleague at work lost the password to his external hard drive (HDD not SSD), a WD Elements. He remembers that his password was simple and 8 characters maximum. The problem is the encryption software he used will self destruct after 5 password…
user5623335
  • 381
  • 1
  • 4
  • 12
7
votes
1 answer

List wireless stations around me

I'm looking to find a specific wireless user around me, I have his MAC address, I even have the channel he is on. I've tried iwlist peers, to no avail, as well as airodump. I have seen his mac pop up under airodump, but it is quickly buried under…
unknown6708
  • 111
  • 1
  • 5
1
2 3
23 24