1.2. Debian Vs Kali
Since Kali is based on Debian Linux, it is expected that the packages used in Kali will come directly from Debian Sources. However, Kali does not directly use all packages from Debian Source. Prepare as needed and then use. That's why some packages that can be used in other Debians (I said some) may not work in Kali. Rarely, rarely.
More to the point, it's not built on the Debian Stable version. I prefer this. Because the update is faster. I will try to understand better. Many Debian contributors update their packages on a daily basis. Then upload it to Debian's unstable distribution. That's what other testers tried, use If there is an error, please post a report. Solve it and it will reach a stable level.
As I just said. Kali took Debian Testing. And Kali has a developer only repository. I put the package into Debian Testing which I just downloaded. In that situation, there may be many errors. We will solve what cannot be done due to error. I will recompile what is needed as newer libraries. Build again until it can be installed again. That's why they say that the kali-dev version is completely unsuitable for end users. Even those who claim to be skilled will be dealing with discomfort.
You don't need to worry about which one to install Kali. Because since 2020, Kali has fixed its image download system. In the past, KDE, Gnome, Mate, XFCE, LXDE, e17, etc. have been selected from the download location, so it has changed to a situation where only two choices are given: Live and installer. That's why you can use the installer to install. If you want to use Live Mode, just use Live. You can install from Live, but the installer doesn't have Live at all. Live is a program that can be used without having to download it when using it on other people's computers other than your own. That's why it's not wrong to download. Depending on your computer condition, you should choose either 32bit (i386) or 64bit (amd64). If you have a computer with more than 4GB of RAM, choose only 64bit.
While talking, I went back to explaining Kali. sorry 😔
We already know that Kali is Debian Based. However, depending on its own packages and special features, some of the original source code has been changed, and its developers are trying to avoid having to make major changes in order to minimize the impact that will be caused by the change by uploading it upstream. You may find it more efficient to use a package tracker to do this. Reading about this is really boring for those who are just starting to use Kali. So they just keep saying what they need.
This is a picture of Kali's Application Menu. In it, you can see that there are many tools that can be used for hacking. If you look at Tool Groups, you will see that there are mainly 14 groups from 01.Information Gathering to 14.System Services. If you want to know the details of the tools inside, you can visit https://tools.kali.org/tools-listing.
Although it is a book about Kali, I will add a little bit about Hacking. Kali already comes with a lot of tools, so you may be wondering if having a computer with Kali already installed is enough.
The answer is no. Don't be discouraged. I will explain. Although Kali has a set of tools, Phishing Campaigns, To be able to collaborate when working together with the team. In order to run the Vulnerability Scanning Tool, If necessary, you may need to set up a server for purposes such as uploading viruses and performing other attacks. Even though you can have your laptop open 24 hours a day and make a server, because you never know when your target will be under attack, it's not easy to think about the number of times you have to have your computer open for a whole year. But of course we want to need it as much as we need it, so we can forget about it for now.
We already know that Kali organizes tools in its own group, so let's summarize the meaning and meaning of those groups.
01. Information Gathering: Information Gathering means gathering information about the Target Network and its structure. It means investigating computers and the systems that drive them and the services that run on them. In Burmese, it means "collecting information". So it's understandable that the tools in here will do the job of gathering information.
02. Vulnerability Analysis: Vulnerability is weakness, defect It means a leak. If you can see the flaws in a system, you can figure out how to control that system. For example - it's a locked room. But if you see a set of keys lying below, you can try to enter this room. Vulnerability Analysis means whether there are known vulnerabilities in the targeted system. It can be said that it is a quick test to find out if there are any things that have been done incorrectly called insecure configuration. To do that, you can use tools called vulnerability scanners. These scanners use the characteristics of potential vulnerabilities stored in their database to search for vulnerabilities.
03. Web Application Analysis: This is something that is easy to understand as soon as you read the name. These tools can identify web application security vulnerabilities and faulty layouts.
04. Database Assessment: In this, database attacks from SQL injection, We have collected attacking tools commonly used by attackers up to credential attacks. It would be better if you can do manual SQL injection.
05. Password Attacks: Password attacks are attacks on authentication systems. Therefore, password attack tools can be found both online tools and offline tools.
06. Wireless Attacks: The tools needed for wireless hacking are gathered here. The subject of Wireless Hacking is really broad if you really study it. You can also support my book written in Burmese under the name "Wireless Technologies & WiFi Hacking" ☺️ Link == Click Here
07. Reverse Engineering: Reverse engineering is used for various purposes. Offensive activity is often used as a key method for vulnerability identification and exploit development. For the defensive side, it can be used in areas such as malware analysis. Everyone knows about cracking apps.
08. Exploitation Tools: This spell is a little confusing. In the easiest way to understand, it can be considered as an attack taking advantage of the weaknesses (vulnerability) that we have done vulnerability analysis before. Tools like Metasploit Framework will be included in this.
09. Sniffing & Spoofing: Data is passing through networks that we cannot see. It can be said that it is easy to get and use them. Tools that can do that will be in this group.
10. Post Exploitation: When we can access a system once, whether to maintain this access or not. Whether it's when we want to extend our control over the network, these tools can help us.
11. Forensics: This word is green with many. Forensics is the study of information stored in electronic devices. deleted broken pieces It is the science of systematically researching and discovering information sent to other devices. There is a Linux based tool that can do this in Kali. The most common mode is Live Mode. It can be used when it is not easy to access the identification computer system and when you want to recover data from computers that have been damaged or destroyed to the point where the system cannot be repaired.
12. Reporting Tools: When doing Penetrating testing (White Hat Hacking), the work is done once the findings are reported. Tools that can help with reporting are included in this group.
13. Social Engineering Tools: It's not easy for your target to walk into this just by setting up a trap. This time, providing support to get them into the trap they set is called social engineering. For example, let's say you have caught a phishing scam. In order to get your target to enter this, you can attract them by saying, "If you enter from this link, you will get cool skins." Tools that can be used together are in this group. For example, setoolkit, which makes phishing easy.
14. System Services: This includes services that run in the background. For example, start apache service to load your Malicious web.
Today is a bit long. I have to take care of my eyes and have other work to do, so let's just listen for a while. Although it's not everyday, I'll be posting more whenever I get a chance, so don't forget to visit my blog soon... ☺️☺️☺️
Thank you, all. ❤️❤️❤️
3 Comments
Waiting part 3 sir
ReplyDeleteThank,sir
ReplyDeleteYoutube channel name pls
ReplyDelete