Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Best Linux Distro for Pentesting??


  • Please log in to reply
41 replies to this topic

#16 Encryption

Encryption
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 14 July 2015 - 01:01 PM

RE Kali:

Kali does contain lots of faff like WEP tools that quite honestly are not needed(why?? how many WEP's are you going to find legitimately), it can also be viewed as a vulnerability in it's own right since it's kernel isn't the most secure in its default installation (think PAX/GRSEC), one could probably harden Kali if need be; n.b. that's not trivial to get right. All things said you could also roll your own using tools that you know and trust and a bit of home brew magic thrown in for good order. My suspicion is that Kali propularity is booming because more and more some youngsters are looking to learn about the web/IT security and others the more nefarious end of the webz. I suspect the thread was started after a recent thread discussion where I may have suggested using a hardened linux pentest ditro over Kali for remote testing purposes. Note the tin foil hat ;), at the end of the day we use what ever tools we feel comfortable with, and find productive agreed.
 

 

No... This thread was randomely asking what Linux distribution has been best for you for pentesting from experience. Such attacks such as evil twin, mitm attacks can be easily used with Kali, so it has all I need, for now. I don't know if I want to begin web pentesting yet...



BC AdBot (Login to Remove)

 


#17 marcoose777

marcoose777

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 14 July 2015 - 02:52 PM

 

RE Kali:

Kali does contain lots of faff like WEP tools that quite honestly are not needed(why?? how many WEP's are you going to find legitimately), it can also be viewed as a vulnerability in it's own right since it's kernel isn't the most secure in its default installation (think PAX/GRSEC), one could probably harden Kali if need be; n.b. that's not trivial to get right. All things said you could also roll your own using tools that you know and trust and a bit of home brew magic thrown in for good order. My suspicion is that Kali propularity is booming because more and more some youngsters are looking to learn about the web/IT security and others the more nefarious end of the webz. I suspect the thread was started after a recent thread discussion where I may have suggested using a hardened linux pentest ditro over Kali for remote testing purposes. Note the tin foil hat ;), at the end of the day we use what ever tools we feel comfortable with, and find productive agreed.
 

 

No... This thread was randomely asking what Linux distribution has been best for you for pentesting from experience. Such attacks such as evil twin, mitm attacks can be easily used with Kali, so it has all I need, for now. I don't know if I want to begin web pentesting yet...

 

 

 

No offense was intended, kali, backbox, arch assault, pentoo, parrot linux, fedora security, etc.. etc.. provide a one stop shop for a set of tools and capabilities; many off which will probably gather dust; A smarter move might be to assemble the tools you know and will use. Additionally inline with my penchant for aluminum foil head gear, and in the light of state surveillance capability, it might be wiser to keep a low profile when conducting these kinds of activities (even for legit white/grey hat motives), and acquire your warez from less surveillance hot locations. Just a theory, I couldn't help but notice pentoo is hosted in Switzerland, there may be a reason for that other than love of flugglehorns and holey cheese.

 

Power to the foil



#18 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:14 PM

Posted 14 July 2015 - 02:58 PM

Mostly Kali due to the fact I've mostly done wireless pentesting, so it has all I need, but I've snooped around BlackArch, BackBox, and some others.

That's interesting. When you asked in your other thread how to disable screen-lock I assumed that you had just started using Kali. I had a go at hacking into my own router a while ago using Kali. When I looked through the documentation for the penetration testing applications, it seemed that very few of them related to wifi, but perhaps I didn't look hard enough.

One of the steps with one of the applications I ended up using involved capturing information from my router over a period of time, and sending the output to a file. I left the application running for hours, but that wasn't nearly long enough. Which application(s) do you use for wireless penetration testing?

I'm curious to know what could be realistically used with a ten minute screen lock. If it's really that simple then I might have another go at hacking into my router. :)

Edited by Al1000, 14 July 2015 - 02:59 PM.


#19 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:09:14 AM

Posted 14 July 2015 - 03:07 PM

 

Mostly Kali due to the fact I've mostly done wireless pentesting, so it has all I need, but I've snooped around BlackArch, BackBox, and some others.

That's interesting. When you asked in your other thread how to disable screen-lock I assumed that you had just started using Kali. I had a go at hacking into my own router a while ago using Kali. When I looked through the documentation for the penetration testing applications, it seemed that very few of them related to wifi, but perhaps I didn't look hard enough.

One of the steps with one of the applications I ended up using involved capturing information from my router over a period of time, and sending the output to a file. I left the application running for hours, but that wasn't nearly long enough. Which application(s) do you use for wireless penetration testing?

I'm curious to know what could be realistically used with a ten minute screen lock. If it's really that simple then I might have another go at hacking into my router. :)

 

 

So if you are talking about cracking your WiFi, it can be really simple if you are using WEP. You could gather packets for 10 minutes and have enough to figure out the password. But if you are running WPA2 it is very difficult to crack, and I don't think you can crack it using the old "grab the packets" trick as you can with WEP. WPA2 is pretty secure. If you google WPA2 wireless cracking I am sure you will find things about it, I would, but I am currently at work.  :whistle:


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#20 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:14 PM

Posted 14 July 2015 - 03:22 PM

Yes it is WPA2. I take it that will be what most people use nowadays. I've seen a couple of methods on the internet, but none that look fast.

#21 marcoose777

marcoose777

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 14 July 2015 - 04:39 PM

Yes it is WPA2. I take it that will be what most people use nowadays. I've seen a couple of methods on the internet, but none that look fast.

 

Quote wikipedia:

 

Security

CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services:[2]

Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 264 steps of operation. Generic meet-in-the-middle attacks do exist and can be used to limit the theoretical strength of the key to 2n/2 (where n is the number of bits in the key) operations needed.[3]

 

2^64 is still a very large number, brute force attacker/cracker may have to sit back and contemplate that as a potential scenario. Additional interest, and remeber WPA-TKIP is deprecated and not regarded as safe anymore.

 

Mathematical sideline 2^64 is the star of an age old chess math problem told as a cunning story



#22 Encryption

Encryption
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 14 July 2015 - 04:47 PM

 

Mostly Kali due to the fact I've mostly done wireless pentesting, so it has all I need, but I've snooped around BlackArch, BackBox, and some others.

That's interesting. When you asked in your other thread how to disable screen-lock I assumed that you had just started using Kali. I had a go at hacking into my own router a while ago using Kali. When I looked through the documentation for the penetration testing applications, it seemed that very few of them related to wifi, but perhaps I didn't look hard enough.

One of the steps with one of the applications I ended up using involved capturing information from my router over a period of time, and sending the output to a file. I left the application running for hours, but that wasn't nearly long enough. Which application(s) do you use for wireless penetration testing?

I'm curious to know what could be realistically used with a ten minute screen lock. If it's really that simple then I might have another go at hacking into my router. :)

 

 

For sniffing I've used SSLSTRIP to strip the encryptoin mechanism of certain sites, however, some sites use TLS now and SSLSTRIP don't work on those. I've also done evil twin using several tools (youtube tutorial somewhere).

 

Well, it depends on your security encryption, for WPA/WPA2, you can use reaver only if WPS is enabled (this is used to attack the 8-digit pin in the router), if WPS is disabled, you'd need to go bruteforcing it using aircrack-ng. WEP is simple, just google that.

 

Once you're inside the network, you can begin executing programs with Armitage (google/youtube how).



#23 DAVID SHELDON

DAVID SHELDON

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 July 2015 - 02:42 AM

I have used Kali Linux and Pentoo.



#24 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:14 AM

Posted 15 July 2015 - 03:44 AM

Am asking out of being curious, what type of things can we do with these pintesting distros? 

 

Legit uses, of course. Like can it be used to protect me & how. 

 

This is new to me and want to know more. Too, doesn't many Linux distros in use has these packages in the Software Manager to accomplish much the same? 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#25 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:14 PM

Posted 15 July 2015 - 06:04 AM

For sniffing I've used SSLSTRIP to strip the encryptoin mechanism of certain sites, however, some sites use TLS now and SSLSTRIP don't work on those. I've also done evil twin using several tools (youtube tutorial somewhere).



Well, it depends on your security encryption, for WPA/WPA2, you can use reaver only if WPS is enabled (this is used to attack the 8-digit pin in the router), if WPS is disabled, you'd need to go bruteforcing it using aircrack-ng. WEP is simple, just google that.



Once you're inside the network, you can begin executing programs with Armitage (google/youtube how).

So haven't you ever tried pentesting a WPA2 secured router with WPS disabled using aircrack-ng?

Given that you've said that most of the penetration testing you do is wireless, what applications do you use?

#26 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:09:14 AM

Posted 15 July 2015 - 06:44 AM

Am asking out of being curious, what type of things can we do with these pintesting distros? 

 

Legit uses, of course. Like can it be used to protect me & how. 

 

This is new to me and want to know more. Too, doesn't many Linux distros in use has these packages in the Software Manager to accomplish much the same? 

 

Cat

 

A pentesting distro, like Kali, has loads of "hacking" software pre-installed on it. Lets say you are a professional pentester (these kind of people actually exist), you get hired by company XYZ to test their network, website, and general security all around. You know that you can use certain software to scan their network and find open ports, and even if what kind of operating systems are running on various IP address within the network. From there you can use something like metasploit and scan IP addresses and see what vulnerabilities exist on that particular OS. Once you find a open vulnerability you can then attack it and gain access to the host and then the internal network itself. Now you have found an entry point and can do all sorts of damage. Well so much for XYZ company's security.

You can do the same type of thing for their website. You would do a scan find out what server it is running off of, and find out what vulnerabilities exist for that server version and so on.

Of course all these "hacking" software that they might use are all pre-loaded on one distro for easy access. Like what was mentioned above though, they may have a custom distro with only the software they mainly use to keep the bloatness down.

 

That is one type of "White hat" example that could be used with a pentesting distro. Of course, that same thing can be applied to "black hat" people as well that are generally up to no good.

 

Hope that helps out!

 

*EDIT

Admins, feel free to delete if that is too much detailed of an explanation... lol


Edited by DeimosChaos, 15 July 2015 - 06:47 AM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#27 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:14 PM

Posted 15 July 2015 - 06:45 AM

 

Am asking out of being curious, what type of things can we do with these pintesting distros? 

 

Legit uses, of course. Like can it be used to protect me & how.

Pentesting distros are just that, They are used to find a way into a system or network by various means.

 

For example you could use it to attack  a computer system with the intention of finding security weaknesses, all with permission from the owner of course, And once identified you can then take appropriate measures to secure those weaknesses.  People like network admin and security consultants find these tools invaluable, That's the basic legal explanation.



#28 Al1000

Al1000

  • Global Moderator
  • 7,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:14 PM

Posted 15 July 2015 - 07:05 AM

You can do the same type of thing for their website. You would do a scan find out what server it is running off of, and find out what vulnerabilities exist for that server version and so on.


This is something that concerns me about people who say they're testing security on "their website," when most people's websites are hosted on other people's servers. If what they are doing is legal, then they would be testing security on "their server," or on another server that they have permission to test?

Or is there a legal way in which one could "test security" of (i.e. hack into) their website, if it's hosted on a server they don't have permission to "test"?

#29 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:09:14 AM

Posted 15 July 2015 - 07:13 AM

 

You can do the same type of thing for their website. You would do a scan find out what server it is running off of, and find out what vulnerabilities exist for that server version and so on.


This is something that concerns me about people who say they're testing security on "their website," when most people's websites are hosted on other people's servers. If what they are doing is legal, then they would be testing security on "their server," or on another server that they have permission to test?

Or is there a legal way in which one could "test security" of (i.e. hack into) their website, if it's hosted on a server they don't have permission to "test"?

 

 

I would say that is a bit of a gray area. You pay for that server space and have your website on it, so it could be okay because of that. But... a lot of companies will have multiple things running on one server, so essentially you could find vulnerabilities and get into other peoples server space. The other thing is you don't really own that hardware, and you don't keep it up so it really ins't yours even though you pay for the space. So any kind of scanning that involves scanning hardware I wouldn't do.

 

Though, if you are just purely scanning website security, like what version of software your website uses, that kind of thing, it would probably be okay. You aren't trying to attack the actual hardware that it sits on but the software, which typically the one that rents the server controls since you usually have to set that up and install it and maintain it, the company that owns the physical hardware doesn't typically set up the software for you.

Regardless, it is always best to find out before doing something like that, CYA is always a good thing.


Edited by DeimosChaos, 15 July 2015 - 07:14 AM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#30 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:14 PM

Posted 15 July 2015 - 07:26 AM

While most pen testers use Linux , There are also tools that run in Windows that are used for pen testing, Like Wire Shark, Fport, Nbt scan just to name a few.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users