Kali Linux Lab

Kali Linux Lab Activity for Cybersecurity

Objective

This lab activity is designed to introduce students to Kali Linux, a popular distribution for penetration testing and ethical hacking. Students will learn to set up a Kali Linux environment, explore common security tools, and perform various cybersecurity exercises with a special focus on wireless network security.

Prerequisites

  • VMware Workstation Player installed on your computer

  • Kali Linux ISO file downloaded from the official website (https://www.kali.org/get-kali/)

  • A USB wireless adapter (for wireless security exercises)

Part 1: Setting up the Kali Linux Virtual Machine

Step 1: Create a New Virtual Machine

  1. Open VMware Workstation Player

  2. Click on "Create a New Virtual Machine"

  3. Choose "Installer disc image file (iso)" and select your Kali Linux ISO

  4. Follow the wizard, allocating at least 50GB of disk space and 4GB of RAM

  5. Name your virtual machine "Kali-Cybersec-Lab"

Step 2: Install Kali Linux

  1. Start the virtual machine and follow the Kali Linux installation prompts

  2. Choose "Graphical Install" for a user-friendly installation process

  3. Select your language, location, and keyboard layout

  4. Create a user account with a strong password

  5. Use the entire disk for installation and select "All files in one partition"

  6. Complete the installation and reboot when prompted

Step 3: Update Kali Linux

  1. Log in to your Kali Linux system

  2. Open a terminal (use the terminal icon or press Ctrl+Alt+T)

  3. Update the system with the following commands:

    sudo apt update
sudo apt full-upgrade -y

  4. Reboot the system after updates are complete:

    sudo reboot

Part 2: Exploring Kali Linux and Basic Tools

Step 1: Familiarize with the Kali Linux Environment

  1. Explore the application menu and note the categories of tools available

  2. Open the terminal and practice basic Linux commands:

    ls, cd, pwd, mkdir, rm, cp, mv

Step 2: Network Reconnaissance with Nmap

  1. Open a terminal and use Nmap to scan your local network:

    sudo nmap -sn 192.168.1.0/24

    (Replace 192.168.1.0/24 with your local network range)

  2. Perform a more detailed scan on a specific IP (use your VM's IP or a device you own):

    sudo nmap -sV -O 192.168.1.X

Step 3: Web Application Analysis with Burp Suite

  1. Launch Burp Suite from the applications menu

  2. Configure your browser to use Burp Suite as a proxy (usually 127.0.0.1:8080)

  3. Visit a test website (like http://testphp.vulnweb.com) and observe the traffic in Burp Suite

  4. Explore the different tabs in Burp Suite (Proxy, Target, Spider, etc.)

Part 3: Wireless Network Security

Step 1: Wireless Interface Management

  1. List available network interfaces:

    iwconfig

  2. If using a virtual machine, attach your USB wireless adapter

  3. Put your wireless interface into monitor mode:

    sudo airmon-ng start wlan0

    (Replace wlan0 with your wireless interface name)

Step 2: Capture Wireless Traffic

  1. Use airodump-ng to capture nearby wireless traffic:

    sudo airodump-ng wlan0mon

  2. Observe the different networks and clients

Step 3: Focused Capture on a Specific Access Point

  1. Choose a target network (use only networks you own or have permission to test)

  2. Capture traffic for the specific network:

    sudo airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0mon

    Replace [channel] and [BSSID] with the target network's information

Step 4: Deauthentication Attack Demonstration

  1. In a new terminal, perform a deauthentication attack:

    sudo aireplay-ng --deauth 10 -a [BSSID] wlan0mon

    This sends 10 deauthentication packets to the target network

  2. Observe the effect in the airodump-ng window

Step 5: Cracking WEP (if applicable)

  1. If you've captured sufficient data from a WEP network:

    aircrack-ng capture*.cap

  2. Discuss why WEP is insecure and should not be used

Step 6: Cracking WPA/WPA2 using a Wordlist

  1. Convert the capture to a hashcat-compatible format:

    aircrack-ng capture*.cap -J output

  2. Use hashcat to attempt cracking:

    hashcat -m 2500 output.hccapx /usr/share/wordlists/rockyou.txt

  3. Discuss the importance of strong, unique passwords

Step 7: Evil Twin Attack Setup

  1. Create a fake access point:

    sudo airbase-ng -e "Free WiFi" -c 1 wlan0mon

  2. Set up DHCP on the fake AP:

    sudo dhcpd at0

  3. Discuss the risks of connecting to unknown Wi-Fi networks

Step 8: Wi-Fi Pineapple Emulation

  1. Install create_ap:

    sudo apt install create_ap

  2. Create a Wi-Fi hotspot that automatically responds to probe requests:

    sudo create_ap wlan0 eth0 MyPineapple

  3. Discuss how this technique can be used for man-in-the-middle attacks

Step 9: Wireless IDS/IPS with Kismet

  1. Install Kismet:

    sudo apt install kismet

  2. Run Kismet:

    kismet

  3. Explore the web interface (usually at http://localhost:2501)

  4. Discuss how Kismet can be used to detect wireless attacks

Step 10: Secure Wi-Fi Setup

  1. Discuss best practices for securing wireless networks:

    • Using WPA3 or WPA2-Enterprise

    • Implementing strong, unique passwords

    • Enabling network encryption

    • Disabling WPS

    • Regularly updating router firmware

  2. Set up a secure wireless network on a test router (if available)

Part 4: Password Cracking with John the Ripper

Step 1: Create a Sample Password File

  1. Create a file with some sample hashed passwords:

    echo "user1:AZl.zWwxIh15Q" > passwords.txt
echo "user2:HX9LLTdc/jiDE" >> passwords.txt

Step 2: Use John the Ripper to Crack Passwords

  1. Run John the Ripper on the password file:

    john passwords.txt

  2. Observe the cracking process and results

Part 5: Vulnerability Scanning with OpenVAS

Step 1: Set up OpenVAS

  1. Install OpenVAS:

    sudo apt install openvas

  2. Set up OpenVAS:

    sudo gvm-setup

    This may take some time to complete.

Step 2: Perform a Vulnerability Scan

  1. Access the OpenVAS web interface (usually at https://localhost:9392)

  2. Create a new target using an IP address you have permission to scan

  3. Create a new task to scan this target

  4. Run the scan and analyze the results

Conclusion

In this comprehensive lab, you've learned how to set up a Kali Linux environment and use various cybersecurity tools. You've performed network reconnaissance, analyzed web application traffic, explored wireless network security in depth, cracked passwords, and conducted vulnerability scanning. These skills form a solid foundation for further exploration of ethical hacking and penetration testing.

PreviousHacking Linux LabNextMetasploit on Kali Linux

Last updated