How do you download Kali Linux to a brand new computer?

[Chris42393]

So im building a new computer that currently has NO operating system. How do I install Kali Linux on a new computer?

Windows 10 has a feature where you can download the OS onto a USB and add it to a new computer.

Can you do this with Kali Linux? I'm having some trouble finding it out.


Thank you!

 

[PtahTek]

Can ya provide make and model of the computer or is it home-made?
Boot options and security measures abound and vary greatly.
Thanks

 

[Buzz Lightbeer]

Use another computer, create a bootable USB (google this), put the .iso of the OS on it, edit your launch options in your BIOS and put the USB in first place, restart, it will now boot from the USB and then you can install.

 

[finitelifeform]

It's preferred you dont. Kali Linux is a pentesting focused OS, not a permanent residence for a computer user. The most common use is within a VM (virtual machine) where very little is exposed of the host system so to help shield it. When you run something within a VM and you do not choose to expose hardware to the guest system, nothing can escape the environment in which the OS runs. Its referred to "sandbox escape" or something similiar (I think?) and it only happens when there is a critical vulnerability in the software allowing access to the host system that shouldnt normally be exposed. So basically no damage is done to your computer running the VM and everything can be rolled back with regular snapshots. The virtual machine gets hammered, sacrificed, exposed etc and the host carries on merrily like nothing happened. Ideal for what Kali is designed for.

If you are looking for Linux based OS'es, you are better with an OS designed for everyday regular use, like Ubuntu, Mint, Elementary. There are some others like Fedora and Debian but the learning curve is a little steeper for these distributions because they are not very beginner friendly i.e lots of command line, lots of knowledge on drivers and propetiary(?) software, setting up in general. This is already done with distros like Ubuntu therefore its always a fave for more inexperienced users who want a Linux based OS ready to go.

All that being said, I wouldnt install Kali on anything other than a VM. For that use something like VirtualBox by Oracle. Download the image file, attach it to the emulated CD/DVD drive on your new VM so it virtually spins up and then install it to the dynamically allocated drive you selected at setup. Done.

If you want to play around with different Linux based distros, you can do the same with these as you do with Kali; install them onto virtual machines. That way nothing is set in stone, no need to alter bootloaders and potentially mess things up there, no need to do something you might not be able to reverse should you want to. Just run whatever flavour and see how you get on. Maybe try doing normal stuff on the VM and see if you can match the same levels of productivity, same level of compatability etc. You can still connect it to your normal devices, it will just connect within a VM environment and not actually as a physical machine i.e as the machine running the VM, it will be the VM that 'appears' as the physical machine, hence virtual machine. The functionality still remains the same, if you choose to increase the level to which the guest system (the VM) has access to the host system (your actual computer). The more access you give it to your host machine, the more functional it becomes.

I would recommend Ubuntu. Elementary OS is nice too.

 

[PtahTek]

pentesting focused OS

Word of the day, folk.
Sincere thanks never heard of it and had to research. One more up on 'em.

 

[finitelifeform]

Do you think the Colonial Pipeline hackers were using Kali?

Kali is the OS, not the actual hack. Kali doesn't do anything on it's own. Some of the resources available within Kali? That's a different story but even then, much of what is publicly available and packaged in Kali ready-to-go already get detected pretty easily by most AV programs i.e generated payloads through msfvenom/metasploit framework as well as any generated malware you can create with various programs/scripts available for free on the internet. That's the sacrifice you make when you make hacking tools available en masse, naturally people use them and they get detected and/or the AV companies and affiliated security communities simply share the autopsies of successful hacks and then seek to bake this into signature detection, as well as improve heuristic and AI detection mechanisms. You have stuff like sandbox analysis/VM environments to run malware in which will down to a very granular level tell you exactly what the malware is doing so that you can create methods of preventing/reversing changes if/when you are compromised. So at the end of the day, much of the ready-to-go stuff itself won't get you passed most decently protected systems/networks. That being said, the actual tools themselves (which are not malware in and of themselves) will get help you get through said systems/networks, which is why it's used, as an accessory but not as a primary method of hacking. The OS is the environment in which to hack. The hacker has to know how to hack in order to use Kali, otherwise it's just a Debian based distro like any other only it's dressed up to party and nobody to take it to the dance.

For the BIG hacks, these use 0-day exploits usually along with undetectable fresh malware programmed from scratch and currently undetectable. Most of the current threats out there right now is undetectable malware, not the stuff we already know about, although unpatched and out-dated systems/networks always get caught out by this stuff. That's why it's important to regularly check for security updates, patches, hotfixes, regularly update definition lists, databases and even find products with cloud protection for real-time heuristic/AI driven detection methods. 0-days are basically secret holes in software that hackers discover and then use to hack systems/networks. Because it's undiscovered nobody can do sh*t about it until it's reported and then the vulnerabilities exploited. When will this happen? That depends on whether the 0-day gets found. If it's fresh and in the wild, it could be an hour, a week or even years. At this point the only person on the planet who knows about this bug in some software could be you and whoever else was there if anybody else was there. The US government stockpiles 0-day exploits. Remember the Stuxnet virus? That was propagated by 0-day exploits the US government had known about for a long time but never told Microsoft to patch so that, obviously, they could use it. It was an age-old vulnerability in SMB v1 if I am not mistaken? Simple file sharing capabilities over the network. Some of these vulnerabilities are several years old, even decades! Because 0-day exploits have no cure (until patched) they were able to effortlessly compromise systems and the very best detection techniques stand little chance. That and physical attacks ie plugging in USB sticks into exposed systems will also do the trick. Computers are programmed to detect and automatically trust certain devices and this includes USB drives, as well as HID devices, which also could be a USB stick modified to impersonate a HID device.
The browser you are using to read this message and browse this forum will have 0-day exploits and that means if the severity of the vulnerability is, well, severe, a hacker could gain access to your system without much effort, usually through something called ACE/RCE or arbitrary code execution/remote code execution. Presuming you can get a shell, the world is your oyster. Some vulnerabilities are fairly simple and maybe even baked into the code itself by adversaries, these are called backdoors. How do you know if your software/hardware doesn't have a backdoor? I guess most will never know that answer.

The pipeline hack would have been custom made for the job, if it happened as advertised in msm, especially on such a high profile target. These are called APT groups. These are your cream of the crop hackers. Often they actually are state sponsored, or even governments themselves. These guys can get anywhere. All the billions invested into cybersecurity for both offensive and defensive opportunities has culminated in the creation of ATP groups. It would have consisted of multiple areas that require a very high level of knowledge and experience to understand and bring together, which is why hackers have gone down in pop culture as mythical figures, because when you actually meet someone who can take down a corporation supposedly hidden behind MILLIONS and MILLIONS of dollars worth of security and protection with himself and maybe a few other guys, that mythical figure kinda has some sense behind it.

I'm not sure if you've looked into Cyber Polygon? I wouldn't get carried away with such a far-out sinister plot as some evildoers hidden in the shadows somewhere wanting to bring the world down. Cyber Polygon has explicitly talked about a whole array of real-world exercises that are designed to bring down whole infrastructures as and when necessary. And then you have the ongoing economical/financial/corporate transformations due to COVID-19 tied in and how convenient it would be to bring down our digital backbones in order to capitalize in the re-shuffling. In a way it sounds plausible, if not completely destructive and insane, to take down critical infrastructure. It's all about being able to implement new digital systems by crumbling archaic analog systems that came before them. How can you remove most of the old without people noticing something isn't right? You create 'the world is crashing down' scenario but for the digital world. Now you have a digital Osama Bin Laden everybody can point their fingers to while the real attackers are the very people telling you to point the finger at digital Osama Bin Laden. Basically put, the enemy is your own government and the established relationships with the corporate world and tied to that the global economy and financial sectors.

Was it a hack by a bogeyman? Or simply your own country attacking itself in order to create the illusion there is a real threat all for ulterior agendas? False flag, maybe? These are the questions.

 

[PtahTek]

My 2 way firewall and anti spyware program should keep me safe.

Man, if a mf wanna get in yer stuff they will. They cripple countries and corporations that go nuts and spend milloions trying to keep people out of their tech but alas... they mostly use it as a scape goat. Most hack jobs are inside moves. Hacking is thrown at the public like covid and is booing people up.
Somebody hack yer bank account? Your pretty teller has most likely sold your info off and the bank manager puts all the blame on you and your browsing habits or giving your personal info to someone: Yeah, it was that teller! lol
Just sayin people using this to get out of being caught with pecker pullin petes porn in history.
Cant pay the bills this month? I been hacked!
Sent a death threat while drunk? I been hacked!
Pipeline just exploded and 100000000 lives are lost? You guessed it! Them fuckin no good hackers.... lol
Not saying hacking aint a thing... it is. But it is mostly used to as a blame game, a convenient off the cuff excuse and a means to avoid accountability.

I get so sick of this hackandemic it actually makes me laugh every time I see a news article about some poor soul who lost all their life savings to hacker(s) and fail to mention that they gave all their info to Tweety who called to congratulate them on winning the jamaican lotto.

 

[finitelifeform]

My 2 way firewall and anti spyware program should keep me safe. Most hackers use social engineering and phishing but I'm too paranoid to fall for that! Most people are oblivious and fall victim to this everyday.

Should? That depends on your threat model. Based on the threat model outlined in this thread, you are f*cked. We are all f*cked.
If somebody can gain access to a pipeline, they can get past your consumer level firewall/antispyware. These kind of threat actors can bring down multi billion dollar corporations as well as threaten the most powerful governments in the world. That's why we are talking about the pipeline hack because it's not a conversation about Bob on the corner of the street who had his Ring doorbell hacked.

Also, your firewall works based on rules essentially. Even fancy Windows variations are basically nice GUI's with the same objective; define and enforce rules that determine what comes in and what goes out. What your firewall doesn't do is determine what IS coming in and coming out. It just says 'yes' or 'no'. You can connect out to a C2 using a one-liner in Powershell. Will your firewall block that? Probably not. It trusts Powershell because Powershell is authentic software that comes shipped with Windows. What about a trojan that comes bundled with some software you install? How can it discriminate against a connection out that calls home to the developer letting them know you have installed their software, and a connection out to a C2? If you have ports open, the content of those ports does not matter to your consumer level firewall. You could be receiving malware or you could be receiving a game update from Steam. How do you know when you install something what you are installing is legitimate? Most users won't seek to forensically analyze everything they install down to registry entries, installed services, scheduled tasks, drivers etc. Likewise, how can your firewall discriminate in the same way? When you allow something through, how do you know whether it's genuine or not? Say certain components of Windows connect out (which they do very often and this isn't malicious), how can you ascertain whether the process is connecting out authentically or whether malware has compromised specific components (which they do) and impersonating these processes to send and receive data?

That's where a decent AV/anti-malware comes in. But here is the kicker. If the malware hasn't been detected yet, how can the AV detect it? If no AV database has signatures that match this new malware, how can they succeed in signature detection (one of the oldest and most outdated methods of detecting malware)? They cannot detect it and so your beloved AV allows your system/network to be compromised. It will show green ticks, look fancy and appear like it's 'protecting' you meanwhile an attacker is wading through your system. Then you have heuristic/AI detection which is considerably more advanced. Again these techniques rely on what is already known. AI technology is bridging the gap but it's not a magic bullet and it has to predict threats. Those predictions could be anywhere from as little as 5% to 100% threat. And you could create some malware that this method considers having a very low threat risk, if any at all. And if you ask any security professional they will tell you that defending against these threats is a losing war because defending against them means you are always in the dark picking up the pieces after the fact. You can rarely preempt the creation of new malware and so it comes onto the scene, wreaks havoc for days, weeks, months or whatever, is then dissected and neutralized but by then several other creations have come onto the scene and by the time you understand that several more, several more after that. The rate at which malware is created and the nature of how our world works, you cannot know what you do not know and you cannot create protection for that which you do not know you need protection from, at least right now. So most malware will fly by both your firewall and AV. To make things worse, malware works exactly like normal programs and so you cannot shut out the world without shutting down your computer/network as all programs run similar to malware in their programming, compiling and operation. The only difference is when the intent is to do shady things as opposed to not doing them. How can you ascertain whether this is the case or not? How do you know whether an app on your phone requesting camera and microphone access is legit or not? The fact it can request access is alarming enough considering what that potentially means. If genuine software can do this, what about software that isn't?

Social engineering is the biggest threat. Most people get hacked through opening attachments in their emails. The oldest trick in the book!
That being said, social engineering is a legitimate threat. If you perform sufficient reconnaissance on a target you can determine where they work, who they talk to the most, what hobbies they have, what subscriptions they might have, what emails they are most likely to receive. All that needs to happen after that is impersonate a boss at work, attach what otherwise would be legitimate attachments to the email, compromise the attachments with malware and then gain a backdoor to that particular system. When you receive an email from your boss and it's your wage slip or something you have been talking about recently (this is why you don't publicly discuss things i.e. on social media) you are probably not going to question it. It will take probably a few seconds maybe a few minutes depending on whether the attacker is at their machine when you run the trojan and viola, access granted. Because email technology are so old, it's fairly easy to impersonate senders down to a scary level of accuracy. That and physical penetration are the top methods. Just putting a USB stick into a computer and having a script that auto-runs when it's attached to a computer is a classic attack and something very few if any computers can protect from. Technicians use USB sticks for diagnostic purposes as well as attaching devices of all kinds. You can barely turn off USB slots without reducing the level of functional access to the machine. This is also where airgapped machines lose their fabled reputation for fortification from the outside world. Just sling a USB stick into a machine within the confides of the target area and that's enough to get beyond the protection of being isolated from the outside world. Then you can simply open up the network if necessary from the inside and report back with a damage report.

 

[Mr. Krinkle]

I've been using Linux Mint for about 9 years now....i still love it - and i finally don't need windows partitioned anymore either

but yea i just burn the iso dvd and load that and that's it

DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

News and feature lists of Linux and BSD distributions.

distrowatch.com

i like how they have a ranking of all the distros - they're pretty accurate

 

[PtahTek]

I used to dick around a bit and would just prefer to operate linux from usb flash drive for "security" and can run it on most any hardware available atm. love that aspect of portable operating systems.

for the record, i havent used any av/am in years. i scan once a year or so to see what is there but nothing ever malicious. well... only the stuff i
let run. lol

 

[finitelifeform]

What do you do to protect your computer? Any AV programs for Windows 10 you would recommend? I always see Norton recommended as number 1 but I've used them before on a previously compromised Samsung tablet and they detected and removed a suspicious security certificate but couldn't remove or find the actual malware that was obviously present. They kept saying I was protected meanwhile I could see Linux devices signed into my google account. The battery was getting drained rapidly and taking forever to charge. My VPN connection kept dropping even with the kill switch enabled.

I went into my settings and enabled "block all connections without VPN" which resulted in the wifi being blocked until I disabled that setting. I couldn't find any hidden apps in safe mode either.

I don't. Protection isn't software. The weakest link in the chain is the monkey operating the machinery.
Sounds like you downloaded a trojan that setup a backdoor and then used certificates to impersonate system level programs.
AV won't detect most malware. It will sit all nice and pretty and look good but most of the threats out there are not detectable. The whole world is vulnerable when it comes to hacking. That is the truth and it's difficult to process. It's only because we are not at the level of awareness to see this reality that we believe AV and firewalls are all we need. Same can be said for many things in life. We do all sorts of crazy sh*t just to push ourselves away from the raw truth of what exists.

Setup 2FA on your Google Account and ideally use a separate device to authenticate if you can.

 

[finitelifeform]

If you noticed signs of infection something had to be pushed to your device in order to infect it. Your computer doesn't just get infected without something being done to it that shouldn't have been done. For that to happen there has to be intent from an attacker to compromise the device and when it gets compromised this is when it becomes infected - when something has run on the target system without authorization. Whatever was run makes up the basis for the infection and thereafter a compromised system. A compromised Apple ID doesn't get infected, as it's not a locally sourced entity, all your Apple ID is simply a continuous internet connection to Apple servers from your device that then provide you with access to their cloud based services. The data makes up the bulk of the experience while the app provides a basic interface for this data to mean something. Without the cloud-based services, much of the apps that use Apple ID will simply be offline apps that have no additional functionality that is provided when you connect out to Apple.
In order for your account to be infected would mean that systems holding your account would have to be compromised. This probably will never happen. Even then unless the code was re-written to do something to your system it shouldn't do, it wouldn't do anything to you. What would likely happen though is harvesting and exfil of data from Apple which could then be used for numerous purposes; social engineering, fraud in various guises etc.

On the other end though, all that can really happen is the same; exfil of data. Whatever is on your allocated storage can be yanked and the attacker do whatever he/she wants with it. As for anything else, unless the services from Apple provide the ability for someone over the cloud to control the devices beyond basic functionality, it is very unlikely malware was pushed to your device. Apple wouldn't allow the opportunity for this to happen knowing accounts get hacked all the time. Remote administration of devices connected to Apple services therefore are going to be minimal. Turning on webcam and microphone is pretty basic and any app can do that anyway. It does make me wonder though whether Apple services provides that ability. Do they? Because if they don't, malware is definitely installed on the device to allow that to happen. I have never had an Apple ID or know what services are included in having such an account.

It sounds like whatever devices you are talking about have/had been hacked. This means malware was pushed to the device which then formed the basis of a backdoor which as the name suggests allows an attacker to access the now compromised device from within the depths of the system. This then can escalate to further unauthorized access of the compromised device. Sometimes very little can be done if the attacker cannot gain a foothold on the system. Sometimes this happens. Most of the time though, they can gain a foothold. This is called persistence. They usually do this through a technique called privilege escalation, which is a way to gain the highest permissions possible to then completely take over the system as if they were the highest ranked authority on the device, on Windows this is usually NT AUTHORITY/SYSTEM. On other devices like Android it will be root. Root however cannot usually be accessed without the device already being rooted. So whatever access the hacker has I assume would be limited to the basic user permissions a typical user of a smartphone has. It's a contradiction really because rooting your device is good but also if you get hacked it's also far worse because the attacker automatically has a good chance of having the highest permissions necessary to do way more damage. That being said you can still do more than enough to take control of a device without having root privileges. I mean you can take photos, turn on microphone, access local storage, access apps, download/upload stuff, do pretty much anything and everything the person with physical access to the device can do anyway.

You did right changing the network you accessed. Even with a VPN it won't hide you locally on the network. It only hides your originating IP externally i.e. when you go beyond the local network and the internet where you get assigned an IP address from your ISP that then becomes your external address. Your external address is not the same as your internal. And you can do very little to protect your internal address if an attacker gains access to the local network you are connected to. Or if they have already compromised the device. You can turn off file sharing and reduce local access to your computer but even then other devices can communicate with you, and they have to in order for you to be able to remain connected on the local network. If you isolate yourself, well, now you are offline and this IS the safest place to be but hey, we can't do that in today's world. You can close ports, you can restrict traffic using a decent firewall, you can do a fair bit to minimize localized activity to/from the computer but you can't stop everything without stopping your own access. And so that means being on the network is a huge vulnerability but hey, now are talking about the reality of the world we live in.

Never trust any system/network you cannot vouch for. I never use systems (devices of all kinds) that do not belong to me and especially ones I cannot vouch for it's integrity and history. This goes for wifi networks, public computers, borrowing someones mobile/cell/computer etc. I do the very minimum I need to do but never associate my activity with any accounts, never disclose personal information, never expose myself beyond very basic information. That goes for public wifi as well which I usually seldom ever. If it's open then it's unprotected which means anyone who can snoop on the network activity can potentially gain access to sensitive information. If it's protected you still cannot vouch for it but the level of protection will be slightly greater than being unprotected. Things like disabling auto-connect wifi and other connectivity, turning nearby sharing, NFC, configuring location services to be disabled by default and not pinging anywhere when you go past or in contact with something/someone, removing apps that are a privacy nightmare that can come bundled by default (you can do this through adb shell on your computer with drivers installed and ADB if you turn on developer mode and usb debugging). Turn off pretty much all fancy accessories as nearly all of them are basically privacy/security nightmares purely for the convenience of the masses who form the bulk of the victims from cyber crime. As for computers, treat is as not 100% trustworthy. It can and will be used against you come the unfortunate scenario. Have a minimal footprint on your system with a configuration that favors privacy and security as best as possible. If anything you want a device that appears like it's not being used that much. Minimal data, minimal apps, minimal services enabled, minimal connections in/out except for necessary ones and these are encrypted by default, drive/system encryption as standard, privacy respecting apps, externally stored sensitive data on encrypted storage mediums. It wants to look as much like there is nobody home and nobody investing heavily into flooding the device with gold that then becomes a hackers paradise. Lots of people treat their devices like their homes and pile everything into them and then wonder why when sh*t hits the fan everything is compromised and everything is stolen, broken, exploited etc.

It wants to look as bare as possible to anybody trying to take something from you.