Configuring and customizing Kali Linux
Kali is a framework that is used to complete a penetration test. However, the tester should never feel tied to the tools that have been installed by default, or by the look and feel of the Kali desktop. By customizing BackTrack, a tester can increase the security of client data that is being collected, and make it easier to do a penetration test.
Common customizations made to Kali include:
- Resetting the root password
- Adding a non-root user
- Speeding up Kali operations
- Sharing folders with MS Windows
- Creating encrypted folders
Resetting the root password
To change a user password, use the following command:
passwd root
You will then be prompted to enter a new password, as shown in the following screenshot:
Adding a non-root user
Many of the applications provided in Kali must run with root-level privileges in order to function. Root-level privileges do possess a certain amount of risk, for example, miskeying a command or using the wrong command can cause applications to fail or even damage the system being tested. In some cases, it is preferable to test with user-level privileges. In fact, some applications force the use of lower-privilege accounts.
To create a non-root user, you can simply use the command adduser from the terminal and follow the instructions that appear, as shown in the following screenshot:
Speeding up Kali operations
Several tools can be used to optimize and speed up Kali operations:
- When using a virtual machine, install the VM's software drive package: Guest Additions (VirtualBox) or VMware Tools (VMware).
- When creating a virtual machine, select a fixed disk size instead of one that is dynamically allocated. It is faster to add files to a fixed disk, and there is less file fragmentation.
- The preload application (
apt-get install preload) identifies a user's most commonly used programs and preloads binaries and dependencies into memory to provide faster access. It works automatically after the first restart following installation. - BleachBit (
apt-get install bleachbit) frees disk space and improves privacy by freeing the cache, deleting cookies, clearing Internet history, shredding temporary files, deleting logs, and discarding other unnecessary files. Advanced features include shredding files to prevent recovery and wiping free disk space to hide traces of files that have not been fully deleted. - By default, Kali does not show all applications that are present in the start-up menu. Each application that is installed during the boot-up process slows the system data, and may impact memory use and system performance. Install Boot Up Manager (BUM) to disable unnecessary services and applications that are enabled during the boot up (
apt-get install bum), as shown in the following screenshot:
- Add
gnome-do(apt-get install gnome-do) to launch applications directly from the keyboard. To configuregnome-do, select it from the Applications | Accessories menu. Once launched, select the Preferences menu, activate the Quiet Launch function, and select a launch command (for example, Ctrl + Shift). Clear any existing commands, and then enter the command line to be executed when the launch keys are selected.Rather than launching directly from the keyboard, it is possible to write specific scripts that launch complex operations.
Sharing folders with Microsoft Windows
The Kali toolset has the flexibility to share results with applications residing on different operating systems, especially Microsoft Windows. The most effective way to share data is to create a folder that is accessible from the host operating system as well as the Kali Linux VM guest.
When data is placed in a shared folder from either the host or the VM, it is immediately available via the shared folder to all systems that access that shared folder.
To create a shared folder, perform the following steps:
- Create a folder on the host operating system. In this example, it will be called
Kali_Share. - Right-click on the folder and select the Sharing tab. From this menu, select Share.
- Ensure that the file is shared with Everyone, and that Permission Level for this share is set to Read / Write.
- If you have not already done so, install the appropriate tools onto BackTrack. For example, when using VMware, install the VMware tools (refer to Appendix, Installing Kali Linux).
- When the installation is complete, go to the VMware menu and select Virtual Machine Setting. Find the menu that enables Shared Folders and select Always Enabled. Create a path to the shared folder that is present on the host operating system, as shown in the following screenshot:
- Open the file browser on the Kali desktop. The shared folder will be visible in the
mntfolder (it might be placed in a sub-folder,hgfs). - Drag the folder onto the Kali desktop to create a link to the real folder.
- Everything placed in the folder will be accessible in the folder of the same name on the host operating system, and vice versa.
The shared folder, which will contain sensitive data from a penetration test, must be encrypted to protect the client's network and reduce the tester's liability should the data ever be lost or stolen.
Creating an encrypted folder with TrueCrypt
During a penetration test, you will have access to sensitive client information, including exploitable vulnerabilities and copies of successfully breached data. It is the tester's legal and moral responsibility to ensure that this information in his care is secured at all times. The best means of meeting this responsibility is to ensure that all client information is encrypted during storage and transmission.
To install TrueCrypt on BackTrack, complete the following steps:
- In the Applications menu, select Accessories | TrueCrypt.
- To create an encrypted folder, open the application. You will be presented with the main menu, as shown in the following screenshot:
- On the main menu, select the Create Volume button. This will launch the TrueCrypt Volume Creation Wizard, as shown in the following screenshot:
- Select Create an encrypted file container, and then click on Next.
- The next screen will prompt for Volume Type, select Standard TrueCrypt volume, and click on Next.
- On the Volume Location screen, select Select File. You will be asked to Specify a New TrueCrypt Volume by providing a Name, and indicating that it will save in the folder specified, as shown in the following screenshot:
- Chose a filename. Do not choose a filename related to the client being tested, or which indicates that sensitive material is present in the directory. Use a number or code word to represent the client, and a generic title for results. Save the file on the desktop, then click on Next.
- The next screen will provide you with Encryption Options. Select Encryption Algorithm from the drop-down menu. There are several choices, but for regular purposes, AES (the default 256-bit key) will suffice. You will also select a Hash Algorithm from the drop-down menu (the default, RIPEMD-160, should be sufficient). After your choices are complete, click on the Next button, as shown in the following screenshot:
- You will now be prompted for Volume Size. You should have a minimum size of approximately 500 MB, but this may vary depending on the testing regime. Click on Next.
- The Volume Password should be selected according to the rules provided for strong passwords. Select and confirm the password, then click on Next, as shown in the following screenshot:
- The next screen allows you to select Format Options. For Filesystem Options select FAT from the drop-down menu. Click on Next.
- The next screen, Volume Format, creates a random key for the encrypted filesystem. The key is based on mouse movements, and you will be prompted to move the mouse over the window for a long period to ensure the randomness (cryptographic strength) of the encryption keys. When done, click on Format to create the TrueCrypt volume.
- The final volume has been created. It will appear as an icon on the desktop. The volume is encrypted, and it can be copied to an external storage device or moved to the host system and remain encrypted.
To use the encrypted volume, you must first choose a Slot to manage the encrypted folder in the main TrueCrypt menu. When this is done, use the Select File button to select the name of the encrypted file. In this case, we'll use a previously made file called pentest located on the desktop, as shown in the following screenshot:
Click on the Mount button. At this point, you will be prompted for the password, as shown in the following screenshot:
When the correct password is entered, you will see the Slot 1 details change to reflect the encrypted folder's properties, and a new icon called truerypt1 will be displayed on the desktop, will be displayed on the desktop, as shown in the following screenshot:
If you double-click on the truecrypt1 icon, you will be taken to a File Browser view.
At this point, it will act as a regular directory, and you can use the folder to store all of the test-related information. When you work with the contents of the folder, and wish to ensure that all data is encrypted, select Dismount on the main menu. The folder will revert to an encrypted state.