Once the time has come to start your testing, you will want to be prepared. This entails having an action plan available, all of your equipment and scripts up and running, and of course having some mechanism to record all steps and actions taken. This will provide you with a reference for yourself and other team members. You may remember the steps you took to bypass that firewall now, but what about four months from now when you are facing the same challenge? Taking good notes is critical to a successful penetration test.
The first thing we want to do is to ensure that we have changed the default password of the Kali machine. If you built your machine from the ISO image, then you have already completed this; but for those of you who did not, you need to change the password. The procedure for this is as follows:
root@kali:~# passwd Enter new UNIX password: 1NewPassWordHere! Retype new UNIX password: 1NewPassWordHere! passwd: password updated successfully root@kali:~#
We updated the Kali machine in the previous chapter, but if it has been some time since you last updated, it is always a good idea to update the distribution before installing and configuring additional software. Having said that, there is a chance that you will break something during an update, so it is recommended that you take a snapshot of the machine before performing the update. In VMware Workstation, click on VM | Snapshot | Take Snapshot..., as shown in the following screenshot:
One thing to keep in mind is that Kali is based on Debian, and this is a switch from Backtrack; as with any other operating system, patching is required in order to ensure that the latest security patches are applied. It is also important to keep applications up-to-date so that the latest testing techniques and tools can be taken advantage of!
By default, Kali is set up to use only the Kali repositories. If curious, you can see what these are by looking at the /etc/apt/sources.list file.
The first command that will need to be initialized is the update function of
Advanced Packaging Tool (APT). This will synchronize the package index files to ensure that you have information about the latest packages available. The update functionality should always be used prior to installing any software or updating your installed packages:
# apt-get update
After this update is complete, you may initialize APT's upgrade command. All installed packages will be updated to the latest release found within your repositories:
# apt-get upgrade
There is another apt command that is used to update your system, dist-upgrade, which will update Kali to the latest release. As discussed previously, this could potentially upgrade the kernel and break things, so remember your snapshots. For example, if you are running Kali and would like to upgrade instead of downloading and installing the latest Kali version release, you may do so by typing:
# apt-get dist-upgrade
We also want to start our database server and initialize the Metasploit database; enter the following commands:
# service postgresql start # msfdbinit
This is so we have a port open on the machine for our first scanning. It is also a good idea to note the version of Debian that we have and the version of Kali that is installed. We have two methods of doing this. The first method is to use the uname command. In the terminal window, enter:
# uname –a
This command will print the system information, and the switch states to print it all. For more information on the command, enter:
# man uname
An example of the output from the command is shown in the following screenshot:
The next command we want to use is the command that will show us the version of Kali Linux that is our distribution. In the terminal window, enter:
# cat /etc/issue
An example of the output from this command is shown in the following screenshot:
As the preceding screenshot shows, at the time of this writing we were using Kali Linux distribution 2.0.