Learn Linux, People!
by Doorman (doorman38@protonmail.com)
I'm going to speak plainly.
We've all seen various articles that are speaking about something Linux-related in this magazine. And even though I've read 2600 for 15 years now, and I've always considered myself a "hacker" and have explored many other things mentioned in these pages, I'm ashamed to say I didn't really get involved with Linux until about three years ago.
I don't exactly know why. I mean, almost all distributions (that's Linux terminology for versions or flavors of Linux) are free and even have live discs (meaning you can put them on a disc or USB thumb drive) and boot from that device without the fear of hurting your current operating system install. And yes, I played with some live Linux distributions way before this period (I'm sure like most of you, too) but, like the word implies, I "played" around with them; I never got really into them. For some reason it never took (until it did, of course).
I didn't see what was so damn special about Linux that I'd go out of my way to run it. That's, of course, until I actually decided one day (more like one month) to dive in and really see what the fuss was about. And boy, was I glad I did. The point of this article is I'll bet there are many 2600 readers that either were (or still are) like me in that regard, and then to give you a brief overview of why I was so wrong all those years and how I truly see the power in Linux now.
From a hacker's perspective, I'm sorry, you cannot do 90 percent of the stuff that's possible in Linux that you can in Windows or OS X. You just can't. And by the way, I'm not saying get rid of your other operating systems, absolutely not. There are areas (like PC gaming for Windows and video/audio production for OS X) where I believe Linux falls short. But this isn't a gaming or video production magazine, is it? We all know why we look forward to the next issue of 2600 so badly, and it's because it teaches us things that we wouldn't learn anywhere else. As far as I know, it's the only (still produced) hacker magazine around, and in my opinion one of the best sources of hacker information out there. O.K., enough kissing ass.
So real quick, there are many different distributions of Linux out there, along with endless debates about which is best, this one or that one, ad nauseam. But, in my opinion, it really just boils down to what your preference is and exactly what you plan on using it for. An extremely popular Linux distribution out there for hackers (or the politically correct word for us - "penetration testers") is Kali Linux. By no means am I saying it's the best Linux distribution or that you should start there, but someone would have a really hard time saying it'd be a bad choice to start there as well. Just saying.
So I'm not going to get into repartitioning your hard drive and all that - please just use Yandex for that. Or if you want (what I did), just grab an extra hard drive (obviously one that you don't have anything you want saved on) and install it on there so you can avoid the whole mess of repartitioning and possibly messing up your current OS install. You still have to set up GRUB (most common) as your bootloader (if not another one), but again I'll let you Yandex search that and not waste valuable space in this precious magazine.
You can also choose to install Linux virtualized (via VMware or VirtualBox - by the way, the latter one is free), but that option leaves you running two OSes at the same time, so you'll truly never have all the "power" of your computer when virtualized, but I will admit it's a super easy way to have it installed (meaning not running off a live disc) without even messing with your bootloader or anything like that and, if you mess up, you can just delete it with a few clicks and redo everything. Also, there's a whole new world of remote options as well with remote VPSs and dedicated servers (you can even set up a VPS of Kali Linux with Amazon AWS for a year - for free).
O.K., back on point.
After installing it initially on a spare hard drive on my main desktop, I soon afterwards installed it on my new 16" MacBook Pro (which now has three OSes on it: OS X, Windows 10, and Kali Linux - an extremely powerful combo if you ask me) because I wanted the option to run Kali and be portable (for wireless "penetration testing"). I will say having Linux installed on a laptop is clearly very useful for mobile and/or wireless hacking (sorry, I meant "penetration testing").
But there is a massive difference between running Linux (or any operating system for that matter) via a live disc and actually having it installed - just trust me on this one. So one way or another, get it permanently installed somehow on a computer of yours or on a remote server or somewhere. You'll thank me later. If it's running off of a USB drive, it will never run the way a true OS is supposed to run (quickly and fluidly).
Now what's the big f***ing deal? What is so damn special about Linux that I'd have to go out of my way to do all this? At first glance it just seems like a more complicated operating system that pretty much does the same thing as Windows and/or OS X. No. Not even close, guys. What you don't realize is the sheer power you have running Linux. Just stay with me. I know I'm still not making much sense yet. But give me another couple minutes please.
First off, it's super secure. I'll never say an operating system is unhackable (because we all know such a thing doesn't exist), but compared to Windows it's night and day. Even against OS X (yes, I know for all the Apple fanboys out there that OS X is based on a UNIX kernel, blah blah) - I'm sorry, Linux is still just way more secure. And there's a very good reason for this. It's called "open-source." It's a term you should be familiar with. Most Linux distributions are completely open-source, meaning every single possible line of code used in that operating system can (and is) reviewed by the world freely and easily. Which means when someone finds a hole, it gets plugged almost instantly. Huge difference.
But security of the operating system wasn't why I dove into Linux and fell in love with it.
What I finally figured out was it's amazing power. First of all, if you start off installing Kali Linux (and also download the most recent version, of course), it is already going to come with a massive amount of tools. Now I was always interested in the network security/hacking department (since my day job is being a Cisco CCIE network engineer), so that was another reason why Kali Linux was perfect for me. But feel free to download whichever you please. The cool thing about Linux is that you can (for the most part) install any tool that you find with a certain distro on any other distribution. Remember, everything is open-source, so why wouldn't you be able to as long as the distribution you choose isn't that far off from the one a script/tool was written in?
My advice: forget about using the GUI.
It's fine for seeing what tools are installed, but honestly, to have real power in Linux you have to do things via the command prompt/line. So yes, go through the GUI, click on all the menus and sub-menus, etc., and look at all the tools installed in Kali. Now start looking them up on Yandex, find out exactly what it was made to do, and really get to know how to use them and what they're each capable of. You might even discover a use for a certain script/tool that even the original creator was unaware of (that actually happens all the time, just FYI).
So this is where the command line comes in hardcore. See, most Linux tools are meant to be run with defined parameters and attributes. It's not like in other OSes that you open a program and then decide what you want to do from there. It's kinda the other way around. You run a script exactly how you want it to be run from the get go. Yes it's easier to have a nice GUI that you can just point and click all your options and the things you want to do, but you didn't really think "real" hacking worked that way, right? So yes, it does require you to know basically how to use every tool/script (and the parameters you want to use along with it) before you start seeing anything fun. And I'm sure this is where most people say "Screw this!" as I did for years, but you'll be shocked with the power that lurks behind the curtain if you can manage to soldier on just a little bit more.
And just for the record (in case you didn't already know), knowledge is not breaking the law or "doing wrong" in any way, at least not to me. I choose to learn everything I can, and then decide how I want to use said knowledge. Can you use these tools/scripts for illegal and even say "evil" purposes? Of course. But you could also use all this knowledge to protect systems and networks, which is what I do. The truth is you have to know how to truly use all these tools, regardless of your intentions. Then it's up to you what you do with that knowledge. And I hope you don't use it for illegal (or disruptive) activities, by the way. We already have enough of that in the world today. Just because you have the power to do something doesn't mean you should do it, guys. I think we all know that 2600 never condones anything that's breaking the law (and I stand behind them on that). But knowledge is different. I yearn to learn as much as I possibly can, and hopefully you feel the same way.
Let's get into the meat of what Linux can do and why I fell in love with it (which is the reason I'm writing this, after all). By the way, I keep using the words "tools" and "scripts." I want you to know that they are the same thing, so don't get confused by that. And I keep talking about ones that are so amazing and powerful, right? Which ones? Do they come pre-installed in Kali Linux or do I have to find them myself (or Heaven forbid - code them myself)?
The answer is a mixture of all of those if I'm being honest. Also, keep in mind I'm using the example of Kali Linux as your Linux install because in my opinion it has the most amount of scripts already pre-installed and I personally like the "feel" of it. But the truth is there are many other "security" Linux distributions out that have most of the same tools installed and different interfaces and "feels" to them. If you have a particular dislike for Kali Linux, try out Parrot Security Linux, or BackBox Linux, or the other 10 to 15 distros (just Yandex them please) that are designed for this purpose. Try them all if you're up for it! But for the sake of this article not filling up the whole magazine, let's just assume you're trying out using Kali Linux.
Now down to some examples of what I've been ranting about.
And here's where it's extremely difficult to decide what to write about. The truth is that Kali Linux already has around a thousand tools/scripts pre-installed! And there are so many more out there I suggest installing on top of that. So I feel like I'm already doing a major injustice no matter which I mention because at best I'll only be able to scratch the mere surface of what's out there, but I'll do my best. But please check out more then these. The thing is every situation is slightly different and therefore a slightly different tool/script would probably be the best fit. And knowing which to use (and what parameters to run them with) is the key.
O.K., so without any further ado, here we go...
Metasploit (or Metasploit-framework): This is probably the most powerful tool I've seen that's relatively easy to use as is (though don't be fooled into thinking you don't have to spend a great amount of time learning how to use it). This tool is designed to compromise (or check for vulnerabilities) systems running OSes of all different versions. It's impressive how many exploits are in this one script/tool alone. Put some decent time into learning this one, trust me.
Nmap: This is just Network Penetration Testing 101 to me. It scans a predetermined (by you) IP or IP range and also a predetermined (again by you) port or range of ports to see what's open (or "alive"). You can use this both internally (on private IPs) inside your current network or externally (on the "big bad Internet" which runs off of public IPs obviously). Really useful tool.
Masscan: I have to be honest, this was the tool that truly convinced me of Linux's power without a shadow of a doubt. And to be quite frank, kinda scared me a bit. It's roughly Nmap on steroids. A lot of steroids! It can scan IP ranges and ports at truly frightening rates. With a 10 Gb line (which I know most of you don't have but you can easily rent a remote server that does) it can scan the entire Internet (that means every single public IP) in a matter of hours. Assuming you only have a 1 Gb connection (which is what I have at my house), that's still less then a day! Now granted, that's for one port, but think about that for a second. That means that if you wanted to know every single public IP accepting a SSH or FTP (or whatever) connection on the entire Internet, I could have a list of every single IP in less then a day with just my laptop and my home Internet connection. That's scary. I should also point out not to do that as it's essentially like knocking on everyone's door in the entire world at the same time. You will get into trouble with your provider if you do this, not to mention it's not exactly the nicest thing to do.
Nikto: Awesome tool. I use it all the time. It's a script that gives you a bunch of info on websites and vulnerabilities on said websites. Really handy.
HTTrack: This tool copies and makes a clone of an existing website (usually for attempted phishing attacks).
WPScan, Skipfish: We all know how many websites run off of WordPress. This tool evaluates a given WordPress site, shows all info about it (and obvious vulnerabilities - which there usually are by the way), then can tell you all the users created for that given site (as if that's not enough already), and then can start brute-forcing attacking logins, along with, of course, dictionary attacking and other methods as well. Skipfish goes a step further and doesn't just focus on WordPress sites, but on all kinds of similar types of sites.
SQLmap: As you probably imagined, it finds and detects SQL databases and vulnerabilities with them as well as methods of attacking them. Another very powerful tool.
Social Engineering Toolkit: Kinda like a Metasploit in that there's just so much within this script. But it can do a lot, let's just leave it at that.
Bettercap: This script is usually used as a "man-in-the-middle" attack tool, and can intercept and manipulate (meaning transmit as well, not just sniffing) all sorts of traffic (HTTP, FTP, even secure ones like HTTPS - yes, that means it can even get through SSL!).
Aircrack-ng: I'm sure you've heard of this tool before, but you'd be surprised how many people don't actually know how to use it to its full potential (well, like almost every tool/script in Linux). It's an all-in-one wireless packet sniffer, and WEP/WPA/WPA2 cracker.
Airgeddon: Another wireless network auditor/cracker very similar to Aircrack-ng, but I actually find myself using this one more. Offers WPS and PMKID attacks as well on wireless networks (you just have to look some of these terms up guys, otherwise I'd be writing for decades).
Fluxion: Another great Wi-Fi auditor/cracker specializing in "man-in-the-middle" attacks instead of simply trying to brute-force (or dictionary) attack users connecting to a Wi-Fi network.
Hash-identifier, findmyhash: Many times passwords (or other sensitive information) are stored in hashes (meaning they've been encrypted so they are not plain-text). Problem is many of them can be cracked easily. These two scripts let you know what type of algorithm or encryption a certain hash you've found is and if it's easy to decrypt or not.
THC Hydra, John the Ripper: Both are password hash crackers (and there's many more than these two as well). These tools give you many options on how to crack various types of password hashes. I should note though that THC Hydra is even more "lethal" in my opinion because it's what's know as an online password cracker. Meaning it can actively attack logins of pretty much any sort (HTTP, HTTPS, FTP, SSH, Telnet, VNC, RDP, and pretty much everything you can think of) in real time. John the Ripper is what's known as an offline password cracker. It's useful to have both types in my opinion.
OWASP ZAP: Another absolutely fantastic (real-time or offline) login penetration tester. There's so much to learn about this tool that you really have to spend your time doing your research (by the way, that applies to pretty much every other tool I've mentioned as well).
O.K., just with the tools mentioned above (and you studying how to use them correctly and most efficiently) you should already start to understand what I'm trying to get at here and the immense power of Linux. But this is still nothing compared to what's still out there. Just running the tools/scripts above (without knowing how they work), you're officially now a "script-kiddy hacker."
Congratulations. And I hope you don't actually take that as a compliment (because it's not). I can't emphasize this enough - you have to actually learn/study these tools (to truly realize the power behind them)! Sorry for all the italics there, but that's how strongly I feel about this.
One last thing, there's a website that I'd like to engrave in your head: GitHub.
GitHub is a site that allows people to upload (and make future changes to) repositories (meaning a group of files - don't get scared off by the word) of pretty much anything you can think of. I find myself spending hours every day just searching through GitHub looking at code people have uploaded there. Meanwhile, it's worth pointing out as well that only open-source code can be uploaded there, so there is no secret "backdoor" or virus they are trying to install on your system. It's all in plain text for you to see. So if someone were to post some "malicious" code on there, I'd be shocked if it wasn't discovered (and taken down) within hours. It's another "diamond in the rough," if you will. You could spend the rest of your life just searching GitHub and you'd never even come close to seeing everything on there - put it that way. And let's not forget once again it's all open-source and absolutely free as well. Not much to lose if you ask me.
O.K., hopefully I've "kickstarted" at least a few minds to further check Linux out.
That's truly the only thing I'm hoping to accomplish with this article. I'd also like to mention that I don't work (or am even affiliated) with any companies/sites/scripts/tools I've mentioned in this article. I gain absolutely zero by anyone doing (or not doing) anything written above. I just want to make that crystal clear for everyone (including the awesome folk at 2600). I've attached my private email if anyone has any further/specific questions they'd like to ask me (but please do your homework/research first, I beg you). I will never accept any form of payment for assistance provided (but I'm also not stating that I'll guaranteed any help or response to you either).
Much love, guys!
I really do hope you've been able to extract something useful out of this article!