Dual Booting Kali Linux and Windows 10

I recently setup my laptop to do a dual boot operating system with Windows 10 and Kali Linux. In the past I had run Windows 10 and used Virtual Box to run Linux distros as virtual machines. This worked fine, but I didn’t get the full use of my laptop since it had to share resources with Windows 10. Dual booting was fairly easy. I’ll make this short and sweet below.

  1. Make sure you have Windows 10 installed and working. If you hard drive is bitlockered, undo this for now.
  2. Make sure you have plenty of free space on your hard drive, 10GB required.
  3. Partition your hard drive to free up space for the Kali Linux install. There are several ways to do this, but I find this method saves a step or two.
    1. Boot to Windows.
    2. Right click the start menu and select Disk Management.
      diskmgmt
    3. Right click your drive and select “shrink volume.”
      shrink
    4. Input the amount you want to shrink the drive from.  This is the amount of unallocated spaced that will be left on the drive for your linux install. I did 30 gigs on mine. Just multiply whatever you want to be free by 1024. EX: 30*1024=30720 will give you 30 gigs of unallocated space.
      shrink2
    5. Confirm you have unallocated space as it should say it and have a black banner instead of blue.
      unallocated
    6. Now we are ready to proceed to the Linux install.
  4. Download Kali Linux and install it to a USB drive.
    1. Kali Linux Download
    2. Make a bootable USB drive
  5. Plug in the bootable USB drive and reboot your machine. Hit F12 while booting and it should give you the option to boot from USB.
  6. When prompted select install.
  7. Follow the steps until you get to the partition option.
    1. Select guided, use largest continuous space
    2. This will install Kali on the freed space you set aside in step 2
  8. When done, reboot and you’ll be presented with a GRUB loader to boot into Kali or Windows. Select your operating system and proceed.
  9. If you previously had bitlocker enabled in Windows, boot to Windows 10 and enable it now.
  10. By default the GRUB loader will select Kali Linux as the default OS to boot to.
    1. If you want to change Windows 10 to be default you’ll first need to boot to Kali Linux.
    2. Something to note, when booting you will see a list of boot options from top to bottom. Zero equals the top options, one the second, and so forth. Just remember this for when we update the GRUB. In the example below zero would be Kali and 2 would be Windows 7.
      grub
    3. Once in Kali open terminal
      1. I use Nano for this option, but you can use whatever text editor you want
    4. nano /etc/default/grub
      grub2
    5. Go to GRUB_DEFAULT and change 0 to 2.
      grub3
    6. When done hit ctrl+x and y to save changes.
    7. Now enter update-grub
  11. Now when you reboot your system it should automatically boot to Windows 10. If you need to boot to Kali make sure you select it before the GRUB loader defaults to Windows.

208 total views, 1 views today

My Pen Testing Tool Kit

When I first became interested in Pen Testing I had no idea where to begin or the tools to use. In this blog I will cover the tools I use most often and their purpose. Every kit is different, but this is what I use the most.

Here is my list, I will discuss each item in detail:

  1. Kali Linux
    A. Installed on HP 110 Netbook
  2. Alfa AWUSO36NH Wireless Adapter
  3. Wifi Pineapple
  4. 2 x Yagi Wifi antennas
  5. USB Rubber Ducky
  6. NooElec USB RTL-SDR
  7. Maxpedition Lunada Gearslinger Bag

PenTestingToolKit

Kali Linux

When I first started getting into Pen Testing I was trained on CentOS then I moved to Backtrack. I’ve now moved to Kali, which most people are now are using. Granted, you can use any OS you want for Pen Testing, and usually I have to use different ones, but Kali has almost all the tools in one place.

I installed Kali on an old HP Mini 110 netbook. It is not the fastest, but it does fine for running scans and exploits. If you are attempting to do something processor intensive, like password cracking, it is a good idea to run this on a machine that has more power.

This leads me to the next feature with Kali. Kali gives you the option to create a bootable USB image. This link covers how to set that up. The good thing about having a bootable USB is that you do not have to install the OS on your machine to use it. Just run it in live mode and you’re good to go.

The last option for running Kali is to run it as a virtual machine, which I do use regularly. I personally use VirtualBox whenever I do virtual machines. VirtualBox is free and has a lot of helpful articles. Kali actually has images available for download forVirtualBox and WMware.

 Alfa Network Wireless Adapter

In my opinion there are two easy ways into someone’s network. The first is to “ask,” for access via social engineering. The second is wireless exploitation. Wireless testing is one of my favorite aspects of pen testing. I use a Alfa AWUSO36NH Wireless Adapter for wireless testing. The Alfa adapter allows you to run WiFi scans to determine encryption on networks, network names, MAC addresses, and also inject packets back into the networks you are trying to test. With this tool you can crack WEP in no time, capture WPA2 handshakes for offline cracking, and exploit WPS enabled Access Points. You can also use different antennas, like the Yagi ones in my kit.

WiFi Pineapple

The WiFi Pineapple is another wireless auditing tool. It comes with two antennas, which can be swapped for other antennas. The Pineapple can do recon of access points in an area, exploits on those access points, or act a free, open WiFi network. If a person were to connect to the open network you can utilize the Pineapple to act as a man in the middle and strip out packets, spoof DNS, capture credentials, and much more. The WiFi Pineapple is sold by Hak5 and is a great, fun tool to use.

Yagi WiFi antennas

To help increase the distance for my wireless testing I purchased two directional Yagi Antennas. These antennas can connect to the Alpha Networks Card or the WiFi Pineapple. These antennas were around $20 dollars for the two on EBay.

USB Rubber Ducky

The USB Rubber Ducky is the ultimate Social Engineering tool. This looks like a common thumb drive, but it is far from that. It is actually a keystroke injection attack platform. Basically it acts like a keyboard when plugged into a person’s machine and automatically types out commands. The commands are placed on the rubber ducky via a simple scripting language, saved to a Micro SD card, and inserted into the rubber ducky. These scripts can execute programs, save files and FTP them to remote locations, insert backdoor connections to machines, and many more things. A pen tester could drop the device in a common area in the hopes a user will plug it in. The rubber ducky can execute commands very quickly, making it an ideal tool to use when testing physical security. If you are able to get in front of a machine, plug the rubber ducky in and let it run the scripted commands while you do some more exploring around the complex. Of course, you’ll need to have it configured prior to using it.

NooElec USB RTL-SDR

The NooElec USB RTL-SDR is a mini Software Defined Radio USB device. It comes with a small antenna, but you can purchase a larger replacement if you want. With SDR, a pen tester could test anything that run over radio waves, not just WiFi. Things such as smart meters and RFIDs are a few examples. I’m new to SDR, but have had some fun with it like picking up the local Fire/EMS/Police dispatch. This device is very inexpensive, around $20.

Maxpedition Lunada Gearslinger Bag

No Pen Testing kit is complete without a tacticool bag to carry it all in. The maxpedition bag is very durable and can store everything I carry, with the exception of the yagi antennas. These can actually be strapped to the sides if necessary with the use of the MOLLE system. The bag is not very big, but can pack in an IPad or netbook without a problem. Definitely a great bag for when you don’t want to tote around a full size backpack.

My pen testing tool kit took me several years to put together. I’m still modifying it all the time. This is an ever evolving game, and so should your pen testing tool kit.

273 total views, no views today