Things To Do After Installing Kali Linux
Today we are resuming our “Hacking with Kali Linux” series. So far, we have covered the content of the series and how to install Kali Linux. There are various ways we can install & use Kali Linux, and we have included them all in the last article.
Once Kali Linux is successfully installed, there are a few things that you need to do and understand before moving forward.
Important notice
Kali Linux is the greatest OS when it comes to pentesting or hacking. Currently, it has over 600 penetration testing tools installed and many more useful tools available in the repositories. With these many tools, we can not perform tests or attacks on other networks, devices, or websites without the owner’s written permission.
In this series, you will learn to perform network attacks, crack wifi passwords, exploit vulnerabilities to gain access to a website, and a whole lot more. But, you can perform none of these actions without the owner’s permission.
Performing attacks on other networks, websites, and devices is illegal and can cause legal trouble for you. Always perform tests in the local environment that we will build later in this article.
I hope you understand the rights of other human beings. Even after that, if you decide to perform any tests on others’ property, you’ll be solely responsible for your actions. LinuxAndUbuntu will not be responsible for that. This series aims not to produce hackers who ruin others’ lives but to spread knowledge to improve the security of their own applications or network.
With that being said, let’s start with the first step after installing Kali Linux.
Upgrade to a faster Kali repository
If you set up a repository during the installation and it’s working fine for you, skip this step. But many people knowingly or unknowingly skip the step, and as a result, they can not install or update any package.
In my case, I set up the repository during the installation, but the download speed from that repo is so slow that it may take hours to download packages.
Luckily, the Kali team has got it for us. There are several repositories across the World, and we can set up the closest and fastest for us.
To get the faster repository for your location, visit the official mirror list here. It’ll provide you a list of repositories, and you can select the one that’s closest to you. Copy the repo URL that looks like this –
https://kali.download/kali/
Now open the terminal and type the following command –
sudo apt edit-sources
Now, replace the repository URL with the new URL. For me, https://kali.download/kali is the fastest. So I have placed it right after deb and leave rest as it is.
deb http://kali.download/kali kali-rolling main non-free contrib
Update Kali Linux
Kali Linux is updated regularly. As I said, it has over 600 tools, so it has to be updated regularly.
To update Kali Linux, open the terminal and use apt to update the system.
sudo apt update
sudo apt upgrade
The above two commands will check for new updates and install them automatically.
Get familiar with the interface & basic tools
Xfce is the default desktop environment of Kali Linux. Xfce is known to be lightweight and fast on even old computers. If you have ever used Xubuntu, you should not have any trouble with it. If you prefer to use other desktop environments such as Gnome, mate, and KDE, it can be done during the installation.
When you’re installing Kali Linux, it provides an option to select what desktop environment to install. If you downloaded Kali virtual image, then it’s pre-configured with Xfce. To change the desktop environment after the installation or in a virtual image, you must manually install the desktop environment from the repository.
Here is how you can install another desktop environment after Kali Linux is installed –
sudo apt install -y kali-desktop-{desktop environment}
For example, to install gnome, replace {desktop environment} with gnome.
sudo apt install -y kali-desktop-gnome
For other desktop options available, please refer to this article. It has the list of desktop environments that are currently available in the Kali repo.
Notice
I do not recommend installing a desktop environment alongside the other one. Currently, all your applications are configured to work with Xfce, and installing a new desktop environment will cause configuration conflicts.
If you want to install your preferred desktop environment, then install Kali Linux as a host, not in a virtual machine, and choose your favorite desktop environment during the installation process.
Secondly, Kali Linux is based on Debian testing. Most of the packages in Kali Linux are imported as-is from the Debian repository. If you have used Debian or Ubuntu, then you should already be familiar with the Kali environment. Most of the tools, including package manager, are common between Kali and Debian.
root account
Many times when performing different tests, you may come across a permission denied error. When running a command, you should know if you’re running it as a root account or a simple user account.
Executing a wrong command with root privileges can cause major problems.
It is recommended to log in as a normal user and switch to the root account when needed. Or use the sudo command to gain root privileges.
To log in as a root user, type sudo su. It’ll ask for the sudo password and log you in as a root user.
Install Testing Framework
The most important step in learning Ethical hacking is to practice everything you learn. Executing any command on other websites or computers may cause legal trouble for you. But we have a solution.
We can install a testing framework on our own computer and perform any tests we want. It is legal, and the framework will allow us to perform various types of tests. A testing framework is simply a vulnerable application or set of applications built to practice ethical hacking.
There are many vulnerable testing frameworks available but, we are going to use DVWA. DVWA is set up as a simple web application. Many other vulnerable testing frameworks are much bigger and even come as separate virtual images.
DVWA stands for Damn Vulnerable Web Application, built with PHP and Mysql; it will require a web server and a MySQL server. I have installed Kali Linux as a host operating system and Windows 10 as a guest. I will set up DVWA on my Windows machine.
DVWA Requirements
- Web server
- PHP
- MySQL Server
In short, it requires XAMPP or LAMPP. We can install XAMPP on our Windows computer, and it’ll provide all the above packages required for DVWA.
Download XAMPP and follow the simple installation wizard to install it. Once installed, it’ll open the XAMPP control panel.
Finally, click the ‘Start’ button next to Apache and MySQL. It will spin up the apache web server and MySQL database server. Next, create a database for DVWA.
Open PHPMyAdmin in the web browser. URL – localhost/phpmyadmin
Now create a new database called ‘dvwa’. The database name does not have to be ‘dvwa’, but it makes it stand out if you have many databases.
Download DVWA
Now that our system is ready to install DVWA, we can download it and start the installation.
Extract the downloaded zip files in the server directory that exists at C:\xampp\htdocs. Rename the folder from DVWA-master to dvwa to make it shorter and easier to type.
Now copy the file config.inc.php.dist located under dvwa/config/config.inc.php.dist and rename it config.inc.php. Open config.inc.php and enter the database user and password.
By default, XAMPP creates a root user without any password. So type the user as root and leave the password blank.
Make sure you have entered the correct database user and password. After that, set up dvwa from the web browser. Remember that we renamed DVWA-master to dvwa. Now from the web browser, open localhost/dvwa/setup.php. It will open the following page –
Database Setup screen shows settings currently enabled on your XAMPP server. Settings in red are not enabled. For me, the only setting that’s needed to be enabled is allow_url_include. To enable it, open the php.ini file either from the XAMPP control panel or from C:\xampp\php\php. If you have other settings disabled, find them in php.ini and enable them.
Search for allow_url_include and change its value to ‘On’. Restart the server reload localhost/dvwa/setup.php.
Finally, click ‘Create / Reset Database’, and it’ll create the database and redirect to the login page.
The default username and password for DVWA are admin and password.
DVWA welcome screen.
That’s it. Damn Vulnerable Web Application is set up successfully. Remember, this application is extremely vulnerable, so you should never set it up on a cloud server. If you have set it up on your computer, anyone connected to your network can exploit vulnerabilities in DVWA. So keep this in mind and don’t expose this machine to the Internet.
Conclusion
That’s great! We have set up the hacking environment. From now on, whatever we learn, we can practice in a safe and local environment. If you have any problem understanding anything we discussed/set up above, let me know in the comment section. Or join our discord server.