I decided recently to try out Kali Linux against my network, and subsequently fell down a major rabbit hole. It started out with just a few nmap scans, but ended up with me buying a wireless network monitor for offensive pentesting against my whole wireless network. I’m going to be showing how I got Kali Linux, what I started using it for, and where I am at now.
I first heard about Kali from the NetworkChuck YouTube channel. As always, Chuck made it seem fun and exciting, like he does with everything tech related. So, I got VirtualBox on my Mac, downloaded Kali Linux, and spun it up in a virtual machine. Right off the bat, it failed. I downloaded the x86 version of Kali instead of the ARM version, which is what you need for a Mac, even virtually. So, after getting that figured out and getting it installed, I was greeted with Kali’s XFCE desktop environment.
The main selling point for Kali is the array of hacking tools it comes with out of the box. It has network hacking tools, password crackers, and even the infamous RockYou.txt downloaded. I followed along with a tutorial on how to find devices on a network and spoof their networks. This basically means that the router thinks you’re the client and the client thinks you’re the router. This is called a Man in the Middle (or MitM) attack, which is commonly used on open WiFi networks at places like airports or restaraunts. The program I used was bettercap, which scans for network devices and tells them that Kali is their router, and to the real router that Kali is the target client. This is very dangerous, as this makes a ton of other attacks possible, such as spoofing DNS to lead you to malicious websites, monitoring your network traffic, or even forcing files to download. Long story short, use a VPN. I personally recommend ProtonVPN, as it’s completely free and Swiss-based, making it extremely private and secure.
I saw another tutorial later about WiFi cracking. I though of trying it out on my WiFi networks, but I couldn’t passthrough my WiFi card in my Mac to Kali, so I ended up buying an Alfa WiFi adapter, as it supports something called “monitor mode,” which is needed for cracking WiFi. I got that delivered, and passed it through to the Kali Linux VM. I used a suite of programs starting with “air” to do this hack. First, I used airmon-ng to start monitoring on my WiFi adapter. Then, I used airodump-ng to scan for WiFi networks nearby and create a .cap file to capture information coming in about the network. This made it possible to use aireplay-ng to disconnect a random device on the targeted network, then when it reconnected, capture the encrypted login information to the network. It was still encrypted though, so I used aircrack-ng on the .cap file to decypher it. I knew what the password was for my network, so I just made a password.txt file for aircrack-ng to read and try against my network, but you can also use RockYou.txt to try millions of real leaked passwords. To no ones surprise, it cracked my WiFi. But how long would it take for a computer to guess my randomly-generated 16-character password?
Well, that’s a hard question to answer. If you had a quantum computer, less than a day. But if you had a dual-core Intel CPU, maybe a few years. But if I told you that the first character was j, that would make it a lot easier. Of course, the first character of my WiFi password isn’t j, it’s 9. I would never share my super-secret WiFi password on the internet. I’m not an idiot. But you still might be able to crack mine. So, always use strong passwords with multiple special characters like # and %. This exponentially increases the work computers have to do to crack your password.
So, Kali Linux helped me better understand network security. I’m still getting started on it, but so far it’s been very interesting. I haven’t touched 90% of the tools Kali comes with so far, and I barely used bettercap and the air suite. But I’m still learning, and this is an interesting course I could take in my IT journey.
Leave a Reply