Kali Linux 2.0 New Desktop Overview

Kali 2.0 Desktop 1

After ten years of evolution, Offensive Security brings us Kali 2.0! Kali 2.0 is by far the easiest to use of all the Backtrack/ Kali releases. For those used to the original Kali, the new Kali looks very different. But it is a good thing! The menus have been completely re-organized and streamlined and many of the tools are represented by helpful icons. Let’s take a look a few minutes and look at some of the new features of Kali 2.

If you purchased my “Basic Security Testing with Kali Linux” book which was written for the original version of Kali, this overview will help get you acclimated to the new desktop look quickly, all the underlying tools are pretty much the same. My new book, “Intermediate Security Testing with Kali Linux 2” is already written for Kali 2.0.

What’s new in Kali 2?

  • New user interface
  • New Menus and Categories
  • Native Ruby 2.0 for faster Metasploit loading
  • Desktop notifications
  • Built in Screencasting

Kali 2 is much more streamlined and the layout flows very well compared to earlier versions of Kali/ Backtrack. It just feels like everything is at your fingertips and laid out in a very clear and concise manner.

Desktop Overview

The new Desktop looks very good and places everything at your fingertips:

Kali 2.0 Desktop 2

Favorites Bar

The new Kali comes with a customizable “Favorites bar” on the left side of the desktop. This menu lists the most commonly used applications to get you into the action quicker:

Kali 2.0 Desktop 3

Just click on one and the represented tool is automatically started with the required dependencies. For example, clicking on the Metasploit button pre-starts the database software and checks to make sure the default database has been created before launching Metasploit.

Clicking on the “Show Applications” button on the bottom of the favorites bar reveals a lot more applications. The programs are arranged in folders by type:

Kali 2.0 Desktop 4

If you don’t see the app you want, just type in what you are looking for in the search bar.

Applications Menu

A list of common program favorites listed by categories is located under the Applications menu:

Kali 2.0 Desktop 5

The tools are laid out logically by type. For example, just click on the Web Application Analysis menu item to see the most common web app testing tools:

Kali 2.0 Desktop 6

Notice that I didn’t say “all” of the tools for a specific category would be listed. This is because the menu system only shows the top tools and not all of the tools available in Kali. In reality only a fraction of the installed tools in Kali are actually in the menu system. Most of the tools are accessible only from the command line.

Command Line Tools

The majority of tools are installed in the “/usr/share directory”:

Kali 2.0 Desktop 7
These tools (as well as tools listed in the menu) are run simply by typing their name in a terminal. Take a few moments and familiarize yourself with both the menu system and the share directory.

Auto-minimizing windows

Another thing that is new in Kali 2 is that some windows tend to auto-minimize and seem to dis-appear at times. When a window is minimized you will see a white circle to the left of the associated icon on the favorite bar. In the screenshot below, it is showing that I have two terminal windows minimized:

Kali 2.0 Desktop 8

If I click on the terminal icon once the first terminal window will appear, click twice and both minimized terminal windows re-appear:

Kali 2.0 Desktop 9

You can also hit “Alt-Tab” to show minimized windows. Keep the “Alt” key pressed and arrow around to see additional windows.

Workspaces

As in the earlier versions of Kali/ Backtrack you also have workspaces. If you are not familiar with workspaces, they are basically additional desktop screens that you can use. Hitting the “Super Key” (Windows Key) gives you an overview of all windows that you have open. If you have a touch screen monitor you can also grab and pull the workspaces menu open. With workspaces you are able to drag and drop running programs between the workspaces:

Kali 2.0 Desktop 10
Places Menu

The Places menu contains links to different locations in Kali:

Kali 2.0 Desktop 11

Screencasting

Kali 2 also has the capability to do screen casting built in. With this you can record your security testing adventures as they happen!

Kali 2.0 Desktop 12

Apache Webserver

At the time of this writing, the Service Icons to stop, start and restart Apache Web Server seem to have been removed from Kali 2. Not a problem as you can start them from a terminal prompt by using the following commands:

  • To Start – “service apache2 start” or “/etc/init.d/apache2 start”
  • To Stop – “service apache2 stop” or “/etc/init.d/apache2 stop”
  • To Restart – “service apache2 restart” or “/etc/init.d/apache2 restart”

As seen below:

Kali 2.0 Desktop 13

You can now surf to Kali’s webserver, notice the default webpage has changed from Kali 1:

Kali 2.0 Desktop 14

The root website is also one level deeper now located in a folder called HTTP:

Kali 2.0 Desktop 15
So when you use the Apache server, just drop your website pages/folders into the “/var/www/html/” directory instead of the old “/var/www/” directory.

Upgrading

Keeping your Kali install up to date is very important. Enter the following commands to update Kali:

  • apt-get update
  • apt-get dist-upgrade
  • reboot

Hopefully this overview will help get you up and running on Kali 2.0 quickly.

If you want to learn the basics of Ethical Hacking using the powerful Kali Platform using step-by-step hands on tutorials, check out Check out my Kali book series available on Amazon.com:

Basic Security Testing with Kali Linux

Kali 2.0 Book Cover

 

Advertisements

Book Review: Practical Mobile Forensics

practical mobile forensics“Practical Mobile Forensics” by Satish Bommisetty, Rohit Tamma, and Heather Mahalik is a great book for both the individual looking to learn more about Mobile Forensics and those looking for a good smartphone reference book.

The book covers mobile forensics on Apple iOS, Android, Windows and BlackBerry devices. With the majority of emphasis spent on Apple and Android based product.

In “Practical Mobile Forensics” you will find extensive information on Apple and Android devices including models, features, architecture layout and security.

It covers multiple tools (commercial and open source) to obtain, decrypt, and analyze smartphones including recovering deleted files, contacts, messages and other data.

I am pretty familiar with the Android platform, so the book was a good refresher course on how to connect to and recover data from an Android Device. Though, as I am not as familiar with the iPhone platform, I found the book a great learning tool about Apple mobile devices and how they function and store data.

I did enjoy too that the author not only covered commercial/ law enforcement recovery tools, but also included numerous step-by-step tutorials in performing many of the same functions with open source utilities. The tutorials were easy to follow and the book was full of reference links to find out more information on the tools and technology behind mobile devices.

Though written from a legal forensics/ law enforcement point of view, security individuals will also find this book a good reference guide for mobile devices.

I highly recommend this book.

Available from Packt Publishing and Amazon.com.

Book Review: Kali Linux Network Scanning Cookbook

Everything you ever wanted to know about scanning (and then some)!

Kali Linux Network Scanning

Security Guru and trainer Justin Hutchens has recently released an exceptional book on network scanning with Kali Linux. The book starts out with the very basics of network scanning and progresses through stages to more advanced scans and even exploitation.

All the basics are present, like using Nmap, ARPing, Scapy and other tools to perform varied levels of discovery, port scanning and fingerprinting.  You are then masterfully shown how to greatly expand the capabilities and functions of these tools by using scripting.

But it doesn’t stop there, you then move on to using scanning tools and Burp Suite to perform Denial of Service attacks, SQL injection and Metasploit attacks. Because really what is a scanning book without including offensive attacks?  🙂

The book is easy to read and follow using step-by-step instructions and screen views. It is setup in sections (called “Recipes”) so that if you want to know how to perform Layer 4 discovery using Scapy or DoS attacks with Nmap, you just go directly to that particular section.

I have worked with Justin on a couple projects and he is one of the most talented security teachers and authors that I have ever met. He covers material in this book that I have never seen covered anywhere else. If you have any interest in network scanning or want to learn a lot more about it, get this book!

Available at Packt Publishing and Amazon.com.

*** UPDATE *** Original print quality issues have been rectified according to the publisher.

New Book Out: Kali Linux CTF Blueprints

Kali Linux CTF Blueprints

A new Kali Linux book written by Cameron Buchanan has recently been published. This book published by Packt Publishing focuses on using Kali Linux and other Linux versions to create “Capture the Flag” (CTF) challenges:

If you are a penetration testing team leader or individual who wishes to challenge yourself or your friends in the creation of penetration testing assault courses, this is the book for you. The book assumes a basic level of penetration skills and familiarity with the Kali Linux operating system.”

About This Book

  • Put the skills of the experts to the test with these tough and customisable pentesting projects
  • Develop each challenge to suit your specific training, testing, or client engagement needs
  • Hone your skills, from wireless attacks to social engineering, without the need to access live systems

I am a technical reviewer for a lot of security books, magazines and training material and had the honor of being one of the reviewers on this project. The book is geared for those who have had some experience as a security tester and is familiar with using Kali Linux and penetration testing tools.

I found the book interesting and really liked Cameron’s sense of humor. Though it is not a book for someone who has never used Kali before, those who are interested in how Capture the Flag type contents can be run from a technical perspective will really enjoy this book.

Check it out!