|
|
ITS 4550 - Fraud Prevention and Deterrence
Chapter 12, Linux and Penetration Testing
This lesson presents material from chapter 12. Objectives important
to this lesson:
- Linux in general
- Kali Linux
- Using Kali
- Linux Live CDs and DVDs
Concepts:
Chapter 12
This chapter is a high level overview of material from several of our
other courses, Ideally, you will already know a great deal more about
the subjects of Linux in general and Kali in particular than the text
presents here. If, however, you do not have this experience, this chapter
provides an introduction to the subjects.
The
text begins with the statement that Linux began as an attempt to write
an operating system similar to UNIX, but written for personal computers.
This article
on Wikipedia explains more about the history of Linux than the
text does, and it also presents a very large scale version of the graphic
on the right, which makes it clear that Linux versions can run on most
any hardware you might imagine or want them to run on. (For an immediate
view of a larger version of that graphic, just click the scaled down version
that appears on this page.)
The text dwells briefly on Linux being an open source, user modifiable
OS, but this ignores the various commercial versions that are now available.
The text does mention that there are several varieties of Linux. The original
was designed in 1991, and there have been many branches since. Page 293
lists eight different versions, which are also called distributions. Major
distributions typically include one or more GUI options.
In addition to GUIs, Linux distributions also come with a choice of command
line shells, each of which has a different grammar and a different set
of utilities. To say that the user has several choices is true, but it
is not very helpful. It is a little like shopping for a car. When you
don't know anything about the options you are going to need, it is silly
to be asked which ones you want. Unlike car shopping, some Linux options
are still options even after have made your purchase.
The text turns to a version of Linux with lots of options included, and
distributed ready to use for penetration testing: Kali
Linux. It is easy to get lost in the wealth of tools that Kali
includes. The author is quite complimentary, praising the usefulness of
Kali for security testing. However, the author does not go into the use
of those tools. In fact, looking over the training material on the Kali
web site, there is little in the way of useful tutorials that introduce
the product. Of the other sites I have found while making notes for this
chapter, I would recommend the TutorialsPoint
article about Kali, which includes a logical tour of features
and graphic aids to their locations and uses.
Oddly, the text returns to a more generic discussion of Linux structure.
The author explains that Linux distributions use the forward slash (/)
to separate folder name in paths to files. Windows systems use the backslash
(\) for the same purpose. It may be helpful to point out that URLs use
forward slashes for the same purpose, and that many servers on the Internet
run on Linux. For some of you, this is old news, for others, not so old.
For those to whom this is news, take a few minutes and browse my notes
for an
older class introducing UNIX and Linux. Once you have looked over
those notes, the author's discussion of Linux folders may make more sense,
as well as his accurate warning that Linux cares deeply about capitalization.
A Windows user who first encounters Linux is more likely to run into problems
by failing to pay attention to the proper capitalization of commands,
folders, and filenames than any problem having to do with slashes and
backslashes. The text provides a list of commonly used file system commands
on page 299. If you take a moment to imagine the problems that users might
have, moving from an OS that cares nothing about capitalization to one
that cares deeply and emotionally about it, you can appreciate the need
for a GUI that gives you access to the basic tools needed for a file system.
On page 300, the text turns to what it calls a unique feature of Linux.
Many versions of Linux are small enough that you can burn a copy of the
OS to a single CD or DVD. Or a pretty big flash drive, for that matter.
The point is that you can burn that copy so that it is complete (at the
time of burning it), and bootable (assuming your hardware supports booting
that way). This makes it possible to boot and run a computer from that
disc, which makes it possible to recover data from a hard drive that won't
boot. It also makes it possible to hack into the files on that computer's
hard drive with Linux tools. Page 300 lists several reasons for having
such a bootable disc, and some of them are clearly on the black hat or
white hat side of the ethical fence. Regardless, you are more likely to
get better use from a flash drive than an optical disc, since so many
new computers no longer have optical drives.
The text points out that running Linux in a virtual machine is a good
way to test the OS for hardware issues, and also a good way to test the
hardware and software of the system where you are running the virtual
machine.
|