2020-10-21 - Kali Linux

Skill Level: Advanced

Kali Linux is a distribution of Linux configured for penetration testing, or pentesting. Kali has a wide variety of tools preinstalled for pentesting. This session's challenges will go through a selection of the tools available in Kali Linux.

Challenges

You can access the session through SSH.

SSH using sucsskali@kali.sucss.org with the password this-password-sucss. Anything on the network 172.19.0.0/24 is fair game to attack except for items named sucss-kali; you must not attack these.

There are five flags available in this session - they are of a higher value, as we expect the challenges to take longer than usual. There is a bonus flag worth 25 points for completing all five flags.

This session will only be available until Wednesday 28th October at 6pm.

Useful Resources for Session

nmap

A network mapper; this is an invaluable tool for networking purposes, such as checking what IP addresses are 'live' so to say and what services are running on a given IP address. Always a good place to start when checking over a range of IP addresses.

Metasploit

The Metasploit Framework specifically is a tool for executing exploit code against a remote target machine. This will come in useful for a few of the challenges.

Username list

Password list

Prerequisite Knowledge

This sessions assumes that you are familiar with a Unix shell. If you are not but wish to take part, we highly recommend that you read the first three chapters of this crash course.

Prerequisite Technology

You will need to be able to use SSH.

If you are on macOS or a Linux operating system, you can use the ssh command in your terminal.

If you are on Windows, you can either use PuTTY by entering the details. You can also use the Windows Subsystem for Linux, which would then allow for the use of the ssh command.