Bootable Kali Linux USB - GrayHatsCC/Wiki GitHub Wiki

Purpose

The purpose of this exercise is to get immediate exposure to Linux while creating a useful tool. Please bring the the bootable USB to each meeting. This way if there are not sufficient desktops available. People can just boot of their USBs and have Kali running on their laptop instead (always bring your laptop). Alternatively you could use a VM...

If you're going to be creating a bootable USB right now. You should probably download the ISO, it can take a while. Remember to verify the hash once it's done downloading. See the integrity check section. https://www.kali.org/downloads/

Kali Linux

Kali Linux is a free and open source (you can see the code) Linux distribution that comes with common hacking tools pre-installed. The power of Kali comes from being able to boot into the Operating System (OS) and have a myriad of tools at your finger tips in a matter of minutes.

More info

Once the USB has Kali Linux burned onto it, the USB will act as a portable hard drive. Plug it into any computer and enter into bios and select to boot of the USB instead of the current hard drive. You may have to change the boot order around (remember to change it back). When you boot into the USB if you try to save something it will be saved in RAM and not on the hard drive (USB). You will need to enable persistence to actually store data on the USB across reboots. (https://docs.kali.org/kali-dojo/03-kali-linux-usb-persistence-encryption)

Action

And so we begin...

Steps

  1. Download Kali ISO image
  2. Check hash
  3. Insert USB into computer and find drive label
  4. check drive label
  5. Check drive label again
  6. If you write to the wrong drive you could nuke your OS
  7. Write to the drive
  8. Test

Verifying Hash

Verifying the hash of a file is a mathematical way to prove that the downloaded file was not tampered with in transit, is corrupt or simply the wrong file. We do this by performing a hashing algorithm on the file. The hashing algorithm program will spit out a value like so: d2a84f4b8b650937ec8f73cd8be2c74add5a911ba64df27458ed8229da804a26

We can then match this with the string of alpha numeric numbers that was provided by the publisher/company. If they match then we know that the file we downloaded was the file that the publisher intended for us to receive. If it was different, malware could have been injected into the file in transit, it could have been corrupted or the wrong file. There are several caveats that we need to watch out for. The first is there are different hashing algorithms that can be used. Here are some to name a few:

  • md5
  • sha1
  • sha256
  • sha512

It is important to note that some of these algorithms are no longer considered secure/safe to use. Collisions have been found. That means that two different pieces of data say A and B will equate to the same value. This is not good because if the data is even off by one (we can go more into this) bit the hash value should be different. This means that an attacker could craft a file with a piece of malware inside or inject some malware into a file, like file B but since there is a collision it will have the same hash value as the file A. Therefore when the user checks the hash with a weekend algorithm, they will falsely believe that they have the software that the publisher intended them to have, when in fact they have the software with a touch malware. All That being said MD5 and SHA1 are considered insecure (There are other algorithms that are insecure as well...)

Instead of the mentioned hashing algorithms above, you should do your best to use SHA256 or SHA512

Checking your the hash value on Windows

Open PowerShell and execute the following command: Get-FileHash {The name of the file goes here} -Algorithm sha256

Linux

sha256sum {The name of the file goes here}

Make sure that the produced hash value matches the one provided on the website. Make sure it's being served over https and NOT http

If the hashes match. Yay! If they don't delete the file and nuke your computer. jk just delete the file.

Check the Drive

For the next step, insert the USB into the computer. For linux execute the command: lsblk There are drives and there are partitions. The partition(s) will be branching off from the drive and will have an additional number associated with them. We are looking for the the USB drive, not partition. Look for the one that is around the size of your USB. Do not execute, but type the command dd if={the kali iso} of=/dev/{the drive name}

Check to make sure your selected drive is the USB. If not say bye bye to your operating system

Windows

For Windows there are many tools you can use for this process. See rufus: https://rufus.akeo.ie/