Kali Linux 2018: Windows Penetration Testing - Second Edition

4.5 (2 reviews total)
By Wolf Halton , Bo Weaver
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Choosing Your Distro

About this book

Microsoft Windows is one of the two most common OSes, and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, and forensics tools, and not the OS.

This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. You will start by learning about the various desktop environments that now come with Kali. The book covers network sniffers and analysis tools to uncover the Windows protocols in use on the network. You will see several tools designed to improve your average in password acquisition, from hash cracking, online attacks, offline attacks, and rainbow tables to social engineering. It also demonstrates several use cases for Kali Linux tools like Social Engineering Toolkit, and Metasploit, to exploit Windows vulnerabilities.

Finally, you will learn how to gain full system-level access to your compromised system and then maintain that access. By the end of this book, you will be able to quickly pen test your system and network using easy-to-follow instructions and support images.

Publication date:
October 2018


Choosing Your Distro

Since the first edition of our book, a lot has changed with Kali Linux. Besides Kali now being a Rolling Distribution, it now comes with several Desktop Environments and several different kernel architectures. This means you can run Kali from a small Raspberry Pi or from a full-blown workstation built for speed and power. By adding a normal user account and a little extra configuration and packages, you can make Kali your Daily Driver OS. In this chapter, we will discuss the several desktop environments and the pros and cons of each. This will help you decide which distro to download for your trip into the world of hacking with Kali. If you are not familiar with Linux, this chapter helps give you some under the hood knowledge of Linux and its design.

  • Desktop Environments
  • Choosing your look and feel
  • Configuring for your Daily Driver

Desktop environments

One of the big differences between Unix/Linux systems and Windows is they truly are modular in design. Sure, I know Microsoft says Windows is modular in design, but this really isn't the case. With Windows, the desktop is seamlessly integrated into the operating system. So, until Server 2012, you had to run a Windows server with a running GUI. With Server 2012, you have the option to run the machine headless, but the server's use is very limited running in this mode. Try to uninstall Internet Explorer; well, you can't. Yes, Internet Explorer is an application that has one of the largest security footprints of any common application. Yes, Internet Explorer has system-level access. Yes Toto, this is a problem, which we will exploit later in this book, but for this chapter let's focus on desktop environments.

Linux truly is modular in design. Linux's father is Unix, and Unix's whole design concept was small interactive programs that could be chained together to perform larger tasks. Linux is also designed this way. Actually, Linux is just the kernel of the operating system invented by one man, Linus Torvalds. Almost everything else is a collection of small applications bolted together to make the boy go. A large and constant component set that helps the kernel interact with the hardware is encompassed by the name GNU toolset. Most of these tools were ported from Unix, or rewritten to avoid copyright complications, but still use the same inputs and outputs.

So, with this design structure, the GUI is just another module that can be changed or completely removed from the operating system without any effect on the lower working parts. This gives Linux the ability to do anything from being a Smart Watch to running the Hadron Collider or... be a hacking machine.

Desktop environment versus Window Manager

One important distinction that may help you understand how Desktop Environments work on Kali and other Linuces (plural of Linux) is that of the Window Manager. A desktop environment, also called a GUI, generally includes folders, wallpapers, desktop widgets, icons, windows, toolbars, and interfaces for applications. The Microsoft Windows desktop environment may have been the first such metaphorical construct you discovered. Your smartphone has a desktop environment, and the dramatic failure of the Windows 8 desktop environment was an attempt to merge development of the Windows CE (phone GUI) and Windows 7/Server 2003 GUI. The mistake Microsoft made was assuming that there were more workstations with touch screen capability. Plainly the technology existed, but the monitors were expensive and not in wide use. Bo and Wolf think the Ubuntu Unity desktop environment was a failure based upon the same design assumption. Mouse-driven workstation interfaces are here to stay for a little while longer.

In Kali, a desktop environment usually interacts with a Windowing System such as the X Windows System, or Wayland, which runs directly on top of the hardware, and a Window Manager application which is the interface the user sees and with which the user interacts. The Window Manager provides the look and feel of the Kali Linux experience. There are several Window Managers that can be used with almost any desktop environment in Kali Linux. One of these is the Enlightenment Window Manager, which is included in Kali ISO downloads as E17. The main difference between E17 and a full desktop environment, such as KDE or Gnome, is that E17 has few applications that are built specifically for E17, whereas KDE and Gnome have specialized apps that need a large number of dependencies met to run them in some other desktop environment. Kate and gedit are the specialized text editors for KDE and Gnome respectively.

Enlightenment (E17)

Installing the E17 ISO is rather similar to the installations of any of the other desktops, as long as you are using the default install option. The standard boot screen is runlevel 3, with only a command-line interface, so you have to use the startx command to see the desktop interface. This is shown in the following screenshot:

E17 startup screen

On your first login to the E17 environment, you will be asked a series of questions you already answered in the installation process:

  • Language: The default highlighted is US English.
  • Keyboard Layout: The default highlighted is English (US).
  • Profile: This is hardware profile and the choices are Mobile and Computer. The default highlighted is Computer.
  • Sizing: This is title size. The choices are from 0.8 to 2.0. The default highlighted is 1.0.
  • Window Focus: The choices are Click and Mouse Over. The default highlighted (and the general Linux default) is Mouse Over.
  • Checking to see if Connman exists: Connman is the Enlightenment network connection manager. Click to install/enable Connman.
  • Compositing: This is the source of most of the eye candy in E17. The default is to Enable Compositing, but you might want to use hardware-accelerated (Open-GL) compositing if you are doing a bare-metal installation. If there is a shortage of RAM or you are using a machine with an older processor, you might not want to use compositing at all:
First boot compositing choices
  • Updates: You can enable Checks for Enlightenment Updates. The default is a check in the box to authorize this update. If you are running within a target network, clear this checkbox. It isn't particularly stealthy to have a randomly occurring network check going out to https://www.enlightenment.org/ if the network is supposed to be Windows-only.
  • Taskbar: Enabling the taskbar lets you see open applications and Windows on your Kali Linux E17 desktop. This is enabled by default.

Once you are through with the configurations, E17 will show you the desktop. The following screenshot shows the default desktop. The first thing you might notice is that the background is a flat white plate. The menu line at the top is from Virtual Box. The menu bar at the lower edge is reminiscent of the Apple Mac toolbar. The floating menu bar in the middle is achieved by right-clicking the desktop:

E17 default desktop

The basic default file management window is shown in the following screenshot. It is readable but hardly exciting. If you click on the desktop menu, you can add gadgets. I have added a system gadget to the Taskbar, but you could just as easily place it anywhere on the desktop. The following screenshot shows the right-click menu from the Backlight gadget. If you click Begin Moving Gadgets, you can move all the gadgets around until you click on Stop Moving Gadgets:

Move gadgets

E17 Window Manager issues

  1. Almost all of the security tools are lumped together under the Other Menu, under the Applications Menu, which may cramp your style somewhat.

  1. If you open the click menu too close to the right-screen border, the submenus are offscreen. The effect of Other Menu overcrowding is shown in the following screenshot:
Effect of Other Menu overcrowding
  1. This version of Enlightenment is several years old. The current major version is 22. Perhaps the folks at Offensive Security who created Kali decided to freeze Enlightenment at major version 17 because the Enlightenment developers are moving toward using the Wayland windowing system, and by default Kali-E17 is using the xorg windowing system.

To check whether your version of Kali is running xorg or Wayland, type xdpyinfo on the command line. If it is running a pure Wayland environment, the command will fail. If it is using xorg, it will produce several lines of information about your video configuration. The following screenshot shows a truncated screen of the results on the default installation:

Truncated xpdyinfo output
  1. The easiest way to get at all of the security tools would appear to be opening the Applications | Run Everything dialog, as shown previously. I discovered that this returns an error code when I attempted to open xterm, the default terminal emulator in E17, to install my favorite software installer app, Synaptic. I had to go to the Applications | System Menu and open xterm from there. There does not appear to be a simple fix for the failing Run Everything widget. Perhaps upgrading to the current stable version of Enlightenment (E22.x) would solve it, but the solution would probably require revamping the windowing system, which is a non-trivial undertaking.

To install synaptic:

#> apt install synaptic

To change wallpaper in E17, click on Applications | Settings | Wallpaper Settings. This opens the dialog that is shown in the following screenshot. You can choose your own desktop image or one of the factory images:

Change desktop wallpaper

Gnome desktop

Back in the days of Backtrack, which was the precursor security platform to Kali Linux, the default desktop environment was a very stripped-down version of KDE. When Backtrack was deprecated and Offensive Security published Kali, the default desktop was changed to Gnome. Backtrack was a live-disk CD only, and was not intended to be installed on any computer. The Backtrack version of KDE was stripped down to be able to load from a standard CD. This stripping down removed a lot of the desktop functions. When Kali was published, it was designed to load from a live DVD, and to be installed on x386 and amd_64 architectures. Gnome is slightly reminiscent of the Windows 3.11 look and feel, and uses less memory to draw the desktop than KDE.

The Gnome desktop has been around since the early days of Linux. The Kali Linux default desktop environment is Gnome 3. When you do a standard install, the desktop looks like this:

Gnome 3 default desktop

The toolbar on the left border is the favorites group. When you open any application, its icon arrives in the favorites group on the left, as can be seen in the following screenshot, where I have opened OWASP ZAP:

Adding an application to the favorites group

The security tool menu is found under the Applications tab in the upper-left corner of the desktop. This is a very good categorized list and makes it easier to find any tool you wish to use. The list is shown in the following screenshot:

Gnome application menu for Kali

Changing the desktop image in Gnome 3 is easy, but the settings menu is a bit hard to find. It is hidden under the icon in the upper-right corner. The following screenshot shows the system menu, which has the sound volume control, the network connection dialog, and the settings editor:

Gnome system menu

Most of the settings in Gnome are found in the settings dialog, shown in the next screenshot. There are settings sheets for Wi-Fi, Background, Notifications, Search, Region & Language, Universal Access, Online Accounts, Privacy, Sharing, Sound, Power, and Network. The following screenshot shows the desktop editor, with the default desktop images:

Gnome settings dialog

To change the images, you simply click on the image you wish to change. That opens a dialog box and you can choose one of several included images, or choose one of your own from the images in your Pictures directory:

Gnome 3 desktop issues

  • There doesn't seem to be any easy way to add applications to the favorites group
  • The drop-down menu bar uses a slider bar to take you down to the Usual applications menu instead of a full-length sub-menu

KDE desktop

KDE has been around since the early days of Linux and is Bo Weaver's favorite. With age comes stability and KDE is a very stable desktop. The look and feel are very similar to Windows, so for a Windows user it is easy to use. One advantage of KDE is that the desktop is highly configurable. If you don't like what it looks like, just change it. This can be a big advantage. KDE comes with all the latest Jumping Monkeys and features. You probably like your desktop environment your way, like we do. It doesn't matter what latest thing has been added as long as you can configure the desktop to be the same as it has been for years. This helps with muscle memory. Muscle memory comes into play because having everything in the expected place makes the overhead of the job lower, because there isn't any time spent searching for common tools you use every day. It is more effective not to have to think about where a tool is hidden on the machine or how to save a file since the developers decided the application no longer needs a menu bar. With KDE, you can change your desktop back to an old-school no-frills desktop with everything just like it has been for years. If you are bored, you can customize the desktop beyond any semblance of the default Kali look. The next screenshot shows the default desktop with the Start menu open at Applications. The menu organization is similar to the Gnome 3 menu you have already seen:

Default KDE Kali desktop

One drawback of KDE is since it is so highly configurable and does come with a lot of built-in features, it is very heavy on the memory of the machine and puts a demand on the video card. KDE does need to run on a modern machine with a good amount of memory. Also, being so highly configurable, it is easy to sometimes screw up your settings.

One advantage of KDE is the desktop widgets. Desktop widgets are small applications that run on the desktop to do a number of things. When hacking, you need to keep an eye on your local system resources. There are widgets you can use to keep an eye on system memory, CPU, and network usage at a glance. It's a sad thing to be in the middle of work, fire up one more tool, and have your system crash because you ran out of memory. Using a widget, you can keep an eye on memory usage, network, and CPU usage.

KDE also works really well when using more than one monitor and is completely configurable in assigning which monitor is the main monitor and where your toolbar go. It also reverts to using a single monitor without a reboot or playing with the configuration. This is great when your machine is a laptop that you move a lot.

The KDE developers seem to understand that the desktop interface for a tablet will not work on a workstation that uses a mouse. Since the advent of the tablet, KDE now really comes with two interfaces, Plasma and Neon, and they interchange when the hardware changes. They both use the same backend toolsets; only the look and function changes when changing from tablet mode to workstation mode. This was a failure with the Windows 8 desktop and also a failure with the Gnome desktop. You cannot design an interface to work with your finger and with a mouse. What you will always end up with is an interface that doesn't work well with either.

KDE issues

KDE is graphically busy and uses a lot of resources. This makes it unsuitable for a very old machine, or one with low graphics memory.

  • SHOW STOPPER!: This is an installer issue, and you may not get this effect. The folks who created Kali Linux add updates to the ISO disk files over time, and when Wolf did this install, it came up with this issue. It is easy to fix, and the important thing is not to panic. You did nothing wrong if your install shows up like this. After installation, the KDE instance loads to the tty1 full-screen CLI and startx does not start the GUI. startx is part of the xinit package, so you can install xinit by entering the following as root (the account you just logged in as):
#> xinit
KDE startx after installing xinit

LXDE desktop

LXDE, which stands for Lightweight X11 Desktop Environment, was designed in 2006 by Hong Jen Yee, a Taiwanese programmer who wrote the first module of LXDE. It was a file manager. This is reminiscent of the creation of the Linux kernel itself, where Linus Torvalds started with a file manager module. Installations had problems, but the live disk seems to work well. I noticed the Kali-Linux graphical installation asks for machine domain but regular installation does not. The following screenshot shows the default LXDE desktop.

This desktop environment is also reminiscent of Windows XP with the menu launch button in the lower-left corner:

LXDE default desktop view

To change the desktop background, go to the menu in the lower-left corner and choose Preferences | Desktop Preferences. The menu is shown in the next screenshot. If you want great choices for background images, check out https://pixabay.com/:

LXDE desktop image preference dialog

LXDE issues

  • SHOW STOPPER: Graphical installation failed because No partition table planned and no creation of file systems have been planned
  • SHOW STOPPER: Regular installation failed because No Operating System Installed

MATE desktop

The MATE desktop is a fork of the now-deprecated Gnome 2 desktop environment. MATE stands for MATE Advanced Traditional Environment. This is a similar structure to the GNU acronym, GNU is Not Unix. The renaming of the fork to MATE avoids naming convention issues with the still-current Gnome 3 environment.

MATE includes forks of many Gnome applications, and developers have written new applications. The names are in Spanish to reflect MATE's Argentinian origin.

MATE applications include the following:

  • Caja: File manager (from Nautilus)
  • Atril: Document viewer (from Evince)
  • Engrampa: Archive manager (from Archive Manager)
  • MATE terminal: Terminal emulator (from GNOME Terminal)
  • Marco: Window manager (from Metacity)
  • Mozo: Menu item editor (from Alacarte)
  • Pluma: Text editor (from Gedit)

The first boot, and all subsequent boots, of MATE bring us into runlevel 3, as shown in the following screenshot:

MATE first boot

The default GUI for MATE is familiar to most Linux users, as it is a near-mirror image of Gnome 2. The next screenshot shows that desktop with the default Kali logo. The Applications, Places, and System menu structure has been a long-standing mark of a Linux desktop, and many longtime Linux users welcomed the efforts of the MATE team to maintain the tradition:


The following screenshot shows all three system menus from the MATE desktop with representative submenus open. The Places menu opens Caja (file management) windows:

MATE System menu

The look and feel menu offers you 12 preset appearance preferences, and those can then be customized further. The following screenshot shows a selection of those presets:

MATE appearance presets

MATE issues

The behavior of booting into runlevel 3 is difficult but not insurmountable, as we know to try startx when faced with this screen. Depending upon the day you download MATE, you might or might not run into this issue. This is the standard runlevel for servers, but you probably want to use both GUI and CLI tools in Kali Linux.

Xfce desktop

The Xfce desktop is a lightweight desktop environment and is Wolf Halton's personal favorite. He used Xfce to conserve resources when writing the first edition of this book. He is using it today as part of a highly customized and quixotic version of the Ubuntu Studio operating system to work on the current edition of the book.

The initials are spoken in the name of this desktop environment as ex-eff-cee-ee. It used to be an acronym for X-Forms Common Environment, but it uses the GTK toolkit rather than X-Forms these days. Xfce was initially designed to be a replacement for the CDE, which was a Unix Common Desktop Environment in 1996, when the latter was still proprietary. Some people might consider Xfce to be a bit old-fashioned in its look and feel. The default Xfce desktop is shown in the following screenshot:

Xfce default desktop

The toolbar at the bottom is minimal but fully functional:

  • The first button minimizes all windows, showing the desktop
  • The second button opens a command-line Terminal emulator
  • The third button opens the Thunar file manager
  • The fourth button opens the Firefox web browser
  • The fifth button is the Application Finder
  • The sixth button is the active user's home folder

The following screenshot shows the outcome of opening the root home folder, a Terminal emulator, a browser window, and the application finder. The application folder has an application menu in it that is the same as the Applications button in the upper-left corner:

Xfce lower toolbar illustrated

The most obvious way to change the personalization is to change the desktop to an image of your choice. There are four tabs of options to make deeper, more subtle changes to the desktop environment and make Xfce your own. Three of those four tabs are shown in the following screenshot:

Xfce Appearance options

Xfce issues

There are no real showstoppers in Xfce desktops. Perhaps this is because Xfce is a very stable desktop environment; it has never brought any issues.


Choosing your look and feel

Look and feel are subjective. Nobody has a totally average temperament. Use cases will play a large part in your choice of hardware and the amount of customization that makes you happy:

  • If you are always running from USB sticks, or from live DVD disks, it is probably best to use the Gnome 3 desktop, as it has been tested the most by developers, or the Xfce desktop, because it uses the least resources
  • If you are installing into VMs, you might want to use the Xfce or LXDE desktop environments, because VMs tend to have low resource levels
  • If you are loading to a dedicated server or laptop, you may have the highest resource levels, and you are unlikely to blow the OS away very often, so choose the E17 or KDE desktops because they are the most customizable
  • If you already have deep understanding of any of the desktop environments, you should probably choose that one, just for the comfort level it provides you

Configuring Kali to be your Daily Driver

Kali has come a long way since it was first developed. It was first a stripped-down version of Linux designed to be run as a VM or from a USB or CD. Your tools for normal computing just were there. You will notice that Kali is designed to run under the root account. During the setup, there isn't the normal Set up a user account section in the install like most other distros. Of course, this is normally a big security no-no. A normal user should never have root-level access to the system. Today on most Linux distros, the root account is basically disabled from interactive logins, and instructions written on administration of the system tell you to use sudo to gain access to system-level files. GUI-based administration applications require a user to sudo in and use their credentials to open and save a configuration change to the system. This is a great idea for a system set up for normal use, but when pen testing you need direct hardware and system-level access. Using sudo in front of every command just isn't a useful option.

The next screenshot is of the desktop from the machine on which Bo wrote this chapter. Since he was writing a document, looking up information on the internet, and checking his email, he used his basic unprivileged user account. Note his personal photo on the desktop. When using more than one account on a system (especially when one of the accounts is root), you might want to have a different wallpaper for each account. This helps remind you how you are logged in and keeps you from doing something stupid when in the root account. This also helps protect you from the nasties on the internet:

Bo Weaver's desktop

The following screenshot is the root desktop for this machine. There's no doubt where you're at when you are using this wallpaper:

Bo Weaver's root desktop

User account setup

After you have Kali set up and running, you'll need to add the normal user account to the system to make it your Daily Driver. The User Manager applications were not loaded with most of the Kali distros. They can be installed, but the easiest method and the one that works on all distros is the good old useradd command from the Terminal, as shown in the next screenshot.

The user for this and all other user processes is root:

Adding an admin user

To break down the meanings of the command options, the following is an example of adding user fred with a password of Password. Be sure to change the username and password to your unique account; we won't allow fred on our networks anymore:

useradd -m -U -G sudo -p LamePassword fred  

The flags we are using with this command are as follows:

  • -m: Sets up a home directory for the user in the /home directory.
  • -U: This flag sets up a unique user group for the new user, with the group name the same as the username.
  • -G sudo: This adds the new user to more than his own group. You will want your normal user account to have sudo access, so we are adding the user to the sudo group.
  • -p LamePassword: This flag sets up the password for the account. Please don't use something lame here.
  • fred: We end the command with the new username for the account.
  • Next, just hit the Enter key and the new user account is set up.

There are a couple of applications you'll want to load to have a working desktop: either LibreOffice or Apache OpenOffice, and an email client. OpenOffice is not in the Kali repos, so for this demo we will use LibreOffice. Mozilla Thunderbird is a useful email/scheduling tool. We'll use this for our demo. Kali doesn't come with an email client installed by default since it is designed to run under root. A word of warning: never open emails under a root account. Bad things can happen!

First, make sure your package list is up to date, so run this:

apt-get update  

Next, install OpenOffice and Thunderbird:

apt-get -y install libreoffice thunderbird  

Or, use this:

apt install libreoffice thunderbird  

The -y flag will answer yes to installing the packages. At this point, get a cup of coffee or take a little walk, as this will take a bit to install. The second command does the same thing, but it lets us look at the packages to be installed and upgraded. An abridged readout of the results of the second command are shown in the next screenshot. This screenshot shows wavy lines between the major sections of the install, to fit it all into the image window from the three screens of detail that are actually there. There are dozens of suggested packages, and you can ignore these and just hit the Y key for yes. You can also go back later, copy all the suggested package names from the Terminal window, and run this command:

apt install [all those names you just copied]  

Add them into your installation:

Installing mail client and Office apps

So, now you are ready. Change your root desktop to something that reminds you that you are logged in as root. Log out of root and, at the login screen, enter the new user's credentials. Once you are in, you now have a running account with the full security of a normal user account. Using this account, you are safe to browse the internet, read email, and do all the other things you normally do with a system. When you need to do a little pen testing, just log in as root.



In this chapter, we have given you a short introduction to the current options for desktop environments and some justification for using them. Most customization happens on bare-metal installations on laptops and desktops. The least customization will happen on live disk and USB stick use cases, as the resources are low and the changes will not be retained.

About the Authors

  • Wolf Halton

    Wolf Halton is an Authority on Computer and Internet Security, a best selling author on Computer Security, and the CEO of Atlanta Cloud Technology. He specializes inbusiness continuity, security engineering, open source consulting, marketing automation, virtualization and data center restructuring, network architecture, and Linux administration. Wolf has been a security engineer since 1999 and has been training security engineers since 2005.

    Browse publications by this author
  • Bo Weaver

    Bo Weaver is an old school ponytailed geek. His first involvement with networks was in 1972 while in the US Navy working on a R&D project called ARPA NET. Here he also learned the power of UNIX and how to out smart the operating system. Bo has been working with and using Linux daily since the 1990's and a promoter of Open Source. (Yes, Bo runs on Linux.) Bo has also worked in physical security fields as a private investigator and in executive protection. Bo now works as the senior penetration tester and security researcher for CompliancePoint a Atlanta based security consulting company. Bo is Cherokee and works with native youths to help keep native traditions alive and strong.

    Browse publications by this author

Latest Reviews

(2 reviews total)
Great content, presentation and formatting from subject matter experts.
Kali Linux 2018: Windows Penetration Testing - Second Edition
Kali Linux 2018: Windows Penetration Testing - Second Edition
Unlock this book and the full library FREE for 7 days
Start now