How to Properly Set Up Kali Linux
by FrostZer0 - January 25, 2020 at 08:01 PM
#1
Hi Guys,

Currently trying to set up my Kali Linux, I have it running on a VM. What's the best way to set up the system itself so I can use all the tools normally?
Reply
#2
kali linux is kinda gay there are other simallar OS like ParrotOS you can check out. You can find lots of tutorials by some indians on youtube on how to set it up its not hard and you don't need anything special
Reply
#3
(January 25, 2020 at 08:11 PM)idkek Wrote: kali linux is kinda gay there are other simallar OS like ParrotOS you can check out. You can find lots of tutorials by some indians on youtube on how to set it up its not hard and you don't need anything special

What you recommend to be the best OS for pen testing?
Reply
#4
(January 25, 2020 at 08:12 PM)FrostZer0 Wrote:
(January 25, 2020 at 08:11 PM)idkek Wrote: kali linux is kinda gay there are other simallar OS like ParrotOS you can check out. You can find lots of tutorials by some indians on youtube on how to set it up its not hard and you don't need anything special

What you recommend to be the best OS for pen testing?

probably ParrotOS or gentoo
Reply
#5
(January 25, 2020 at 08:29 PM)idkek Wrote:
(January 25, 2020 at 08:12 PM)FrostZer0 Wrote:
(January 25, 2020 at 08:11 PM)idkek Wrote: kali linux is kinda gay there are other simallar OS like ParrotOS you can check out. You can find lots of tutorials by some indians on youtube on how to set it up its not hard and you don't need anything special

What you recommend to be the best OS for pen testing?

probably ParrotOS or gentoo

Appreciate it bro, also if u use a VM + run tor for it and use a annonymized email what's the chances of getting traced?
Reply
#6
(January 25, 2020 at 08:32 PM)FrostZer0 Wrote: Appreciate it bro, also if u use a VM + run tor for it and use a annonymized email what's the chances of getting traced?

VM does essentially nothing to stop you from being traced.. same internet connection, same IP. And what does your email account have to do with pen testing?
Don't forget to disable Javascript entirely, flash and any other client side scripting langs can and likely will de-anonymize you.
And by TOR, I hope you mean a system service install and properly NATed so you aren't leaking... Tor browser only covers the browser right.
Reply
#7
(January 25, 2020 at 08:54 PM)cryptoking Wrote:
(January 25, 2020 at 08:32 PM)FrostZer0 Wrote: Appreciate it bro, also if u use a VM + run tor for it and use a annonymized email what's the chances of getting traced?

VM does essentially nothing to stop you from being traced.. same internet connection, same IP. And what does your email account have to do with pen testing?
Don't forget to disable Javascript entirely, flash and any other client side scripting langs can and likely will de-anonymize you.
And by TOR, I hope you mean a system service install and properly NATed so you aren't leaking... Tor browser only covers the browser right.

Tor handles all the javascript and flash stuff I believe. The reason why I have the annonymized email is because my main goal was to get database leaks and skim through them for certain artists emails, i'm also a member of a song leaking site.
Reply
#8
(January 25, 2020 at 09:03 PM)FrostZer0 Wrote:
(January 25, 2020 at 08:54 PM)cryptoking Wrote:
(January 25, 2020 at 08:32 PM)FrostZer0 Wrote: Appreciate it bro, also if u use a VM + run tor for it and use a annonymized email what's the chances of getting traced?

VM does essentially nothing to stop you from being traced.. same internet connection, same IP. And what does your email account have to do with pen testing?
Don't forget to disable Javascript entirely, flash and any other client side scripting langs can and likely will de-anonymize you.
And by TOR, I hope you mean a system service install and properly NATed so you aren't leaking... Tor browser only covers the browser right.

Tor handles all the javascript and flash stuff I believe. The reason why I have the annonymized email is because my main goal was to get database leaks and skim through them for certain artists emails, i'm also a member of a song leaking site.


Tor browser has JS disabled by default, does nothing for anything outside tor browser. Tor as a system service also does not alter execution of any client side scripts. JS runs in a lot  more places than in a browser.
Reply
#9
(January 25, 2020 at 09:11 PM)cryptoking Wrote:
(January 25, 2020 at 09:03 PM)FrostZer0 Wrote:
(January 25, 2020 at 08:54 PM)cryptoking Wrote:
(January 25, 2020 at 08:32 PM)FrostZer0 Wrote: Appreciate it bro, also if u use a VM + run tor for it and use a annonymized email what's the chances of getting traced?

VM does essentially nothing to stop you from being traced.. same internet connection, same IP. And what does your email account have to do with pen testing?
Don't forget to disable Javascript entirely, flash and any other client side scripting langs can and likely will de-anonymize you.
And by TOR, I hope you mean a system service install and properly NATed so you aren't leaking... Tor browser only covers the browser right.

Tor handles all the javascript and flash stuff I believe. The reason why I have the annonymized email is because my main goal was to get database leaks and skim through them for certain artists emails, i'm also a member of a song leaking site.


Tor browser has JS disabled by default, does nothing for anything outside tor browser. Tor as a system service also does not alter execution of any client side scripts. JS runs in a lot  more places than in a browser.

So then what would be the best way to alter my kali linux to run in a way so I wouldn't be affected by client side scripts + JS?
Reply
#10
If you use 2 VMs, one stricktly as your NAT and running the tor service, and the other with a single virtual interface to connect exclusively to your NAT vm, then theoretically you can get away with running JS, though there are some clever ways to beat that too if you were actually being targeted. I wouldn't run JS unless I really had to for some special application and I was sure I was only looking at 1-2 years instead of 10-20.. I mean you have to weigh your risk to reward right? HAHAH! lol

And since I fuck with malware and all that... I am likely super super paranoid about security like this... Well not paranoid.. because I can always find ways to break stuff.. I don't worry about what is likely, I worry about what is possible.

Whonix is set up that way, you actually download 2 VM images and import them, one connects to the other kind of deal, real neat system. I think the extra paranoid run those nested inside a tails VM.. Talking some NSA level shit to crack that setup.... Or I mean.. a single careless mistake.
Reply
#11
(January 25, 2020 at 09:15 PM)cryptoking Wrote: If you use 2 VMs, one stricktly as your NAT and running the tor service, and the other with a single virtual interface to connect exclusively to your NAT vm, then theoretically you can get away with running JS, though there are some clever ways to beat that too if you were actually being targeted. I wouldn't run JS unless I really had to for some special application and I was sure I was only looking at 1-2 years instead of 10-20.. I mean you have to weigh your risk to reward right? HAHAH! lol

And since I fuck with malware and all that... I am likely super super paranoid about security like this... Well not paranoid.. because I can always find ways to break stuff.. I don't worry about what is likely, I worry about what is possible.
HAHA true, the RIAA really doesn't go after music leakers tho they get a 1-3 arrests every year but they for big names who actually makes like 50k+ off it. I'm only doing it for personal enjoyment. That's why I asked for the best way to be annonymized to absolutely lower my risk. I operate off my windows rn but I have tor installed on my windows but don't use it cause I haven't done anything + I have kali for pen testing, so what should I do to annoymize both systems?
Reply
#12
Coffee shop WiFi is guaranteed to not lead back to your house Wink

I personally use a sledge hammer to take care of Windblows.

Or break your neighbors Wifi.. Thats always fun... and swap his DNS out... I pulled a MITM on my neighbor and swapped DNS for facebook and google, and pointed them to each other... ie.. google.com leads to FB.. FB leads to Google... That was a funny phone call. lol
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Parrot OS vs Kali Linux? dizzainera 31 3,006 September 19, 2020 at 05:55 PM
Last Post: h4xor
Free Linux Distros Vs paid ones Mefistogr 10 437 September 11, 2020 at 11:18 PM
Last Post: ill13
Any Alternative OS's other then linux/win/mac Otastity 11 1,187 August 21, 2020 at 04:56 PM
Last Post: Shock3212

 Users browsing this thread: 1 Guest(s)