Kali Linux is the industry-leading Linux distribution for penetration testing and white hatting. By default, the distro comes with tons of tools and software for intrusion and penetration and is widely recognized across the world. Even among those Windows users who might not even know what Linux is.
Due to the latter reason (LCTT Annotation: Windows users), many people try to use Kali Linux alone, even though they don’t even know the basics of Linux systems. The reasons can vary from just having fun, pretending to be a hacker to impress your girlfriend, or simply trying to hack your neighbor’s WiFi network to surf the Internet for free. If you plan to use Kali Linux, remember that all of these are bad things.
Before planning to use Kali Linux, there are a few tips you should know.
Kali Linux is not for beginners
Kali Linux Default GNOME Desktop
If you’re someone who just started using Linux a few months ago, or you consider your knowledge level to be below average, then Kali Linux is not for you. If you’re going to ask “How do I install Steam on Kali? How do I get my printer to work on Kali? How do I fix APT source errors on Kali?” then Kali Linux isn’t for you.
Kali Linux is mainly for experts who want to run penetration testing suites or people who want to learn how to become a white hat and digital forensics. But even if you fall into the latter category, the average Kali Linux user will have a lot of trouble with day-to-day usage. He’s also asked to use tools and software in a very deliberate way, not just “let’s install and run everything”. Every tool must be used with care, and every piece of software you install must be scrutinized.
Suggested reading: What are the components of a Linux system?
Normal Linux users can’t use it comfortably. A much better approach is to spend a few weeks learning about Linux and its daemons, services, software, distributions and how they work, and then watch dozens of videos and courses on white hat attacks before attempting to use Kali to apply your something learned.
It will get you hacked
Kali Linux Hacking and Testing Tool
In a normal Linux system, normal users have one account, and the root user also has a separate account. But not in Kali Linux. Kali Linux uses the root account by default and does not provide ordinary user accounts. This is because almost all security tools available in Kali require root privileges, and are designed this way to avoid asking you for the root password every minute.
Of course, you can simply create a regular user account and start using it. However, this way is still not recommended as this is not how the Kali Linux system is designed to work. You’ll have a lot of problems using programs, opening ports, and debugging software as normal users, and you’ll find out why this thing isn’t working, only to find out that it’s a weird permission error. Plus, every time you do anything on your system, you’ll be annoyed by being asked for a password every time you run a tool.
Now, since you’re forced to use it as root, any software you run on the system will also run with root privileges. It’s bad if you don’t know what you’re doing, because if there’s a bug in Firefox and you visit an infected website, hackers can gain full root access on your PC and hack you. If you are using a regular user account, restrictions apply. Also, some of the tools you install and use can open ports and leak information without your knowledge, so if you’re not very careful, people could hack you the same way you tried to hack them.
If you’ve ever visited a Kali Linux-related Facebook group, you’ll see that almost a quarter of the posts in those groups are people asking for help because someone hacked them.
It can land you in jail
Kali Linux just provides the software. How you use them, then, is entirely your own responsibility.
Using penetration testing tools against public WiFi networks or other devices can easily land you in jail in most developed countries of the world. Now don’t think you can’t be traced using Kali, many systems are configured with sophisticated logging facilities to simply track someone trying to snoop or hack into their network, you could be one of them by accident, then it will destroy you life.
Never use Kali Linux systems on devices or networks that do not belong to you, and do not explicitly allow hacking of them. If you say you don’t know what you’re doing, it won’t be accepted as an excuse in court.
Modified kernel and software
Kali is based on Debian (the “testing” branch, which means that Kali Linux uses a rolling release model), so it uses most of Debian’s software architecture, and you will find that most of the software in Kali Linux is no different from Debian.
However, Kali modified some packages to strengthen security and fix some possible vulnerabilities. For example, the Linux kernel used by Kali is patched to allow over-the-air injection on various devices. These patches are usually not available in normal kernels. Also, Kali Linux does not depend on Debian servers and mirrors, but builds packages through its own servers. The following are the default software sources in the latest release:
deb http://http.kali.org/kali kali-rolling main contrib non-free deb-src http://http.kali.org/kali kali-rolling main contrib non-freeCopy code
That’s why, for certain software, when you use the same program in Kali Linux and Fedora, you will find different behavior. You can view the full list of Kali Linux software from git.kali.org. You can also find our own generated list of installed packages on Kali Linux (GNOME).
What’s more, the official Kali Linux documentation strongly advises not to add any other third-party repositories, since Kali Linux is a rolling distribution and depends on the Debian testing branch, due to dependency conflicts and package hooks, you will most likely just add A new repository source would break the system.
Don’t install Kali Linux
Running wpscan on fosspost.org with Kali Linux
I use Kali Linux on rare occasions to test the software and servers I deploy. However, I would never dare to install it and use it as my main system.
If you are going to use it as your main system, then you must keep your personal files, passwords, data, everything on the system. You also need to install a lot of software that you use every day to free up your life. But as we mentioned above, using Kali Linux is very dangerous and should be done very carefully, if you get hacked, you will lose all your data and may be exposed to more people. Your personal information can also be used to track you if you are doing something illegal. If you use these tools carelessly, you might even destroy your own data.
Even professional white hats don’t recommend installing it as a main system, but using it via USB for penetration testing work before falling back to a normal Linux distribution.
Bottom line
As you can see by now, using Kali was not an easy decision. If you’re going to be a white hat and you need to use Kali to learn, come to Kali after you’ve learned the basics and spent a few months using a regular Linux system. But be careful what you’re doing to avoid getting in trouble.
If you plan to use Kali, or if you need any help, I’d love to hear your thoughts in the comments.
Author: Lucas_Linux
Link: https://juejin.cn/post/6844903705070796807
Source: Rare Earth Nuggets
Copyright belongs to the author. For commercial reprint, please contact the author for authorization, for non-commercial reprint, please indicate the source.