The Kali Linux system integrates common security penetration tools, saving the time to install tools, and is highly recommended for security-related work.
Installing Linux Kalii
Install the system
Kali Linux is based on the Debian kernel, and the VM operating system is Debian 7.x 64
Select system language
You are advised to select An English installation language and switch to Chinese after the installation. This is to ensure that common directories are in English to facilitate switching on the TERMINAL. The effect is as follows
Turn off energy saving options
The Kali Linux desktop automatically locks the screen every few minutes by default. You can disable this feature to reduce the time it takes to wake up the screen and improve efficiency
Install oh my ZSH
For easy use with the history command, you can install oh my ZSH reference: github.com/robbyrussel…
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
Copy the codeInstall software that contains vulnerabilities
There are a lot of software containing vulnerabilities, so it takes time to collect and install by yourself. Here, it is recommended to use docker one-click installation, for reference: github.com/c0ny1/vulst…
git clone https://github.com/c0ny1/vulstudy.git
cd vulstudy
docker-compose pull
docker-compose build
docker-compose up -d
Copy the codeThe operation effect is as follows
You can see that all the systems that contain the vulnerability started successfully
The port of the Web system started here can be modified in docker-comemage.yml
Use the SqlMap tool in Kali Linux to detect SQL injection vulnerabilities
SQL injection vulnerability in sqli-labs: http://suxiaolin-imac-pro:8283/Less-1/? If the id is 11, you can use the SqlMap provided in Kali Linux for verification
Sqlmap can be opened from within the application
Sqlmap is a command line program, you can also open the terminal directly to operate, check the url http://suxiaolin-imac-pro:8283/Less-1/? Id =11 Check whether the SQLmap command for SQL injection exists
sqlmap -u http://suxiaolin-imac-pro:8283/Less-1/\? id\=11Copy the codeThe operation effect is as follows (right-click to view the larger image)
Sqlmap has successfully detected an SQL injection vulnerability for the id parameter
This can be verified with the injected SQL, for example: id=11′ AND (SELECT 8268 FROM(SELECT COUNT(*),CONCAT(0x71626b7a71,(SELECT (ELT(8268=8268,1))),0x7178786a71,FLOOR(RAND(0)*2))x FROM information_schema.plugins GROUP BY x)a) AND ‘IoUA’=’IoUA ‘
The effect is as follows in the browser
You can see how efficient it is to use the tools that come with the Kali Linux system for Web vulnerability detection
A couple of points to note
Sqli – LABS if unable to connect to the database, we can visit http://127.0.0.1:8283/sql-connections/setup-db.php to initialize the database
The resources
- Github.com/c0ny1/vulst…
- Wizardforcel. Gitbooks. IO/daxueba – kal…
- www.kali.org/downloads/