The Kali Linux system integrates common security penetration tools, saving the time to install tools, and is highly recommended for security-related work.

Installing Linux Kalii

Install the system

Kali Linux is based on the Debian kernel, and the VM operating system is Debian 7.x 64

Select system language

You are advised to select An English installation language and switch to Chinese after the installation. This is to ensure that common directories are in English to facilitate switching on the TERMINAL. The effect is as follows

Turn off energy saving options

The Kali Linux desktop automatically locks the screen every few minutes by default. You can disable this feature to reduce the time it takes to wake up the screen and improve efficiency

Install oh my ZSH

For easy use with the history command, you can install oh my ZSH reference: github.com/robbyrussel…

sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
Copy the code

Install software that contains vulnerabilities

There are a lot of software containing vulnerabilities, so it takes time to collect and install by yourself. Here, it is recommended to use docker one-click installation, for reference: github.com/c0ny1/vulst…

git clone https://github.com/c0ny1/vulstudy.git
cd vulstudy
docker-compose pull
docker-compose build
docker-compose up -d
Copy the code

The operation effect is as follows

You can see that all the systems that contain the vulnerability started successfully

The port of the Web system started here can be modified in docker-comemage.yml

Use the SqlMap tool in Kali Linux to detect SQL injection vulnerabilities

SQL injection vulnerability in sqli-labs: http://suxiaolin-imac-pro:8283/Less-1/? If the id is 11, you can use the SqlMap provided in Kali Linux for verification

Sqlmap can be opened from within the application

Sqlmap is a command line program, you can also open the terminal directly to operate, check the url http://suxiaolin-imac-pro:8283/Less-1/? Id =11 Check whether the SQLmap command for SQL injection exists

sqlmap -u http://suxiaolin-imac-pro:8283/Less-1/\? id\=11Copy the code

The operation effect is as follows (right-click to view the larger image)

Sqlmap has successfully detected an SQL injection vulnerability for the id parameter

This can be verified with the injected SQL, for example: id=11′ AND (SELECT 8268 FROM(SELECT COUNT(*),CONCAT(0x71626b7a71,(SELECT (ELT(8268=8268,1))),0x7178786a71,FLOOR(RAND(0)*2))x FROM information_schema.plugins GROUP BY x)a) AND ‘IoUA’=’IoUA ‘

The effect is as follows in the browser

You can see how efficient it is to use the tools that come with the Kali Linux system for Web vulnerability detection

A couple of points to note

Sqli – LABS if unable to connect to the database, we can visit http://127.0.0.1:8283/sql-connections/setup-db.php to initialize the database

The resources

  1. Github.com/c0ny1/vulst…
  2. Wizardforcel. Gitbooks. IO/daxueba – kal…
  3. www.kali.org/downloads/