1. Jul 16, 2014  With Kali Linux, hacking becomes much easier since you have all the tools (more than 300 pre-installed tools) you are probably ever gonna need. Others can be downloaded easily. Now this tutorial will get you started and you'll be hacking with Kali Linux before you know it.
2. It is free, open source and cross-platform (Windows, Linux, Mac OS X). Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.

If you are here to Learn Kali Linux or you want to learn ethical hacking, you are absolutely in the right place for beginners. In the upcoming lines, we would be discussing Linux hacking for beginners in this definitive guide.

If you installed the Kali Linux already, probably you are here for one of the below reasons:

By Kali Linux in: dictionary-attack password-dictionary password-list password-list txt password-txt password-wordlist rockyou.txt wordlist txt wordlist-password wordlists Do you know what is password list?Why do we need password txt?How to download password dictionary?How to use password list txt to hack any password?why i am using rockyou.txt.

• where to begin with, or where to learn from.
• How to start using this complicated OS.
• How to hack using Kali Linux.
• Learn penetration testing with Kali.

The first thing you need to do is to change your mindset. Everyone gets confused by the information available over the internet. When you start learning you don’t know where to begin with. Even I struggle sometimes understanding things when it comes to Kali Linux. Just be focused and keep reading our amazing articles and you will be fine. Below are the two most important things which you need in order to learn this penetration testing distro. I would recommend you to first Download Kali Linux 2019.1a.

Requirements for this guide:

• You need a stable internet connection
• Most importantly you need passion, desire to learn

Here are some important terms which you need to know before you jump deep into Kali Linux.

Recommended guide before reading this one: 8 Best Kali Linux Terminal Commands for Hacking (2019 Edition).

Contents

Kali Linux Hacking Tutorials: Learn to Hack with Kali Linux (2019)

Phishing:

Phishing means fake websites or pages which are an exact look-alike of some other website. Usually, such pages are lookalikes of login page of the underlying website. When someone opens such page, it looks exactly like the original page, so the user enters his credentials and those credentials are sent to the hacker.

The difference between an original web page and the fake one is its URL. Just for instance take the example of gmail.com. If the URL is exactly same as gmail.com then its original otherwise fake.

More advanced types of phishing attacks:

The more advanced types of phishing are given below. These types are not common and only advanced users know about these.

• Desktop phishing
• Tabnapping

Desktop Phishing:

This is an advanced type of phishing, it is similar to the normal phishing but with little advancement. In this technique the web page which is loaded in the browser is fake, but the URL which appears in the address bar remains original.

For example gmail.com, the loaded webpage would be fake. But in the address bar, you will see the original address i.e. gmail.com. All most all of the browsers which we use today, such as explorer, chrome, and Mozilla have a built-in feature to detect desktop phishing. But the important point to note is that you need physical access to the system in order to create such a page.

Read:Top 8 Best Linux Distros for Ethical Hacking and Penetration Testing (2019 Edition).

Tabnapping:

If you are someone who opens a lot of tabs in your browser, your user account for any website can easily be hacked. In this type of hacking attack, the victim or the target opens a link sent by the attacker. Just assume, I and you are friends on facebook and I inbox you a web link via messenger and you open that link.

As assumed earlier you have already opened few other tabs. As soon as you will click that link, your Facebook tab’s URL would be replaced by another URL or page. Now you would think probably you are logged out and put your credentials in the look-alike page of facebook. You would be redirected to the facebook homepage and I will get your credentials.

Keylogger

This is one of the basic tools used by the hackers, though it can easily be detected by even a basic antivirus. But still, it is one of the useful tools for a hacker. It is a small piece of software which keep log/record of every key pressed on the target computer. Though it records everything which a user types, like a chatting conversation, emails, or any other keys pressed, the main purpose of keyloggers is to record passwords typed by the user. Keyloggers can be divided into these categories.

1. Software keylogger: These are software-based keyloggers, which you can download from internet easily and install on any target pc. This software can record all keystrokes and can even be configured to send that data to a remote admin. Sometimes hackers code custom keylogger software for a given situation.
2. Hardware Keylogger: this type of keyloggers are based on hardware, which is connected to the target pc and hence it records keystrokes. These days such hardware keyloggers are designed for keyboards, hence they are connected with keyboard and record all keyboard strokes for the hacker. These type of keyloggers are usually used for credit card hacking.

Brute force attack

This one is another commonly used method to crack passwords. In this type of attack, hackers guess the length and characters of the password. Once they have guessed the possible length of the password, they using brute force tools or software to crack passwords.

That software tries all possible combinations of passwords. This is a popular method, but there are two disadvantages of this type of attack, firstly it is time-consuming and secondly, it is inefficient. You never know whether at the end you will get the password or not.

Also read:8 Best Ways to Secure Your Linux Server: The Definitive Guide to Linux Server Hardening.

Hacking With Kali Linux Pdf

Wordlist attack

It is very much similar to a brute force attack. The difference is that in brute force the software uses all possible words combinations as password and in this type of attack hackers provide a list of words to the software. Then software tries each and every word as a password in the given list.

Usually, such lists are big size files. This type of attack is effective for cracking wifi passwords. It is not applicable when you are trying to attack the server directly. In other words, it is suitable to crack something on local pc not on the remote server, as the server will block you after few attempts.

Encryption

Encryption is used to store passwords other information on the databases in a form inch which no one can see the original info. For example, if your password is abcd3434 it would be stored as something like #@#!fdf3d9988dfdf, now looking at this line now can guess the original password or info.

Encryption is also used to transmit data from one node or peer to the other. There are many types of encryption, which can’t be explained here as that is a very long topic. However, to give you a quick heads up there is AES, RSA, Two fish, and 3DES.

Read:How to Hack WiFi Passwords in 2019.

Ransomware

This is actually a type of virus or program which encrypts your data and you can’t use that data. Or you can’t open it. Then the hacker demands money to decrypt that data. Always stay safe from ransomware attacks and never pay the ransom.

IP address

This is the unique address for your computer or device. The IP is actually the address of the device over the internet. Google for more detailed knowledge of IP addresses.

VPN

Vpn is actually a virtual private network, it creates a virtual tunnel between you and the server or resource you are accessing. So no one knows what you are accessing. Until your VPN provider decides to screw you. Here is a list of best VPN providers for torrenting and P2P safely.

Web Server

A web server is a computer which hosts all files for a given website. It can also host the database of a website with all the needed data. This can be using any technology I.e. MySQL or SQL.

DOS Attack

A denial of service is the attack in which a website is brought down by hackers, by sending an excessive amount of traffic which server can’t handle. The only difference between DDOS and Dos is that in DDOS the hackers use multiple devices to attack the website.

SQL injection

in this type of attack, hackers inject SQL queries in order to get access to certain data from the server. They will keep trying different variations until they get access to the admin panel of a website.

Read:Top 10 Best Android Hacking Apps – For Rooted and Non-Rooted Phones (2019).

Social engineering

This one is not the actual type of hacking, it involves psychological techniques and a lot guesswork to get the desired information. The art to social engineering is to trick the human to give his/her details.

Recommended programming languages for Ethical Hacking

Though you need plenty to learn in order to become a good hacker but to start with you can learn Python, HTML, CSS, javascript, SQL, PHP for web site hacking. In order to hack networks, you will need to learn other technologies and how networks work. So you will need a different type of skill set depending on the situation.

This was your basic intro, in the next articles we will get into some other topics which will be related to hackers especially using Kali Linux. But first, you need to have a good grip on the topics and terms mentioned above.

Disclaimer: This is just for educational purposes, please only use knowledge learned from our site on systems you have permission to do the following. You can watch more tutorials on their official site.

Conclusion – What to learn next?

Once you have a basic knowledge of the topics shared above with you, start with the command line. There are thousands of terminal commands that fall into penetration testing category. However, you only need to get an understanding of what command will give you what result. After, you can have a look at Wireshark for network spoofing attacks. This will lead you much further down in the ethical hacking field. I hope this Kali Linux Hacking Tutorial guide for absolute beginners has helped you.

Stay tuned for more Kali Linux tutorials, hacking commands and much more that we will be releasing in a training series for our visitors.

I notice that in /usr/share/wordlists in Kali Linux (former Backtrack) there are some lists. Are they used to bruteforce something? Is there specific list for specific kind of attacks?

4 Answers

Kali linux is a distribution designed for penetration testing and computer forensics, both which involve password cracking. So you are right in thinking that word lists are involved in password cracking, however it's not brute force.

Brute force attacks try every combination of characters in order to find a password, while word lists are used in dictionary based attacks. Many people base their password on dictionary words, and word lists are used to supply the material for dictionary attacks. The reason you want to use dictionary attacks is that they are much faster than brute force attacks. If you have many passwords and you only want to crack one or two then this method can yield quick results, especially if the password hashes are from places where strong passwords are not enforced.

Typical tools for password cracking (John the Ripper, ophtcrack, hashcat, etc) can do several types of attacks including:

• Standard brute force: all combinations are tried until something matches. You tpyically use a character set common on the keyboards of the language used to type the passwords, or you can used a reduced set like alphanumneric plus a few symbols. the size of the character set makes a big difference in how long it takes to brute force a password. Password length also makes a big difference. This can take a very long time depending on many factors
• Standard dictionary: straight dictionary words are used. It's mostly used to find really poor passwords, like password, password123, system, welcome, 123456, etc.
• Dictionary attack with rules: in this type dictionary words are used as the basis for cracks, rules are used to modify these, for instance capitalizing the first letter, adding a number to the end, or replacing letters with numbers or symbols

Rules attacks are likely the best bang for the buck if all you have are standard computing resources, although if you have GPUs available brute-force attacks can be made viable as long as the passwords aren't too long. It depends on the password length, hashing/salting used, and how much computing power you have at your disposal.

One of the better basic wordlists in Kali is /usr/share/wordlists/rockyou.txt.gz. To unzip simply run gzip -d /usr/share/wordlists/rockyou.txt.gz.

Be sure to add 'known weak' passwords that are used by the organization you are testing. I like to add these 'additional' custom passwords to the top so they are tested first.

Those lists can be used to feed into several programs. So for instance aircrack-ng has an option -w where it takes a wordlist as argument. The password testing program John the Ripper also takes wordlists to accelerate the guessing.

In addition to what's already mentioned here, the wordlists are used in conjunction with some of the web app tools and things such as sqlmap. If you're looking for places to use them, download some of the 'boot to root' VMs like Kioptrix and De-ICE and have a go at brute-ing some passwords.

As for specific lists for specific types of hacks - not really. Unless you're doing something targeted against a person you know some facts about (in which case you'll use something like CUPP - Common User Passwords Profiler - to generate a custom wordlist for that particular target).

protected by Community♦Nov 6 '17 at 8:30

Kali Linux Hacking Guide

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?

Wordlist For Kali Linux Wifi Hacking

Not the answer you're looking for? Browse other questions tagged passwordsbrute-forcekali-linuxdictionary or ask your own question.