Пропускане към основното съдържание

Kali Linux, Rolling Edition Released – 2016.1




Today marks an important milestone for us with the first public release of our Kali Linux rolling distribution. Kali switched to a rolling release model back when we hit version 2.0 (codename “sana”), however the rolling release was only available via an upgrade from 2.0 to kali-rolling for a select brave group. After 5 months of testing our rolling distribution (and its supporting infrastructure), we’re confident in its reliability – giving our users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community.



What’s new in Kali Rolling?

Kali Rolling Release vs Standard Releases To get a better understanding of the changes that this brings to Kali, a clearer picture of how rolling releases work is needed. Rather than Kali basing itself off standard Debian releases (such as Debian 7, 8, 9) and going through the cyclic phases of “new, mainstream, outdated”, the Kali rolling release feeds continuously from Debian testing, ensuring a constant flow of the latest package versions. Continuously Updated Penetration Testing Tools Our automated notification system of updated penetration testing tool releases has been working well over the past 5 months and has ensured that the kali-rolling repository always holds the latest stable releases of monitored tools. This usually leaves a gap of around 24-48 hours from notification of a new tool update, to its packaging, testing, and pushing into our repositories. We would also like to introduce our new Kali Linux Package Tracker which allows you to follow the evolution of Kali Linux both with email updates and a comprehensive web interface. The tracker can also help in identifying which versions of various tools and packages are in our repository at any given moment. As an example, the screenshot below shows the timeline of the nmap package in Kali and tracks its repository versions.




VMware Tools vs Open-VM-Tools

This release also marks a dramatic change around how VMware guest tools are installed. As of Sept 2015, VMware recommends using the distribution-specific open-vm-tools instead of the VMware Tools package for guest machines. We have made sure that our package installs and works correctly with the latest Kali rolling kernel and are happy to see that all the needed functionality such as file copying, clipboard copy/paste and automatic screen resizing are working perfectly. To install open-vm-tools in your Kali Rolling image, enter:
 apt-get update  
 apt-get install open-vm-tools-desktop fuse  
 reboot  


Transitioning From Kali 2.0 to Kali Rolling


Migrating from Kali sana (2.0) to Kali rolling is simple. As root, you can run the following commands and be on your way:

 cat << EOF > /etc/apt/sources.list  
 deb http://http.kali.org/kali kali-rolling main non-free contrib  
 EOF  
 apt-get update  
 apt-get dist-upgrade # get a coffee, or 10.  
 reboot  

Коментари

Popular Posts

CVE-2021-44228

REPRODUCE OF THE VULNERABILITY =): Collaboration: silentsignal

CVE-2022-21907

Donate if you are not shame!

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues). For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! TL;DR: Quick copy/paste 1: CSRF=$(curl -s -c dvwa.cookie "192.168.1.44/DVWA/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1...