Kali Linux 2018:Assuring Security by Penetration Testing
上QQ阅读APP看书,第一时间看更新

Downloading Kali Linux

The first thing to do before installing and using Kali Linux is to download it. You can get Kali Linux from the Kali Linux website (http://www.kali.org/downloads/).

On the Downloads page, you can select the official Kali Linux image based on the following items:

Machine architecture: i386, x64, and armhf

Images for VMware, VirtualBox, and Hyper-V can also be downloaded from the Offensive Security Downloads page at https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/, as seen in the following screenshot:

These image files are available either as direct downloads or torrents as OVA, ZIP, and 7-Zip files

Kali Linux Custom ARM downloads can be downloaded from https://www.offensive-security.com/kali-linux-arm-images/. Images can be downloaded for devices such as Chromebooks, Raspberry Pi, and others by clicking on the arrow to the right of the device names.

Kali NetHunter v3.o can be downloaded from the Offensive Security website at https://www.offensive-security.com/kali-linux-nethunter-download/.

More on choosing, installing, and using the appropriate version of NetHunter will be discussed in later chapters:

Kali Linux Nethunter Downloads page

If you want to burn the image to a DVD or install Kali Linux on your machine, you might want to download the ISO image version. However, if you want to use Kali Linux in a virtual environment such as VirtualBox, VMWare, or Hyper-V, you can use the relevant image files to speed up the installation and configuration for a virtual environment, available at https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/.

After you have downloaded the image file successfully, you need to compare the SHA hash value from the downloaded image with the sha256sum hash value provided on the download page. The purpose of checking the SHA-256 value is to ensure the integrity of the downloaded image is preserved. This prevents the user from either installing a corrupt image or an image file that has been maliciously tampered with.

In the UNIX/Linux/BSD operating system, you can use the sha256sum command to check the SHA-256 hash value of the downloaded image file. Remember that it might take some time to compute the hash value of the Kali Linux image file due to its size. For example, to generate the hash value of the kali-linux-2018.2-amd64.iso file, the following command is used:

sha256sum kali-linux-2018.2-amd64.iso

For Windows users, a small and free tool created by Raymond Lin, called the MD5 & SHA Checksum Utility, can be used. This tool calculates MD5, SHA-1, SHA-256, and even SHA-512 hashes of files and also allows for the comparison and verification of hashes.

The MD5 & SHA Checksum Utility can be downloaded at: https://download.cnet.com/MD5-SHA-Checksum-Utility/3000-2092_4-10911445.html. Once downloaded and run, click on the Browse button and browse to the path of the downloaded file. In this instance, I'll be using my kali-linux-2018.2-amd64.iso file, as seen in this screenshot:

In the preceding screenshot, the hash of the kali-linux-2018.2-amd64.iso file was also copied from the Kali Linux Downloads page and pasted into the Hash field for verification. Click on the Verify button to compare and verify the SHA-256 hashes:

SHA-256 hashes match

If both the values match, you can go straight to the Using Kali Linux section. However, if they do not match, it means that your image file is broken; you may want to download the file again from an official download mirror. When we run the hash of our downloaded file and compare it to the hash on the website, we see that they match, indicating that the package has been fully downloaded and is complete.