If you're really, really new to this and don't know how to start... Part 1
JMBradley last edited by
If you're reading this, you're new to the range. Welcome! You're in for a hell of a ride and have taken your first steps into a whole new world. Buckle up, heh.
This post is for people that are new to anything beyond using a computer for email and web browsing. If you are already familiar with Virtual Machines(VMs) and dealing with .iso files and installing operating systems... just skip this post. But if you don't know what any of that means then stick around. We'll get you up and running with Kali Linux in no time so that you can start into the self-paced education that is referred to on the rest of the site.
Most everything we do here is done from Linux, an open source operating system that has utilities and functions that go way beyond the standard desktop operating systems you may be familiar with. Linux is an ecosystem unto itself, and the sheer depth of the things you can do with it may seem intimidating. But you can get a basic understanding and work from there, and we will help you with that. You don't need to master it to be functional or even perform the tasks that are part of the cyber security training... but the more you know, the easier the rest becomes.
So, on with the important stuff.
You will (obviously) need a computer to work on. If you don't have one suitable already, or don't want to tinker with your daily computer, you can pick one up that is workable used for like $100. It does NOT have to be the latest and greatest. Linux is not the memory hog that Windows or Mac is.
There are two approaches to installing Kali or any other flavor of Linux. You can do a complete install that will overwrite any existing OS (operating system) on the computer, or if you already have a modern system with the resources available you can run a Virtual Machine (VM) on your existing computer.
For those unfamiliar with the term, a VM allows you to run an OS within your current OS, much as you would run any other program. The VM shares resources with your host, but is segregated from the host OS and functions in it's own little "box".
For a full install, you need at least a dual core processor (64 bit is ideal, but Linux actually has 32 bit versions) and 2Gb of RAM. I have run it with as little as 1Gb, but that's really pushing it and runs reeeallllyy sslloooww.
For a Virtual Machine, you want a little more horsepower. Remember that you are sharing resources with the host system, so the more resources you have available the better. You can run a VM on a dual core machine (I have several that do and they work fine) although a quad core is better. I would suggest at least 4 Gb of RAM. You will only need to allocate a portion of that to Linux, and we will cover how to do that.
So having your computer you will use at hand, we will begin with a full install.
FULL INSTALL First we need to acquire a Kali Linux image file, or .iso file. This is a file which has the entire operating system crunched down into a single file that is used to install the operating system and all it's components at one time, without having to install all the components separately. (Kali has over 400 tools already built in... you do not want to do these one at a time!)
In your web browser on an existing computer go to https://www.kali.org/ . This is the official website for Kali. Do not just go to whatever site Google throws up. There are actually people out there that will charge you for a free product. Click the Download tab at the top of the page and it will take you to a table with a bunch of choices.
You will need to download the .iso file that is appropriate for your computer. The image names refer to different desktop managers that you can use. Assuming you have a 64 bit system (you should... most modern systems have been for a while) I recommend just getting the "Kali Linux 64 Bit" image. Mate, KDE, Xfce, and Lxde may be something you consider later when you are more familiar with the differences or if you have really limited hardware resources, but for now stick with the basics.
You can download from either the HTTP or Torrent feed. I prefer the HTTP for reasons beyond the scope of this article, but we will be checking the hash anyway, so either will do.
Next, go to www.quickhash-gui.org and download the free version for your current desktop. Assuming you are using Windows, download the .zip file and extract it. (right click, extract all files). Then run the .exe from the Windows 64bit folder to bring up the GUI (Graphical User Interface, what you are used to using on a desktop). When the program starts, click the "Files" tab up top, second from the left. You will see a "Select File" button, and an "Expected hash" field. Click select file and navigate to where you saved the .iso file for Kali and select it. In the Expected hash field, you want to copy and paste the "sha256sum" field from the Kali download page (big long string of numbers and letters. You were wondering what that was for, weren't you? heh)
This program will either tell you it matches, or not. If it doesn't match... DO NOT USE THE FILE. Something has gone wrong. Either it is corrupted, or you may be the victim of a Man-In-The-Middle attack where someone has intercepted and tampered with the file. This shouldn't happen... but you should ALWAYS check the hash on any program you download.
*The hash is generated from an algorithm that effectively crunches and entire file into a code. If any part of the file has changed, the code, or 'hash', will no longer match. It is a secure way of verifying that you have a clean copy of the file or program.
If you got a match, which you should have, we are good to proceed
We will continue in Part 2, as this is getting to be a long post.