BOOTING KALI ISO IMAGE IN LIVE MODE

BOOTING KALI ISO IMAGE IN LIVE MODE

    


  CONTENTS

• DOWNLOADING KALI ISO IMAGE
• BOOTING KALI ISO IMAGE IN LIVE MODE

Unlike some other operating systems, Kali Linux makes getting started easy, thanks to the fact that its disk images are live ISOs, meaning that you can boot the downloaded image without following any prior installation procedure. This means you can use the same image for testing, for use as a bootable USB or DVD-ROM image in a forensics case, or for installing as a permanent operating system on physical or virtual hardware. 

Because of this simplicity, it is easy to forget that certain precautions must be taken. Kali users are often the target of those with ill intentions, whether state sponsored groups, elements of organized crime, or individual hackers. The open-source nature of Kali Linux makes it relatively easy to build and distribute fake versions, so it is essential that you get into the habit of downloading from original sources and verifying the integrity and the authenticity of your download. This is especially relevant to security professionals who often have access to sensitive networks and are entrusted with client data.

1.1 DOWNLOAD KALI ISO IMAGE

1.1.1 WHERE TO DOWNLOAD 

The only official source of Kali Linux ISO images is the Downloads section of the Kali website. Due to its popularity, numerous sites offer Kali images for download, but they should not be considered trustworthy and indeed may be infected with malware or otherwise cause irreparable damage to your system

https://www.kali.org/downloads/

The website is available over HTTPS, making it difficult to impersonate. Being able to carry out
a man-in-the-middle attack is not sufficient as the attacker would also need a www.kali.org certificate signed by a Transport Layer Security (TLS) certificate authority that is trusted by the victim’s browser. Because certificate authorities exist precisely to prevent this type of problem, they
deliver certificates only to people whose identities have been verified and who have provided
evidence that they control the corresponding website.

1.1.2 WHAT TO DOWNLOAD ? 

All disk images labeled 32- or 64-bit refer to images suitable for CPUs, found in most modern desktop and laptop computers. If you are downloading for use on a fairly modern machine, it most likely contains a 64-bit processor. If you are unsure, rest assured that all 64-bit processors can run 32-bit instructions. You can always download and run the 32-bit image. The reverse is not true, however. Refer to the sidebar for more detailed information

If you are planning to install Kali on an embedded device, smartphone, Chromebook, access point, or any other device with an ARM processor, you must use the Linux armel or armhf images.

Now that you know whether you need a 32-bit or 64-bit image, there is only one step left: selecting the kind of image. The default Kali Linux image and the Kali Linux Light variant are both live ISOs that can be used to run the live system or to start the installation process. They differ only by the set of pre-installed applications. The default image comes with the GNOME desktop and a large collection of packages found to be appropriate for most penetration testers, while the light image comes with the Xfce desktop, (which is much less demanding on system resources), and a limited collection of packages, allowing you to choose only the apps you need. The remaining images use alternate desktop environments but come with the same large package collection as the main image.

Once you have decided on the image you need, you can download the image by clicking on ”ISO” in the respective row. Alternatively, you can download the image from the BitTorrent peer-to-peer network by clicking on ”Torrent,” provided that you have a BitTorrent client associated with the .torrent extension.

While your chosen ISO image is downloading, you should take note of the checksum written in the sha256sum column. Once you have downloaded your image, use this checksum to verify that the downloaded image matches the one the Kali development team put online (see next section).

1.1.3 VERIFYING INTEGRITY AND AUTHENTICITY 

Security professionals must verify the integrity of their tools to not only protect their data and networks but also those of their clients. While the Kali download page is TLS-protected, the actual download link points to an unencrypted URL that offers no protection against potential man-inthe-middle attacks. The fact that Kali relies on a network of external mirrors to distribute the image means that you should not blindly trust what you download. The mirror you were directed to may have been compromised, or you might be the victim of an attack yourself.

To alleviate this, the Kali project always provides checksums of the images it distributes. But to make such a check effective, you must be sure that the checksum you grabbed is effectively the checksum published by the Kali Linux developers. You have different ways to ascertain this.

1.1.4 RELYING ON THE TLS - PROTECTED WEBSITE

When you retrieve the checksum from the TLS-protected download webpage, its origin is indirectly guaranteed by the X.509 certificate security model: the content you see comes from a web site that is effectively under the control of the person who requested the TLS certificate.

Now you should generate the checksum of your downloaded image and ensure that it matches what you recorded from the Kali website:

If your generated checksum matches the one on the Kali Linux download page, you have the correct file. If the checksums differ, there is a problem, although this does not indicate a compromise or an attack; downloads occasionally get corrupted as they traverse the Internet. Try your download again, from another official Kali mirror, if possible for more information about available mirrors).

1.1.5 RELYING ON PGP's WEB OF TRUST

If your generated checksum matches the one on the Kali Linux download page, you have the correct file. If the checksums differ, there is a problem, although this does not indicate a compromise or an attack; downloads occasionally get corrupted as they traverse the Internet. Try your download again, from another official Kali mirror, if possible (see “cdimage.kali.org” [page 14] for more information about available mirrors).

For cases like this, we also provide a GnuPG key that we use to sign the checksums of the images we provide. The key’s identifiers and its fingerprints are shown here:

This key is part of a global web of trust because it has been signed at least by me (Raphaël Hertzog) and I am part of the web of trust due to my heavy GnuPG usage as a Debian developer.

The PGP/GPG security model is very unique. Anyone can generate any key with any identity, but you would only trust that key if it has been signed by another key that you already trust. When you sign a key, you certify that you met the holder of the key and that you know that the associated identity is correct. And you define the initial set of keys that you trust, which obviously includes your own key.

This model has its own limitations so you can opt to download Kali’s public key over HTTPS (or from a keyserver) and just decide that you trust it because its fingerprint matches what we announced in multiple places, including just above in this book:

After you have retrieved the key, you can use it to verify the checksums of the distributed images. Let’s download the file with the checksums (SHA256SUMS) and the associated signature file (SHA256SUMS.gpg) and verify the signature:

If you get that “Good signature” message, you can trust the content of the SHA256SUMS file and use it to verify the files you downloaded. Otherwise, there is a problem. You should review whether you downloaded the files from a legitimate Kali Linux mirror

Note that you can use the following command line to verify that the downloaded file has the same checksum that is listed in SHA256SUMS, provided that the downloaded ISO file is in the same directory:

If you don’t get 0, in response, then the file you have downloaded is different from the one released by the Kali team. It cannot be trusted and should not be used. 

1.1.6 COPYING THE IMAGE ON DVD-ROM or USB key

Unless you want to run Kali Linux in a virtual machine, the ISO image is of limited use in and of itself. You must burn it on a DVD-ROM or copy it onto a USB key to be able to boot your machine into Kali Linux.

We won’t cover how to burn the ISO image onto a DVD-ROM, as the process varies widely by platform and environment, but in most cases, right clicking on the .iso file will present a contextual menu item that executes a DVD-ROM burning application. Try it out!

CREATING A BOOTABLE KALI USB DRIVE ON WINDOWS

As a prerequisite, you should download and install Win32 Disk Imager:

https://sourceforge.net/projects/win32diskimager/ 

Plug your USB key into your Windows PC and note the drive designator associated to it (for example, “E:\”).

Launch Win32 Disk Imager and choose the Kali Linux ISO file that you want to copy on the USB key. Verify that the letter of the device selected corresponds with that assigned to the USB key. Once you are certain that you have selected the correct drive, click the Write button and confirm that you want to overwrite the contents of the USB key as shown in Figure 2.2, “Win32 Disk Imager in action”

Once the copy is completed, safely eject the USB drive from the Windows system. You can now use the USB device to boot Kali Linux.

CREATING A BOOTABLE KALI USB DRIVE ON LINUX

Creating a bootable Kali Linux USB key in a Linux environment is easy. The GNOME desktop environment, which is installed by default in many Linux distributions, comes with a Disks utility (in the gnome-disk-utility package, which is already installed in the stock Kali image). That program shows a list of disks, which refreshes dynamically when you plug or unplug a disk. When you select your USB key in the list of disks, detailed information will appear and will help you confirm that you selected the correct disk. Note that you can find its device name in the title bar as shown in Figure, “GNOME Disks”

Click on the menu button and select Restore Disk Image... in the displayed pop-up menu. Select the ISO image that you formerly downloaded and click on Start Restoring... as shown in Figure“Restore Disk Image Dialog”

Enjoy a cup of coffee while it finishes copying the image on the USB key (Figure , “Progression of the Image Restoration” )

CREATING A BOOTABLE KALI USB DRIVE ON OS X/MACos

OS X/macOS is based on UNIX, so the process of creating a bootable Kali Linux USB drive is similar to the Linux procedure. Once you have downloaded and verified your chosen Kali ISO file, use dd to copy it over to your USB stick.

To identify the device name of the USB key, run diskutil list to list the disks available on your system. Next, insert your USB key and run the diskutil list command again. The second output should list an additional disk. You can determine the device name of the USB key by comparing the output from both commands. Look for a new line identifying your USB disk and note the /dev/diskX where X represents the disk ID. 

You should make sure that the USB key is not mounted, which can be accomplished with an explicit unmount command (assuming /dev/disk6 is the device name of the USB key):

Now proceed to execute the dd command. This time, add a supplementary parameter — CT for block size. It defines the size of the block that is read from the input file and then written to the output file.

That’s it. Your USB key is now ready and you can boot from it or use it to install Kali Linux.

1.2 BOOTING A KALI LIVE ISO IMAGE 

1.2.1 ON A REAL COMPUTER

As a prerequisite, you need either a USB key prepared (as detailed in the previous section) or a DVD-ROM burned with a Kali Linux ISO image.

The BIOS/UEFI is responsible for the early boot process and can be configured through a piece of software called Setup. In particular, it allows users to choose which boot device is preferred. In this case, you want to select either the DVD-ROM drive or USB drive, depending on which device you have created.

Starting Setup usually involves pressing a particular key very soon after the computer is powered on. This key is often %FM or &TD, and sometimes ' or ' . Most of the time, the choice is briefly flashed onscreen when the computer powers on, before the operating system loads. Once the BIOS/UEFI has been properly configured to boot from your device, booting Kali Linux is simply a matter of inserting the DVD-ROM or plugging in the USB drive and powering on the computer.

1.2.2 IN A VIRTUAL MACHINE 

Virtual machines have multiple benefits for Kali Linux users. They are especially useful if you want to try out Kali Linux but aren’t ready to commit to installing it permanently on your machine or if you have a powerful system and want to run multiple operating systems simultaneously. This is a popular choice for many penetration testers and security professionals who need to use the wide range of tools available in Kali Linux but still want to have full access to their primary operating system. This also provides them with the ability to archive or securely delete the virtual machine and any client data it may contain rather than reinstalling their entire operating system.

The snapshot features of virtualization software also make it easy to experiment with potentially dangerous operations, such as malware analysis, while allowing for an easy way out by restoring a previous snapshot.

There are many virtualization tools available for all major operating systems, includingVirtualBox®, VMware Workstation®, Xen, KVM, and Hyper-V to name a few. Ultimately, you will use the one that best suits you but we will cover the two most frequently-used in a desktop context: VirtualBox® and VMware Workstation Pro®, both running on Windows 10. If you don’t have corporate policy constraints or personal preference, our recommendation is that you try out VirtualBox first, as it is free, works well, is (mostly) open-source, and is available for most operating systems.

For the next sections, we will assume that you have already installed the appropriate virtualization tool and are familiar with its operation.

PRIMARY REMARKS

To fully benefit from virtualization, you should have a CPU with the appropriate virtualization features and they should not be disabled by the BIOS/UEFI. Double check for any “Intel® Virtualization Technology” and/or “Intel® VT-d Feature” options in the Setup screens.

You should also have a 64-bit host operating system, such as AMD64 architecture for Debian-based Linux distributions, x86_64 architecture for RedHat-based Linux distributions, and WINDOWS 64 BIT for Windows. If you lack any of the prerequisites, either the virtualization tool will not work properly or it will be restricted to running only 32-bit guest operating systems.

Since virtualization tools hook into the host operating system and hardware at a low level, there are often incompatibilities between them. Do not expect these tools to run well at the same time. Also, beware that professional versions of Windows come with Hyper-V installed and enabled, which might interfere with your virtualization tool of choice. To turn it off, execute “Turn windows features on or off” from Windows Settings


VIRTUAL BOX

After the initial installation, VirtualBox’s main screen looks something like Figure , “VirtualBox’s Start Screen”

Click on New (Figure , “Name and Operating System” ) to start a wizard that will guide you through the multiple steps required to input all the parameters of the new virtual machine.

In the first step, shown in Figure , “Name and Operating System”, you must assign a name to your new virtual machine. Use “Kali Linux.” You must also indicate what kind of operating system will be used. Since Kali Linux is based on Debian GNU/Linux, select Linux for the type and Debian (32-bit) or Debian (64-bit) for the version. Although any other Linux version will most likely work, this will help distinguish between the various virtual machines that you might have installed.

In the second step, you must decide how much memory to allocate to the virtual machine. While the recommended size of 768 MB is acceptable for a Debian virtual machine acting as a server, it is definitely not enough to run a Kali desktop system, especially not for a Kali Linux live system since the live system uses memory to store changes made to the file system. We recommend increasing the value to 1500 MB (Figure, “Memory Size” ) and highly recommend that you allocate no less than 2048 MB of RAM.

In the third step (shown in Figure, “Hard disk”), you are prompted to choose a physical or virtual hard disk for your new virtual machine. Although a hard disk is not required to run Kali Linux as a live system, add one for when we demonstrate the installation procedure later, in chapter 4, “Installing Kali Linux”

The content of the hard disk of the virtual machine is stored on the host machine as a file. VirtualBox is able to store the contents of the hard disk using multiple formats (shown in Figure  “Hard Disk File Type” : the default (7%*) corresponds to VirtualBox’s native format; 7.%, is the format used by VMware; 2$08 is the format used by QEMU. Keep the default value, because you don’t have any reason to change it. The ability to use multiple formats is interesting mainly when you want to move a virtual machine from one virtualization tool to another.

The explanation text in Figure , “Storage on Physical Hard Disk”  clearly describes the advantages and drawbacks of dynamic and fixed disk allocation. In this example, we accept the default selection (Dynamically allocated), since we are using a laptop with SSD disks. We don’t want to waste space and won’t need the extra bit of performance as the machine is already quite fast to begin with.

The default hard disk size of 8 GB shown in Figure , “File Location and Size”  is not enough for a standard installation of Kali Linux, so increase the size to 20 GB. You can also tweak the name and the location of the disk image. This can be handy when you don’t have enough space on your hard disk, allowing you to store the disk image on an external drive.

The virtual machine has been created but you can’t really run it yet, because there is no operating system installed. You also have some settings to tweak. Click on Settings on the VM Manager screen and let’s review some of the most useful settings.

In the Storage screen (Figure , “Storage Settings”), you should associate the Kali Linux ISO image with the virtual CD/DVD-ROM reader. First, select the CD-ROM drive in the Storage Tree list and then click on the small CD-ROM icon on the right to display a contextual menu where you can choose Virtual Optical Disk file...

In the System screen (Figure 2.15, “System Settings: Motherboard” [page 34]), you will find a Motherboard tab. Make sure that the boot order indicates that the system will first try to boot from any optical device before trying a hard disk. This is also the tab where you can alter the amount of memory allocated to the virtual machine, should the need arise.

In the same screen but on the “Processor” tab (Figure, “System Settings: Processor”), you can adjust the number of processors assigned to the virtual machine. Most importantly, if you use a 32-bit image, enable PAE/NX or the Kali image will not boot since the default kernel variant used by Kali for i386 (aptly named “686-pae”) is compiled in a way that requires Physical Address Extension (PAE) support in the CPU. 

There are many other parameters that can be configured, like the network setup (defining how the traffic on the network card is handled), but the above changes are sufficient to be able to boot a working Kali Linux live system. Finally, click Boot and the VM should boot properly, as shown in Figure, “Kali Linux Boot Screen in VirtualBox” . If not, carefully review all settings and try again.

1.2.3 SUMMARY

In this ARTICLE, you learned about the various Kali Linux ISO images, learned how to verify and download them, and learned how to create bootable USB disks from them on various operating systems. We also discussed how to boot the USB disks and reviewed how to configure the BIOS and startup settings on various hardware platforms so that the USB disks will boot.

SUMMARY TIPS :

• WWW.KALI.ORG is the only official download site for Kali ISOs. Do not download them from any other site, because those downloads could contain malware.

• Always validate the sha256sum of your downloads with the sha256sum command to ensure the integrity of your ISO download. If it doesn’t match, try the download again or use a different source.

• You must write the Kali Linux ISO image to a bootable media if you want to boot it on a physical machine. Use Win32 Disk Imager on Windows, the Disks utility on Linux, or the dd command on Mac OS X/macOS. Be very careful when writing the image. Selecting the wrong disk could permanently damage data on your machine.

• Configure the BIOS/UEFI setup screens on a PC or hold the 0QUJPO key on OS X/macOS to allow the machine to boot from the USB drive.

• Virtual machine programs like VirtualBox and VMware Workstation Pro are especially useful if you want to try out Kali Linux but aren’t ready to commit to installing it permanently on your machine or if you have a powerful system and want to run multiple operating systems simultaneously

Now that you have a working installation of Kali Linux, it is time to delve into some Linux fundamentals that are required for basic and advanced operation of Kali. If you are a moderate to advanced Linux user, consider skimming the next ARTICLE.