Staging Malware and Tools on Kali Linux
Last updated
Last updated
Kali Linux is a widely used penetration testing platform that comes with a huge list of pre-installed tools and resources ready to execute with minimal configuration. Additional tools and resources can also be obtained and installed on the distribution to perform specific tasks additional to the toolset that Kali Linux comes with.
A commonly encountered task when using Kali Linux or any other host being used for offensive security, is hosting capabilities that can be access via a target pre or post compromise. There are various methods that can be used when staging capabilities, which can be found on the , however one of the easiest when conducting penetration tests or competing in CTF’s is to host a collection of tools on a Web Server or SMB share.
To stage tools via a Python HTTP Web Server, the following Python command can be executed on the attacking Kali Linux host. Once executed, remote hosts should be able to access the directory containing the tools held within by navigating to the attacking hose using the IP and Port configured.
Staging tools can also be performed using an SMB share by executing the following command. SMB is a common protocol found in Windows environments; this method being better suited for hosting tools internally. Once enabled, the target host can navigate to the SMB share to access the tools.