How to conduct IoT pentest with Kali Linux
Kali Linux can be used to perform many pentest tests on computers in combination with other related techniques.
With an overall security strategy related to device-specific operating systems, firmware and network configurations, Kali Linux can serve as one of the penetration testing tools targeting devices. Smart Internet support.
When learning how to work with Kali Linux, you will find it useful to cross-examine the IoT network and its devices for potential vulnerabilities, exploit exploits, sniffing and spoofing, passwords, social engineering, etc. .
The following are the penetration testing platforms and methods for IoT devices related to Kali Linux.
How to get started with Kali Linux?
To get started, you'll need to install Kali Linux on a bootable PC or USB with Kali Linux ISO on it. On Windows systems, you can start the Kali Linux GUI from the 'Advanced startup' menu, then select USB / EFI mode.
The first home screen will give you a few options to get started. Select 'Live system (forensic mode)' to boot the PC into Kali Linux.
Many penetration tool options are available from the 'Kali Live' menu.
General pentest strategy for IoT devices
Unlike Internet-enabled computers, penetration testing for IoT devices has many barriers. Not just need a home WiFi network to test. You need exploit exploits to work on BLE, Zigbee, LoRaWAN, MQTT and many other networks.
Next, there are many pieces of hardware that can be targeted: Chip, sensor, camera, API, etc. The hacker or pen tester must be able to target the chapter to the device's operating system or firmware.
This makes penetration testing more diverse and difficult. However, this is why hackers are also more elusive. But some smart devices may be hiding a major flaw that can be exploited using a penetration tool like Kali Linux.
Just two or three weeks ago, Ring Doorbell posted information about device hijacks, multiple suspicious login attempts, and even hackers created their own podcasts of hacked footage.
According to the Ring spokesperson, the attacks were caused by device owners not activating two-factor authentication (2FA) and using very simple passwords that can be found in the database. metasploit hacker.
How to test penetration for IoT devices?
Using the above suggestion, design a strategy to penetrate a video doorbell device with a simple password or the owner has set a password that is easy to guess and does not have two-factor authentication.
This trick will assume that a smart device with an IP address is exploited through someone who has access to the remote network.
The example will use a very popular online password attack with Kali Linux called Hydra. In this attack, the login cracker uses an extremely large password database to hack devices with weak passwords.
Use the location command of the metasploit file to try and recover the password from an insecure device.
You need to go to the relevant directory where the password has been stored for metasploit. In this case, it is saved in the user / share / wordlists directory.
There is a large collection of stored passwords. One of them will be displayed if the result matches the penetration test of the Hydra tool.
The brute force method will certainly work with IoT devices that come with default passwords that never change. If you've started working with Kali Linux, you can guess what hackers think. In addition to the more than 600 common hacks and exploits introduced on the Kali website, you can find many other third-party references, such as the video doorbell example above.
You should read it
- How to install Kali Linux on your computer
- How to install Kali Linux on macOS
- How to update Kali Linux and fix errors when updating
- Things you need to know about Kali Linux Image
- How to install Kali Linux reduced version
- Introducing Kali Linux operating system
- How to install Kali Linux dual boot on macOS
- How to create customized Potassium ISO
- Learn Forensics Mode in Kali Linux
- Instructions for installing Kali Linux on Windows 10 are easier than ever
- Instructions for installing Kali Linux via Network PXE
- How to install NVIDIA drivers on Kali Linux
Maybe you are interested
How to Install Kali Linux NetHunter on Android
Akali DTCL season 10: Items for Akali K/DA, Akali True Damage
Kali Linux 2022.3: Comes with white hat hacker tool upgrades
Kalista DTCL season 9 gear, Kalista season 9 DTCL gear
The father of Pi Network Nicolas Kokkalis mysteriously disappeared like the father of Bitcoin
How to Hack Wi Fi WPA/WPA2 with Kali Linux